Friday, May 7, 2010

Early bird gets the worm !!

Worms are for the birds..

We are headed to Louisville bright and early. The convoy leaves at 4:30 am...yea i know..

We have put together some HFC laminates to give away as door prizes for the students and for the instructors who are donating their time to give back to the community.

Here is a sneak preview of the laminates:

Front and back

Wednesday, May 5, 2010

Half of Social Networkers Post Risky Information, Study Finds

Half of Social Networkers Post Risky Information, Study Finds: More than half of all users of social networks in the U.S. are posting information that could put them at risk from cybercriminals, according to a Consumer Reports study. The magazine, which released its State of the Net survey today, noted that 52% of adults who use social networks, such as Facebook, Myspace and Twitter, have posted information like their full birth date, which could be used to commit crimes against them. … Of 2,000 Americans Consumer Reports surveyed in January, 9% said they had experienced some kind of trouble -- malware infections, scams, identity theft or harassment -- due to their presence on a social network. The study found that people who post personal information, such as their full birth dates, photos and names of children, home addresses, and times they'll be away from home, put themselves at the most risk of being taken advantage of. [Date: 4 May 2010; Source: http://www.pcworld.com/article/195545/]

Wi-Fi Key-cracking Kits Sold in China Mean Free Internet

Wi-Fi Key-cracking Kits Sold in China Mean Free Internet: Dodgy salesmen in China are making money from long-known weaknesses in a Wi-Fi encryption standard, by selling network key-cracking kits for the average user. … The main piece of the kits, an adapter with a six-inch antenna that plugs into a USB port, comes with a CD-ROM to install its driver and a separate live CD-ROM that boots up an operating system called BackTrack. In BackTrack, the user can run applications that try to obtain keys for two protocols used to secure Wi-Fi networks, WEP (Wired Equivalent Privacy) and WPA (Wi-Fi Protected Access). After a successful attack by the applications, called Spoonwep and Spoonwpa, a user can restart Windows and use the revealed key to access its Wi-Fi network. To crack a WEP key, the applications exploit weaknesses in the protocol that have been known for years. For WPA, they capture data being transmitted over the wireless network and target it with a brute-force attack to guess the key. [Date: 5 May 2010; Source: http://www.pcworld.com/businesscenter/article/195617/]

Foxit Reader Update Blocks New PDF Attack Tactic

Foxit Reader Update Blocks New PDF Attack Tactic: Foxit Software, the developer of a rival PDF viewer to Adobe's vulnerability-plagued Reader, released an update today that blocks some attacks with a "safe mode" that's switched on by default. Foxit Reader 3.3 for Windows includes what Foxit dubbed "Trust Manager," which blocks all external commands that may be tucked into a PDF document. The new version is designed to stymie some common attack vectors that hackers use when they probe PCs for bugs in the PDF format, or in a viewer application. … Last week, several security companies warned of a major malware campaign that tried to dupe users into opening rigged PDFs that exploited an unpatched design flaw in the PDF format, one attackers could use to infect users of Adobe's and Foxit's software. [Date: 5 May 2010; Source: http://www.pcworld.com/article/195620/]

Treasury shuts down 4 cloud-hosted Web sites after infection:

Treasury shuts down 4 cloud-hosted Web sites after infection: The Treasury Department has taken offline four public Web sites for the Bureau of Engraving and Printing after the discovery Monday of malicious code on a parent site. The bureau began using a third-party cloud service provider to host the sites last year, it said Tuesday in a statement about the incident. “The hosting company used by BEP had an intrusion and as a result of that intrusion, numerous websites (BEP and non-BEP) were affected,” the statement said. The Treasury Government Security Operations Center was alerted to the problem and notified the bureau, which responded by taking the sites offline. [Date: 4 May 2010; Source: http://gcn.com/Articles/2010/05/04/Treasury-hack-update-050410.aspx]

Tuesday, May 4, 2010

Home of the rofl.log

304Geeks hit the road. Louisville Metasploit class to-go please!