Los Flemings

From the Edupage newsletter from EDUCAUSE:

NEW TOOLS RATE SAFETY OF WEB SITES
Two new tools from GeoTrust offer Internet users another layer of protection against a range of online scams. The TrustWatch Search site and TrustWatch Toolbar both provide indications about the probable reliability of sites users are visiting, in an effort to help consumers avoid being victimized by phishing scams or by other forms of fraudulent Web sites. The tools evaluate sites for security practices such as certain forms of authentication or use of a Secure Sockets Layer certificate. Sites are also screened against a black list of known fraud sites and checked for patterns that would indicate potentially malicious intent. Users are shown a green signal to indicate a verified site, a yellow signal for suspect sites, and a red signal for sites that cannot be verified. The toolbar provides users with a real-time screen for sites they visit; the search site returns search results--powered by Ask Jeeves--with one of the three indicators for each site returned.
CNET, 25 September 2005
http://news.com.com/2100-1029_3-5879068.html

Here's a link to the symantec report that Dr. J. referenced today in class from Geekzone (and see the post below).

Several other sources covered the release of the report (check out Google news). Some had much more alarming headlines than this.

Another interesting note is that the report points out vulnerabilities in Mozilla - but Internet Explorer is still the focus of the vast majority of attacks.

from EDUCAUSE's Edupage:

REPORT WARNS OF VOIP THREATS
A new report from security firm Symantec identifies voice over Internet protocol (VoIP) technology as potentially fertile ground for a wave of cybercrime, including a new variation on an old scam. Within the next
18 months, Symantec expects VoIP to become a "significant" channel for electronic mischief including audio spam, voice phishing, call hijacking, and caller-ID spoofing. Ollie Whitehouse, technical manager at Symantec's research labs, said that although few VoIP attacks have been reported so far, the company "believes it's only a matter of time before attackers target it more intensely." A technique called war-dialing, in which computers call many thousands of phone numbers looking for those that respond with data tones, could also see a reemergence with VoIP. Hackers could comb VoIP phone numbers and locate unprotected or poorly protected servers that could then be compromised.
BBC, 19 September 2005
http://news.bbc.co.uk/2/hi/technology/4259554.stm

Newbie guide to Unix from unixgeeks.org

Here's one of life's funny little coincidences. This afternoon just after I finished balancing my checking account and reading the article on Phishing in my credit union's newsletter, I received the following email. Here's a link to the credit union's real site and fraud alert message.

Florida Commerce Credit Union Alert Message

We recently noticed the following issue on your account: We would like to ensure that your account was not accessed by an unauthorized third party. Because protecting the security of your account is our primary concern, we have limited access to sensitive Florida Commerce Credit Union account features. We understand that this may be an inconvenience but please understand that this temporary limitation is for your protection.

If you recently accessed your account while traveling, the unusual log in attempts may have initiated by you.

However if you are the rightful holder of the account, click on the link below and submit, as we try to verify your account:

https://www.floridacommerce.org/

We thank you for your prompt attention to this matter. Please understand that this is a security measure intended to help protect you and your account. We apologize for any inconvenience.

If you received this notice and you are not the authorized account holder, please be aware that is in violation of Florida Commerce Credit Union policy to represent oneself as another Florida Commerce Credit Union account owner. Such action may also be in violation of local, national, and/or international law. Florida Commerce Credit Union is committed to assist law enforcement with any inquires related to attempts to misappropriate personal information with the Internet to commit fraud or theft. Information will be provided at the request of law enforcement agencies to ensure that perpetrators are prosecuted to the fullest extent of the law.

* Please do not respond to this email as your reply will not be received.

The link in the email is the correct URL but when you hover over the link you can see that it contains additional script. The last paragraph is especially ironic given the source.

Some basic intro stuff to footprinting:

from Doug Chick

from IT Observer

Operation: Security has footprinting links and tools

I spotted an interesting article today on Network World on how Google's search capabilities are used by hackers in a variety of ways to scope out systems, access passwords and gain access to servers The story is at http://www.networkworld.com/news/2005/090505-google-hacking.html.

The hook of the story is the 'white hat hacker', Johnny Long, who has made Google hacking his specialty. His web site is johnny.ihackstuff.com.

In typical three year old fashion, my son Sam was more fascinated by the box that his birthday present arrived in than by the present it contained.

Does this foreshadow a career as a blockbuster magician or just a sideshow contortionist? Or perhaps it will lead to industrial engineering of packaging materials.

Greetings and welcome to my brand new blog. I'm new to this so your patience is appreciated.

Looking forward to an interesting semester of delving into information security.