Russian spy ring needed some serious IT help

Russian spy exposes awesome password by writing it down - doh!

Read more...

ThinkGeek.com - Officially our best-ever cease and desist :-)

"Recently we got the best-ever cease and desist letter. We're no stranger to the genre, so what could possibly make this one stand out from the rest?

First, it's 12 pages long and very well-researched (except on one point); it even includes screengrabs of the offending item from our site. And we know they're not messing around because they invested in the best and brightest legal minds.

But what makes this cease and desist so very, very special is that it's for a fake product we launched for April Fool's day."

Read more...

HTTPS Everywhere Firefox extension

"HTTPS Everywhere is a Firefox extension produced as a collaboration between The Tor Project and the Electronic Frontier Foundation. It encrypts your communications with a number of major websites.

Many sites on the web offer some limited support for encryption over HTTPS, but make it difficult to use. For instance, they may default to unencrypted HTTP, or fill encrypted pages with links that go back to the unencrypted site.

The HTTPS Everywhere extension fixes these problems by rewriting all requests to these sites to HTTPS."

Check it out...

Interesting use of steganography

Check it out...

A new version of THC-Hydra!

A new version of hydra is available and it is maintained again after all this time!

Includes changes, lots of fixes and hydra is now under GPLv3.

Get it at http://www.thc.org/thc-hydra/

Devious New Phishing Tactic Targets Tabs

"Most Internet users know to watch for the telltale signs of a traditional phishing attack: An e-mail that asks you to click on a link and enter your e-mail or banking credentials at the resulting Web site. But a new phishing concept that exploits user inattention and trust in browser tabs is likely to fool even the most security-conscious Web surfers."

Read more...

How to Set Up a Secure Web Tunnel

A nice how-to on setting up SSH port-forwarding to protect yourself on public networks.

Read more...

Great write-up on the Zeus banking trojan

ZeuS is a well-known banking Trojan horse program, also known as crimeware. This trojan steals data from infected computers via web browsers and protected storage. Once infected, the computer sends the stolen data to a bot command and control (C&C) server, where the data is stored.

ZeuS is sold in the criminal underground as a kit for around $3000-4000, and is likely the one malware most utilized by criminals specializing in financial fraud. ZeuS has evolved over time and includes a full arsenal of information stealing capabilities:
• Steals data submitted in HTTP forms
• Steals account credentials stored in the Windows Protected Storage
• Steals client-side X.509 public key infrastructure (PKI) certificates
• Steals FTP and POP account credentials
• Steals/deletes HTTP and Flash cookies
• Modifies the HTML pages of target websites for information stealing purposes
• Redirects victims from target web pages to attacker controlled ones
• Takes screenshots and scrapes HTML from target sites
• Searches for and uploads files from the infected computer
• Modifies the local hosts file (%systemroot%\system32\drivers\etc\hosts)
• Downloads and executes arbitrary programs
• Deletes crucial registry keys, rendering the computer unable to boot into Windows

Read more...

Smartphone app supplies hotel key

"Are you sick of always digging in your pocket for that darned hotel room key? And God forbid you lost the thing and have to convince the desk clerk you're you and deserve a replacement, maybe even for a fee! Thanks to a new application that works on nearly every smartphone on the market, you can open your hotel door with your phone and avoid pesky keys or wasteful plastic access cards."

Read more...