TKO - Built for disaster

A new book coming out, Harboring Data: Information Security, Law, and the Corporation (Stanford Law Books) , caught my eye. And this interview with the editor of the book, Andrea M. Matwyshyn, makes me want to read it now. "People are using the Internet more, which is a good thing. But such information sharing is leading to additional points of vulnerability. Twenty years ago, there weren't databases full of such rich consumer information as we have today. The ease of sharing information through the Internet generates targets for information criminals." With an expected ~50% increase of internet users within the next four years the net must be considered as a paradise in cyber space for criminals.

Uh-oh... So this Japanese team claims they will break WPA-TKIP in less than 60 seconds and demonstration of this will be at IEICE in Hiroshima September 25th. As there are not so few of these implementations around the globe this will take WiFi security into a totally new level. This will also affect my favorite PCI-DSS in a major way since WPA is concidered safe, and even WEP is acceptable, if certain conditions are met. Mind you, this only affects WPA-TKIP, not WPA-AES nor WPA2. Pheww... or?

"Yeah, we’re weird, strange, introverted, use big words, and occasionally smell of pizza, but we do what we do ’cause we love it and because it’s hard and challenging." Have an inside look at your SysAdmin's thoughts. Why does he/she operate in that way? What makes their clocks tick? Every day should be a SysAdm appreciation day !

Oh Lord! Kiss is at it again. Their Alive 35 tour (35 for the amount of years since the band started, or is it the version number?) kicks off in Motor City September 25th. Will they come to Europe after that? As usual, money talks, and if enough is offered we'll see them here early 2010. And Mr Simmons promises this tour to be the best ever - louder, faster and more spectacular. Go figure. Security: Are you a victim of fake virus scans ? I've stated it over and over again: don't use anything to scan your computer with unless it is a well-known AV-scan. A pop-up offering free virus/malware scan when surfing the net is probably not one you need to try out. Incidents: Cisco AP's are giving away unencrypted information according to PCWorld/AirMagnet. Nothing in this story is new to me, NetStumbĺer, sniffing mac-adresses, airsnort, airodump-ng etc... What am I missing here? Update[1]: Ohhh... OK. Now I get it . Law/Hacks: Mr Gonzales isn't going to get an easy tria...

The weekend passed by with both sunshine and rain. I managed to stay away from the keyboard for lengthy periods. The Finns showed off their worst side at WC in athletics in Berlin. Four guys in javelin finals and none of them managed to get a shiny coin hanging 'round their neck. A former javelin champion (Seppo Räty) even commented on this: "We have four dudes in the finals, and not one of them could reach 82+ metres, which would have earned them the bronze medal. It was there, just get it. It was on sale, dammit!" Security: So the US Air Force finally decided where their cyber center should be. 24th AF in Texas won . World: A BBC'ers view on what youngsters hacking is all about. Google feeds them and takes the good ideas? World: And another view on hacker's lives comes from JimenaPulse. Quite the contrary from the BBC-blog, huh? Hacks: Just a friendly plug for Open Web Application Security Project ( OWASP ). It's a handy wiki to look at. Hacks: Alway wo...

No entry yesterday. And there's a reason why. Sometimes the dude has a lot of work and since this is a hobby blog it has to stand back while the monadas rules time. I also had buffalo meat for the first time in my life (if it really was buffalo), nothing exciting, tasted just like any cow. But it was a nice dinner (job related) with nice stories told. Incidents: From altar boy to Secret Service helper to Tony Montana. Here's a little background on Mr Gonzales, the guy that alledgedly took care of some 170 130 million credit cards. Law: Here's an interesting way of getting incident details from reluctant companies. Blame John Doe! Hacks: And now for the next level of ID-thefts . Web browser hacking real time. Interesting: Opera browser is the preferred hacker browser , this article claims. Interesting or not, what is more interesting is how the statistics were gathered. Incidents: The social engineering whiz kid Kevin Mitnick had his data breached a while ago. Now AT...

So the first signs of fall appeared today. First day in weeks I couldn't tak the bike to work. Schools stated today and hence I had to take my older boy to school in the car. Ah well, all good things must come to an end. Maybe I will have the time to take apart the bike and customize it in the ways I always planned to. Or maybe it'll just come to taking out the battery for witner care, as usual. But I'll keep on dreaming. Hacks: Social skills are as important as programming knowledge when it comes to penteration testing [or it could be used in malicious ways of course, but we don't, ringht?] and the creativity amongst people obtaining knowledge never ends to stun me. Hacks: Ethical hackning seems to be popular title to hide behind. Here's a security primer on how things can be done, written in proper English and not the hacker jibberish nerds speak. Hacks: More on social skills , or sort of. How do you use your mail? Do you have different mail accounts for diff...

The press is calling it the biggest credit card fraud ever prosecuted. 130 million numbers were stolen from 7-eleven, Hannaford and Heartland. Now it's time for USA to try the case in court. You can read the full indictment here . Incidents: Uh-oh... this clever hacker/group didn't see the sh-t hit the fan, until it was too late . But then again I guess he was laughing too much to notice. Oz police obviously knows about honey-pots. Security: IEEE has put together a group called ICSG (Industry Connections Security Group). What it aims for is to pool experience and resources of "heavyweights" as McAffee, Symantec, Microsoft etc. I believe there will be interesting discussions in how to pin-point and deliver from this group. World: ID-hijacking in cyber warfare - and how you can be caught in crossfire without even noticing it. Russia vs. Georgia war last year apparently used US-citizens ID's to deploy bits and pieces at the cyber frontier. World: Larry Wals...

Oh boy... 9.58... how fast is that! I knew he had it in him (since i read blogs ;-)) but that is just amazing. I thought I had missed it watching another channel, but they were late and I got to see the event, and the cheeky bastard looked at the clock at the end. Congratulations to the new world record Mr Bolt. World: Anakata, of Piratebay fame, had a blast at HAR (Hacking at random) in Holland during the weekend. Tim Kuik ( BREIN , who won a case aginst Piratebay two weeks ago) got into a clash with Anakata during a panel discussion. Patch: It takes an average 29.5 days to get computers patched against vulnerabilities. Why does that ring bells and why does that correlate to monthly patching schedules from a large Redmond company? Can there some truth behind 0-day exploits being released just after patch Tuesday? Security: I don't agree with this writer . I don't think firewalls are necessary at all. In a majority of scenarios they do nothing at all to secure your comput...

I just can't let this pass by without posting at least a collection of links discussing the CSO magazine interview with Heartland CEO Robert Carr. By chewing off this huge portion of his foot he stirred up the PCI-DSS community big time. Links can be found here . And my personal favorite from Andy ITGuy.

Riding home from work today I barely escaped the rain. On Tuesday I wasn't as successful as the rain drenched me. And the weather people "promised" the weather would change to Mediterranean style due to global warming. I guess they were as accurate as always when trying to predict the weather, even for the next day. I wouldn't mind a few more sun hours à la Spain's south coast, though. Maybe my garden would actually produce some veggies and fruit for once, as it is now the summer is too short for any significant growth of anything. Bring it on! Incidents: Conficker just doesn't give up. Goes on and on forever it seems. We had serious infections earlier this year in Sweden when hospital computers went out of service due to Conficker. In Missouri City computer and phone networks gave in Thursday morning. Hacks: Have you ever used the "Free Public Hotspot" WiFi service? They seem to pop up everywhere , not just airports. They are seldom free, you nor...

Sweden beat Finland in football /that is spelled soccer for you in the states/ and nothing is new... Finns only know about engine sports, like motorbikes and rally cross or Formula 1, oh... they've got saunas too. Patch: Oh well... and we thought Oracle was bad at releasing bugfixes. Seems Microsoft is neglecting some reports too . Law: I know everyone is commenting Microsoft not allowed selling MS Word... but it is just so amazing . How can a local judge in eastern Texas make a ruling like this? Maybe I just don't understand ... Hacks: One would wish that applications for schools could be kept within a few people, but not. UC Berkeley Graduate School of Journalism let some info out . This time the breach only affected 493 people, but in May Berkeley had some more to think about. Big Brother: President Obama's efforts to get the CyberCity czar in place seems difficult, to say the least. Am I right in (reading between the lines) thinking that people in office realize th...

At first I had no idea what this guy was ranting about ... then I got to the pun... Almost laughed my pants off.

Well... in America (I guess USA) it is. Although Damballa's site has a nice "real-time" map of ongoing netbot activity.

Not a good day to start with. Came down with some kind of major flu, feel feverish, joints ache, and nose running worse than Niagara falls. Yeah, I know, I'm a guy, and as soon as something, however minor, hits, I'm (all guys) become helpless little puppies squeling for mercy and enter the state of not being capable of anything... And this can never be emphasized enough. Passwords are not for fun (only). Even if everyone in security gives talks and lessons, and everyone else nods "Yes, we understand", still, breaches are very common due to weak passwords. Just follow the guidelines . PCI-DSS: A new version, 1.2.1, has been released . No spectacular changes made. Mostly clarifications, redundancy removals and spelling corrections. If you want to be up-to-date, the documents can be downloaded here: PCI-DSS , PA-DSS and PA-DSS Program Guide . PCI-DSS: Small merchants have a higher awareness of PCI-DSS today, compared to a year ago, according to this study Not surpris...

A lot of buzz going on about DDoS and how to prevent them. Now, this will probably take a while, so don't hold your breath or wager your last savings. Since the pipes to your site/ISP is just so wide you can't do much to prevent bad things happening when a 100k of computers start throwing garbage (or legitimate for that matter) requests at your stack. Even force feeding your goose to get your daily dose of foie gras has it's limits, no matter what kind of feeding mechanisms you use. DDoS will be around for a long while, so let's just pray you will not be the victim of such an evil attack, even though these are short term (hours/days) and eventually will go away when a new and "nobler" cause comes the attackers way. And now to today's links: PCI-DSS: Oh no!!! Not that PCI-thingie again! Well, you'll hear a lot about it, not just here. It's here to stay. It's a good start, and if you comply you're well on your way of securing your network....

Warm weekend went by with good food, drinks and beach. Somewhere along the way a few movies went by on the telly, none worth mentioning though. Seems there are fewer and fewer to even mention these days. Guess before too long I will claim things were better in the olden days... Weekend links has very little to do with computers as it seems not much of interest has happened in that area: World: ETA, the Basque liberation group raised their voice , this time in Mallorca, the holiday paradise island for a lot of Europeans. World: What is it with the Hudson river? Another crash during the weekend, this time a helicopter and a plane collided. World: Finland takes gold in world sauna championships ... Like that would come as a surpise? Interesting: So it takes 10.000 hours to become an expert at something. How long does it take to become intermediate at something? Good enough to get paid for the work in, let's say, C programming or networking? Not everyone can be called an expert, ...

Thought I'd start contributing interesting links. Mostly security related stuff concerning computers, networking et al. Incidents : The twitter DDoS incident apparently was triggered from disagreement with a sole blogger. Facebook got some heat from this too. Security: Databases are often bypassed when it comes to securing information. Even at large companies. Here are some guidelines to cure that illness. Interesting: So you thought DNA only was good for designing/programming your bodily functions and shapes? How wrong have you been? Nano-beachball, anyone? Big Brother: Has Apple had enough of replacing gadgets due to consumers handling their equipment wrongly? This patent seems to be some kind of "Black Box" equivalent for iPhones/iPods/iWhatever that records abusive handling of Apple gadgets so the customers can't claim replacement too easily. Patch: Microsoft hasn't had much of a holiday season. Busy bees at Redmond have been releasing patches at a bla...