Shaun Stanislaus’s Tech blog

Just another WordPress.com weblog

Business Software Alliance Has a Sense of Humor

For those who don’t know, the Business Software Alliance (BSA) is the RIAA-equivalent of software, representing such copyright holders as Microsoft, Adobe and Symantec. They recently released a very bizarre video, according to ZeroPaid, called “To Catch a Pirate”. I found it really odd, so I figured I would share it here. Check it out

As for HiTechVNN, apparently that site has shut down… these leech sites are up one day and down the next, so it is difficult to find a good one that lasts. When I find one I will be sure to post it for you guys.

Advertisements

September 19, 2009 Posted by | Games, Hack, hacker, Industry Best Practice, IT News, Life skills, Security, social engineering, Technology | , , , | Leave a comment

FBI accuses Twitter user of massacre threats

An Oklahoma City man who allegedly threatened on Twitter to turn a tax protest into a massacre has been arrested on suspicion of making interstate threats in what is believed to be the first federal prosecution based on posts made to the micro-blogging site.

The FBI arrested Daniel Knight Hayden, 52, after agents identified him as Twitter user CitizenQuasar. Using the micro-blogging site, Hayden allegedly threatened to start a “war” against the government at the Oklahoma City Capitol where a “Tea Party” tax protest was planned.

“START THE KILLING NOW! I am willing to be the FIRST DEATH!,” read a message posted at 8:01 p.m. on April 11, which was followed by, “After I am killed on the Capitol Steps, like a REAL man, the rest of you will REMEMBER ME!!!” Another post said: “I really don’ give a (expletive) anymore. Send the cops around. I will cut their heads off the heads and throw the(m) on the State Capitol steps.”

Hayden directed many of his tweets toward another Oklahoma City man he erroneously thought was an organizer of the protest. Wired tracked down Earl Shaffer, a 68-year-old retiree who Hayden allegedly tweeted about, including posts with his phone number.

“He seemed to know stuff about me, but I don’t know how or why,” Shaffer told Wired. “He called me a few days before that tea party and let me know somehow he got my name as one of the organizers. I don’t have the energy.”

Shaffer told ZDNet Asia’s sister site CNET News.com that he has never met Hayden and is unnerved by the situation.

“I have no idea who this guy is,” Shaffer said. “It is very much a concern that he mentions my being killed.”

One of the last messages posted to the site on April 15 says CitizenQuasar is “Locked AND loaded for the Oklahoma State Capitol. Let’s see what happens.”

Hayden was arraigned on April 16 and released to an Oklahoma City halfway house, according to various media reports.

The U.S. intelligence community has expressed concern that terrorists might use Twitter to coordinate attacks. A draft Army intelligence report prepared by the 304th Military Intelligence Battalion and posted to the Federation of American Scientists Web site examined the possible ways terrorists could use mobile and Web technologies such as the Global Positioning System, digital maps, and Twitter mashups to plan and execute terrorist attacks.

This article was first published as a blog post on CNET News.

April 28, 2009 Posted by | IT News, Security | , , , , , , , , , , , , | Leave a comment

Social Network maybe Compromised with Namechk.com around

A new Web 2.0 name “NameChk”  can be a tool for hackers. What this does is it search for every social network for the particular USERNAME that you’re looking for and in real life people do not create a unique password for every social network account.

Most would stick with one password for all Social Network accounts.

Here is a detailed video which i explain of what it does

April 25, 2009 Posted by | IT News, Security, social engineering, Technology | , , , , , , | Leave a comment

Many still vulnerable to Conficker

Sophos has sent an alert saying many users still have yet to patch their PCs against the exploit that makes them vulnerable to the Conficker worm.

Sophos’ senior technology consultant Graham Cluley, said in a blog post Thursday, the antivirus company found 11 percent of users who had taken an endpoint assessment test at its Web site did not have the Microsoft OS08-067 patch installed.

The patch, available since October last year, fixes a vulnerability which allows the Conficker worm to infect PCs.

The Conficker saga has been broiling for the last month or so, where it received a swarm of media attention leading up to Apr. 1–when it was expected to detonate. Its real effects were seen about a week later, when it started dropping a mystery payload on infected computers.

Microsoft has also put up a US$250,000 reward for information leading to the arrest and conviction of the criminals behind the worm.

Cluley said in his blog post the 11 percent of infected PCs is “pretty depressing news”, given the press coverage the worm has received.

“It appears that the percentage of computers not patched against the exploit is holding steady,” he added.

The goal of Conficker’s creators remains unclear. While researchers have said the worm’s payload dumping activity indicates a profit motive, such as stealing passwords or spam-generation, Conficker has yet to fully reveal its intended function.

There are a number of tests and checks online, including an eye chart from the endpoint assessment test for the Microsoft patch.

Sophos is offering a tool to remove the Conficker worm from infected PCs, as well.

April 17, 2009 Posted by | IT News, Security | , , , , , , , , , , , , | Leave a comment

Twitter spoofing: The next logical exploit

First it was spoofing e-mail, then IM, and now spoofing Twitter is the new means of exploit. How attractive really is the ROI for attackers?

I just completed an article titled “URL shortening: Yet another security risk“, in which I discussed URL shortening and how phishers/attackers subverted it to drive unsuspecting users to malicious Web sites.

After reading the many comments, I was happy to note that in general users are getting savvier about misdirection exploits.

This appears to apply to Twitter as well, even though messages or tweets, with shortened links make it more vulnerable.

Fortunately, Twitter has an additional advantage in that we the users get to pick who can send us tweets. This capability significantly reduces the risk simply because you know who’s sending you the message.

Well, maybe not
I’ve just finished reading an article by Washington Post’s Brian Krebs titled “Twitter security hole left accounts open to hijack“. It seems that it’s not that difficult to spoof Twitter messages.

Krebs quoted Lance James a security researcher and author of “Phishing exposed“:

“Anyone could authenticate and hijack a Twitter account by using SMS spoofing services, such as my-cool-sms.com, or phonytext.com. These Web sites allow users to mask what phone number they are texting from by letting the user input whatever phone number they want to appear in the from field.”

Oh great, this totally negates the one advantage that Twitter had over IM and e-mail. It’s not hard to see that phishers/attackers would want to leverage SMS spoofing along with URL shortening to redirect victims to malicious Web sites.

Help from the cellular network operators
One good thing that Krebs alluded to was the fact that SMS spoofing may only work if the attacker is located outside of the United States:

“Twitter co-founder Biz Stone wrote in an e-mail.[Mobile] carriers in the U.S. have their own systems for blocking SMS spoofing. Indeed, most U.S.-based mobile carriers have put in place measures to block SMS spoofing on their networks. But this is generally not the case for international mobile networks.”

It appears that United States is one of the few countries forcing cellular carriers to clamp down on SMS spoofing. That’s great, but spoofing Twitter messages is still possible just about everywhere else. I’ll give you two guesses where most phishing and malware exploits originate, and the first one doesn’t count.

Proof of concept
H Security (a German security company) verified that SMS spoofing works in an article titled “Twitter spoofing fix fails in UK and Germany“. The article provides the following details of the process:

“In the UK, we had a mobile phone associated with a Twitter account. By taking only the number of the mobile phone and setting it as the sender field on PhonyText then sending an SMS to +447624801423, the UK number for sending SMS tweets, we were able to see our message appear in the tweets on the honline page.”

The article goes on to explain what this potentially means:

We then promptly removed the association between the phone and the Twitter account. An attacker could have created a message directing followers to malware sites, to other risky locations on the web, or posted tweets designed to ruin the reputation of the account owner.”

What this means
First, the ability to spoof a Twitter message enhances all the normal misdirection schemes that are already in play. The fact that shortened URLs are common place in Twitter messages makes it even easier to pull the scheme off.

The damages from the SMS spoofing and URL shortening exploit can be as simple as malware being loaded on victims’ computers to as complex as stealing sensitive financial information from the victims. Also a cruel joke could be played on Twitter accounts that don’t have unlimited texting. It would be easy to run up some monster phone bills as noted in the Twitter support section:

“Twitter charges you nothing, but how much it costs to use Twitter with text messaging depends on your text messaging plan. Standard text messaging rates (such as international text messaging fees) do apply. Consult your service provider to ensure that your text plan covers your Twitter usage.If you’re using our international number, give your provider the Twitter phone number you’ll be using to see if you’ll incur extra charges. If you’re using Twitter from outside of the US, please consult your carrier, as every provider has a different policy.”

Final thoughts
Following spoofing’s logical progression was easy for the phishers and malware creators of the world. Yet, from the comments I’ve read, it seems like it’s getting harder for them to find chinks in the armor. That’s good and should be heartening to all of the people who are trying to keep the Internet the amazing place it is.

Still, there needs to be awareness and vigilance as long as the possibility of a ROI is perceived by the dark side.

April 15, 2009 Posted by | hacker, IT News, Security | , , , , , , , , , , , , , | Leave a comment

New Conficker worm Alert

A GOVERNMENT information security watchdog has issued a warning to take precautions against a fast-mutating malicious computer program poised to strike on Wednesday. In a bulletin sent out on Monday, the Singapore Computer Emergency Response Team (SingCert) warned that the latest variant of the Conficker worm, known as Conficker.C, may ‘become active on April 1’. SingCert, a unit of technology sector regulator Infocomm Development Authority of Singapore, identifies information security threats and coordinates computer security responses to events like hacking attacks. Conficker targets computers running Microsoft Windows software, automatically jumping from an infected computer to another over a local network or by hitching a ride on a portable storage devices like USB-drives. Only computers that have not been updated with new security signatures are vulnerable. The worm is one of the more sophisticated such programs developed to date. Unlike earlier versions like 2004’s Sasser worm, which was easily found and subsequently de-wormed by a vigilant user, Conficker’s creator, who remains at large despite a US$250,000 (about S$380,000) bounty put up by Microsoft, regularly comes up with new and improved versions of the worm to foil such efforts. The newest variant, Conficker.C, the fourth incarnation of the worm since it was first discovered last year, disables security features like Microsoft Windows Automatic Update. One of Conficker’s key features is its ability to call up a ‘master computer’ via the Internet for directions, which is also present in its newest variant in a new and improved form. On Wednesday, Conficker.C infected computers will do just this, SingCert warned on Monday, although ‘the exact nature of the activity that will occur on that day is not known at this time.’ Since it was released last year, Conficker has claimed more than ten million victims worldwide, including computers used by the British Parliament. While definitive statistics of Conficker infections here are not available, at least 269 companies have been infected as at January, according to security company F-Secure. Visit SingCert’s website at http://www.singcert.org.sg for instructions on how to check if your computer is infected, and how to remove the worm.

March 31, 2009 Posted by | IT News, Security | Leave a comment

UK Jail Time For NASA Hacker?

20 British MPs have tabled a motion calling for NASA hacker Gary McKinnon to serve any jail time in the UK, not the US.

Hacker Gary McKinnon is facing extradition from the UK to the US for breaking into a number of US military networks – NASA, the US Army, Navy, Air Force, and Department of Defense.

He’s exhausted a number of appeals, including the European Court of Human Rights, and is currently awaiting a decision by the Home Secretary on when the extradition process will begin. If he’s convicted in the US, he potentially faces decades in jail and millions of dollars in fines, the BBC reports.

However, there might be a ray of hope: 20 British MPs have signed an Early Day Motion calling for McKinnon to serve any sentence imposed in a British jail. It’s not without precedent, as both Holland and Israel routinely request that nationals with medical or mental problems are repatriated to serve their sentences. McKinnon has been diagnosed with Asperger’s Syndrome.

The Home Secretary has been urged not to allow extradition to begin until she has received an assurance that McKinnon will be allowed to serve his sentence in Britain.

November 6, 2008 Posted by | Hack, hacker, IT News, Security | , , , , , | Leave a comment

How to view USA Content video or view as if you are in USA?

Ever came across such content like the pictures below that are not available in your country?

Crunchyroll

crunchyroll

Hulu.com

huludotcom

well now you can view them with this new program named Hotspot Shield by Anchor Free.

Hotspot Shield

Be secure and anonymous while being connected to the Net – because you never know who’s watching you!

  • Hide your IP while you’re on-line
  • Access all content without censorship; bypass firewalls
  • Protect yourself from snoopers at Wi-Fi hotspots, hotels, airports, corporate offices and ISP hubs.

hss-logoAfter installing it, you can simply view content that requires you to be in that country like the above pictures example.

For GAMERS

WARCRAFT III and all other GAMES

If you are in singapore, and wishes to join USA GAMES IN WARCRAFT III DOTA (defense of the ancient)

afraid of being check by host’s banlist and appear as Nickname(SG) ? well now you don’t have to be afraid when Hotspot Shield will show your ip address as Nickname(US)/Nickname(CA) depending on what IP address does Hotspot Shield lease to you.

Download Hotspot Shield

November 6, 2008 Posted by | Anime, Games, Movie, Security, Technology, Video, VPN | , , , , , | Leave a comment

VoIP hacking software released

A new proof-of-concept software that can eavesdrop on VoIP-based phone calls has been released by UK-based VoIP expert, Peter Cox.

Called SIPtap, Cox was inspired to write the software after a chat with PGP-encryption guru Phil Zimmermann, who also created the Zfone. The Zfone is a new secure VoIP phone software product that lets you make encrypted phone calls over the Internet.

Excerpt from The Inquirer:

… the software snuffles around several VoIP call streams, earwigs in on them and records them as .wav files for later distribution. All it takes is one Trojan installed in the company’s network and it is good night Vienna for your VoIP network.

Not only that, Cox claims that this hack will work at the ISP level too.

This reminds me of the days of network hubs, when e-mails were easily intercepted. At the moment, the only way around SIPtap is to make sure that your VoIP traffic is properly encrypted.

Additional reading:

August 2, 2008 Posted by | Hack, Security, VoIP | | Leave a comment