This security boy got religion!

Hello to all you security geeks out there.  This is just a quick note to let you know I have another blog that I just started.  I just joined the Unitarian Universalist Congregation of Atlanta (UUCA) and wanted to write up some of my spiritual perspectives.  So if any one is interested, the name of the new blog is Gnu UU.  See… I may have went and got all holy and stuff… but I'm still a geek.  Look for continual erratic updates to this blog.  Thanks to all my readers, keep the emails coming, but feel free to comment every know and then too!


Videos from HITBSecConf2007 – Dubai released

The videos from the first ever deep-knowledge security
conference to be held in the UAE; HITBSecCoinf2007 – Dubai is now
available for download. Unlike our conferences in Malaysia where the
ENTIRE conference is recorded and the videos released on Bit Torrent,
for the Dubai event we only recorded the welcome address by H.E. Mr.
Mohammed Nasser Al Ghanim (Director General of the UAE's
Telecommunications Regulatory Authority – TRA) and the keynote
presentations by Mikko Hypponen (Chief Research Officer, F-Secure Corp)
and Lance Spitzner (Founder, Honeynet Project). The videos are all on
Google Video so no torrent downloads required 🙂

Welcome Address by HE. Mohammed Nasser Al Ghanim & Day 1 Keynote by Mikko Hypponen (Part 1):

Day 1 Keynote by Mikko Hypponen (Part 2):

Macrovision infects Windows Media Center

Windows Media Center is
infected with “Macrovision.” Macrovision is the crippleware that some
TV stations and networks use to stop you from recording their shows.
Though there is no law requiring manufacturers to install this kind of
Macrovision — and though it's not illegal to ignore Macrovision and
record a show anyway — Microsoft implements it for WMC, and infected
its customers with it after disguising it as an “update.”

Microsoft probably did this to bribe the cable
operators into giving it access to encrypted television, though it's
possible (and legal) to record their shows without permission by using
the analog outputs (like theNeuros OSD and mythtv, a DIY Linux-based recorder).

From Boing Boing.

Vista Hacked Again, This Time Even More Effectively

A widely available release, located at the usual pirate havens, from a
scene group entitled 'NoPE' (which doesn't appear to have released much
else) has quickly become the most highly sought-after asset of
eye-patched, peg-legged, shoulder-mounted-parrot pirate types.

Vista has been leaked in every conceivable form and in all its various
releases and flavours, but has still remained difficult to crack for
the average swashbuckling black-beard.

Various timer programs forcing the activation to hold off indefinitely
and other cracks haven't come close to the efficiency of the recent OEM
BIOS emulation tool-kit that has floated about – but which is
significantly more difficult to use that a 'normal' crack or serial.

The NoPE release has a major key difference to other previous pirated
copies of Vista – it is completely cracked, the product appears
activated, updates work, and no key needs to be entered, straight from
the installation media without any effort on the part of the pirate.

We presume that the hackers have managed to replace the Vista image on
the DVD, with the pre-cracked version. Microsoft moved to an
image-based install with Microsoft Vista, as opposed to the usual
convoluted set up process.

Read more on The Inquirer.

The evil side of Firefox extensions: FFsniFF (FireFox sniFFer)

FFsniFF is a simple Firefox extension, which transforms your browser
into the html form sniffer. Every time the user click on 'Submit'
button, FFsniFF will try to find a non-blank password field in the
form. If it's found, entire form (also with URL) is sent to the
specified e-mail address. It also has the ability to hide itself in the
'Extensions manager'.

Get the bits from azurIt.

(ISC)2 to Modify Requirements for Obtaining the CISSP

The (ISC)2 board of directors has approved new experience requirements
for the CISSP certification, effective 1 October, 2007. While these
changes will not affect current holders of the CISSP or those scheduled to take
the exam by 30 September 2007, we wanted you to be aware of

It is the responsibility of the (ISC)2 board of directors to continually
review the entire spectrum of the consortium’s education and
certification programs to ensure that (ISC)2 continues to provide the
“gold standard” of professional certification in the information
security industry. The board believes these new requirements will assure
organizations worldwide that CISSPs have demonstrated they can meet the
challenges of an ever-increasing threat environment, while you as an (ISC)2
member can be assured that the rigorous standards of the CISSP are being
maintained in a maturing profession.

The new requirements include the following components:

  • The
    minimum professional experience requirement for CISSP
    certification will be five years of relevant work experience in
    two or more of the 10
    domains of the CISSP CBK, or
    four years of work experience with an applicable college degree or a credential from the
    (ISC)2-approved list
    . The current requirements for the
    CISSP call for four years of work experience in one or more of the 10 domains of the CISSP CBK, or
    three years of experience with an applicable college degree or a
    credential from the (ISC)2-approved list.
  • Candidates for any (ISC)2 credential will be required to obtain an endorsement of their candidature exclusively from an (ISC)2-certified professional in good standing.
    The professional endorsing the candidate can hold any (ISC)2 certification
    – CISSP, SSCP or CAP.
    Currently, candidates can be endorsed by an officer from the
    candidate’s organization if no CISSP endorsement can be obtained.
    The board believes that only an (ISC)2-credentialed professional
    bound by its Code of Ethics
    should provide a candidate endorsement.

Should you have any questions, please visit or contact
us at

Z Backscatter Van Drive-By Screening System

A breakthrough in X-ray detection technology, AS&E's Z
Backscatter Van (ZBV) is a low-cost, extremely maneuverable screening
system built into a commercially available delivery van. The ZBV allows
for immediate deployment in response to security threats, and its high
throughput capability facilitates rapid inspections. The system's
unique “drive-by” capability allows one or two operators to conduct
X-ray imaging of suspect vehicles and objects while the ZBV drives

The ZBV can also be operated in stationary
mode* by parking the system and producing X-ray images of vehicles as
they pass by. Screening can also be accomplished remotely while the
system is parked. Remote operation allows scanning to be done safely,
even in dangerous environments, while maintaining low-profile
operation. The system is unobtrusive, as it maintains the outward
appearance of an ordinary van.

Boing Boing has also posted about this rolling invader of privacy.  Get the details from the manufacturer, AS&E.