MediaDefender Behind Denial Of Service Attack Against Revision3

The Memorial Day weekend will remain in the memory of Revision3,
after the online media network experienced a denial of service attack that
lasted from Saturday night until Tuesday.

Jim Louderback, chief executive of Revision3, said the attack
was initiated by MediaDefender, a company that interferes with peer-to-peer
sharing on behalf of entertainment companies.

hackers shutdown comcast.net for hours

Hackers targeted Internet service provider Comcast
Wednesday and shut the site down for nearly five hours preventing the
company’s 14 million subscribers from accessing e-mail, news, and
technical support though the ISP's Web site. Comcast restored access to
its site early Thursday.

Group warns of massive EU surveillance - CNET News.com

Group warns of massive EU surveillance - CNET News.com: "Privacy advocates claim that the European Union plans to make sweeping changes to laws that govern communications-related data retention and privacy, requiring the long-term storage of such information and making it available to governments."


I know this is not what my blog is about, but we Americans should know what is out there.

Roboform is the top-rated Password Manager and Web Form Filler

Roboform is the top-rated Password Manager and Web Form Filler that completely automates password entering and form filling.

RoboForm was named PC Magazine Editor's Choice, and CNET Download.com's Software of the Year. RoboForm:
	Memorizes your passwords and Logs You In automatically.
	Fills long registration and checkout forms with one click.
	Encrypts your passwords to achieve complete security.
	Generates random passwords that hackers cannot guess.
	Backs up your passwords, Copies them between computers.
	Synchronizes passwords between computers using GoodSync.
	Searches for keywords in your passwords, notes and Internet.
	Portable: RoboForm2Go RF runs from USB key, no install needed.
	PDA-friendly: sync your passwords to Pocket PC and Palm.
	Neutral: works with Internet Explorer, AOL/MSN, Firefox.
	IE 7 and Vista: are now supported.

Surf Secure...

So
I was sitting at work this past week wondering if anyone could sniff my
gmail sessions. Since I used gmail and talk (google's implementation of
Jabber) on a daily basis, I wanted to be sure that no one was
monitoring my personal emails or conversations. To this end I did some
investigating with tcpdump on my Mac. (tcpdump is freeware available at
tcpdump.org which prints out all of the packet information to and from your computer.

Windows XP Remote Desktop Web Connection Overview

The Remote Desktop Web Connection is a Win32-based ActiveX control
(COM object) that can be used to run Remote Desktop sessions from
within Internet Explorer.

The Remote Desktop Web Connection
download package includes the downloadable ActiveX control and sample
Web page that can be used as a starting point for running Windows-based
programs inside Internet Explorer.

Microsoft RDP Man in the Middle Vulnerability

Microsoft's Windows Terminal Services (built into Windows 2000 Server
and Windows Server 2003) and Windows XP's Remote Desktop, provide an
easy, convenient way for administrators to implement thin computing
within an organization or for users to connect to their XP desktops
from a remote computer and run applications or access files.



Microsoft RDP (Remote Desktop Protocol) is vulnerable to man
in the middle vulnerability. This is an update of Erik Forsberg's
advisory released in April 2003.

For Your Eyes Only?

This week, NOW reports on new evidence suggesting the existence of a
secret government program that intercepts millions of private e-mails
each day in the name of terrorist surveillance. News about the alleged
program came to light when a former AT&T employee, Mark Klein, blew
the whistle on what he believes to be a large-scale installation of
secret Internet monitoring equipment deep inside AT&T's San
Francisco office.

FirePassword - Decrypt Firefox password manager

Mozilla Firefox web browser provides a built-in password manager, which
stores access credentials for visited web sites. The credentials are
encrypted and stored in Firefox special database files: key3.db and signons.txt.

Packet forensics using TCP

Most of us who work in the security world have at one time or another
looked at the raw output of a firewall, IDS, or other type of security
device. What that output invariably leads one to is viewing packets
directly for an investigation. Doing packet forensics can be a
difficult and time consuming endeavour. Due to this fact, many of us
prefer to use convenient tools such as Ethereal to help facilitate our analysis. There is a notable problem with this approach, however.

Passive Network Analysis

In sports, it's pretty much accepted wisdom that home teams have the
advantage; that's why teams with winning records on the road do so well
in the playoffs. But for some reason we rarely think about "the home
field advantage" when we look at defending our networks. After all, the
best practice in architecting a secure network is a layered,
defense-in-depth strategy. We use firewalls, DMZs, VPNs, and configure
VLANs on our switches to control the flow of traffic into and through
the perimeter, and use network and host-based IDS technology as sensors
to alert us to intrusions.

The Wifi Predator

Picture this: You find yourself sitting in a hotel room that does not
offer wireless internet... As you look out the window, you spot that
the three hotels & a Starbucks across the street advertising "Free Wireless Internet"
-- if only you had known this when you booked! You fire up your
wireless card, but the signal just is to weak to keep a consistent
connection. What are you going to do?

Duplicating a key from only a picture

Picture this, You spot a keyring laying on a desk. You for whatever
reason would really like a copy of that key. Your ninja-like reflexes
kick in as you fling a quarter out of your pocket next to the key.
Slyly, you use nothing more than a cell phone camera, to quickly snap a
picture of these items.

Security and Virtualization

As the world of virtualization moves forward, organisations are faced
with compelling reasons to virtualize: factors like server
consolidation, high energy bills, faster hardware, ease of use and step
back and quick snapshot technology make the virtual computing realm
become more attractive.

Top 10 Security Settings to make directly after Installing Active Directory

Installing Active Directory is not all that difficult. However, once
you get it installed, there is still plenty of work that needs to be
done. The first stage of configuration of Active Directory is securing
it. There are many areas that need attention and many settings that
need to be altered to prepare it for secure action on your network.
Let’s take a look at the initial settings that you should make to get
Active Directory secure for your network before you dive into setting
up the entire structure.

OSI Reference Model: Layer 1 hardware

The Open System Interconnect (OSI) reference model is a model,
developed by the International Standards Organization (ISO), which
describes how data from an application on one computer can be
transferred to an application on another computer.

Proposed cybersecurity bill to pressure DHS

Rep. Jim Langevin, D-RI, introduced a bill on
Wednesday that aims to hold the U.S. Department of Homeland Security
responsible for investigating every cyber attack and for shoring up its
network security.

Interview: EC-Council Offers Details and Insights on CEH v6

The latest version of the Certified Ethical Hacker (CEH) Courseware is
due to be released and presented for the first time at Hacker Halted
USA 2008 in June. Many small details of CEH Version 6 have been
peppered on the Internet, as well as snippets of teaser copy on
EC-Council’s own web site.