Thursday, January 03, 2002

NIST Vulnerability and Threat Portal
US Government Attack and Vulnerability Services
The Complete, Unofficial TEMPEST Information Page
Across the darkened street, a windowless van is parked. Inside, an antenna is pointed out through a fiberglass panel. It's aimed at an office window on the third floor. As the CEO works on a word processing document, outlining his strategy for a hostile take-over of a competitor, he never knows what appears on his monitor is being captured, displayed, and recorded in the van below.

Wednesday, January 02, 2002

OpenAntiVirus Project
Successful open source software always proves excellence in reliability, effectiveness, scalability, and portability. The Apache httpd, the Linux operating system and Perl as a scripting language or in the field of security OpenSSH, OpenSSL and GnuPG are prominent examples disguising that there are important fields lacking comparable solutions. One of these fields is anti-virus software. Previous attempts to fill the gap failed due to lack of concept and/or inability to attract essential expertise. To build a network of anti-virus developers within the Open Source Community providing mandatory resources for communication and project management the OpenAntiVirus Project was founded August 30th 2000.

Monday, December 31, 2001


Social Engineering Fundamentals, Part I: Hacker Tactics

One morning a few years back, a group of strangers walked into a large shipping firm and walked out with access to the firm’s entire corporate network. How did they do it? By obtaining small amounts of access, bit by bit, from a number of different employees in that firm. First, they did research about the company for two days before even attempting to set foot on the premises. For example, they learned key employees’ names by calling HR. Next, they pretended to lose their key to the front door, and a man let them in. Then they "lost" their identity badges when entering the third floor secured area, smiled, and a friendly employee opened the door for them.
The strangers knew the CFO was out of town, so they were able to enter his office and obtain financial data off his unlocked computer. They dug through the corporate trash, finding all kinds of useful documents. They asked a janitor for a garbage pail in which to place their contents and carried all of this data out of the building in their hands. The strangers had studied the CFO's voice, so they were able to phone, pretending to be the CFO, in a rush, desperately in need of his network password. From there, they used regular technical hacking tools to gain super-user access into the system.
In this case, the strangers were network consultants performing a security audit for the CFO without any other employees' knowledge. They were never given any privileged information from2