The Attacks on GRC.COM
Nothing more than the whim of a 13-year old hacker is required to knock any user, site, or server right off the Internet.
I believe you will be as fascinated and concerned as I am by the findings of my post-attack forensic analysis, and the results of my subsequent infiltration into the networks and technologies being used by some of the Internet's most active hackers.
Wednesday, July 04, 2001
Microsoft Does Not Understand Security
With a bit of horror, I learned that Microsoft's developers have no understanding of security.
With a bit of horror, I learned that Microsoft's developers have no understanding of security.
Spy Suspect Hanssen to Plead Guilty
Trying to close the books on an espionage debacle that rocked the FBI, the government struck a deal with ex-agent Robert Hanssen that would spare his life in exchange for a full confession detailing secrets he sold the Russians, people familiar with the case said Tuesday.
Trying to close the books on an espionage debacle that rocked the FBI, the government struck a deal with ex-agent Robert Hanssen that would spare his life in exchange for a full confession detailing secrets he sold the Russians, people familiar with the case said Tuesday.
Spy Agency Reveals Some, Not All
Hidden along Route 32, in a drab beige building that looks every bit the cheap motel it once was, is America's official museum of secrets.
Hidden along Route 32, in a drab beige building that looks every bit the cheap motel it once was, is America's official museum of secrets.
Sunday, July 01, 2001
Windows 2000 Security Recommendation Guides
NSA has developed and distributed configuration guidance for Microsoft Windows NT in the form of NT configuration guides. These guides are currently being used throughout the government and by numerous entities as a security baseline for their NT systems.
To assist our Windows 2000 user community, NSA has developed security configuration guidance for Windows 2000, with the cooperation of the other government agencies and industry partners who provided their expertise and extensive technical review. The configuration guides for Microsoft Windows 2000 are being posted on the NSA web site and are presented in three parts: ".inf" files, configuration guides, and supporting documents.
Wednesday, June 27, 2001
Echelon Spy System
The Croatian NSEI System is Based on the American Spy System ‘Echelon’.
The Nacional Central Electronic Reconnaissance system (NSEI) is the most powerful and most secretive part of Croatia’s intelligence system. In the last ten years, massive financial resources have been invested in this system. As a specially organized unit of the Office for National Security (UNS), this system is responsible for monitoring all connections with countries outside of Croatia’s borders, as well as for monitoring all connections within Croatia which have any association with terrorist acts, intelligence or with directed attempts to destroy the constitutional system.
The monitoring system automatically turns itself on and records any telephone conversations when key words are mentioned, such as explosive, bomb, package, president, minister and others. The American system ‘Echelon’ operates in a similar, albeit much more complex and vast way throughout the world.
The Croatian NSEI System is Based on the American Spy System ‘Echelon’.
The Nacional Central Electronic Reconnaissance system (NSEI) is the most powerful and most secretive part of Croatia’s intelligence system. In the last ten years, massive financial resources have been invested in this system. As a specially organized unit of the Office for National Security (UNS), this system is responsible for monitoring all connections with countries outside of Croatia’s borders, as well as for monitoring all connections within Croatia which have any association with terrorist acts, intelligence or with directed attempts to destroy the constitutional system.
The monitoring system automatically turns itself on and records any telephone conversations when key words are mentioned, such as explosive, bomb, package, president, minister and others. The American system ‘Echelon’ operates in a similar, albeit much more complex and vast way throughout the world.
In-Q-Tel
In-Q-Tel is dedicated to developing information technology for the CIA that is commercially available, affordable, and supported. In-Q-Tel seeks technology that enables the gathering of accurate, comprehensive and timely foreign intelligence in the interest of national security.
Email snooping almost banned
A cluster of new laws will soon come into effect curbing companies' rights to snoop through workers' emails.
Workers sending personal email across the corporate pipeline will gain a little more protection than they have at present but privacy advocates warn that it won't be a lot.
A cluster of new laws will soon come into effect curbing companies' rights to snoop through workers' emails.
Workers sending personal email across the corporate pipeline will gain a little more protection than they have at present but privacy advocates warn that it won't be a lot.
WWW.huh?: You Are the First Line of Defense
Defense Department computer security systems and specialists foiled nearly 22,500 would-be intruders in 1999 and 24,500 in 2000. There's no let-up in sight.
Sigaba Updates Email Encryption Gateway
Sigaba announced the availability of the its Email Encryption Gateway (SEEG) version 2.0. Enhancements include compatibility with the proposed Advanced Encryption Standard (AES), expanded desktop email encryption support and interoperability with Sigaba Courier. Sigaba Courier is an HTML-based product for use with SEEG version 2.0 that allows users to open Sigaba encrypted email, without the need to download any additional software.
Sigaba announced the availability of the its Email Encryption Gateway (SEEG) version 2.0. Enhancements include compatibility with the proposed Advanced Encryption Standard (AES), expanded desktop email encryption support and interoperability with Sigaba Courier. Sigaba Courier is an HTML-based product for use with SEEG version 2.0 that allows users to open Sigaba encrypted email, without the need to download any additional software.
Hampton, New Hampshire Man Convicted and Sentenced for Hacking into Former Employer's Computer Server
McKenna, who was fired by Bricsnet on Friday, October 20, 2000, hacked into his former employer’s computer server on two occasions. The first time was the evening of Friday, October 20, 2000, the day he was fired. The second was the following morning, Saturday, October 21, 2000. McKenna remotely accessed the computer server of his former employer, via the Internet, without authorization and caused damage in four ways: 1) he deleted approximately 675 computer files; 2) he modified computer user access levels; 3) he altered billing records; and, 4) he transmitted E-mails, which purported to have originated from an authorized representative of the victim corporation, to over one hundred (100) clients. Those E-mails contained false statements about business activities of the corporation.
McKenna, who was fired by Bricsnet on Friday, October 20, 2000, hacked into his former employer’s computer server on two occasions. The first time was the evening of Friday, October 20, 2000, the day he was fired. The second was the following morning, Saturday, October 21, 2000. McKenna remotely accessed the computer server of his former employer, via the Internet, without authorization and caused damage in four ways: 1) he deleted approximately 675 computer files; 2) he modified computer user access levels; 3) he altered billing records; and, 4) he transmitted E-mails, which purported to have originated from an authorized representative of the victim corporation, to over one hundred (100) clients. Those E-mails contained false statements about business activities of the corporation.
New Encryption and Decryption drafts
The W3C released initial drafts of XML Encryption Syntax and Processing and Decryption Transform for XML Signature.
The W3C released initial drafts of XML Encryption Syntax and Processing and Decryption Transform for XML Signature.
Study: Interactive TV Could Be 'Spy in Your Home'
A new report from the Center for Digital Democracy (CDD) warns that the privacy concerns of the Internet will be magnified by interactive television (ITV), as technology makers and marketers turn the living room into a laboratory and track everything from income to favorite color.
San Angelo, Texas: Home of Spies
Thanks to neighboring Goodfellow Air Force Base, this isolated West Texas city of 87,000 may harbor more spies, ex-spies and future spies per capita than any place in America, save Washington, D.C.
Thanks to neighboring Goodfellow Air Force Base, this isolated West Texas city of 87,000 may harbor more spies, ex-spies and future spies per capita than any place in America, save Washington, D.C.
Sunday, June 24, 2001
Statement for the Record for the Joint Economic Committee Cyber Threat Trends and US Network Security
In 2015 we anticipate that the world will almost certainly experience quantum leaps in information technology (IT) and in other areas of science and technology. IT will be the major building block for international commerce and for empowering nonstate actors. Most experts agree that the IT revolution represents the most significant global transformation since the Industrial Revolution beginning in the mid-eighteenth century.
Friday, June 22, 2001
Really Secure E-Mail
To be an effective business tool, e-mail must be controlled so that messages are secure and misuse is minimized. Here, we look at two products for doing just that: One uses digital rights management (DRM) and the other, acceptable usage policy (AUP).
To be an effective business tool, e-mail must be controlled so that messages are secure and misuse is minimized. Here, we look at two products for doing just that: One uses digital rights management (DRM) and the other, acceptable usage policy (AUP).
Russian Computer Hacker Indicted in California for Breaking into Computer Systems and Extorting Victim Companies
A federal grand jury today indicted a Russian computer hacker on a host of federal charges for allegedly breaking into computer systems, stealing credit card information and attempting to extort payments from the victim companies for "computer security services."
Wednesday, June 20, 2001
The Emperor's Codes: The role of Bletchley Park in breaking Japan’s secret ciphers
American hi-jacking of history did not start with the film U-571, as Michael Smith makes clear in this sequel to Station X, his revelations about the pivotal role of GCHQ’s Bletchley Park codebreakers in winning the Hitler war. While Alan Turing and his fellow boffins were applying their mathematical genius exclusively to cracking codes like the U-boats’ ‘Shark’ – in line with the Anglo-American agreement to give the European war theatre precedence – the US Navy’s cryptographers were effectively denying their British opposite numbers vital information on the war in their own Pacific ‘preserve’.
American hi-jacking of history did not start with the film U-571, as Michael Smith makes clear in this sequel to Station X, his revelations about the pivotal role of GCHQ’s Bletchley Park codebreakers in winning the Hitler war. While Alan Turing and his fellow boffins were applying their mathematical genius exclusively to cracking codes like the U-boats’ ‘Shark’ – in line with the Anglo-American agreement to give the European war theatre precedence – the US Navy’s cryptographers were effectively denying their British opposite numbers vital information on the war in their own Pacific ‘preserve’.
Monday, June 18, 2001
SANSFIRE
Welcome to SANSFIRE, a SANS conference with an emphasis on Forensics, Investigation, Response and Education. SANS has a tradition of offering theme based conferences to meet special needs of the defensive information community. Often, bringing security workers with a common problem together will result in a number of breakthroughs. Perhaps you recall SANS ID’99, the seminal gathering leading to the advanced intrusion detection techniques we employ today. Now, perhaps you are asking, “why do we need a forensics conference”?What do you do when you detect an unknown pattern on the network? When you see outbound packets leaving your system, how do you determine what process is causing the activity? If your disk light starts flashing furiously and you aren’t running anything, how do you check it out? When the boss directs you to toss one of the organization’s computer systems, how do you go about doing it? System, security, and network administrators need tools and techniques to face these challenges.
We will offer case studies that illustrate exactly how various tools and processes solved common problems, mini-tutorials on seizure, evidence collection, system and network forensics, data recovery, and product selection. Preceding the Technical Program we will offer five days of leading edge, in-depth courses taught by the highest rated teachers in the world, including leaders in forensics.
Sunday, June 17, 2001
NSA Releases Win2K Security Recommendation Guidelines
The US National Security Agency (NSA) has released a set of guidelines and templates to assist in securing Windows 2000 systems. The materials contain 5 templates to use with Microsoft's Security Configuration Editor, 17 guides to secure various aspects of the OS, and 3 supporting documents with indepth defense coverage and particulars about various popular software packages.
The templates include configuration settings for domain controllers (DCs), domain policy, and server and workstation settings. The guides are available in Adobe Portable Document Format (PDF) and cover a broad range of topics, including network architecture, Group Policy, file and disk resources, Encrypting File System (EFS), DNS, Active Directory (AD), Microsoft IIS, Kerberos, public key infrastructure (PKI), Windows NT and 9x clients, Outlook, and routers.
The US National Security Agency (NSA) has released a set of guidelines and templates to assist in securing Windows 2000 systems. The materials contain 5 templates to use with Microsoft's Security Configuration Editor, 17 guides to secure various aspects of the OS, and 3 supporting documents with indepth defense coverage and particulars about various popular software packages.
The templates include configuration settings for domain controllers (DCs), domain policy, and server and workstation settings. The guides are available in Adobe Portable Document Format (PDF) and cover a broad range of topics, including network architecture, Group Policy, file and disk resources, Encrypting File System (EFS), DNS, Active Directory (AD), Microsoft IIS, Kerberos, public key infrastructure (PKI), Windows NT and 9x clients, Outlook, and routers.
Subscribe to:
Posts (Atom)
