Oct 28
Posted by The Gunslinger in news, privacy | No Comments
In-Q-Tel, the investment arm of the CIA and the wider intelligence community, is putting cash into Visible Technologies, a software firm that specializes in monitoring social media. It’s part of a larger movement within the spy services to get better at using ”open source intelligence” — information that’s publicly available, but often hidden in the flood of TV shows, newspaper articles, blog posts, online videos and radio reports generated every day.
Here’s the complete Wired article.
Oct 20
Posted by The Gunslinger in malware | No Comments
Zeus is a crimeware kit, which steals credentials for various online services like social networks, online banking accounts, ftp accounts, email accounts and other (phishing). The web admin panel can be bought for $700 and the exe builder for $4000.
The dangerous thing is anyone with resources can use the Zbot builder and package new variants making creating a definition difficult.
Once Zeus is on a system it uses covert methods of injecting additional fields into online Internet banking websites, asking users to answer questions that the authentic website would not ask. The collected details are then silently delivered to remote websites, and added into remote databases. The databases are then sold to other criminal elements down the chain who specialize in withdrawing the funds. The money laundering groups anonymously hire physical people to withdraw money from their personal accounts – in the criminal world these people are called “drops”, and their accounts are called “drop accounts”.
The purchased builder is very granular; can you imagine logging in to your online banking website and additional fields appear that seem to blend into the page:
Zeus Tracking Project (C&C servers overlayed w/ Google Maps)
Not all USB thumb drives are created equal.
If you’re like me you have a collection of USB thumb drives and growing. Most seminars and conferences hand them out for free because they have become such a commodity. The problem with these freebies is their performance. I’ve been benchmarking some of the thumb drives I have lying around and as expected their read/write and seek times are worse than some of the drives I’ve purchased myself. I used the datamarck utility for my testing.
Oct 13
Posted by The Gunslinger in microsoft, security | No Comments
I came across a handy (& free) Windows utility that allows you to export “non exportable” certificates. Do you want to get at those recovery certificates or private keys? Jailbreak can be snatched here: https://www.isecpartners.com/jailbreak.html
Oct 8
Posted by The Gunslinger in hardware & software, security | 1 Comment
This is a must read if you’re a pen tester or PHP developer. Some great things on PHP security including file include, upload vulnerabilities, command execution, and of course SQL injection…
Blackhat Forums
Author: Aelphaeis Mangarae
Date: June 13, 2009
There’s a new GPS forensics community starting up here: http://www.gpsforensics.org/ Some additional information can be found here: http://www.forensicswiki.org/wiki/GPS
I’m going to examine my Garmin 200W this evening. It looks like a simple text editor will reveal raw trip data including waypoints, date & time stamps, latitude & longitude coordinates and elevations.
You are currently browsing the archives for October, 2009
Arclite theme by digitalnature | powered by WordPress