Why you should protect your wireless network with WPA


RFID in the mail… No need to open the Envelope!

They call it the “Johnny Carson attack,” for his comic pose as a psychic divining the contents of an envelope.

Tom Heydt-Benjamin tapped an
envelope against a black plastic box connected to his computer. Within
moments, the screen showed a garbled string of characters that included
this: fu/kevine, along with some numbers.

Mr. Heydt-Benjamin then ripped open the envelope. Inside was a credit
card, fresh from the issuing bank. The card bore the name of Kevin E.
Fu, a computer science professor at the University of Massachusetts, Amherst, who was standing nearby. The card number and expiration date matched those numbers on the screen.

The card companies have implied through their marketing that the
data is encrypted to make sure that a digital eavesdropper cannot get
any intelligible information. American Express has said its cards incorporate “128-bit encryption,” and J. P. Morgan Chase has said that its cards, which it calls Blink, use “the highest level of encryption allowed by the U.S. government.”

But in tests on 20 cards from Visa, MasterCard
and American Express, the researchers here found that the cardholder’s
name and other data was being transmitted without encryption and in
plain text. They could skim and store the information from a card with
a device the size of a couple of paperback books, which they cobbled
together from readily available computer and radio components for $150.

Good Article in the New York TimesFound on Boing Boing, which has more links:

And here is a related post from the guys who did the hack on RFID-cusp blog. (Thanks, Tom Heydt-Benjamin).

Consumerist has a post worth reading here.

Anti-RFID activist group CASPIAN has a response here (see also these previous BB posts about the group's founder, Katherine Albrecht).

Certification Top 10 Lists Revisited

When a story like this ran in 2003, it prompted more responses and
controversy than we imagined. Although we try to be clear that the
order of appearance in any given list indicates nothing about relative
ranking or merit, that aspect of things provokes comment, as does the
inclusion of some little-known credentials or the omission of
better-known ones.

But given that there are more than 850 certifications and more
than 200 certification programs in today’s IT certification landscape,
we hope to help our readers distinguish good ones from mediocre or bad
ones, winners from losers and up-and-comers from programs in their
declining phase. So remember, you can go out and analyze the
marketplace for yourself and plow through the numerous interest, salary
and popularity surveys to try to figure out this stuff for yourself.
While you’re at it, it’s also important to pay attention to what’s
showing up in classified job ads and online postings to determine where
the real action is.

As in the previous survey, we tried to develop a rough
consensus about what’s hot and where the action appears to be in
today’s highly fragmented IT job market. We can’t dispute that these
lists draw heavily on the author’s knowledge, experience and
observations, thus they must also reflect his preferences (and possibly
even biases.) As in the previous collection of lists, each is labeled
by category, along with a short discussion of what characteristics made
credentials most suited for inclusion.

This is from CertMag.com and is getting a good bit of coverage.  Go and see where your certs fit and plan you next few.  Here's the winners:

Best Hands-On Programs: Certified Professional Information Technology Consultant (CPITC)
Best Supporting Materials: (ISC)2 Certified Information Systems Security Professional (CISSP)
Best Specialty Certifications: Brocade Certified SAN Designer (BCSD)
Toughest Recertification Requirements: Cisco Certifications
Best Vendor-Neutral Credentials: Building Industry Consulting Services International (BiCSi)
Most Technically Advanced Programs: (ISC)2 Certified Information Systems Security Professional (CISSP)
Best New Programs or Certs: (ISC)2 Associate Program
Best Entry-Level Certifications:
Certified Wireless Network Administrator (CWNA)

Toolkit to Disable Automatic Delivery of Internet Explorer 7

To help our customers become more secure and up-to-date,
Microsoft will distribute Internet Explorer 7 as a high-priority update
via Automatic Updates for Windows XP and Windows Server 2003 soon after
the final version of the browser is released (planned for fourth
quarter 2006). Microsoft is making a non-expiring Blocker Toolkit
available for those organizations that would like to block automatic
delivery of Internet Explorer 7 to machines in environments where
Automatic Updates is enabled.


  • The Blocker Toolkit will prevent machines from
    receiving Internet Explorer 7 as a high-priority update via Automatic
    Updates and the “Express” install option on the Windows Update and
    Microsoft Update sites. The Blocker Toolkit will not expire.
  • The
    Blocker Toolkit will not prevent users from manually installing
    Internet Explorer 7 as a Recommended update from the Windows Update or
    Microsoft Update sites, from the Microsoft Download Center, or from
    external media.
  • Organizations do not need to deploy the
    Blocker Toolkit in environments managed with an update management
    solution such as Windows Server Update Services or Systems Management
    Server 2003. Organizations can use those products to fully manage
    deployment of updates released through Windows Update and Microsoft
    Update, including Internet Explorer 7, within their environment.

See the “Additional Information” section below for detailed
instructions on configuring and deploying the Blocker Toolkit. The same
information is also provided in the Help file included in the download.

Answers to Frequently Asked Questions can be found here.

So if you don't want to be forced to run IE 7, download this toolkit from Microsoft.

Hacking Web 2.0 Applications with Firefox

AJAX and interactive web services form the backbone
of “web 2.0” applications. This technological transformation brings
about new challenges for security professionals.

This article looks at some of the methods, tools and tricks to dissect
web 2.0 applications (including Ajax) and discover security holes using
Firefox and its plugins. The key learning objectives of this article
are to understand the:

  • web 2.0 application architecture and its security concerns.
  • hacking challenges such as discovering hidden calls, crawling issues, and Ajax side logic discovery.
  • discovery of XHR calls with the Firebug tool.
  • simulation of browser event automation with the Chickenfoot plugin.
  • debugging of applications from a security standpoint, using the Firebug debugger.
  • methodical approach to vulnerability detection.

I guess it's Ajax hacking day.  This article comes from Security Focus.

What You Should Know About AJAX Security: 24 Tutorials

For the most part AJAX does not significantly increase the security
vulnerabilities in most web applications. However, javascript, XML and
asynchronous server calls do have potential holes if not properly
implemented. If you're an application developer or security
professional there are things to watch out for with AJAX applications.
If you're new to AJAX there are many hazards to watch out for, and
tutorials and examples are one of the worst culprits for security
vulnerabilities. Before you start downloading examples and making them
live on your server you should learn a bit about security first. Below,
you'll find a list of tutorials, examples, and articles that will
detail many of the security implications of using AJAX..

As always special thanks to all of the hard work done by the
developers and security professionals who have taken there time to make
all of this great information publicly accessible. Also if you know of
other great resources or tutorials pertaining to AJAX please use my
comments section on this article to add to the overall list. Thanks!

Get all the tutorials on MaxKiesler.com.

MS Replies to XBox Hacks: Hitachi GDR-3120L v0078FK

There's a thread on our forums
about a new version (0078FK) of the Hitachi-LG GDR-3120L Xbox360 DVD
drive found in newly manufactured (starting end august 06 anyway, maybe
earlier too) consoles (mostly found in Australia and UK atm, but soon
probably everywhere).
The drive has many changes to try to make FW hacking harder. Garyopa posted a great summary of all discoveries found so far about this new drive version:

There has been many changes done to the new Hitachi GDR-3120L – Version: 0078fk drive:
* 1: No “memdump” command works, totally new program needed
* 2: Chip type has been changed to a 39VF020, so new “flashsec” program needed
* 3: Black hard glue has been added covering all the chip pins and the controller pins.
* 4: External “debug” triggering into ModeB has been removed.

What does all mean:
* 1: The Team-X kit will no longer work on this drive.
* 2: Dumping the firmware by software is currently not possible
* 3: Wiring in a patching-on-the-fly “mod” would be very hard due to the “new black glue”
* 4: Removing the flash chip to externally be read will destory the drive due to the “new black glue”

What options are left to us:
* 1: Get more people working on this new drive, currently only in UK and Aussie.
* 2: Destory at one drive to be able to dump the firmware, using a external programmer.
* 3: Afterwards sitting down and re-writing all the programs: “memdump, firmcrypt, flashsec”.
* 4: If you can't wait, buy an older produced x360 console (Before Late July/Early Aug. dates).

That's all for now….
We are working on it….
Hopefully some poor soul will give us one personally…
So we can destory it and play with it for everyone else….

From XBox Scene News.