“Anonymizer Universal” product suite launched

"Not only is it more powerful, faster, and much more capable, but it now also supports Mac and iPhone platforms! With one subscription you can use it across any of the supported devices.

Our new solution is VPN based, and bypasses any specific software support issues. AU works with any browser. Any program that connects to the Internet will automatically take advantage of AU. All connections between your computer and Anonymizer are cryptographically protected.

AU continues to leverage our massively scaleable backend infrastructure that provides the anonymity and daily rotating IP addresses."

Check it out...

Comcast launches first public U.S. trial of advanced DNSSec

"Comcast unveiled on Tuesday an aggressive plan to deploy new DNS security mechanisms that are designed to protect Web site operators and consumers from a specific type of hacking attack that involves hijacking Web traffic and redirecting it to bogus sites.

In a blog post, Comcast said it has deployed DNS Security Extensions -- dubbed DNSSEC -- throughout its nationwide network and will immediately make validating servers available to any of its customers that want to experiment with this emerging security technique.

VeriSign to support DNS security in 2011

In addition to this public trial of DNSSEC validation services, Comcast says it will digitally sign all of its own domain names -- more than 5,000 in total -- using DNSSEC by the first quarter of 2011.

By the end of 2011, Comcast says it will have production-quality DNSSEC resolution services available to all of its business and residential customers."

Read more...

The Spy at Harriton High

"This investigation into the remote spying allegedly being conducted against students at Lower Merion represents an attempt to find proof of spying and a look into the toolchain used to accomplish spying. Taking a look at the LMSD Staff List, Mike Perbix is listed as a Network Tech at LMSD. Mr. Perbix has a large online web forum footprint as well as a personal blog, and a lot of his posts, attributed to his role at Lower Merion, provide insight into the tools, methods, and capabilities deployed against students at LMSD. Of the three network techs employed at LMSD, Mr. Perbix appears to have been the mastermind behind a massive, highly effective digital panopticon."

Read more...

New Obama Executive Order allows INTERPOL to operate with immunity in the US.

"By the authority vested in me as President by the Constitution and the laws of the United States of America, including section 1 of the International Organizations Immunities Act (22 U.S.C. 288), and in order to extend the appropriate privileges, exemptions, and immunities to the International Criminal Police Organization (INTERPOL), it is hereby ordered that Executive Order 12425 of June 16, 1983, as amended, is further amended by deleting from the first sentence the words "except those provided by Section 2(c), Section 3, Section 4, Section 5, and Section 6 of that Act" and the semicolon that immediately precedes them."

Read more...

School district accused of issuing webcam laptops to spy on students...at home.

"A federal class action lawsuit charges that a suburban Philadelphia school district has been spying on students and families via remotely activated webcams in laptops the schools issued to students, Courthouse News reports.

The Associated Press reports that the lawsuit alleges that the cameras captured images of Harriton High School students and their families as they undressed and in other compromising situations."

Read more...

Windows 7 AV bypass with -x in msfencode

Broad New Hacking Attack Detected - 2,500 companies and counting

"Hackers in Europe and China successfully broke into computers at nearly 2,500 companies and government agencies over the last 18 months in a coordinated global attack that exposed vast amounts of personal and corporate secrets to theft, according to a computer-security company that discovered the breach.

A global hacking offensive has broken into U.S. companies and government agencies. Cyber attacks could soon be seen as a national security threat, WSJ executive editor Jerry Seib tells the News Hub.

The damage from the latest cyberattack is still being assessed, and affected companies are still being notified. But data compiled by NetWitness, the closely held firm that discovered the breaches, showed that hackers gained access to a wide array of data at 2,411 companies, from credit-card transactions to intellectual property.
The hacking operation, the latest of several major hacks that have raised alarms for companies and government officials, is still running and it isn't clear to what extent it has been contained, NetWitness said. Also unclear is the full amount of data stolen and how it was used."

Read more...

The Great Australian Internet Blackout

In response to Australia's plan to censor its citizen's Internet access.

Check it out...

Core Integrates Its Penetration Testing Product With Metasploit

"Core, which sells the user-friendly penetration product Core Impact, says the next version of its tool will let expert pen testers run Metasploit tools together with Impact rather than separately, and less-technical users can incorporate some of Metasploit's automated pen-testing functions under Impact."

Read more...

802.11n card that works with BackTrack 4 - woohoo!

Buy it here

Get it to work here

Pentest Labs: Web Application Edition

"Over the last week, we busted out our red plastic shovel and our bucket shaped like a castle to dig a little bit deeper into our sandbox. Recently, we addressed the flexibility and overall necessity of a virtual lab for network pentesting, practice, and testing.

Today, we plan to expand upon that to encompass Web App. Our setup includes 7 target sites hosted on 4 VM’s. It’s important to note, that we only showcase the tip of the iceberg. The possibility of expansion is limited only by your imagination."

Check it out...

Great write up on the Social-Engineering Toolkit (SET)

"The Social-Engineering Toolkit (SET) was designed by David Kennedy (ReL1K) and incorporates many useful Social-Engineering attacks all in one simplistic interface. The main purpose of SET is to automate and improve on many of the social-engineering attacks out there. As pentesters, social-engineering is often a practice that not many people perform. You can download the Social-Engineering Toolkit through subversion by simply typing this in Back|Track 4."

Check it out...

How To Use BitLocker With Attached VHD Drive Image Files And RAM Disks

"You can mount a VHD image file as a drive letter and then encrypt the contents of that VHD with BitLocker. This allows multiple users to share a computer and use BitLocker to keep their files secret from each other. When a VHD file using BitLocker is backed up or copied to a plaintext USB drive, the VHD file stays encrypted, which is not not true of the files on a volume using whole drive encryption. If you copy the VHD file to a portable drive, the portable drive can stay in plaintext while the contents of the VHD file will be BitLocker-encrypted, which is nice when you need some regular plaintext portable storage too. You can conveniently mount/unmount VHD drives from within Windows Explorer or from the command line. The following will show you how to do it."

Read more...

Government requires all devices to support IPv6

Applies to: Department of Defense (DoD), General Services Administration
(GSA), and National Aeronautics and Space Administration (NASA)

Check it out...

CookieMonster nabs user creds from secure sites

"Websites used for email, banking, e-commerce and other sensitive applications just got even less secure with the release of a new tool that siphons users' authentication credentials - even when they're sent through supposedly secure channels.

Dubbed CookieMonster, the toolkit is used in a variety of man-in-the-middle scenarios to trick a victim's browser into turning over the authentication cookies used to gain access to user account sections of a website. Unlike an attack method known as sidejacking, it works with vulnerable websites even when a user's browsing session is encrypted from start to finish using the secure sockets layer (SSL) protocol."

Read more...

Google Taps NSA to Safeguard its Data

"In a development that is already causing alarm among privacy advocates, search engine giant Google Inc. is reported to be enlisting the help of the National Security Agency to investigate recent cyberattacks that Google says originated from China.
The Washington Post , quoting unnamed sources, today said that the NSA and Google are in the process of finalizing an agreement under which the NSA will help Google better defend itself against future attacks. Under the deal, the NSA would not get access to users' search information or e-mail accounts and Google would not share any proprietary data, the source claimed."

Read more...

Shmoocon Videos!

Check them out...

Great job opening!

If anyone is looking for a challenging and fun position with a great bunch of guys doing cool projects, check out this opening:

http://intrepidusgroup.com/careers.php#senior_consultant

Verizon MiFi Device Hacked

Any MiFi - pwnd!

Check it out...

FOSE Expo - March 23-25th in Washington, D.C.

"FOSE is the #1 government-focused technology event of the year. It offers a FREE Expo floor to all government, military & government contractors. The conference includes the CyberSecurity Pavilion and Focus on Digital Forensics. The show takes place on March 23-25 in Washington DC.

You are well aware of the challenges we as a CyberSecurity community face from rapid changes in the technology landscape. FOSE 2010 is the place to discover opportunities and solutions along with changing expectations for government IT professionals.

Register today for the FOSE 2010 experience!

You can expect:
- 3 days of IT resources helping you navigate today’s shifting tech landscape
- 2 full conference days packed with education on emerging technologies, trends, and new improvements to existing solutions
- Thousands of products on the FREE* EXPO floor allowing you to gain one-on-one insight into the capabilities of our exhibitors through demos, theater presentations and FREE Education.
- Attend the Accenture CyberSecurity Pavilion or Focus on Digital Forensics.

*FOSE is a must-attend free show for government, military, and government contractors.

Check it out...