[SecurityRatty] tag: girl

Links for 2008-11-20 [del.icio.us]

Thu, 20 Nov 2008 21:00:00 +0000

Got SIEM? - Part IV « eIQviews
Customers tend to use SIEM technologies for more reactive efforts, such as post-event forensics, rather than as a true correlation solution to determine unusual behavior or policy violations before they have a chance to affect systems and data.
SIEM Blog » Unrestricted Data Collection for Maximum Compliance and Forensic Visibility
Beast Or Buddha » Blog Archive » So we own your client database and everything important to you…
Web Developer: “Just because you can do that doesn’t mean we have a major problem like you say it is. It’s just you that did it!” SG dude: “Well more than likely, others have….we didn’t do anything fancy…”. Web Developer: “Well nothing has ever happened so it’s just you guys!” SG dude: “You have no logging”. Web Developer: “We’ve never been hacked!”
On Data Loss Prevention (DLP) » My Wife Finally Knows What I Do
The Two Kinds Of Security Threats, And How They Affect Your Life | securosis.com
We get money for noisy threats, and get called paranoid freaks for trying to prevent quiet threats (which can still lose our organizations a boatload of money, but don’t interfere with the married CEO’s ability to flirt with the new girl in marketing over email).
Marcus Ranum on Network Security - CSO Online - Security and Risk
The real best practices have been the same since the 1970s: know where your data is, who has access to what, read your logs, guard your perimeter, minimize complexity, reduce access to "need only" and segment your networks.

Just Love This: Noisy vs Quiet from Rich

Thu, 20 Nov 2008 14:50:00 +0000

OMG, some people (usually ex-Gartner... for whatever mystical reason) have this uncanny ability to present information in a way that just triggers an avalanche of insight. Here is an example: "The Two Kinds Of Security Threats, And How They Affect Your Life " from Rich Mogul.

Some quotes: "We get money for noisy threats, and get called paranoid freaks for trying to prevent quiet threats (which can still lose our organizations a boatload of money, but don’t interfere with the married CEO’s ability to flirt with the new girl in marketing over email)."

and

"Slice up your budget and see how much you spend preventing noisy vs. quiet threats. It’s often our own little version of security theater."

and

"The problem is, noisy vs. quiet may bear little to no relationship to your actual risk and losses, but that’s just human nature."

Overall, a MUST read.

God, please, send us some credible security metrics... please.

"Off the Peg" Authentication can lead to an ill-fitting suit

Wed, 30 Jul 2008 20:00:00 +0000

I was interested to read in the papers here that the UK's Association of Private Client Investment Managers and Stockbrokers (Apcims) has raised concerns about changes to existing data security measures which are being imposed by the Financial Services Authority (FSA). The FSA is seeking to mandate strong authentication -- using secret questions (you know the kind of thing -- mother's maiden name, date of birth, name of your favourite Spice Girl, etc, etc) -- before brokers can get on with doing business with their clients by phone. This comes a few months after a city firm was hit with a £77k (~$150k) fine for failing to do just that.

Now, ordinarily, forcing mandatory extra authentication like this you'd think is a good idea, and something that should be applauded...

How Can I Find Them? They Haven't Gone Missing!

Wed, 09 Jul 2008 08:45:35 +0000

I've often highlighted the utterly worthless spam messages that seem to endlessly circulate on Facebook, usually warning not to add (insert random name here) because they're an evil hacker and will destroy your PC, kill your family and so on.

Well, today I came across another such message:

.....insert gag about them being related to Chuck here....but underneath that message was something far more interesting:

Sounds serious, right? It seems personal, because it's their friend missing which adds a little more urgency - they provide a contact email address to notify them on, and it mentions a real world example of someone who went missing and was found via the Internet.

However.

Dig into this a little bit, and it all becomes clear quite quickly that something isn't quite right here. For starters, search for the missing persons name and there is no mention of him ever "going missing". Nothing on websites, news pages....it's like the whole thing is a work of fiction. In fact, buried in unrelated entries is the following snippet from a page on myyearbook.com:

Click to Enlarge

Check out the name of the "hacker" you shouldn't add. It seems someone has simply swiped the name and started pasting it into spam messages. A quick search of Facebook confirms the name and face go together.

A quick search for the email address listed as a contact brings up more interesting posts, this time posted to a personal blog:

Click to Enlarge

Same text....same reference to "real world" example....same email address. This person sure does get through a lot of missing friends! Note that this "missing person" chain letter has now stepped outside of Facebook and into other websites and networks.

At this point, you're probably wondering about the validity of the "real world" example, aren't you? Well, that would be a good idea! Notice they don't give any detail - it simply says "That is how the girl from Stevens Point was found by circulation of her picture on TV", and expect you to accept it as is. If you go searching for that phrase, it doesn't take long to find a page on Snopes.com regarding a missing girl hoax that stretches back some years:

"Please look at the picture, read what her father says, then forward his message on. Maybe if everyone passes this on, someone will see this child. That is how the girl from Stevens Point was found by circulation of her picture on tv..."

An email hoax, wrapped up and repackaged for the Facebook generation.

Grande Theft Auto... What Was He Thinking?

Thu, 03 Jul 2008 00:05:00 +0000

Well, it didn’t happen to me- but here’s another J! True Security Story for you…

I went to the salon today to ‘get my nails did’ and was greeted with quite a ruckus. The entire staff is Vietnamese- no big surprise there- but the owners and most employees speak English extremely well and so everyone is always chit-chatting throughout the salon.

The wife side of the husband-wife team was especially giddy as she shared a little gem of a story with me today… and I didn’t feel I’d be doing you justice to keep it to myself.

They (the salon staff) all live in one of the larger cities here in NC. One of their friends (a middle-aged guy) was out shopping Monday and was sitting in his car in a parking lot during a coming- or going- to a store. A young girl (mid-20’s) came up to his car and motioned to ask for use of his cell phone.

Now, at this point in the story, I could have told you the rest…

He opened the window a bit and the young lady asked to borrow his phone for a moment to call a family member. Turns out she had some car troubles and needed a ride. Being the nice gentleman that he is, he lent her the phone and she took a couple of steps away to make the call. Only… she didn’t stop. Evidently she got about 4 cars down the row before our chivalrous guy got out of the car and gave chase.

When he got in reach, she pushed him down to the ground and - yep - ran back to his car, phone still in hand… and drove away.

He now has no car and no phone. So, ironically enough, he then had to approach a stranger and politely ask for the use of their cell to phone home and let the group know he was bamboozled. A few tears were shed, but his wife assured him it would be fine and he shouldn’t be scared. (No, I’m not making that up).

I was giggling right along with her (and the guy’s wife, who happened to be there).

Moments later I thought to myself, “I hope that doesn’t happen to me!” Almost in the same instant I realized… it probably wouldn’t. I’ve been a bit of a paranoid freak since I was little, thanks probably in most part to having two ex-military intelligence parents. For all my life I’ve been raised with ‘the security mindset’ as Schneier refers to it.

Always suspicious… always calculating… always aware… and certainly never underestimating a situation.

And so then I had to muse… WHAT WAS HE THINKING leaving the car running and unlocked to go after the siren with the cell? For the sake of politeness, I kept my question to my ‘inside voice’, but I do have to wonder why you’d sacrifice the security of a vehicle for a $50 cell phone.

The moral of the story… There are two. 1) Involve someone with a ‘security mindset’ and 2) Your security is only as strong as your people. A sweet damsel in distress… social engineering at it’s finest…

# # #

Sometimes danger lurks right under our nose.

Thu, 05 Jun 2008 18:23:00 +0000

When Executive Protecion Specialists think and speak about "Threat Assessment", they are usually focusing on a known or suspected danger that may prove life-threatening. Sometimes, that danger may already have made itself at home and is silently destroying lives and eating away at victims like a cancerous growth.

One such story was highlighted by the "Washington Post Magazine" on May 25th, 2008. It involved a young girl who had been molested and raped by her own father. A man who was something of a hero to many. A man who had walked side by side with Dr. martin Luther king and who was only a few feet away from the Civil Rights leader when he was assasinated. That man is James Bevel.

I had the pleasure of listening to Col. Dave Grossman speaking at UCLA last April. He was eloquent in his description of how young lives are taken and families estroyed by School killings. He also spoke about those who prey on the less suspecting. He equated it to the Wolves hunting down and eating sheep. Mr. Bevel appears to be one of those parasitic wolves.

For years he raped his little daughter, telling her it was something of an "experiment". In his mind, he didn't think that it mattered. His unfathomable belief (and apparently remains the same until this day) is that all women are prostitutes until they reach a certain age, when sex is set aside for procreation. This beleif allowed him to allegedly rape his eight year old daughter on many occassions.

His daughter, Aaralyn Mills, finally found the courage to step foward and contact the Police in 2005. She assisted the Leesburg authorities to tape record her conversation with her father. In that conversation, James Bevel admitted raoping his daughter and that it was part of a scientific process. Unfortunately, her mother, like many other mothers, did not want or couldn't face the truth. This gave the big, bad wolf all the space he needed to desecrate the little sheep.

Sadly, men like this are living throughout our communities. they come in all shapes, sizes nd colors. Some are Doctors, Community leaders, Priests, Police Officers, Electricians and Preachers. If you have been entrusted with the job of protecting an innocent lamb, be a strong and fearful sheepdog and protect your flock, with your very life if need be. Be brave like Aaralyn Mills. She stepped forward at this time in her life because her father who has many children with many different women has now a young daughter and her half-siter is afraid that he will rape her too.

Security Briefing: May 30th

Fri, 30 May 2008 10:29:34 +0000

What a week - it’s like I’m swimming uphill both ways and it’s snowing. An extra large helping of news to make up for being late this morning. And hey - thanks to all of our new subscribers that joined us yesterday. Welcome!

Click here to subscribe to Liquidmatrix Security Digest!

And now, the news…

The Attack that made Kevin Rose Cry - Revision3
BBC NEWS | Science/Nature | Monkey’s brain controls robot arm Always mount a scratch monkey - seriously.
Will your mobile squeal to the police? | The Register Will your mobile find a horse head in it’s bed?
Download al Qaeda manuals from the DoJ, go to prison? | The Register Another pair of articles analyzing the somewhat chilling effect of doing research and finding yourself in jail… do we accept this as a society or not?
The New Order: When reading is a crime | The Register
Facebook mob trashes Â£4.4m Spanish villa | The Register Anyone else surprised that the girl didn’t claim it was hackers — and faintly reminiscent of the Craigslist “The contents of this house must go” issue.
Bletchley Park and the decay of the museum buildings Plcurecuernxf - fcraq n craal ba gur ravtzn naq fnir gur jbeyq sebz Uvgyre ntnva - be gur npnqrzvp trgf vg.
22 French Hackers Arrested 22 SkriptKiddies singing the Jean Valjean lines from Les Miserables… the horror.
USA 2008 : Briefings Schedule All your briefs belong to Jeff Moss
Rands In Repose: We Travel in Tribes I’m sneaking this one in to see if you are paying attention - which Diamond Age phyle do you belong to?
State of the Internet It’s all about the metrics baby.
Red Curtain: An Unsung, Free Security Application Anyone willing to sing in the comments?
Computer trained to read minds Neo sez - BLUE PILL, take the frakkin blue one!
National Journal Magazine - Chinas Cyber-Militia Good catch Matt Franz - is this responsible journalism or just journalistic asshattery.
Did Hackers Cause the 2003 Northeast Blackout? Umm, No | Threat Level from Wired.com And 27/b6 weighs in on the issue… with maybe a little more journalistic integrity.

Tags: News, Daily Links, Security Blog, Information Security, Security News

Fidel Castro exports his criminals, but we give guns to ours.

Wed, 23 Apr 2008 11:03:00 +0000

I was shocked to hear the news on CBS yesterday that the Army and Marine Corps are allowing convicted Felons to join their ranks. Are recruiters that desperate or just plain lazy?

The newscaster said that the Army and Marine Corps are going to open their doors to Felons who have been convicted of Robbery, Burglary, sex offenses and making terroristc threats. What can they be thinking? Have the lunatics started running the assylum?

These are some of the worst offenses on the books. I could somewhat understand if they said: "we are going to make allowances for those who have been convicted of multiple DUI/DWIs and as a result, have been declared felons". This new policy sounds like a plot taken straight out of Hollywood...."The Dirty Dozen" springs to mind.

One would think that the military upper echelon have enough on their plate everytime a story breaks about a young girl being raped in Iraq or Japan by U.S. military personnel. One can only imagine the future problems that will arise when they willingly open their doors to convicted child molesters, rapists, robbers, burglars and terrorist sympathisers/radicals.

The Navy and Airforce should be conrgratulated on failing to stoop so low. I hope they resit the temptation to put the same uniforms that have been worn so proudly in the past by decent human beings on those who should be wearing prison jump suits.

Maybe if the Government paid soldiers a decent salary, which is to say, much more than the $3,000 per month that they now get to put their lives in harm's way instead of giving it to Government contracting companies who charge the Government as much as $250,000 per year per contractor AND many times overcharge and over-bill the very same Government who are willing to pay a king's ransom in the first place.

Malware and Exploits Serving Girls

Tue, 15 Apr 2008 04:14:56 +0000

Descriptive domains such as beautiful-and-lonely-girl dot com, amateur homepage looking sites, a modest photo archive of different girls, apparently amateur malware spreaders think that spamming these links to as many people as possible would entice them into visting the sites, thus infecting themselves with malware.

It all started with Lonely Polina, than came lonely Ms. Polinka, and now we have Victoria. And despite that Polina and Polinka are both connected in terms of the malware served, and the natural RBN connection in face of HostFresh, as well as the site template used, Victoria is an exception. Some details on the recently spammed campaign :

voena.net (199.237.229.158) is also responding to prettyblondywoman.com, where the exploit (WebViewFolderIcon setSlice) and the malware (Trojan-Spy.Win32.Goldun) are served from voena.net/incoming.php and voena.net/get.php, both with a high detection rate 27/32 (84.38%).

Individual homepages are dead, and this is perhaps where the social engineering aspect of the attack fails, all these girls for sure have their MySpace profiles up and running already, in between taking advantage of a popular photo sharing service.