Facebook/MySpace Worm on the loose!

Taken from Aviv_Revach’s blog:

AVG Caught the bug... ?

AVG Caught the bug... ?

This morning I’ve received a notification email from Facebook, notifying me that my friend Asaf left me a new message on my wall. This seemed to be OK until I read the message:

“hello Arik, hehe.. you could be tht naughty i didnt knw..really hard to see tht from my eyes lol :-)

have a luk urself…
(click open or run when prompted)

The contents of the message was suspiciously similar to the Messenger virus messages. Another look at the URL gave out the fact that this is not a Google url, but a phishing site. Because I use Ubuntu at the moment, I wasn’t concerned too much of being hit by a virus, so I followed the link. The link goes to a download page of Picture_dl.exe, which I guess is some sort of a virus/worm.

I couldn’t find this message on my wall, so either Facebook removed it already or the email didn’t come from them. Either way, I’ve notified their support about that, and I hope they will act accordingly.

Bottom line – beware of viruses being spread via Facebook/look like Facebook notifications, and don’t click on every link


So… Folks, please be aware, and don’t clicking everything you see just b/c it might LOOK LIKE it’s from a friend? huh?


Linus on Security

Taken from the SANS ISC list, they’ve “euphemised” Linus’ comments on Security… the original (which they link to) is quite more… um… colorful? :) Anyways, as a white-hat Sys-Admin/CISO/CTO myself, I unfortunately don’t agree with some of the comments but thought it worth of digg-ing it!

read more | digg story

Backtrack – Hack Attack

Ever wondered just how secure your WEP protected wireless network is? Well today I’ll show you how to test it. There have been a lot of articles written about this subject already and by now it is common knowledge that WEP is only the barest of security precautions. I’m going to show you how you can test your own wireless network’s security using the linux livecd distro back|track. Before we go any further, I feel it necessary to mention two things. The first being the ethics of hacking. Most of you are probably familiar with this subject already but, just to refresh your memory. Second, it goes without saying that this is for YOUR OWN NETWORK TESTING PURPOSES ONLY. Unauthorized access of other people’s networks is illegal. If you have problems or questions about anything in this guide, for the love of god use google/wikipedia and look it up first. Don’t just start ranting on forums like a moron without doing a little research first. There are probably other people who have had the same problems and solved them already. Ok, parental rant over. Lets get down to the dirty stuff:

First of all, you’ll need to check and make sure your wireless card has the right chipset. Most wireless cards are programmed only to accept data that is addressed to them. Other cards, specifically the ones that are of use for wifi sniffing, are capable of picking up all traffic that is flying through the air. Common types are Atheros, Prism, Aironet, Realtek, Hermes, etc based cards. You are on your own figuring out what type of chipset your wireless card has, as its too vast to get into here, but check this thread for more info. Your probably just going to have to search for your specific card to find out what chipset it has then compare it to this compatability list. For a good discussion on types of cards that work, check this http://forums.remote-exploit.org/showthread.php?t=2191

Hackers return to MACs

All the best hackers I know are gradually switching to Macs. My friend Robert said his whole research group at MIT recently bought themselves Powerbooks. These guys are not the graphic designers and grandmas who were buying Macs at Apple’s low point in the mid 1990s. They’re about as hardcore OS hackers as you can get.

The reason, of course, is OS X. Powerbooks are beautifully designed and run FreeBSD. What more do you need to know?

I got a Powerbook at the end of last year. When my IBM Thinkpad’s hard disk died soon after, it became my only laptop. And when my friend Trevor showed up at my house recently, he was carrying a Powerbook identical to mine.

For most of us, it’s not a switch to Apple, but a return. Hard as this was to believe in the mid 90s, the Mac was in its time the canonical hacker’s computer.

In the fall of 1983, the professor in one of my college CS classes got up and announced, like a prophet, that there would soon be a computer with half a MIPS of processing power that would fit under an airline seat and cost so little that we could save enough to buy one from a summer job. The whole room gasped. And when the Mac appeared, it was even better than we’d hoped. It was small and powerful and cheap, as promised. But it was also something we’d never considered a computer could be: fabulously well designed.

Definition of Security

Computer security is a branch of information security applied to both theoretical and actual computer systems.

Computer security is a branch of computer science that addresses enforcement of ‘secure’ behavior on the operation of computers. The definition of ‘secure’ varies by application, and is typically defined implicitly or explicitly by a security policy that addresses confidentiality, integrity and availability of electronic information that is processed by or stored on computer systems.

The traditional approach is to create a trusted security kernel that exploits special-purpose hardware mechanisms in the microprocessor to constrain the operating system and the application programs to conform to the security policy. These systems can isolate processes and data to specifier domains and restrict access and privileges of users. This approach avoids trusting most of the operating system and applications.