Search This Blog

Tuesday, September 27, 2011

(W) So you think you are clever and anonymous when using anon proxies and VPN?




Are you one those people that hide your Internet activity by using anonymous proxies or an anonymous hidden secret VPN solution?

Think you are truly secure and obscure? Think again..

A web proxy service has come under fire after a federal indictment revealed that the company cooperated with U.S. authorities in their investigation into the hacking of SonyPictures.com.

HideMyAss.com, a VPN service that encrypts one's traffic to enable users to surf the web anonymously, was ordered by a U.K. judge, at the request of FBI agents, to release log information about an Arizona man who was arrested Thursday for his role in the Sony intrusion.

SC Magazine article

#InfoSec

Monday, September 26, 2011

(I) Card Key system updated by the vendor - research to continue




We received updated hardware and software from the vendor we are working with from the original vulnerability/exploit and setup this Testing configuration in order to test and verify any improvements the vendor integrated into the new hardware and software.

It is a simple emulation of a Card Key reader that triggers a buzzer when the user is authorized to enter. The buzzer is clearly smaller than an actual door lock..

It works like a charm, the Cards were added, given permission and tested to open the door, aka sound the buzzer for 5 seconds to emulate the door unlock period.

Stay tuned as we continue our testing on the update or attend one of the two InfoSec conferences where we will be presenting.

HouSecCon 2011 - Houston Nov 3rd

Security BSides DFW 2011 - Dallas Nov 5th

#InfoSec #keycard #cardkey

Wednesday, September 21, 2011

(W)(I) Do you store email on your Cloud email provider servers?




If you are like most of us today, we all use and rely on Internet email and especially those that are browser based like Gmail, HotMail, Yahoo mail and others.

Do you also store information you would consider 'confidential' like Health, Financial and photos of yourself?

Recently Kunis Scarlett Johansson, Christina Aguilera, Lady Gaga, Miley Cyrus and High School Musical's Vanessa Hudgens have all had pictures stolen from their emails and smart phones because they stored these pics in the cloud and probably had easy, discoverable or guessable passwords.

If you do store confidential data in the cloud, you should seriously consider long and complex passwords and a password manager like LastPass to remember the passwords and URL's and make it easy to keep track of all those websites we have to login to these days.



#InfoSec #LastPass

(W)(I) Your GM OnStar enabled car will rat you out starting Dec 2011




Yup.. GM cars with OnStar will start in Dec 2011 sending critical data to GM whether you want to or not... So if you are going too fast, get in a fender bender, don't use your seatbelt or various other items, GM will provide this info to Insurance companies, law enforcement when asked and send you service notices, without you 'Opting in' to the program...

So now your GM car is a 'Dirty Rat'..

PacketStorm article on GM.. You Dirty Rat..

#InfoSec #OnStar

Thursday, September 15, 2011

(I) BackTrack 5 Wireless book now available




Vivek Ramachandran has written a beginners book for BackTrack 5 WiFi Tools that is a must read for new or seasoned InfoSec Pros that want to learn about this Live CD Tool that should be in every InfoSec and Forensic Toolkit.

Hacker News article



#InfoSec #BackTrack