News on the latest privacy capabilities have been going around a lot lately. I posted a vid of an overview, as well as a 10 things you need to know article(i think). There has been a lot of talk, and I actually like the new capabilities. I made good use of the previous settings, mostly for pictures.
One thing that came up in all this hoopla, is that Facebook’s default setting or recommended setting is to share with everyone. This will then imply that it is internet accessible. If you dont want that but havent changed the setting, then Facebook will remove it from their servers or you can delete your account. Is your information really gone though?
Some people are even flaming FB for the sharing with everyone or the fact that once it is internet accessible and indexed or spidered or archived by search engines, there is no way it is taken off the internet. This is common knowledge though. Everything you type into your browser should be considered exposed. We can take exception to banking or legitimate -commerce, because they are held accountable by law to protect your information. However Facebook or your blog or google archiving your FB wall or blog or FB possible passing your info via apps or you passing your info via malware spread through FB mail should be considered exposed and out there for everyone to see.
Even with privacy settings hardened I would not post private information on FB. Who are they anyway? Just a company trying to make money, be popular and be successful. Do I know them, to actually store my private information on their servers. If I even store private information on my own computer, that I physically have, I make sure I encrypt it. So why am i going to post private information on FB or blogspot or anywhere else? I am not.
Posted in Security
|
Tagged facebook, privacy
|
http://ezinearticles.com/?The-Case-of-the-Teacher-and-the-Teen-Tricksterand160;&id=3208559
A teacher gets spied on via her computer complains, takes her PC to forensics, who finds trojan.
Posted in News
|
Tagged computer, forensics
|
Hello. BSOD + restart is what happens.
See Laurent’s blog post:
http://g-laurent.blogspot.com/2009/09/windows-vista7-smb20-negotiate-protocol.html
So I had a windows 2008 server, ran the PoC posted by Laurent and BSOD ocurred then a reboot.
ISS Proventia Server Sensor has a signature as well as other HIPS technologies to prevent this. That is for further testing.
Nessus has an uncredentialed plugin to detect this vulnerability as well:
http://www.nessus.org/plugins/index.php?view=single&id=40887
See the MS site for workarounds.
Hopefully they come up with a patch soon.
http://www.microsoft.com/technet/security/advisory/975497.mspx
Posted in Hacks
|
Tagged expoit, smb2
|
So today Microsoft came out with 2 patches for a critical and important vulnerabilities. Its a good idea to subscribe to the Patch Management mail list:
http://www.patchmanagement.org/
Doing some work today made me refer to the command line kung fu website. I needed a linux command to sort largest files so I could free up some space:
http://blog.commandlinekungfu.com/2009/02/episode-4-listing-files-and-their-sizes.html
Blackhat / Defcon going on this week. Ill try to keep in tune and provide anything that comes up.
This was an interesting post by McGrew Security:
http://www.mcgrewsecurity.com/2009/06/23/core-security-you-just-might-not-be-cool-enough-for-their-party/
I have checked out their product and it is pretty good. It is always interesting to get this type of information from the community.
Im late on this but this was an interesting speach on Cybersecurity.
It is good to see words like hacker, vulnerability and conficker come out of the President of the United States as the site integrates with youtube to bring this video online:
http://www.whitehouse.gov/video/President-Obama-on-Cybersecurity/
http://www.l0phtcrack.com/
They are back with L0phtcrack 6. I downloaded this and tested it out on my system, cracked a test account I created. I am very interested in using this with Unix passwords and a certain password dictionary that happens to be 99mb in size. 
Posted in News
|
Tagged password cracking
|
