http://www.theregister.co.uk/2015/06/04/mad_mcafee/ By Alexander J Martin The Register 4 June 2015 Infosec 2015 – John McAfee delivered a surprisingly non-controversial keynote speech to the London Infosec Conference on Wednesday afternoon, lauding the value of privacy, doing so – to the concern of his bewildered audience – whilst seemingly tickling himself through the cloth of his pocket. McAfee’s talk was essentially a rant against governments’ security-compromising activities, summed up by his statement: “We cannot allow a fearful government to create weaknesses in the very software we are trying to protect. By putting backdoors in the software, we have given hackers the access we are trying to prevent.” Easily the rockstar of infosec, McAfee took to the stage fashionably late – though his audience had remained comfortable, being plied with free alcohol, free food and an enjoyable musical set (wasted on Infosec’s more senior attendees) during their wait. The man himself, a young 70-year-old in a handsome navy suit, looking and seeming much like a millionaire version of Matthew McConaughey’s Rust Cohle, was quick to address what he regarded as the major political influences upon security and explicitly criticised governments’ notions of backdooring software. A strong approach to a conference which has always had plenty of government security bods attending. “Take control of your lives,” McAfee urged Infosec. “Say ‘I am going to be responsible for myself, at least to some extent.’ Governments cannot protect you.” […]
http://www.nj.com/entertainment/tv/index.ssf/2015/03/csi_cyber_review_patricia_arquette_cbs.html By Vicki Hyman NJ Advance Media for NJ.com March 04, 2015 Thank goodness Patricia Arquette just won an Oscar, because otherwise I’d really have nothing to say about “CSI: Cyber.” The newest “CSI” franchise, which debuts on CBS tonight at 10 p.m., is about the FBI’s cyber crime division, comes with all the series’ high-tech visual flourishes and stars “Boyhood” star Arquette, who, um, just won an Oscar. Yeah. Oh! This time, the Who theme song is “I Can See For Miles.” I’m not saying “CSI: Cyber” isn’t worth watching. I’m just saying there’s not a heck of a lot to say about it. (The original flavor “CSI” is still plugging away after 15 years, while the Miami and New York franchises lasted 10 and 9 seasons, respectively. The latest entry is a bit different in that there’s a lot of people peering at computer screens instead of into microscopes. […]
http://www.propublica.org/article/the-worlds-email-encryption-software-relies-on-one-guy-who-is-going-broke By Julia Angwin ProPublica Feb. 5, 2015 Update, Feb. 5, 2015, 8:10 p.m.: After this article appeared, Werner Koch informed us that last week he was awarded a one-time grant of $60,000 from Linux Foundation’s Core Infrastructure Initiative. Werner told us he only received permission to disclose it after our article published. Meanwhile, since our story was posted, donations flooded Werner’s website donation page and he reached his funding goal of $137,000. In addition, Facebook and the online payment processor Stripe each pledged to donate $50,000 a year to Koch’s project. The man who built the free email encryption software used by whistleblower Edward Snowden, as well as hundreds of thousands of journalists, dissidents and security-minded people around the world, is running out of money to keep his project alive. Werner Koch wrote the software, known as Gnu Privacy Guard, in 1997, and since then has been almost single-handedly keeping it alive with patches and updates from his home in Erkrath, Germany. Now 53, he is running out of money and patience with being underfunded. “I’m too idealistic,” he told me in an interview at a hacker convention in Germany in December. “In early 2013 I was really about to give it all up and take a straight job.” But then the Snowden news broke, and “I realized this was not the time to cancel.” […]
http://www.csoonline.com/article/2854672/business-continuity/the-breach-at-sony-pictures-is-no-longer-just-an-it-issue.html By Steve Ragan Salted Hash CSO Dec 2, 2014 I’m going to make a prediction. The breach at Sony Pictures has nothing to do with North Korea, aside form the fact that the destructive malware believed to be present on Sony’s network is similar to the malware used in South Korea in 2013 – an incident that was blamed on North Korea. Furthermore, I predict there will be an insider aspect to Sony’s breach. The first part of the attack on Sony centered on compromising records, once done, the attackers planted malware that was timed – based on the FBI memo – to activate just before Thanksgiving. The easiest way to accomplish this task – assuming I’m right – is by having someone on the inside with just enough access that everything looks normal with a passive glance at the logs. The second part of the attack on Sony is the aftermath, including the financial burden of dealing with box office losses, employee issues, as well as any fines that are sure to be levied. Sony’s just starting to enter this phase. On Monday, GOP (Guardians of Peace), the group claiming responsibility for the attack on Sony, pushed 25GBs worth of data to the public domain. They say this is only a fraction of the data they were able to compromise, suggesting to one media outlet that they were harvesting records for more than a year before making themselves known. A year. […]
http://www.cnet.com/news/jimmy-kimmel-tops-macaffees-list-of-most-dangerous-cybercelebrities/ By Chris Matyszczyk @ChrisMatyszczyk CNet News October 1, 2014 You might think that, with his little quips and pokes after many have gone to bed, Jimmy Kimmel is a sweet, mischievous kitten. Beneath that furry exterior, though, lies a criminal mind. No, I’m not suggesting Kimmel is an embezzler
http://arstechnica.com/security/2014/06/at-least-32000-servers-broadcast-admin-passwords-in-the-clear-advisory-warns/ By Dan Goodin Ars Technica June 19, 2014 An alarming number of servers containing motherboards manufactured by Supermicro continue to expose administrator passwords despite the release of an update that patches the critical vulnerability, an advisory published Thursday warned. The threat resides in the baseboard management controller (BMC), a motherboard component that allows administrators to monitor the physical status of large fleets of servers, including their temperatures, disk and memory performance, and fan speeds. Unpatched BMCs in Supermicro motherboards contain a binary file that stores remote login passwords in clear text. Vulnerable systems can be detected by performing an Internet scan on port 49152. A recent query on the Shodan search engine indicated there are 31,964 machines still vulnerable, a number that may not include many virtual machines used in shared hosting environments. “This means at the point of this writing, there are 31,964 systems that have their passwords available on the open market,” wrote Zachary Wikholm, a senior security engineer with the CARInet Security Incident Response Team. “It gets a bit scarier when you review some of the password statistics. Out of those passwords, 3,296 are the default combination. Since I’m not comfortable providing too much password information, I will just say that there exists a subset of this data that either contains or just was ‘password.'” A separate blog post from security training institute Sans confirmed the contents of the advisory. […]
“Dear Tech Support:
Last year I upgraded from Girlfriend 7.0 to Wife 1.0. I soon noticed that the new program began unexpected child processing that took up a lot of space and resources. In addition, Wife 1.0 installed itself into all other programs and now monitors all other system activity. Applications such as Poker Night 10.3, Football 5.0, HuntingAndFishing 7.5, and Racing 3.6. I can’t seem to keep Wife 1.0 in the background while attempting to run my favorite applications. I’m thinking about going back to Girlfriend 7.0, but the uninstall doesn’t work on Wife 1.0. Please help!
Thanks …Troubled User”
“Dear Troubled User:
This is a very common problem. Many people upgrade from Girlfriend 7.0 to Wife 1.0, thinking that it is just a Utilities and Entertainment program. Wife 1.0 is an OPERATING SYSTEM and is designed by its Creator to run EVERYTHING!!! It is also impossible to delete Wife 1.0 and to return to Girlfriend 7.0. It is impossible to uninstall, or purge the program files from the system once installed. You cannot go back to Girlfriend 7.0 because Wife 1.0 is designed not to allow this. Look in your Wife 1.0 manual under Warnings-Alimony-Child Support. I recommend that you keep Wife 1.0 installed and work on improving the configuration. I suggest installing the background application YesDear 99.0 to alleviate software augmentation.
The best course of action is to enter the command C:\APOLOGIZE because ultimately you will have to do this before the system will return to normal anyway.
Wife 1.0 is a great program, but it tends to be very high maintenance. Wife 1.0 comes with several support programs, such as CleanAndSweep 3.0, CookIt 1.5 and DoBills 4.2. However, be very careful how you use these programs. Improper use will cause the system to launch the program NagNag 9.5. Once this happens, the only way to improve the performance of Wife 1.0 is to purchase additional software. I recommend Flowers 2.1 and Diamonds 5.0, but beware because sometimes these applications can be expensive.
WARNING!!! DO NOT, under any circumstances, install SecretaryWithShortSkirt 3.3. This application is not supported by Wife 1.0 and will cause irreversible damage to the operating system.
WARNING!!! Attempting to install NewGirlFriend 8.8 along with Wife 1.0 will crash the system.
(see Wife 1.0 manual, Apologize, High Maintenance & Secretary with Short Skirt)”
http://insecure.org/news/fulldisclosure/ March 25, 2014 Like many of us in the security community, I (Fyodor) was shocked last week by John Cartwright’s abrupt termination of the Full Disclosure list which he and Len Rose created way back in July 2002. It was a great 12-year run, with more than 91,500 posts during John’s tenure. During that time he fought off numerous trolls, DoS attacks, spammers, and legal threats from angry vendors and researchers alike. John truly deserves our appreciation and thanks for sticking with it so long! Some have argued that we no longer need a Full Disclosure list, or even that mailing lists as a concept are obsolete. They say researchers should just Tweet out links to advisories that can be hosted on Pastebin or company sites. I disagree. Mailing lists create a much more permanent record and their decentralized nature makes them harder to censor or quietly alter in the future. Jericho from OSVDB and Attrition elaborates further in this great post. Upon hearing the bad news, I immediately wrote to John offering help. He said he was through with the list, but suggested: “you don’t need me. If you want to start a replacement, go for it.” After some soul searching about how much I personally miss the list (despite all its flaws), I’ve decided to do so! I’m already quite familiar with handling legal threats and removal demands (usually by ignoring them) since I run Seclists.org, which has long been the most popular archive for Full Disclosure and many other great security lists. I already maintain mail servers and Mailman software because I run various other large lists including Nmap Dev and Nmap Announce. […]