Latest Top Virus Warnings
'Hackfest' Highlights Cyber Security Boot Camp By Lois Walsh
96th Air Base Wing Public Affairs
August 23, 2004
ROME, N.Y. - Top students from military pre-commissioning programs and college institutions declared cyber war on each other here during a two-day "hackfest" aimed at developing America's new cyber security leaders.
Air Force
http://www.military.com/Community/Home/0,14700,AIRFRC,00.html Research Laboratory Information Directorate and Symantec Corp. experts combined resources to challenge 28 students of the Advanced Course in Engineering summer Cyber Security Boot Camp during the national cyber security exercise referred to as "hackfest."
A cyber security summer education program Syracuse University experts present at the Rome Research Site, the 10-week ACE program focuses on developing top students in Air Force, Army and Navy pre-commissioning training programs, in addition to the best among civilian college students, into the next generation of cyber security leaders. Dr. Kamal Jabbour of Syracuse University directed this year's boot camp.
"The 'hackfest' consisted of two fictitious corporate computer networks that were set up and interconnected over an isolated connection to the Internet," said Philip Scheiderich, a Symantec engineer assigned to the information directorate. "This was carried out with a background network traffic generator which added a significant level of realism to the fictitious corporate scenarios."
He said students were broken into two "company" groups, with each team having two subgroups -- red teams for attacking and blue teams for defending their respective networks. White teams, consisting of AFRL engineers and Symantec experts, observed, set up, answered questions and managed the exercise.
During the exercise's first day, red team members attempted various computer exploits against the opposite company blue team, under guidance from AFRL and Symantec experts. Blue teams observed and tracked those exploits, using various security management tools under guidance from other AFRL and Symantec security professionals. Teams reversed roles on the second day to give all students exposure to both offensive and defensive operations in a network security environment.
"The primary benefit of this exercise was that students were exposed to many of today's front line network security tools used in commercial and Department of Defense enterprises," Mr. Scheiderich said. "In addition, they were given the opportunity to test known exploits and exercise computer attacks under the guidance of trained security professionals and researchers. Students had the opportunity for hands-on experience, as well as the benefit of the many years of operational experience that the professionals brought to the table."
ACE was created through a public-private partnership including the information directorate, Syracuse University, the CASE Center of the New York State Office of Science Technology and Academic Research, the Griffiss Institute on Information Assurance and several corporations. The boot camp is a four-credit course offered through Syracuse University's L.C. Smith College of Engineering and Computer Science.
In its second year at the AFRL Rome Research Site, the ACE program has attracted students from 25 colleges in 17 states. In addition to ROTC, the students include fellowship recipients from the National Science Foundation Scholarship for Service Cyber Corps program, cadets from the Air Force Junior ROTC, and civilian scientists and engineers committed to careers in cyber security.
The educators include faculty from Syracuse University, the U.S. Military Academy at West Point and the State University of New York Institute of Technology, in addition to experts from the Air Force Research Laboratory and industry.
Guess what It's Toastboy's birthday and a Laborday extravaganza and it could be a huge shock to see who the guess list has on it.
Tweak Windows XP SP2 Security to Your Advantage Fine-tune the settings in Microsoft's recently released Windows XP Service Pack 2.
Scott Dunn
From the October 2004 issue of PC World magazine
Posted Friday, August 27, 2004
Windows XP is a safe and secure operating system. Really, it is--as long as you don't connect it to the Internet. To be fair, other operating systems, including Linux and Mac OS X, are vulnerable to online attacks, too. But Windows gets more attention, and hackers were quick to discover serious flaws in the OS that made possible the Blaster and Sasser worms, along with a legion of other exploits.
Trying to make Windows more secure, Microsoft released Windows XP Service Pack 1 in 2003, and Service Pack 2 recently. Whereas SP1 focused on remedying antitrust violations with bundled Windows utilities, almost all of SP2 is devoted to beefing up Internet security. SP2 doesn't thoroughly shield you from attacks, but it's definitely worth installing for its firewall improvements, Internet Explorer pop-up blocking, and security-configuration changes. Once you've installed it, you'll probably want to tweak some of SP2's new settings, and to know where--tweaked or not--the reinforced OS remains vulnerable.
SP2's most noticeable change to Windows XP is its introduction of a new Security Center Control Panel applet (see FIGURE 1). Security Center itself doesn't do much, but it provides a single location where you can view the status of the Windows Firewall (formerly known as Internet Connection Firewall) and of Windows' Automatic Updates service. The utility also tracks if you have an antivirus program installed, running, and updated.
If any of these three key security tools has been disabled or is less than fully functional, Security Center changes their corresponding status lights from green to either red or amber. The program also displays a warning icon in the system tray. A red light means that you should probably take steps to beef up security in the indicated area. An amber light signifies a service that is only partly enabled, or that a third-party product handles.
But even if all your dashboard security lights are green, you aren't necessarily safe. Conversely, certain red or amber conditions--triggered when Windows doesn't recognize your third-party firewall or antivirus program, for example--may be acceptable to you. So how do you disable that pesky tray icon?
Start by opening the Security Center: Choose Start, Control Panel and click Security Center. Many people will see a bank of green lights, thanks to SP2's more secure default settings. The firewall is now enabled by default for all Internet connections, which is a good thing if you don't have a third-party firewall program. The Automatic Updates feature downloads and installs often-crucial security updates from Microsoft while you're online. Unless you went out of your way to disable it during installation of Service Pack 2, this option will be fully enabled as well. And if you've installed an antivirus program that Microsoft recognizes, you'll get a green light in the virus-protection area.
Tweak the Firewall
Windows firewall, which is enabled by default, blocks incoming worms, like Blaster, that try to enter your PC through a network connection; but it can't stop malicious apps that are already on your PC from making outgoing connections. You get no protection from viruses, worms, Trojan horses, and spyware that sneak onto your computer via your Web browser, e-mail, or instant messaging program. I recommend using a bidirectional third-party firewall such as Zone Labs' free ZoneAlarm (see "Security Must-Haves" for download details). For PC World's most recent review of firewalls, see June's "Bigger Threats, Better Defense."
Once you've installed a bidirectional firewall, I recommend disabling the Windows Firewall altogether. Occasionally, firewalls obstruct an application you're trying to use over a network connection--and there's nothing more frustrating than spending a half hour tweaking, disabling, and even uninstalling a firewall, only to discover that the other firewall was the culprit. To disable the Windows Firewall in the Security Center, click the Windows Firewall link at the bottom of the dialog box, check Off (not recommended) in the next window, and click OK.
Alas, Windows may not recognize the third-party firewall installed on your PC. (It didn't see my copy of Sygate Personal Firewall, for example.) In such cases, Windows displays the security-warning icon in the system tray. That's no big deal, except that when other security lapses crop up they probably won't come to your attention. To disable the firewall security warning in the Security Center, click Recommendations in the Firewall pane, check I have a firewall solution that I'll monitor myself, and click OK (see FIGURE 2). Windows will then switch your firewall status to amber, and stop pestering you with firewall warnings in the system tray.
If Windows fails to recognize your antivirus program, you can easily disable Security Center false alarms: Click Recommendations in the Antivirus Protection pane, check I have an antivirus program that I'll monitor myself, and click OK.
Automatic Updates
In general, it's unwise to let your computer automatically connect to the Internet, and then download and install software on its own. After all, that's how viruses, worms, Trojan horses, and spyware do their dirty work. But the tremendous threat posed by Internet attacks has changed the rules. Because viruses and worms often take advantage of flaws in Windows or its Internet Explorer Web browser, you need to install patches as soon as Microsoft makes them available (the same is true of your antivirus program's signature database files).
For most PC users, enabling Automatic Updates is the way to go. Nevertheless, situations may arise in which the default settings aren't optimal. For example, by default the service downloads and installs updates at 3 a.m., without inquiring into the user's preferences. But if your computer is always asleep or disconnected from the Internet at 3 a.m., you might never get any updates under the default arrangement. And if, like me, you regard Microsoft with less than complete trust, you might want to inspect the updates that are available for downloading before agreeing to install them on your PC.
To change Automatic Updates' settings, click the System link at the bottom of the Security Center window (or choose Start, Control Panel, and click or double-click the System icon). Select the Automatic Updates tab. To choose a time when you know your PC will be awake and available to download and install updates, select Automatic (recommended), and pick a time from the drop-down list (see FIGURE 3). To instruct Windows to download but not automatically install updates until you can inspect them, select Download updates for me, but let me choose when to install them.
Finally, if you frequently rely on dial-up or wireless links that aren't suitable for Automatic Updates' sometimes-massive downloads, choose the option labeled Notify me but don't automatically download or install them. This setting gives you the greatest control over updates, enabling you to veto downloading or installing any update. On the other hand, it also increases your risk of getting hit by an exploit that Microsoft has already issued a fix for, so use it with caution. (I can't think of a single good reason to turn off Automatic Updates altogether.) Click OK to save your settings.
Pop-Ups Begone
The ability to block pop-up browser windows, besides being convenient, can protect you from browser hijacking (where an unscrupulous Web site installs itself as your home page or runs ActiveX programs). Some other browsers, including Mozilla, Netscape, and Opera, have had pop-up blockers for a while. SP2 adds this long-needed feature to IE and activates it by default. (On a related note, SP2 also disables Windows' Messenger service, which formerly allowed spammers and other miscreants to pop up message windows on your Internet-connected PC.)
Though Internet Explorer's newfound pop-up blocking prowess is generally a positive thing, it can cause problems when you visit Web sites that use subsidiary, pop-up style windows for logging in, completing surveys, displaying videos, or performing other special tasks. If you discover that your favorite site doesn't work as expected after you've installed SP2, don't get too upset.
First, to test whether IE's pop-up blocker is responsible, disable it by choosing Tools, Pop-up Blocker, Turn off Pop-up Blocker. If that tactic solves the problem, you can instruct IE not to block pop-ups from that one site. To do so, first copy the site's address in IE's Address field (click the address to select it, and then press Ctrl-C). Choose Tools, Pop-up Blocker, Pop-up Blocker Settings, press Ctrl-V to paste the address into the 'Address of Web site to allow' field, and click Add (see FIGURE 4). Alternatively, you can type addresses directly into the field, if you prefer.
SP2 introduces a related security feature in the Outlook Express e-mail program. To block the tiny invisible images called Web bugs that sites use to identify you online, Outlook Express by default now blocks downloads of any external images referenced in HTML messages. If you receive one of those slick-looking e-mail newsletters, it may not look so slick after you've installed SP2.
IBM recalls 553,000 laptop power unitssource: Reuters
The adapters can overheat, cause damage to the circuit board and melt through the case.
IBM said Thursday it will recall about 553,000 AC power adapters worldwide for several models of its laptop computers because of potential fire and electrical shock hazards.
The 56-watt adapters can overheat, cause damage to the circuit board and melt through the case, the company and the U.S.
Consumer Product Safety Commission said.
The agency said it received six reports of incidents and some property damage but no injuries. About 225,000 of the adapters are being recalled in the United States.
The power adapters were shipped mostly with IBM ThinkPad i Series, ThinkPad 390 and 240 Series and a limited number of ThinkPad s Series laptop computers and have the part number 02K6549, the agency said.
The computers were sold between January 1999 and August 2000, and the adapters were also available as an accessory for $55. They were manufactured by Delta Electronics Inc. of Taipei, Taiwan.
The CPSC urged owners to immediately unplug the adapters and contact IBM for a free replacement at 1-800-410-5629 or via the Internet at Adapterprogram.com.
Feds try again for wiretapping convictionsource: CNET
Justice Department asks appeals court to review a decision clearing an e-mail provider of snooping--and civil liberties groups are backing it up.
The U.S. Department of Justice has asked a full appeals court to review a controversial ruling saying an e-mail provider did not violate federal wiretapping laws by allegedly reading messages meant for customers.
In an unusual twist, civil liberties groups are joining the government's request to the full 1st Circuit Court of Appeals to revisit a three-judge panel's decision in June that cleared Bradford Councilman, formerly vice president of online bookseller Interloc, of federal wiretapping charges.
Both legal briefs say that the 2-1 ruling sets an unfortunate precedent that effectively creates an unintentional loophole in Internet wiretapping laws--at least in the New England states that make up the 1st Circuit.
"Internet service providers would be free to access the private e-mail of their customers without criminal liability (and) criminals and corporate spies could monitor private e-mail without violating the Wiretap Act," warns the government's brief, filed last Friday. "Under the rule adopted by the panel, (digital) phone calls could be captured without violating the Wiretap Act."
The brief filed by the civil liberties groups on Thursday also sounds a solemn warning: "The panel's approach guts (privacy) protections. It would allow federal, state or local law enforcement agents to install monitoring devices that impose the functional equivalent of a wiretap without needing to satisfy the Wiretap Act."
The Center for Democracy and Technology, the Electronic Frontier Foundation, the Electronic Privacy Information Center, and the American Library Association joined the amicus brief.
In this case, Councilman provided his customers, typically dealers of rare or used books, with e-mail addresses ending in "@interloc.com." Councilman allegedly ordered the creation of a simple computer program that surreptitiously saved copies of inbound messages from Amazon.com sent to those specialty book dealers.
The panel's majority concluded that because the interception happened when the messages were stored on a hard drive--even temporarily--rather than in transit, Councilman did not violate the Wiretap Act. Depending on the number of messages being processed at one time, a mail server may take anywhere from a fraction of a second to more than an hour to deliver e-mail.
Though federal wiretap prohibitions may arguably be "out of step with the technological realities of computer crimes," the court said, making any changes to such prohibitions was up to Congress. One such bill already has been introduced.
tommEE's Fry's Pick of the day. These are cheap Memory Prices.
I forgot to share this with people. Yes in the Atlanta Airport, there is a Hooters Airline. Where have I been living?
Some Labor Day Deals at Fry's
Amsterdam Start-Up to Offer WiFi Internet CitywideAMSTERDAM (Reuters) - Amsterdam's Web surfers could soon be liberated from their home computers and Internet cafes, with plans by a start-up firm to make their city the first European capital where laptops can hook up anywhere to the Web.
HotSpot Amsterdam launched a wireless computer network on Monday with a supercharged version of the WiFi technology that is used to turn homes, airports, hotels and cafes into Web-connected "hot spots."
The first seven base stations are up and running, connecting historic areas that date back to the 13th century, while the entire city center will be covered by 40 to 60 antennas within three months, HotSpot Amsterdam founder Carl Harper said.
That network would be able to support several thousand users, he said.
"We'll go on to cover all of Amsterdam with 125 base stations. The idea is to prove to the big boys that it can be done, and that consumers can live with a mobile phone and mobile Internet. The landline is dead," he said. Many computer makers build WiFi chips and access cards into their products as a standard feature.
Mobile phone makers like Nokia have also started to add WiFi to some of their handset models, allowing much faster Internet access than would be possible with the standard GPRS and UMTS connections offered by mobile phone operators. HotSpot Amsterdam charges 4.95 euros ($5.98) a day or 14.95 euros a month for a connection of 256 kilobits per second, equivalent in price and speed to a low-end home broadband connection, while 24.95 euros a month will buy a connection twice that fast.
That undercuts fees charged by bigger suppliers such as Dutch telecommunications carrier KPN , which sells one hour of WiFi access for 5 euros and one month for 30 euros. And the dozen or so hotspots offered by KPN in Amsterdam have a range of just a few hundred meters each.
SUPERCHARGED HOT SPOTS
Although WiFi hot spots have traditionally covered only a small area -- a home, cafe, hotel room or reception area -- technology companies are developing a more powerful version that works with fewer base stations and covers much larger areas.
In addition, radio base stations can now be linked to each other in a loop network, without separate connections to the Internet, making it much easier and cheaper to build a network.
HotSpot Amsterdam estimates it will invest around 200,000 euros for the initial network covering Amsterdam's city center and a handful of surrounding areas.
The company's founders said their service was cheap enough that residents could choose a WiFi subscription in place of a fixed-line broadband connection from a cable TV company or from a provider of digital subscriber line services, which run through normal copper phone lines.
"The users we're aiming at are expatriates, students and people who share accommodation. They need Internet access, but are not able to install fixed-line broadband, or they do not want it for the minimum period of a year," Harper said.
Other target groups include tourists and business travelers.
The Finnish town of Mantsala has an 11 square-kilometer WiFi network, available to the public and schools, while New York plans to build a city-wide WiFi network.
The Port of Amsterdam installed a WiFi network three months ago, covering its 30 square kilometers, but that network is not for public use.
Microsoft begins testing Windows Marketplacesource: Cnet
The online shopping and download center for Windows-related stuff gets a public workout.
Microsoft said on Thursday that it has begun publicly testing its Windows Marketplace, an online shopping and download center for hardware and software related to its Windows operating system.
The software maker announced plans for the service in July. It said Thursday a final version is scheduled to launch in "the next couple of months," once the company gets enough feedback from early users.
Diebold GEMS central tabulator contains a stunning security hole
Issue: Manipulation technique found in the Diebold central tabulator -- 1,000 of these systems are in place, and they count up to two million votes at a time.
By entering a 2-digit code in a hidden location, a second set of votes is created. This set of votes can be changed, so that it no longer matches the correct votes. The voting system will then read the totals from the bogus vote set. It takes only seconds to change the votes, and to date not a single location in the U.S. has implemented security measures to fully mitigate the risks.
This program is not "stupidity" or sloppiness. It was designed and tested over a series of a dozen version adjustments.
Public officials: If you are in a county that uses GEMS 1.18.18, GEMS 1.18.19, or GEMS 1.18.23, your secretary or state may not have told you about this. You're the one who'll be blamed if your election is tampered with. Find out for yourself if you have this problem: Black Box Voting will be happy to walk you through a diagnostic procedure over the phone. E-mail
Bev Harris or
Andy Stephenson to set up a time to do this.
For the media: Harris and Stephenson will be in New York City on Aug. 30, 31, Sep.1, to demonstrate this built-in election tampering technique.
Members of congress and Washington correspondents: Harris and Stephenson will be in Washington D.C. on Sept. 22 to demonstrate this problem for you.
Whether you vote absentee, on touch-screens, or on paper ballot (fill in the bubble) optical scan machines, all votes are ultimately brought to the "mother ship," the central tabulator at the county which adds them all up and creates the results report.
These systems are used in over 30 states and each counts up to two million votes at once.
The central tabulator is far more vulnerable than the touch screen terminals. Think about it: If you were going to tamper with an election, would you rather tamper with 4,500 individual voting machines, or with just one machine, the central tabulator which receives votes from all the machines? Of course, the central tabulator is the most desirable target.
Findings: The GEMS central tabulator program is incorrectly designed and highly vulnerable to fraud. Election results can be changed in a matter of seconds. Part of the program we examined appears to be designed with election tampering in mind. We have also learned that election officials maintain inadequate controls over access to the central tabulator. We need to beef up procedures to mitigate risks.
Much of this information, originally published on July 8, 2003, has since been corroborated by formal studies (RABA) and by Diebold's own internal memos written by its programmers.
Not a single location has yet implemented the security measures needed to mitigate the risk. Yet, it is not too late. We need to tackle this one, folks, roll up our sleeves, and implement corrective measures.
In Nov. 2003, Black Box Voting founder Bev Harris, and director Jim March, filed a Qui Tam lawsuit in California citing fraudulent claims by Diebold, seeking restitution for the taxpayer. Diebold claimed its voting system was secure. It is, in fact, highly vulnerable to and appears to be designed for fraud.
The California Attorney General was made aware of this problem nearly a year ago. Harris and Black Box Voting Associate Director Andy Stephenson visited the Washington Attorney General's office in Feb. 2004 to inform them of the problem. Yet, nothing has been done to inform election officials who are using the system, nor have appropriate security safeguards been implemented. In fact, Gov. Arnold Swarzenegger recently froze the funds, allocated by Secretary of State Kevin Shelley, which would have paid for increased scrutiny of the voting system in California.
On April 21, 2004, Harris appeared before the California Voting Systems Panel, and presented the smoking gun document showing that Diebold had not corrected the GEMS flaws, even though it had updated and upgraded the GEMS program.
On Aug. 8, 2004, Harris demonstrated to Howard Dean how easy it is to change votes in GEMS, on CNBC TV.
On Aug. 11, 2004, Jim March formally requested that the Calfornia Voting Systems Panel watch the demonstration of the double set of books in GEMS. They were already convened, and the time for Harris was already allotted. Though the demonstration takes only 3 minutes, the panel refused to allow it and would not look. They did, however, meet privately with Diebold afterwards, without informing the public or issuing any report of what transpired.
On Aug. 18, 2004, Harris and Stephenson, together with computer security expert Dr. Hugh Thompson, and former King County Elections Supervisor Julie Anne Kempf, met with members of the California Voting Systems Panel and the California Secretary of State's office to demonstrate the double set of books. The officials declined to allow a camera crew from 60 Minutes to film or attend.
The Secretary of State's office halted the meeting, called in the general counsel for their office, and a defense attorney from the California Attorney General's office. They refused to allow Black Box Voting to videotape its own demonstration. They prohibited any audiotape and specified that no notes of the meeting could be requested in public records requests.
The undersecretary of state, Mark Kyle, left the meeting early, and one voting panel member, John Mott Smith, appeared to sleep through the presentation.
On Aug. 23, 2004, CBC TV came to California and filmed the demonstration.
On Aug 30 and 31, Harris and Stephenson will be in New York City to demonstrate the double set of books for any public official and any TV crews who wish to see it.
On Sept. 1, another event is planned in New York City, and on Sept. 21, Harris and Stephenson intend to demonstrate the problem for members and congress and the press in Washington D.C.
Diebold has known of the problem, or should have known, because it did a cease and desist on the web site when Harris originally reported the problem in 2003. On Aug. 11, 2004, Harris also offered to show the problem to Marvin Singleton, Diebold's damage control expert, and to other Diebold execs. They refused to look.
Why don't people want to look? Suppose you are formally informed that the gas tank tends to explode on the car you are telling people to use. If you KNOW about it, but do nothing, you are liable.
LET US HOLD DIEBOLD, AND OUR PUBLIC OFFICIALS, ACCOUNTABLE.
1) Let there be no one who can say "I didn't know."
2) Let there be no election jurisdiction using GEMS that fails to implement all of the proper corrective procedures, this fall, to mitigate risk.
Read more at
http://www.blackboxvoting.org/?q=node/view/77
tommEE pickles set to speak at ToorConSaturday, September 25th 2004
20:30-21:30
Streaming Media Hacking BoF
Moderator: tommEE pickles"
ToorCon 2004: General Lineup
Microsoft sets 2006 target for next Windows version BEIJING, Aug. 29 (Xinhuanet) -- Microsoft Corp will ship the next version of Windows in 2006. To get 'Longhorn' shipped on time, Microsoft had to sacrifice a key component of the system, called WinFS, reported China Radio International Saturday.
It is the first time that the world's largest software maker has committed to a launch target for the ambitious upgrade to Windows, code-named Longhorn, since shipping Windows XP in 2001.
Microsoft says 'Longhorn' will provide important advances in performance, security and reliability, and will help accelerate the creation of exciting new applications by developers across the industry.
To get Longhorn shipped on time, Microsoft had to sacrifice a key component of the system, called WinFS.
The new file system aimed at making it easier for users to find information stored on hard drives, will be shipped later, with a test, or beta version, of WinFS being shipped with Longhorn in 2006. Enditem"
:Microsoft sets 2006 target for next Windows version: Xinhuanet - English ::
Attention, Terrorist warnings closed the Triple "H" Ranch From their website:Hacker Halfway House - the triple "H" ranch
--------------------------------------------------------------------------------------------------------------------------------------
* N O M O R E P A R T I E S *
--------------------------------------------------------------------------------------------------------------------------------------
NEWS: August 26th This post, unfortunately, announces the end of an era. There will be no more monthly 2600-after-parties at the HHH. If you are not the people responsible for damage to our building, or vandalism to our, and our guests' vehicles, or theft of our guests' hardware and belongings, we sincerely apologize.
Changes are afoot. Check back for updates, including a new site, and perhaps a new kind of community involvement in the near-distant
Hacker Halfway House aka The Triple H Ranch
archives
