 |
{ Monthly Archives }
2007 01 28
By Ira Winkler
I recently read an article where a security consulting firm mailed USB drives to a variety of business executives. Apparently the enticement for loading the drive on a computer was an invitation to a party. Once installed though, the drive apparently ran a program that contacted the attackers to let them know who ran the drive. Of course, press releases and marketing blitzes to the affected users followed. This is just so wrong and possibly criminal.
2007 01 25
By Fyodor (fyodor@insecure.org)
This was originally posted by Fyodor to the nmap-hackers mailing list on Jan 25, 2007.
Hi everyone,
Many of you reported that our SecLists.Org security mailing list archive was down most of yesterday (Wed), and all you really need to know is that we’re back up and running! But I’m going into rant mode anyway in case you care for the details.
I woke up yesterday morning to find a voice message from my domain registrar (GoDaddy) saying they were suspending the domain SecLists.org. One minute later I received an email saying that SecLists.org has “been suspended for violation of the GoDaddy.com Abuse Policy”. And also “if the domain name(s) listed above are private, your Domains By Proxy(R) account has also been suspended.” WTF??! Neither the email nor voicemail gave a phone number to reach them at, nor did they feel it was worth the effort to explain what the supposed violation was. They changed my domain nameserver to “NS1.SUSPENDED-FOR.SPAM-AND-ABUSE.COM”. Cute, eh?
2007 01 23
By Ric Steinberger, CISSP, CISM
The new year has brought security professionals a mixed blessing: the first new operating system from Microsoft in over half a decade. There’s one thing we can be sure of: Over the next few years, thousands of articles will be published on the general topic of “Securing Vista”. This in spite of the fact that Microsoft has issued countless assurances that Vista is their most secure operating system to date (as if that is supposed to allow us to issue a sigh of relief).
2007 01 22
By Ira Winkler
The recent news of parents, of children who met abusers through MySpace, suing MySpace is a case of parents shirking their responsibilities and blaming others.
2007 01 19
By Ira Winkler
If Carly Fiorina can’t figure out why she was fired, maybe she should ask the 25,000+ people who were fired, or the shareholders who lost $60Billion, because of her poor performance.
Poor little Carly Fiorina. She is going around pitching her new book, talking about how she was wronged by HP. Along the way, she tries to stress that her book is an inspirational story about a secretary growing up to be CEO of one of the largest companies in the world. She is pitching herself as the paragon of a successful business woman. During her interviews, she talks about how she couldn’t get out of bed in the morning following the weeks after her firing. She bemoans the HP Board of Directors for not telling her to her face as to why she was being fired, and she claims that to this day she still doesn’t know why she was fired. If she doesn’t know that, then she was not qualified to be HP’s CEO in the first place, and was definitely not qualified to continue as the CEO.
2007 01 18
My local Office Depot offers drop-off recycling services for computers, monitors, and small electronics. Unlike prior offerings of the same, this one you pay for. Buy the size box you need (which includes a pre-paid recycling fee), take it home, fill it up, and return it whenever you want. Compared to what I’ve paid elsewhere it’s a pretty good deal, so I recently bought a few.
While rummaging through my gadget graveyard I came across a couple of old Palm PDAs. After tossing them into a box it occurred to me that their flash RAM conceivably might hold semi-sensitive information. I had used a data encryption tool on at least one, and for all I knew its encryption mechanism was cracked five years ago. And since both had died sudden deaths, I hadn’t even been able to delete the data let alone properly wipe it.
Grumbling to myself, I came up with three options: trash the flash, smash the flash, or perform flashectomy.