If you read this article: http://www.cio.com/archive/031505/security.html

You'd think the sky was falling.

I understand that there's a certain amount of Fear, Uncertainty, and Doubt (FUD) that is required to mobilize people to ensure security, but if you look at where the US is post 9/11 it ain't happening.

Realist Calling Designer of Cellular Communication (aka Professor Hannu H. Kari), the Net will survive well past 2006.

Doofus.

"You're the dumbest smart person I've ever met." - Will Smith, iRobot

 

 

Did it again.

http://www.globetechnology.com/servlet/story/RTGAM.20050228.gtberry0228/BNStory/Technology

Let's hope that CrackBerry security is good enough to hold important Congressional information since every Congressman and House Rep has one and is e-mail from it!

This was a very interesting article: http://www.infosecinstitute.com/blog/ethical_hacking_computer_forensics.html And very sad. T-Mobile should have fixed this problem already. SQL injection on their main Website customer login portal, simple exploit, and now you get to own a SideKick server and access to all of their SideKick csutomer records. Can someone please fix this?

I predicted someone would hack the BlackBerry Network and it's devices, here.

For his next trick, exposing the sick details of every US Congressmen.

The validity of the news was further solidified in a the recent Drudge Report.

This is an interesting article about our favorite, Paris Hilton, whose BlackBerry and T-Mobile SideKick was hacked and e-mail and private pictures were completely exposed.

Oh, and Paris Hilton's nudes, address book, notebook, and travel, hotel, and driving information from her hacked SideKick are available on the Net: http://pad.au.com/~ms/Somebody%20got%20hizacked.htm

These are a few interesting entries:

Aguilera, Christina   1-310-917-9191

Durst, Fred   1-310-948-0808  fd@attwireless.blackberry.net 

Eminem   1-917-776-7643 

Fred   Mobile 407-402-7845   onlyartist@tmail.com

Paris  godesparis@aol.com 

Let's say there is a lot of information.

Anyone on this list, should change all of their info (home phone, cellphone, e-mail address)...and bill T-Mobile for it. Anyone else, read what she wrote about you in her notebook.

Unbelievable.

When consumers use products and services from manufacturers and service providers like T-Mobile, SideKick, and RIMM (BlackBerry), they should feel safe and believe that the vendors have done their part to secure their personal information.

The real news should be that T-Mobile, SideKick, and RIMM should be sanctioned and their customers should leave them for not protecting their data.

Unfortunately, the Net is very much like the Wild West and the Net will remain this way. 

You cannot trust someone else for your security.

People don't save your private stuff where an ISP/Telco/Cell provider has access to it or can store it on their own systems...it's a public network, think encryption, locally saving instead of up at their server, not saving your personal information on a mobile device, ask how secure your device is, don't share anything that cannot be intercepted...

Protect yourself at all times.

I'm posting this for posterity...there are nudes of this...

When I see news like this or this, I get seriously sick.

We need to add and enforce the same mandatory reporting laws for every state, not just California.

In a nutshell, California Senate Bill 1386 protects California residents when a breach has occurred to their protected information (e.g. Social Security Numbers, personal identification, etc.) and requires all companies that deal with California residents to report the breach. For example, if Company A is based out of Virginia and they experience a breach that affects a California resident, they must notify that California resident of the breach.

In this recent story, Atlanta-based ChoicePoint maintains and sells background files on virtually every adult American, culled from millions of public and private records. The Atlanta-based company says it has 10 billion records on individuals and businesses, and sells data to 40 percent of the nation's top 1,000 companies. It also has contracts with 35 government agencies, including several law enforcement agencies. "Even though you might not have heard of ChoicePoint, they've heard of you."

Last week, the firm sent about 35,000 letters to California residents telling them their personal data may have been stolen by criminals who set up fake companies and downloaded information from ChoicePoint. 

California is the only state that by law requires disclosure of such data leaks, and ChoicePoint initially suggested the theft of information might be limited to that state, but upon pressure from other states such as New York State, they have admitted the breach was far more reaching and may have affected over 145,000 Americans.

California consumers who have already received the letter from ChoicePoint expressed frustration; many had never heard of the firm before receiving the alarming letter.

It is anticipated that incidents such as this could cause other states, and even the Federal government, to enact similar laws. As the number of these incidents increase, people should ask themselves (and federal regulators), "Why am I less important than someone in California?”

Robotus has repurposed their would-be Mars bot into a potential high tech guard dog.

The device, developed at the University of Uppsala, acts as a high-tech security guard capable of detecting an intruder thanks to either radar or infra-red sensors. Once alerted, it can summon help, sound an alarm or pursue the intruders, taking pictures.

Now add some weapons to it and my in-laws will never visit.

OK, if anyone can get this thing working by having it say your Wifi network is secure...you get the prize (an all expense paid trip to...nowhere).

McAfee has a web-based WiFiScan that analyzes your wireless network for potential security problems and can also be used to scan Hotspots to identify possible threats on the Hotspot network and suggest actions you can take to help minimize your risk. 

This does not work on Firefox and requires installation of an ActiveX applet on Internet Explorer.

Try this out...

I wrote the guide to assist friends when they had a bad infection and I
wrote it as a "throw the whole kitchen including the sink approach" to
correcting any generic malware or spyware infection. So, there are less
invasive ways to clean up your machine that is specific to whatever you're
infected with.

Remember with an infection, you've already let the burglar into the house
and re-enabling your home security system afterwards--you need to disinfect
whatever is a foothold in your system. Hopefully, this guide will get you back up and computing again without having to reinstall your whole system and praying that you have all of the backups.

1)    Download the following items...         

Microsoft Malicious Software Removal Tool    http://www.microsoft.com/security/malwareremove/default.mspx

McAfee Stinger         http://vil.nai.com/vil/stinger/         

Trend Sysclean Package         http://www.trendmicro.com/download/dcs.asp         

Latest Trend Pattern File.         http://www.trendmicro.com/download/pattern.asp         

Adaware SE (free personal version v1.05)         http://www.lavasoftusa.com/         

Spybot         http://www.safer-networking.org/                                                     

Microsoft AntiSpyware (Beta)        http://www.microsoft.com/athome/security/spyware/software/default.mspx  

Create a directory.

On drive "C:\"

(e.g., "c:\New Folder") or the desktop

(e.g., "C:\Documents and Settings\YOYO\Desktop\New Folder") 

Download Sysclean.com and place it in that directory.

Download the Trend Pattern File by obtaining the ZIP file. 

Extract the contents of the ZIP file and place the contents in the same directory assysclean.com. 

2)     Update all of the software listed above with their latest definitions.

3) Dump the contents of your IE cache

Start --> settings --> control panel --> Internet options --> delete files 

AND

Dump the contents of your Sun Java cache

Start --> settings --> control panel --> Java plug-in --> cache --> clear  

4)     If you are using WinME or WinXP, disable System Restore        http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm

5)     Reboot your PC into Safe Mode and shutdown as many applications as possible

Why Safe Mode?

In a nutshell, SafeMode loads the bare minimum in terms of services and background programs to get Windows started. This includes not loading extraneous drivers for your graphics card and other devices, as well as Spyware, malware, and all of those nasty critters that have hit your system.

SafeMode is also a valuable tool when it comes to eradicating malware- particularly worms- from your computer system. Often, even if you update your antivirus software to detect the latest threat it can't do anything to remove worms that are running in memory. Rebooting your computer won't help because the worm will generally already have loaded itself in memory before you can do anything about it. If you boot into SafeMode though the file that starts the worm will not be allowed to start and you can then run your antivirus software scan to detect and remove the malicious files.

So, how do you get to this magical SafeMode? Well, the "standard" way is to press the F8 key on your keyboard when Windows starts loading.

6)     Using all of the tools listed above, perform a Full Scan of your platform and clean/delete any infectors/parasites found.  This may take a little while.

7)     Restart your PC and perform a "final" Full Scan of your platform using all of the utilities listed above.

8)     If you are using WinME or WinXP, Re-enable System Restore and re-apply any        System Restore preferences, (e.g. HD space to use suggested 400 ~ 600MB),

9)       Reboot your PC

10)     If you are using WinME or WinXP, create a new Restore point  

11)     Good House Keeping

Run WindowsUpdate  http://windowsupdate.microsoft.com (for both the OS and Office)

Enable Windows AutomaticUpdates

12)  Additional Diagnostics 

*This is only required if the system appears to still be infected and requires more investigation.

Diagnostic Tool HiJackThis: http://www.tomcoyote.org/hjt/ 

Users Guide: http://www.iamnotageek.com/a/401-p1.php

Let me know if guide helped you.

We are in the infancy of the AntiSpyware industry. 

Similar to the early and mid-90's with AntiVirus technologies, we started at half-functional toolkits, then standalone A/V, and then centrally managed, Enterprise-ready A/V solutions. 

This will be the same for AntiSpyware (A/S). 

The approach I have taken is use a cocktail of several of the leading A/S solutions (2-3) and in a year or two, will settle on one, Enterprise-class, centrally managed A/S Solution that can be centrally updated and that has standalone update capabilties.  For the Enterprise, it is critical to be able to manage malware protection, but to also provide the end-user the ability to update their own system.  I believe the end-user should be given the right to participate in ensuring their own security.

Check this out:http://spywarewarrior.com/asw-test-guide.htm and you'll see why Microsoft acquired Giant.

The Sunbelt issue (fighting with MS/Giant on IP rights to the Giant software) would make me stay away from Sunbelt (MS will eat them up or beat them up). There are 2 excellent freeware A/S solutions that can be used freely by home users--Ad-Aware Personal & Spybot--and 1 freeware solution available for Enterprises--Spybot.

I suggest in the meanwhile as the A/S vendors mature, use what's available and augment with several other solutions.

UPDATE: I've added a HOWTO: Clean up malware/spyware infection 101 Guide

Hackers are using search engines like Google, Yahoo, MSN, etc. to sniff out network vulnerabilities, unsecured devices, and discover sensitive information and documents.

This can be stopped with a simple technique. Simply, he recommends hardening any device placed on the Internet, so it can't be hijacked or attacked. "Treat all Internet-facing devices, even apparently obscure ones such as cameras, as relevant to security." This advice is freakin' brilliant...NOT.

Come on folks, it's 2005.

If it's jacked in to the Net, SECURE it. Geez.

• System hardening
• Patching
• AntiVirus Updates
• AntiSpyware Updates
• Firewalls and Intrusion Prevention Systems

Hello?

Hack a major cellular provider for over a year.

Steal private photos and intercept e-mail of celebrities and Federal agents.

Post about it on USENET forums.

Post resume on major security portal - http://www.securityfocus.com/archive/77/216516

WAIT for the knock on the door....

I don't know what's more unbelievable--the stupidity of this guy or the Feds offering him a job.

Original News:

"A computer hacker had access to servers at wireless giant T-Mobile for at least a year, which he used to monitor U.S. Secret Service e-mail, obtain customers' passwords and Social Security numbers, and download candid photos taken by Sidekick users, including Hollywood celebrities."

http://www.securityfocus.com/news/10271

So why was sensitive Secret Service information being sent over unprotected email on T-Mobile's network?

Why didn't T-Mobile report the breach in compliance to California SB1386?

I'm going to play swammy here...Date Sometime in 2005...

"According to sources, RIMM has been hacked for over a year.  Every e-mail address used by every US Senator and every member of the House of Representative has been intercepted for the past year..."

Don't think I'm kidding, Google it. The entire Congress and HR relies on BlackBerries and this data goes through the RIMM network, just like T-Mobile and the SideKick.

Excellent.

With all of the problems that have been reported heavily in the news, Phishing will remain a problem with no easy answers.

At the heart of Phishing lies deceit by an untrustworthy person and a clueless victim believing in and falling for the scam...this problem has been with mankind since our inception.

The answer for now is DO NOT CLICK ON ANY LINKS IN YOUR E-MAILS and to DIRECTLY GO TO THE WEBSITE listed in the questionable e-mail that was sent to you.

Don't be fooled into clicking on a link and giving up your personal credentials.