BT's new vehicle tracking system found its first stolen car before the system had gone live.

The car, an Audi A4, belongs to David Thomas--project manager for the new BT Trackit system. It was stolen outside his house on Nov. 2 and was recovered, undamaged, the same day.

Thomas was alerted to the theft by BT's Secure Operating Centre. Using satellite-based tracking technology, the car was pinpointed and the local police were informed and were able to recover the vehicle. The car had been abandoned six miles away.

In a situation when a host is located on the trusted side of the network behind the PIX firewall, there is a possibility to prevent a new legitimate TCP connection to be established to the host located on the other side of the firewall. In order to execute such an attack, an attacker would send a specifically crafted TCP packet with a set incorrect cheksum through the PIX firewall pretending to be originated from a legitimate host. S/he would need to specify the source and destination IP and port, and once such packet is received by the PIX firewall, there is no possibility to establish a new TCP session with the credentials specified in the malicious packet. The downtime of the connection is around 2 minutes 2 seconds, after which the new connection can be established again and the PIX resumes the normal operation mode. Such attack does not affect the connections that are already established through the PIX.

Although, it would take a lot of packets to disrupt the communication between the hosts completely, we assume that the attacker's aim is to prevent the communication to a specific service on the remote hosts, e.g. SSH, SMTP, TCP-syslog, and it takes around 15 seconds to generate and spit out 65535 packets with a custom source port on a 100mbit lan.

Syskey also enables you to configure the machine to prompt for the computer startup key at boot time (this can be up to 128 characters long) - this is a great option for laptops as it simply takes the form of a password(phrase) that you enter before logging into Windows. The beauty of this approach is that the key nor any form of the key (such as a hash) are actually present on the machine so there's nothing to crack unless you count brute forcing the encryption of the Master Keys which would take significant computational effort - read (a very long time!) = longer than the data's likely to be of value

A computer hacker will be trying to break into one of California's electronic voting machines next week, with the full cooperation of the secretary of state.

Harri Hursti, a computer security expert from Finland, will be trying to demonstrate that voting machines made by Diebold Election Systems are vulnerable to attacks by computer hackers seeking to manipulate the results of an election.
...
Last May, Hursti and another computer security expert tested a Diebold system for the elections supervisor in Leon County, Fla. They quickly broke into the system, changed the voting results and inserted a new program that flashed the message "Are we having fun yet?" on the computer screens.

I have received TONS of email regarding interest in learning more about what "chain of custody" is and what a proper CoC bag looks like.

Before you read on, keep this in mind: this is purely from my experience in the field. Proper procedures in law enforcement, private investigation and evidence handling may differ depending on where you live.

I am going to describe how *I* use these bags in preserving evidence during computer security / forensics investigations.

Now that the disclaimer is done ... let's look at what a typical CoC bag looks like.

In short, virtually all keypad entry systems - as used in various applications, including building access control, alarm system control, electronic lock safes, ATM input, etc - are susceptible to a trivial low-profile passphrase snooping scheme. This attack enables the attacker to quickly and unobtrusively recover previously entered passphrases with a high degree of success. This is in contrast to previously documented methods of keypad snooping; these methods were in general either highly intrusive - required close presence or installation of specialized hardware - or difficult to carry out and not very reliable (e.g., examining deposited fingerprints - works in low-use situations only, and does not reveal the ordering of digits).

A group called "Computer Terrorism" has released a Proof-of-Concept exploit for an unpatched Microsoft Internet Explorer vulnerability. The exploit allows remote code execution on most Windows systems including XP sp2. This vulnerability can e.g. be exploited if a user visits a web site controlled by the attacker.

The flaw is related to the JavaScript functionality in IE. So, one solution to this problem is to disable Active Scripting in IE. Another solution would be to use some other web browser. Also, as always, running as a restricted user greatly limits the damage these kinds of attacks can cause.

Apparently Microsoft was informed about this bug in May. Earlier it was seen as a denial-of-service vulnerability. MS has not released a patch yet but a Security Advisory on the issue is available.

Greg Abbott, the attorney general for Texas, today filed a lawsuit against Sony BMG Music Entertainment, alleging that its controversial (and now recalled) "XCP" anti-piracy software violates the state's anti-spyware and consumer protection laws.
...
EFF filed its class-action lawsuit against Sony in California state court, along with two leading national class-action law firms. In its filing, EFF issued a statement praising Sony for acknowledging problems with its XCP software, but said that the company "has failed entirely to respond to concerns about MediaMax. "Music fans shouldn't have to install potentially dangerous, privacy intrusive software on their computers just to listen to the music they've legitimately purchased," the EFF's Cohn said.
...
It looks like Massachusetts Attorney General Tom Reilly could also soon be going after Sony. Sarah Nathan, a spokesperson for the Mass. AG, confirmed that Reilly's office is investigating Sony BMG for possible violations of the state's consumer protection laws, but she declined to comment further.

Learn why and how to build Java web apps secured from the most common security hacks.

#1: Unvalidated Input
#2: Broken Access Control
#3: Broken Account and Session Management
#4: Cross-Site Scripting (XSS)
#5: Buffer Overflow Errors
#6: Injection Flaws
#7: Improper Error Handling
#8: Insecure Storage
#9: Denial-Of-Service (DoS)
#10: Insecure Configuration Management

George Ou pointed out a few days ago that a good key could be seven characters long: He argues that there’s sufficient entropy with just seven characters with A-Z, a-z, and 0-9—although WPA passphrases must be at least eight characters long. He also omits punctuation, which would add more fuzz into the system for those trying to crack keys.

His approach is fundamentally consistent with Robert Moskowitz’s much linked-to paper on key weaknesses in WPA passphrase choice. In that Nov. 2003 paper, Moskowitz notes that dictionary-based short passphrases have a high degree of weakness, but that random values could be as short as 96 bits (which could be represented as 12 hex characters) and still be resistant to brute force attacks.

People have been asking for a HOWTO on messing with Elmo. This is all a work in progress, but I will still share with you my findings so far. There are a couple of things that are unknown at the moment, so if you figure out something new, please be sure to contact me at the email address above.

Elmo Knows Your Name is a semi-interactive audio player with several user inputs and audio output. It features a USB port for programming, and shows up as a HID (Human Interface Device).

I have not dared to crack open this device (its tomorrow's present for god's sake!), so I do not know what exactly is on board. I would expect a very basic processor or programmable logic chip, coupled with some sort of memory, and of course, a USB controller.

Go have some fun at Casey Halverson's blog.  Found SecuriTeam's blog.

Whenever researching information security issues via a search engine such as Google, I am often presented with numerous marketing-oriented pages from security product vendors. Sometimes this can be useful, but usually what I want to see is information from technical resources, such as security mailing lists, articles, and papers. That's why I am experimenting with a custom-crafted search engine that one can create via the Rollyo service, which allows you to limit your search to specific sites of interest.

You can try my focused Information Security search here:

This search scans articles, blog entries, and mailing list posts; the current list is maintained on my website.

If you have already used the ActiveX uninstaller that was available until Sony stopped distributing it, you are vulnerable to a remote code execution attack. You should remove the vulnerable ActiveX component. If you want, set a kill-bit for it (the CLSID is {4EA7C4C5-C5C0-4F5C-A008-8293505F71CC}) just to be sure.

Note:  We will shortly be releasing new versions of these titles without the XCP software.  You therefore need to check this list for both the name of the album and the item number (which can be found on the spine of the CD).  If the item number is not listed below, your CD does not contain XCP content protection. Please note, DualDiscs do not use XCP content protection and are therefore not included in this program.

This site exists to help others who have been harmed by Sony BMG and their XCP Content Protection. I hope that the information I provide here will assist you in making an informed decision about dealing with Sony in the future, and help you obtain reasonable compensation for your damages.

As of this moment, I’m boycotting all Sony products—music, movies, video games, electronics. And I call on others to do the same. It’s simple. If you treat me with disrespect, I stop doing business with you; if you treat me as a criminal, I call you on it; if you ship a product that disables my computer, it’s war.

Sony refuses to apologize for their aggressive and dangerous actions that infected millions of computers, and left consumers helpless with their expensive computers with limited functionality. It is for this reason that Sory Electronics and others such as Wired News call for an immediate boycott of Sony products and Sony/BMG music. Sory Electronics encourages you not to buy CDs, DVDs, Playstation products, games, or personal entertainment equipment from Sony.

Computer users are asked to generate, keep secret, and recall an increasing number of passwords for uses including host accounts, email servers, e-commerce sites, and online financial services. Unfortunately, the password entropy that users can comfortably memorize seems insufficient to store unique, secure passwords for all these accounts, and it is likely to remain constant as the number of passwords (and the adversary's computational power) increases into the future. In this paper, we propose a technique that uses a strengthened cryptographic hash function to compute secure passwords for arbitrarily many accounts while requiring the user to memorize only a single short password. This mechanism functions entirely on the client; no server-side changes are needed. Unlike previous approaches, our design is both highly resistant to brute force attacks and nearly stateless, allowing users to retrieve their passwords from any location so long as they can execute our program and remember a short secret. This combination of security and convenience will, we believe, entice users to adopt our scheme. We discuss the construction of our algorithm in detail, compare its strengths and weaknesses to those of related approaches, and present Password Multiplier, an implementation in the form of an extension to the Mozilla Firefox web browser.

Current or former employees or contractors who intentionally exceeded or misused an authorized level of access to networks, systems or data in a manner that targeted a specific individual or affected  the security of the organization's data, systems and/or daily business operations.

The following MD4 collision generator can generate a collision for MD5 almost instantly, while for the MD5 it can be generated in approximately 45 minutes on P4 1.6ghz (on average).

Credit:
The information has been provided by Patrick Stach.
The original article can be found at: http://www.stachliu.com/collisions.html

New data published today by notable security researcher Dan Kaminsky indicates that Sony BMG's security-flaw-ridden anti-piracy software is installed on more than half a million computer networks in at least 165 countries.

Kaminsky arrived at the number by poking around at the software installed on an untold number of Sony music CDs and studying the program's now well-known habit of "phoning home" information about the user's music habits to Sony and to First4Internet, the British company hired by Sony to produce the software.

How serious is all of this?
The world an the Internet will continue to turn. This issue is however very important to you if you are using an IPSEC VPN. At this point, all points to this being a DOS only vulnerability. Your IPSEC concentrator may reboot or lock up. While this is not as severe as remote code execution, it can still break a business if critical network links are impacted.

Who is Impacted?
If you are using IPSEC, check with your vendor to make sure. Cisco, Juniper, Secgo and OpenSWAN released patches. In particular OpenSWAN may be used in many Linux and BSD based appliances. See the earlier diary for a list of firmwares. ISAKMP and IPSEC have to be enabled.

What is "ISAKMP"?
Why is it broken?
Is all Port 500 UDP Traffic Bad?

The spyware that Sony installs on the computers of music fans does not even seem to be correct in terms of copyright law.

It turns out that the rootkit contains pieces of code that are identical to LAME, an open source mp3-encoder, and thereby breach the license.

This software is licensed under the so called Lesser Gnu Public License (LGPL). According to this license Sony must comply with a couple of demands. Amongst others, they have to indicate in a copyright notice that they make use of the software. The company must also deliver the source code to the open-source libraries or otherwise make these available. And finally, they must deliver or otherwise make available the in between form between source code and executable code, the so called objectfiles, with which others can make comparable software.

Sony complied with non of these demands, but delivered just an executable program.