Re: [funsec] Citizen cyber-protectors?
Not even if I was wearing a pair of socks given to me from one of those beetle sellers :-) Michael P. Blanchard Senior Security Engineer, CISSP, GCIH, CCSA-NGX, MCSE Office of Information Security Risk Management EMC ² Corporation 32 Coslin Drive Southboro, MA 01772 Office: (508)898-7102 Cell: (508)958-2780 email: blanchard_mich...@emc.com -Original Message- From: Drsolly [mailto:drsol...@drsolly.com] Sent: Thursday, July 19, 2012 11:43 AM To: Blanchard, Michael (InfoSec) Cc: kyle.cre...@gmail.com; funsec@linuxbox.org; rmsl...@shaw.ca Subject: RE: [funsec] Citizen cyber-protectors? What, even if loads of beetle-sellers told you how important it is? On Thu, 19 Jul 2012 michael.blanch...@emc.com wrote: I'm part of the .5% I could care less about collecting beetles Michael P. Blanchard Senior Security Engineer, CISSP, GCIH, CCSA-NGX, MCSE Office of Information Security Risk Management EMC ² Corporation 32 Coslin Drive Southboro, MA 01772 From: funsec-boun...@linuxbox.org [mailto:funsec-boun...@linuxbox.org] On Behalf Of Kyle Creyts Sent: Thursday, July 19, 2012 7:25 AM To: Drsolly Cc: funsec@linuxbox.org; Rob, grandpa of Ryan, Trevor, Devon Hannah; infose...@yahoogroups.com Subject: Re: [funsec] Citizen cyber-protectors? I am part of the 1%. On Jul 19, 2012 2:31 AM, Drsolly drsol...@drsolly.commailto:drsol...@drsolly.com wrote: If someone can't be bothered to write their thoughts down, and require me to spend 20 minutes to watch a video giving views that I could have read in one minute, then I'm not going to devote my time to listen to them. Since I haven't heard what he has to say, I cannot comment on his views. Except to point out that 99% of people are as interested in computer security as they are in beetle collecting. And anything that depends on them being more interested than that, or better informed, is doomed. On Wed, 18 Jul 2012, Rob, grandpa of Ryan, Trevor, Devon Hannah wrote: Marc Goodman (who I believe is https://twitter.com/FutureCrimes and http://www.futurecrimes.com/ ) gave a recent TED talk on trends in the use of high technology in crime: http://www.ted.com/talks/marc_goodman_a_vision_of_crimes_in_the_future.html The 20 minute talk is frightening, with very little in the way of comfort for the protection or security side. He ends with a call for crowdsourcing of protection. Now as a transparent society/open source/full disclosure kind of guy, I like the general idea. But, as someone who has been involved in education, security awareness, and professional security training for some time, I see a few problems. For crowdsourcing to work, you need a critical mass of at least minimally capable people. When you are talking about a weather reporting app, that minimal capability isn't much. When you are talking about detecting cyberwar or bioweapons, the capability levels are a bit different. Just yesterday the PNWER (Pacific NorthWest Economic Region http://www.pnwer.org/ ) conference became the latest to bemoan the lack of trained employees. I rather suspect these constant complaints, since I see lots of people out of work. But the people who are whining about employees are just looking for network admins and such. We need people with more depth and more breadth in their backgrounds. I get CISSP candidates in my seminars who are network admins who simply want to know a few ACLS for firewalls. I have to keep telling them that security professionals need to know more than that. Yes, I am privileged to be able to meet a number who *are* interested in learning everything possible in order to meet any need or problem. But, relatively speaking, those are few. And my sample set tends to be abnormal, in that these are people who have already shown some interest in training (even if only job related). What Goodman is talking about is the general public. And those of us who have actually tried security awareness know how little conceptual awareness we have to build on, let alone advanced technical knowledge. I think awareness, self-protection, and crowdsourcing is probably the only good way to approach the problems Goodman outlines. I just worry that we have a long way to go. http://blogs.securiteam.com/index.php/archives/1793 == (quote inserted randomly by Pegasus Mailer) rsl...@vcn.bc.camailto:rsl...@vcn.bc.ca sl...@victoria.tc.camailto:sl...@victoria.tc.ca rsl...@computercrime.orgmailto:rsl...@computercrime.org On Friday, January 23rd, 2004, in a speech at the World Economic Forum in Davos, Switzerland, Bill Gates stated `Two years from now, spam will be solved.' victoria.tc.ca/techrev/rms.htmhttp://victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links http://blogs.securiteam.com/index.php/archives/author/p1/
Re: [funsec] Sometimes, you gotta feel sorry for the poor TSA agent...
LOL, things he should have done / said: ---he should have just dropped his pants and said ... don't touch it too much, it might explode! --- unzipped and said ...isn't everyone's this big? -- unzipped and said See? Told you it was my dick... --- done nothing but just said Your wife will vouch that it's just my dick in my pants --- cough cough Will I live doc? Michael P. Blanchard Senior Security Engineer, CISSP, GCIH, CCSA-NGX, MCSE Office of Information Security Risk Management EMC ² Corporation 32 Coslin Drive Southboro, MA 01772 -Original Message- From: funsec-boun...@linuxbox.org [mailto:funsec-boun...@linuxbox.org] On Behalf Of Valdis Kletnieks Sent: Thursday, July 19, 2012 11:51 AM To: funsec@linuxbox.org Subject: [funsec] Sometimes, you gotta feel sorry for the poor TSA agent... http://www.rawstory.com/rs/2012/07/16/tsa-frisks-man-with-worlds-largest-penis/ ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] Security unawareness
Can I get an AMEN borthers and sisters!!! Michael P. Blanchard Senior Security Engineer, CISSP, GCIH, CCSA-NGX, MCSE Office of Information Security Risk Management EMC ² Corporation 32 Coslin Drive Southboro, MA 01772 -Original Message- From: funsec-boun...@linuxbox.org [mailto:funsec-boun...@linuxbox.org] On Behalf Of Rob, grandpa of Ryan, Trevor, Devon Hannah Sent: Thursday, July 19, 2012 3:25 PM To: funsec@linuxbox.org Cc: infose...@yahoogroups.com Subject: [funsec] Security unawareness I really don't understand the people who keep yelling that security awareness is no good. Here's the latest rant: http://www.pcworld.com/businesscenter/article/259461/why_you_shouldnt_train_e mployees_for_security_awareness.html The argument is always the same: security awareness is not 100% foolproof protection against all possible attacks, so you shouldn't (it is morally wrong to?) even try to teach security awareness in your company. This guys works for a security consultancy. He says that instead of teaching awareness, you should concentrate on audit, monitoring, protecting critical data, segmenting the network, access creep, incident response, and strong security leadership. (If we looked into their catalogue of seminars, I wonder what we would find them selling?) Security awareness training isn't guaranteed to be 100% effective protection. Neither is AV, audit, monitoring, incident response, etc. You still use those thing even though they don't guarantee 100% protection. You should at least try (seriously) to teach security awareness. Maybe more than just a single 4 hour session. (It's called defence in depth.) Tell you what: I'll teach security awareness in my company, and you try a social engineering attack. You may hit some of my people: people aren't perfect. But I'll bet that at least some of my people will detect and report your social engineering attack. And your data isolation won't. == (quote inserted randomly by Pegasus Mailer) rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org Often the best way to win is to forget to keep score. - Marianne Espinosa Murphy victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links http://blogs.securiteam.com/index.php/archives/author/p1/ http://twitter.com/rslade ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] Turkey
Turkey's are HUGE birds and can be aggressive as well... They are also EVERYWHERE up here in the North East... I don't' remember so many turkeys around when I was a kid either, so of course I blame the looney liberal Democrats... for, um, not allowing us to trap them here in Mass and cutting down our hunting season for turkeys...er...or something like that :-) Michael P. Blanchard Senior Security Engineer, CISSP, GCIH, CCSA-NGX, MCSE Office of Information Security Risk Management EMC ² Corporation 32 Coslin Drive Southboro, MA 01772 -Original Message- From: funsec-boun...@linuxbox.org [mailto:funsec-boun...@linuxbox.org] On Behalf Of Rob, grandpa of Ryan, Trevor, Devon Hannah Sent: Monday, July 16, 2012 5:29 PM To: funsec@linuxbox.org Subject: [funsec] Turkey OK, so, I was wrong. Americans *are* in signficant danger, and need to carry guns at all times, especially in the poutry sections of grocery stores: http://www.tulsaworld.com/opinion/article.aspx?subjectid=61articleid=20120331 _61_A22_CUTLIN208748 I was out on a lease at one time and I got attacked by a turkey. Wait until you get attacked by a turkey. You will know the fear that a turkey can invoke in a person. == (quote inserted randomly by Pegasus Mailer) rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org Thank heavens we do not get all of the government that we are made to pay for. - Milton Friedman victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links http://blogs.securiteam.com/index.php/archives/author/p1/ http://twitter.com/rslade ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] WE THE FBI HAVE WARRANT TO ARREST YOU GET BACK TO US FOR YOUR OWN GOOD
ROFL Yah, and you had better get back to them for your own good! Who knew they issued arrest warrants via email, let alone AOL and Yahoo LOL Michael P. Blanchard Senior Security Engineer, CISSP, GCIH, CCSA-NGX, MCSE Office of Information Security Risk Management EMC ² Corporation 32 Coslin Drive Southboro, MA 01772 -Original Message- From: funsec-boun...@linuxbox.org [mailto:funsec-boun...@linuxbox.org] On Behalf Of Rob, grandpa of Ryan, Trevor, Devon Hannah Sent: Tuesday, June 19, 2012 2:29 PM To: funsec@linuxbox.org Subject: [funsec] WE THE FBI HAVE WARRANT TO ARREST YOU GET BACK TO US FOR YOUR OWN GOOD Dang! They're on to me! Shoot! How am I going to get down to speak at conferences in the States, now? Who knew the official FBI email account was on AOL? (One of the things I find funniest about this is that it actually seems to come from Nigeria :-) Return-Path: fbi.g...@aol.com Received: from nm21-vm0.bullet.mail.sp2.yahoo.com (nm21- vm0.bullet.mail.sp2.yahoo.com [98.139.91.220]) by vcn.bc.ca (8.14.3/8.14.3/Debian-9.1ubuntu1) with SMTP id q5J64Wq2010516 for rsl...@vcn.bc.ca; Mon, 18 Jun 2012 23:04:32 -0700 Received: from [98.139.91.62] by nm21.bullet.mail.sp2.yahoo.com with NNFMP; 19 Jun 2012 06:04:32 - Received: from [98.136.185.46] by tm2.bullet.mail.sp2.yahoo.com with NNFMP; 19 Jun 2012 06:04:32 - Received: from [127.0.0.1] by smtp107.mail.gq1.yahoo.com with NNFMP; 19 Jun 2012 06:04:32 - X-Yahoo-Newman-Id: 345563.73795...@smtp107.mail.gq1.yahoo.com Message-ID: 345563.73795...@smtp107.mail.gq1.yahoo.com X-Yahoo-Newman-Property: ymail-3 X-YMail-OSG: tzQqgmIVM1l.UTMf3DtKt80460MNofO0BnhB2UbyABpEQbT u1l3W6mDuECWnV6.nXgpaGAVpibYn10okiHHAeIAu3xMFB7FrDcz4VKg1nWg qRLHXDoEqhBpqH6gbUD2TbTvYfR3piS9497wZdU8Xroh4_wsuKbClYhQ9GUX RO4.O5Iq371xRbS_2GO8H9KxJ9xi1grMZg5raosSX_eqnfVl775o4OlvvQxv FscsmNNvYggjmunV_70LZXkMUOVGk1Y6zmYHofJTofro4STV4bGUNJB2GSvt 0Q.h0ncJJY_8v3yMD7GB1CfOwxcN.pQanXKEcVs4PUwlJBdRSbVLkDcyArsG vKEjT322rKHGwkQAm9V1tT8J0b6ssW.IddSVbHY3MbySYbA-- X-Yahoo-SMTP: glbYzViswBCnhqrAZ2E22qQWimw6qRKeGG5T9Ncr6Q-- Received: from User (fbi.gov1@41.58.6.106 with login) by smtp107.mail.gq1.yahoo.com with SMTP; 19 Jun 2012 06:04:30 + UTC Reply-To: office1212...@aol.com From: FBI OFFICEfbi.g...@aol.com Subject: WE THE FBI HAVE WARRANT TO ARREST YOU GET BACK TO US FOR YOUR OWN GOOD Date: Mon, 18 Jun 2012 19:04:25 -0700 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary==_NextPart_000_0099_01C2A9A6.349F8E1A X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600. X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600. X-Antivirus: avast! (VPS 120618-0, 06/17/2012), Outbound message X-Antivirus-Status: Clean X-DSPAM-Result: Spam X-DSPAM-Processed: Mon Jun 18 22:04:33 2012 X-DSPAM-Confidence: 1. X-DSPAM-Probability: 1. X-DSPAM-Signature: 3756,4fe0086125671355044239 This is a multi-part message in MIME format. --=_NextPart_000_0099_01C2A9A6.349F8E1A Content-Type: text/html; charset=Windows-1251 Content-Transfer-Encoding: 7bit !DSPAM:3756,4fe0086125671355044239! --=_NextPart_000_0099_01C2A9A6.349F8E1A Content-Type: application/octet-stream; name=FBI FINAL WARNING.txt Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename=FBI FINAL WARNING.txt QW50aS1UZXJyb3Jpc3QgYW5kIE1vbmV0YXJ5IENyaW1lcyBEaXZpc2lvbiAN CkZiaSBIZWFkcXVhcnRlcnMgSW4gV2FzaGluZ3RvbiwgRC5DLiANCkZlZGVy YWwgQnVyZWF1IE9mIEludmVzdGlnYXRpb24gDQpKLiBFZGdhciBIb292ZXIg QnVpbGRpbmcgDQo5MzUgUGVubnN5bHZhbmlhIEF2ZW51ZSwgTlcgV2FzaGlu Z3RvbiwgRC5DLiAyMDUzNS0wMDAxIFdlYnNpdGU6IHd3dy5mYmkuZ292IA0K DQogDQpBdHRlbnRpb24sIHRoaXMgaXMgdGhlIGZpbmFsIHdhcm5pbmcgeW91 IGFyZSBnb2luZyB0byByZWNlaXZlIGZyb20gbWUgZG8geW91IGdldCBtZT8g DQogDQpJIGhvcGUgeW91cmUgdW5kZXJzdGFuZCBob3cgbWFueSB0aW1lcyB0 aGlzIG1lc3NhZ2UgaGFzIGJlZW4gc2VudCB0byB5b3U/LiANCiANCldlIGhh dmUgd2FybmVkIHlvdSBzbyBtYW55IHRpbWVzIGFuZCB5b3UgaGF2ZSBkZWNp ZGVkIHRvIGlnbm9yZSBvdXIgZS1tYWlscyBvciBiZWNhdXNlIHlvdSBiZWxp ZXZlIHdlIGhhdmUgbm90IGJlZW4gaW5zdHJ1Y3RlZCB0byBnZXQgeW91IGFy cmVzdGVkLCBhbmQgdG9kYXkgaWYgeW91IA0KZmFpbCB0byByZXNwb25kIGJh Y2sgdG8gdXMgd2l0aCB0aGUgcGF5bWVudCB0aGVuLCB3ZSB3b3VsZCBmaXJz dCBzZW5kIGEgbGV0dGVyIHRvIHRoZSBtYXlvciBvZiB0aGUgY2l0eSB3aGVy ZSB5b3UgcmVzaWRlIGFuZCBkaXJlY3QgdGhlbSB0byBjbG9zZSB5b3VyIGJh bmsgYWNjb3VudCANCnVudGlsIHlvdSBoYXZlIGJlZW4gamFpbGVkIGFuZCBh bGwgeW91ciBwcm9wZXJ0aWVzIHdpbGwgYmUgY29uZmlzY2F0ZWQgYnkgdGhl IGZiaS4gV2Ugd291bGQgYWxzbyBzZW5kIGEgbGV0dGVyIHRvIHRoZSBjb21w YW55L2FnZW5jeSB0aGF0IHlvdSBhcmUgd29ya2luZyBmb3Igc28gdGhhdCAN CnRoZXkgY291bGQgZ2V0IHlvdSBmaXJlZCB1bnRpbCB3ZSBhcmUgdGhyb3Vn aCB3aXRoIG91ciBpbnZlc3RpZ2F0aW9ucyBiZWNhdXNlIGEgc3VzcGVjdCBp cyBub3Qgc3VwcG9zZSB0byBiZSB3b3JraW5nIGZvciB0aGUgZ292ZXJubWVu dCBvciBhbnkgcHJpdmF0ZSBvcmdhbml6YXRpb24uDQogDQpZb3VyIGlkIHdo aWNoIHdlIGhhdmUgaW4gb3VyIGRhdGFiYXNlIGJlZW4gc2VudCB0byBhbGwg dGhlIGNyaW1lcyBhZ2VuY2llcyBpbiBBbWVyaWNhIGZvciB0aGVtIHRvIGlu
Re: [funsec] WARNING: addictive
Many obscenities aren't on the list too. I should use more swear words as passwords LOL Michael P. Blanchard Senior Security Engineer, CISSP, GCIH, CCSA-NGX, MCSE Office of Information Security Risk Management EMC ² Corporation 32 Coslin Drive Southboro, MA 01772 -Original Message- From: funsec-boun...@linuxbox.org [mailto:funsec-boun...@linuxbox.org] On Behalf Of Rob, grandpa of Ryan, Trevor, Devon Hannah Sent: Thursday, June 07, 2012 7:24 PM To: funsec@linuxbox.org Subject: [funsec] WARNING: addictive Someone pointed out that LastPass created a tool to check if your password hash was stolen - https://lastpass.com/linkedin/ I've been looking at passwords that were used. lovelovelove allyouneedislove sweetipie snookums parishilton They're all there. Interestingly, paris isn't. But london toronto ottawa montreal seattle vancouver and even northvancouver are. As well as squamish, whistler, and some other small towns in my area. philadelphia isn't. thunderbird rambler and 56chevy are. ford and econoline aren't. Names of most dead poets aren't, although shelley is. == (quote inserted randomly by Pegasus Mailer) rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org I learned one really sad fact from my career as a columnist: nobody changes their mind about anything. Ever. Once we form the opinion, we become evidence processors and we just collect all the evidence that supports our opinion and reject all the evidence that disputes it.- Bob Metcalfe victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links http://blogs.securiteam.com/index.php/archives/author/p1/ http://twitter.com/rslade ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] Growth in enlargement spam getting bigger
LOL, did you piss off anyone in the list lately? Maybe someone signed your email address up for the bigger and better spam? Michael P. Blanchard Senior Security Engineer, CISSP, GCIH, CCSA-NGX, MCSE Office of Information Security Risk Management EMC ² Corporation 32 Coslin Drive Southboro, MA 01772 -Original Message- From: funsec-boun...@linuxbox.org [mailto:funsec-boun...@linuxbox.org] On Behalf Of Rob, grandpa of Ryan, Trevor, Devon Hannah Sent: Friday, June 08, 2012 2:56 PM To: funsec@linuxbox.org Cc: infose...@yahoogroups.com Subject: [funsec] Growth in enlargement spam getting bigger Over the past few days I've been busy with Flame (and MD5) and LinkeDin (and SHA-1) (and I've also noticed more than a few people confusing the significance of the two protocols), so it was only this morning that I realized I've seen a rise, if you will, in a certain type of spam. As a matter of fact, other variants of spam seem to be stable, if not slightly down. But there has been a big jump, provided as a free trial, in this one category. It could be that the spammers are taking pity on me, noting that I need help attracting the attention of the other 50% of the population. Looking closer, all the messages appear to be built on the same outline. The subject lines (and most of the From: lines) all note free, trial, sample, enlargement, BIGGER, and a certain body part. The body of the message seems to promise pornography, if you visit a certain Website. The Website names appear to be two word compounds, related to pornography, frequently mispelled (probably deliberately). The Website, regardless of domain name, is always the same. (At least now it advertises American's Top Supplements instead of pretending to be a Canadian pharmacy.) Oddly, this huge surge is only on one of my accounts: the others seem to be running at normal levels. This may be due to the fact that it's the account I use to post from most frequently.) == (quote inserted randomly by Pegasus Mailer) rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org Literature is the art of writing something that will be read twice; journalism what will be read once. - Cyril Connolly victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links http://blogs.securiteam.com/index.php/archives/author/p1/ http://twitter.com/rslade ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] Flame on!
a-effin-men Rob! I went through the same screaming fit too Even though it sounds clever until you dig in just a little bit... 20 freakin meg in size? I mean seriously The only reason it hasn't been caught in 5 years (if that's even true) is because it's so freakin' huge LOL oh and I love the way this is the new APT as well... as if Conficker or Stuxnet wasn't advanced or persistant enough for some folks just because it's not the flavour of the day Michael P. Blanchard Senior Security Engineer, CISSP, GCIH, CCSA-NGX, MCSE Office of Information Security Risk Management EMC ² Corporation 32 Coslin Drive Southboro, MA 01772 -Original Message- From: funsec-boun...@linuxbox.org [mailto:funsec-boun...@linuxbox.org] On Behalf Of Rob, grandpa of Ryan, Trevor, Devon Hannah Sent: Wednesday, May 30, 2012 9:16 PM To: funsec@linuxbox.org Subject: [funsec] Flame on! I have been reading about the new Flame (aka Flamer, aka sKyWIper) supervirus. [AArrg Sorry. I will try and keep the screaming, in my outside voice, to a minimum.] From http://www.telegraph.co.uk/news/worldnews/middleeast/iran/9295938/Flame- worlds-most-complex-computer-virus-exposed.html This virus [1] is 20 times more powerful than any other! [Why? Because it has 20 times more code? Because it is running on 20 times more computers? (It isn't. If you aren't a sysadmin in the Middle East you basically don't have to worry.) Because the computers it is running on are 20 times more powerful? This claim is pointless and ridiculous.] [I had it right the first time. The file that is being examined is 20 megabytes. Sorry, I'm from the old days. Anybody who needs 20 megs to build a piece of malware isn't a genius. Tight code is *much* more impressive. This is just sloppy.] It could only have been created by a state. [What have you got against those of us who live in provinces?] Flame can gather data files, remotely change settings on computers, turn on computer microphones to record conversations, take screen shots and copy instant messaging chats. [So? We had RATs that could do that at least a decade ago.] ... a Russian security firm that specialises in targeting malicious computer code ... made the 20 megabyte virus available to other researchers yesterday claiming it did not fully understand its scope and said its code was 100 times the size of the most malicious software. [I rather doubt they made the claim that they didn't understand it. It would take time to plow through 20 megs of code, so it makes sense to send it around the AV community. But I still say these size of code and most malicious statements are useless, to say the least.] It was released five years ago and had infected machines in Iran, Israel, Sudan, Syria, Lebanon, Saudi Arabia and Egypt. [Five years? Good grief! This thing is a pretty wimpy virus! (Or self-limiting in some way.) Even in the days of BSIs and sneakernet you could spread something around the world in half a year at most.] If Flame went on undiscovered for five years, the only logical conclusion is that there are other operations ongoing that we don't know about. [Yeah. Like not reproducing.] The file, which infects Microsoft Windows computers, has five encryption algorithms, [Gosh! The best we could do before was a couple of dozen!] exotic data storage formats [Like not plain text.] and the ability to steal documents, spy on computer users and more. [Yawn.] Components enable those behind it, who use a network of rapidly-shifting command and control servers to direct the virus ... [Gee! You mean like a botnet or something?] Sorry. Yes, I do know that this is supposed to be (and probably is) state- sponsored, and purposefully written to attack specific targets and evade detection. I get it. It will be (marginally) interesting to see what they pull out of the code over the next few years. It's even kind of impressive that someone built a RAT that went undetected for that long, even though it was specifically built to hide and move slowly. But all this supervirus nonsense is giving me pains. [1] First off, everybody is calling it a virus. But many reports say they don't know how it got where it was found. Duh! If it's a virus, that's kind of the first issue, isn't it? == (quote inserted randomly by Pegasus Mailer) rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org Any American was bred to want to take over things; your water supply, your mineral deposits, your entire country, your wife ... Something American had happened to his wife ... there was no other possible explantion. - `The Whirlpool', Jane Urquhart victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links http://blogs.securiteam.com/index.php/archives/author/p1/ http://twitter.com/rslade ___ Fun and
Re: [funsec] Flame on!
Back Orafice was da shizzle back in the day! - Original Message - From: valdis.kletni...@vt.edu [mailto:valdis.kletni...@vt.edu] Sent: Wednesday, May 30, 2012 11:23 PM To: Blanchard, Michael (InfoSec) Cc: rmsl...@shaw.ca rmsl...@shaw.ca; funsec@linuxbox.org funsec@linuxbox.org Subject: Re: [funsec] Flame on! On Wed, 30 May 2012 22:51:09 -0400, michael.blanch...@emc.com said: a-effin-men Rob! I went through the same screaming fit too Even though it sounds clever until you dig in just a little bit... 20 freakin meg in size? I mean seriously The only reason it hasn't been caught in 5 years (if that's even true) is because it's so freakin' huge LOL All the AV products probably have a check If it's a binary over X bytes in size, it must be a legit binary from Microsoft or Adobe check. Somebody probably just wrote a meg of code, then pasted in 19M of total dead-code crap from Microsoft Flight Simulator just to bulk it up over the limit. Flame can gather data files, remotely change settings on computers, turn on computer microphones to record conversations, take screen shots and copy instant messaging chats. [So? We had RATs that could do that at least a decade ago.] How big was Back Orifice, which did much of the same stuff *way* back when? ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] Seriously?
I LOVE stuff like this Just because of the security professionals that come running out of the woodwork to us asking us ... Hey you see this new thing?!?! It's totaly OH-day and I'll bet A/V doesn't detect it too!!... I use it as a gauge of how much those folks actually know, and try to avoid them in the future It really sucks when it's folks that work with you too! Used to happen in another gig years ago... Would never happen where I a now! LOL Mike B - Original Message - From: Jeffrey Walton [mailto:noloa...@gmail.com] Sent: Saturday, May 05, 2012 03:18 PM To: FunSec List funsec@linuxbox.org Subject: [funsec] Seriously? Seriously? The new threat of user-initiated drive by downloads? === Don’t Install Android Security Updates While Browsing the Web, http://www.gottabemobile.com/2012/05/04/dont-install-android-security-updates-while-browsing-the-web/ Surfing the web on Android is relatively safe, but a new threat tricks users into installing a trojan that calls itself a security update. Symantec discovered the Android.Notcompatible threat this week, calling attention to the new threat of user-initiated drive by downloads. Malware is a problem on Android smartphones, but it is typically reserved for infected fake games and apps found on third-party marketplaces. This new attack can happen on any infected webpage, and relies on tricking the user into installing the malware. ... ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] Seriously?
I'll bet A/V detects this... BUT, I'll also bet it's rare to find AV running on the 'droids :-) Mike B From: Dan Kaminsky [mailto:d...@doxpara.com] Sent: Saturday, May 05, 2012 11:08 PM To: Blanchard, Michael (InfoSec) Cc: noloa...@gmail.com noloa...@gmail.com; funsec@linuxbox.org funsec@linuxbox.org Subject: Re: [funsec] Seriously? So what's your bet on whether AV detects it? On Sat, May 5, 2012 at 7:40 PM, michael.blanch...@emc.commailto:michael.blanch...@emc.com wrote: I LOVE stuff like this Just because of the security professionals that come running out of the woodwork to us asking us ... Hey you see this new thing?!?! It's totaly OH-day and I'll bet A/V doesn't detect it too!!... I use it as a gauge of how much those folks actually know, and try to avoid them in the future It really sucks when it's folks that work with you too! Used to happen in another gig years ago... Would never happen where I a now! LOL Mike B - Original Message - From: Jeffrey Walton [mailto:noloa...@gmail.commailto:noloa...@gmail.com] Sent: Saturday, May 05, 2012 03:18 PM To: FunSec List funsec@linuxbox.orgmailto:funsec@linuxbox.org Subject: [funsec] Seriously? Seriously? The new threat of user-initiated drive by downloads? === Don’t Install Android Security Updates While Browsing the Web, http://www.gottabemobile.com/2012/05/04/dont-install-android-security-updates-while-browsing-the-web/ Surfing the web on Android is relatively safe, but a new threat tricks users into installing a trojan that calls itself a security update. Symantec discovered the Android.Notcompatible threat this week, calling attention to the new threat of user-initiated drive by downloads. Malware is a problem on Android smartphones, but it is typically reserved for infected fake games and apps found on third-party marketplaces. This new attack can happen on any infected webpage, and relies on tricking the user into installing the malware. ... ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] Seriously?
I was actually referring to the type of article that claims XYZ is a new threat I remember recently along with this drive by is new that there was a memory viruses are the new threat There are too many security professionals that get their recent news from C-net or information week :-( Mike B From: Blanchard, Michael (InfoSec) Sent: Saturday, May 05, 2012 11:55 PM To: 'd...@doxpara.com' d...@doxpara.com Cc: 'noloa...@gmail.com' noloa...@gmail.com; 'funsec@linuxbox.org' funsec@linuxbox.org Subject: Re: [funsec] Seriously? I'll bet A/V detects this... BUT, I'll also bet it's rare to find AV running on the 'droids :-) Mike B From: Dan Kaminsky [mailto:d...@doxpara.com] Sent: Saturday, May 05, 2012 11:08 PM To: Blanchard, Michael (InfoSec) Cc: noloa...@gmail.com noloa...@gmail.com; funsec@linuxbox.org funsec@linuxbox.org Subject: Re: [funsec] Seriously? So what's your bet on whether AV detects it? On Sat, May 5, 2012 at 7:40 PM, michael.blanch...@emc.commailto:michael.blanch...@emc.com wrote: I LOVE stuff like this Just because of the security professionals that come running out of the woodwork to us asking us ... Hey you see this new thing?!?! It's totaly OH-day and I'll bet A/V doesn't detect it too!!... I use it as a gauge of how much those folks actually know, and try to avoid them in the future It really sucks when it's folks that work with you too! Used to happen in another gig years ago... Would never happen where I a now! LOL Mike B - Original Message - From: Jeffrey Walton [mailto:noloa...@gmail.commailto:noloa...@gmail.com] Sent: Saturday, May 05, 2012 03:18 PM To: FunSec List funsec@linuxbox.orgmailto:funsec@linuxbox.org Subject: [funsec] Seriously? Seriously? The new threat of user-initiated drive by downloads? === Don’t Install Android Security Updates While Browsing the Web, http://www.gottabemobile.com/2012/05/04/dont-install-android-security-updates-while-browsing-the-web/ Surfing the web on Android is relatively safe, but a new threat tricks users into installing a trojan that calls itself a security update. Symantec discovered the Android.Notcompatible threat this week, calling attention to the new threat of user-initiated drive by downloads. Malware is a problem on Android smartphones, but it is typically reserved for infected fake games and apps found on third-party marketplaces. This new attack can happen on any infected webpage, and relies on tricking the user into installing the malware. ... ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] OK, all you EU guys who took the CEH just wasted your money
Not really a catch22, just a fancy way of saying that possession of burglary tools is a Class 5 felony. Problem is, a crowbar could be a burglary tool, so if I merely have a crowbar on me, by the wording of that code, that means that I have intent to burgle so it's a class5 felony. Michael P. Blanchard Senior Security Engineer, CISSP, GCIH, CCSA-NGX, MCSE Office of Information Security Risk Management EMC ² Corporation 32 Coslin Drive Southboro, MA 01772 From: funsec-boun...@linuxbox.org [mailto:funsec-boun...@linuxbox.org] On Behalf Of Remo Cornali Sent: Saturday, March 31, 2012 4:34 AM To: funsec@linuxbox.org Subject: Re: [funsec] OK, all you EU guys who took the CEH just wasted your money On 31/03/2012 04:46, valdis.kletni...@vt.edumailto:valdis.kletni...@vt.edu wrote: Code of Virginia - Section 18.2-94 - Possession of burglarious tools, etc.If any person have in his possession any tools, implements or outfit, with intent to commit burglary, robbery or larceny, upon conviction thereof he shall be guilty of a Class 5 felony. The possession of such burglarious tools, implements or outfit by any person other than a licensed dealer, shall be prima facie evidence of an intent to commit burglary, robbery or larceny. That sounds like unadulterated Comma 22 to me: possession of burglarious tools is a felony *only* with intent to commit burglary, *but* the possession of burglarious tools shall be prima facie evidence of an intent to commit burglary. Why do I need a driver's license to drive a car, but I only need to be elected to forge such legal masterpieces? Ciao! Remo ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] OK, all you EU guys who took the CEH just wasted your money
But that also means that just by owning a crowbar, you could wind up in federal penitentiary... Especially because if you hit on the prosecuter's daughter that you ALSO hit on the judges daughter because they are always WAY cuter So bang! You're doin 5-7 just for owning a crowbar you got at Lowes :-( Mike B From: David M Chess [mailto:ch...@us.ibm.com] Sent: Monday, April 02, 2012 12:41 PM To: funsec@linuxbox.org funsec@linuxbox.org Subject: Re: [funsec] OK, all you EU guys who took the CEH just wasted your money That sounds like unadulterated Comma 22 to me: possession of burglarious tools is a felony *only* with intent to commit burglary, *but* the possession of burglarious tools shall be prima facie evidence of an intent to commit burglary. Well, you have to unpack prima facie a little there. It means at first glace or before any rebuttal or similar things. It means that if you have a crowbar the prosecutor (if he's bored enough, or you hit on his daughter) can make a case against you and maybe get you to court, but if you can say sometimes I need to open crates; see, here's an opened crate in my garage!, the judge should then say have a nice day. For some value of should... DC ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] You may already be a terrorist!
That's like the onion right? Do not sweat? Do not take pictures in an airport? Do not use google maps in a strange city? C'mon Michael P. Blanchard Senior Security Engineer, CISSP, GCIH, CCSA-NGX, MCSE Office of Information Security Risk Management EMC ² Corporation 32 Coslin Drive Southboro, MA 01772 -Original Message- From: funsec-boun...@linuxbox.org [mailto:funsec-boun...@linuxbox.org] On Behalf Of Rob, grandpa of Ryan, Trevor, Devon Hannah Sent: Saturday, March 03, 2012 6:28 PM To: funsec@linuxbox.org Subject: [funsec] You may already be a terrorist! http://www.takepart.com/article/2012/02/15/you-may-already-be-fbi-terror- suspect-85-things-not-do == (quote inserted randomly by Pegasus Mailer) rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org Living next to you is in some ways like sleeping with an elephant: No matter how friendly and even-tempered the beast, one is affected by every twitch and grunt. - Pierre Elliott Trudeau March 25, 1969, addressing the Press Club in Washington, D.C. victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links http://blogs.securiteam.com/index.php/archives/author/p1/ http://twitter.com/rslade ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] On March 6, the Oreo cookie will be 100 years old
Holey crap... I REFUSE to believe that it's been 20 years. Wow, 20 friggin years maybe the grey in my beard is actually telling me the truth ;-( Michael P. Blanchard Senior Security Engineer, CISSP, GCIH, CCSA-NGX, MCSE Office of Information Security Risk Management EMC ² Corporation 32 Coslin Drive Southboro, MA 01772 -Original Message- From: funsec-boun...@linuxbox.org [mailto:funsec-boun...@linuxbox.org] On Behalf Of Rob, grandpa of Ryan, Trevor, Devon Hannah Sent: Thursday, February 16, 2012 5:15 PM To: funsec@linuxbox.org Subject: [funsec] On March 6, the Oreo cookie will be 100 years old March 6 is also Michelangelo Day. Coincidence? (To those who will ask What's Michelangelo Day? I can only say: [Sigh.] Kids.) (Good grief, has it been 20 years?) == (quote inserted randomly by Pegasus Mailer) rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org Above all do not permit this to deprive you of your idea of yourself, as if your life, lived in inwardness, did not have as much meaning and worth as that of any other human being in the loving eyes of an all-wise Governance, and considerably more than the busy, busier, busiest haste of busyness--busy with wasting time and losing oneself. - Soren Kierkegaard victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links http://blogs.securiteam.com/index.php/archives/author/p1/ http://twitter.com/rslade ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] Does Nova Scotia have a dress code?
Oh my... guys like THAT get beat up for a reason LOL It would be my luck I'd have to sit next to that dude on a cross country flight too Michael P. Blanchard Senior Security Engineer, CISSP, GCIH, CCSA-NGX, MCSE Office of Information Security Risk Management EMC ² Corporation 32 Coslin Drive Southboro, MA 01772 -Original Message- From: funsec-boun...@linuxbox.org [mailto:funsec-boun...@linuxbox.org] On Behalf Of Ned Fleming Sent: Monday, February 13, 2012 4:35 PM To: funsec@linuxbox.org Subject: [funsec] Does Nova Scotia have a dress code? http://goo.gl/Nny4d or http://www.minyanville.com/dailyfeed/2012/02/13/canada-cracks-down-on-transgendered/ Be sure to click the guys like this link in the 3rd paragraph. That's an eye-opener. Sigh. -- Ned ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] isc2 down?
I just tried to get out to https://www.isc2.org and it appears there isnt' a DNS entry for them and I cant get there from here Anyone else have the same issue? I'm a bit behind in my $85 dues... maybe they *really* needed that eighty-five bucks! LOL Michael P. Blanchard Senior Security Engineer, CISSP, GCIH, CCSA-NGX, MCSE Office of Information Security Risk Management EMC ² Corporation 32 Coslin Drive Southboro, MA 01772 ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] isc2 down?
That'a an awesome site ;-) I just found out about it today :-) Michael P. Blanchard Senior Security Engineer, CISSP, GCIH, CCSA-NGX, MCSE Office of Information Security Risk Management EMC ² Corporation 32 Coslin Drive Southboro, MA 01772 -Original Message- From: funsec-boun...@linuxbox.org [mailto:funsec-boun...@linuxbox.org] On Behalf Of Rob, grandpa of Ryan, Trevor, Devon Hannah Sent: Tuesday, February 07, 2012 1:37 PM To: funsec@linuxbox.org Subject: Re: [funsec] isc2 down? From: michael.blanch...@emc.com Date sent: Tue, 07 Feb 2012 10:57:05 -0500 I just tried to get out to https://www.isc2.org and it appears there isnt' a DNS entry for them and I cant get there from here Anyone else have the same issue? I can't get through, and neither can http://www.downforeveryoneorjustme.com/ == (quote inserted randomly by Pegasus Mailer) rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org The world will little note, nor long remember, what we say here - Abraham Lincoln, the Gettysburg Address victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links http://blogs.securiteam.com/index.php/archives/author/p1/ http://twitter.com/rslade ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] Porn uncopyrightable?
science and useful arts surely does not include ANY movie made in the last 100 years Except for some science documentaries So, How's it Made? and factory made are all set But ANYthing else isn't... Funny thing though... as it would include Disney in the non-copywritable area BUT, the gov keeps pushing the ending date of the compywrite out whenever Disney's stuff gets that old MPAA owes a LOT fo people a LOT of cash too... as Justin Beeber can't possibly be science or a useful art Michael P. Blanchard Senior Security Engineer, CISSP, GCIH, CCSA-NGX, MCSE Office of Information Security Risk Management EMC ² Corporation 32 Coslin Drive Southboro, MA 01772 From: funsec-boun...@linuxbox.org [mailto:funsec-boun...@linuxbox.org] On Behalf Of Kyle Creyts Sent: Tuesday, February 07, 2012 3:26 PM To: Brance Amussen Cc: funsec@linuxbox.org; rmsl...@shaw.ca Subject: Re: [funsec] Porn uncopyrightable? It almost notably leaves out works of expression. On Feb 7, 2012 3:23 PM, Kyle Creyts kyle.cre...@gmail.commailto:kyle.cre...@gmail.com wrote: Pop music, too, probably... And the Twilight books. On Feb 7, 2012 3:13 PM, Brance Amussen bra...@jhu.edumailto:bra...@jhu.edu wrote: Or for that matter most of modern day cinema... IMHO... -Original Message- From: funsec-boun...@linuxbox.orgmailto:funsec-boun...@linuxbox.org [mailto:funsec-boun...@linuxbox.orgmailto:funsec-boun...@linuxbox.org] On Behalf Of Rob, grandpa of Ryan, Trevor, Devon Hannah Sent: Tuesday, February 07, 2012 2:28 PM To: funsec@linuxbox.orgmailto:funsec@linuxbox.org Subject: [funsec] Porn uncopyrightable? http://arstechnica.com/tech-policy/news/2012/02/can-porn-be-copyrighted-one- file-sharing-defendant-says-no.arshttp://arstechnica.com/tech-policy/news/2012/02/can-porn-be-copyrighted-one-file-sharing-defendant-says-no.ars An odd case, but an interesting point ... (If decided for the defendant, might this mean that Disney movies were uncopyrightable, too? Since when did they help science and useful arts? :-) == (quote inserted randomly by Pegasus Mailer) rsl...@vcn.bc.camailto:rsl...@vcn.bc.ca sl...@victoria.tc.camailto:sl...@victoria.tc.ca rsl...@computercrime.orgmailto:rsl...@computercrime.org I will use all my strength to bring about a just society to a nation living in a tough world. - Pierre Elliott Trudeau, April 7, 1968 victoria.tc.ca/techrev/rms.htmhttp://victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links http://blogs.securiteam.com/index.php/archives/author/p1/ http://twitter.com/rslade ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] Kissing robots?
Sweet! Connect that kissing robot into the Realdoll.com sex dolls and now you're getting somewhere! I can think of a couple uses on the realdoll that would certainly make folks stand up and notice :-) The cabbage patch doll is just creepy... but that chick in the video is cute for sure ;-) Michael P. Blanchard Senior Security Engineer, CISSP, GCIH, CCSA-NGX, MCSE Office of Information Security Risk Management EMC ² Corporation 32 Coslin Drive Southboro, MA 01772 -Original Message- From: funsec-boun...@linuxbox.org [mailto:funsec-boun...@linuxbox.org] On Behalf Of Rob, grandpa of Ryan, Trevor, Devon Hannah Sent: Wednesday, February 01, 2012 1:30 PM To: funsec@linuxbox.org Subject: [funsec] Kissing robots? http://www.news.com.au/technology/sci-tech/caring-just-got-creepier-kissinger- breaks-new-ground-in-human-robitic-relations/story-fn5fsgyc- 1226259359588?sv=cf9bc79d50c998845dcb83cb4a38a8a6 or http://is.gd/0hjLyq All I can think of is Kaufman's If your [product] is successful, it will eventually be used for purposes for which it was never intended ... (Later parts of the video seem to indicate the technology is pretty simplistic ...) == (quote inserted randomly by Pegasus Mailer) rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org For years we have been saying you could not get a virus just by opening E-Mail. That bug is being fixed. - A. Padgett Peterson victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links http://blogs.securiteam.com/index.php/archives/author/p1/ http://twitter.com/rslade ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] [cisspforum] REVEIW: Zero Day, David Baldacci
That was my first exposure to the term zero day Back in the day if you were an OP on a zero day warez IRC channel you were considered by many to be 'leet :-). When the real 'leet d00ds were the folks getting the zero dayz for distro by the groups on IRC Then you had warez that were 1-3 dayz old Anything after that was considered old-warez and that was the channel name on effnet too That was a fun channel! Zero day morphed into meaning brand new, released today, no patch available, no sigs, no nuttin! The day after zero day it was an old vuln as usually a patch or sigs were now available :-) Now he meaning is worthless thanks to the media Cool to go down memory lane with ya dude! :-) Mike B - Original Message - From: CP Constantine [mailto:con...@1211.net] Sent: Tuesday, January 31, 2012 05:07 PM To: cisspfo...@yahoogroups.com cisspfo...@yahoogroups.com Cc: funsec@linuxbox.org funsec@linuxbox.org; Rob, grandpa of Ryan, Trevor, Devon Hannah rmsl...@shaw.ca Subject: Re: [funsec] [cisspforum] REVEIW: Zero Day, David Baldacci On 01/31/2012 04:41 PM, Rob, grandpa of Ryan, Trevor, Devon Hannah wrote: At one time, in information security terminology, zero day meant a measure of difficulty or vulnerability. err, no it didn't. At *one* time, zero day meant that you'd acquired and were trading pirated software that had been released that same day (it was zero-day-old warez) later on, it got repurposed to indicate an exploit that had never been used before (the exploit was again, zero-days-old) (you'll notice a trend here, things can only be called 'zero-day', precisely once) That meaning has been largely destroyed by overexposure in the media. Today it simply means we want to scare you. the meaning you use here 'difficulty or vulnerability' is part of that overexposure, as the original meaning has been taken up by vendor marketing teams and been stretched to mean all sorts of nonsense things - including 'a measure of difficulty or vulnerability'. It means zero-days-old .. any other meaning whatsoever is purely a fabrication by people that didn't know the original meaning in the first place. (Rob, I kinda feel bad about ranting to you on something that's a matter of security history, since you've, well, obviously got seniority on me in this regards: however the appropriation of 'zero-day' by the industry as an utterly meaningless terms is one of those 'if you're not part of the solution, you're part of the problem' kind of issues to me) ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] BitDefender, you've created a monster! (story ...)
I don't know about you folks, but I just love hearing from malware experts (so called) that they found some new form of threat or behavior that many of us have seen 20 - 25 years or more ago. Like this article, we know it's dribble and by far nothing at all new. But when I'm talking to folks that claim to be malware experts, or IT security experts, and they start stating stuff like yah, malware's getting so bad these days that viruses are infecting malware! Imagine that?! I just laugh to myself and put some type of mental scarlet letter on their forehead Is it weird that I no longer feel old when I realize I've been doing this stuff for about 25 years now? Maybe THAT's the sign that I'm truly old? :-) Michael P. Blanchard Senior Security Engineer, CISSP, GCIH, CCSA-NGX, MCSE Office of Information Security Risk Management EMC ² Corporation 32 Coslin Drive Southboro, MA 01772 -Original Message- From: funsec-boun...@linuxbox.org [mailto:funsec-boun...@linuxbox.org] On Behalf Of Robert Slade Sent: Wednesday, January 25, 2012 1:29 PM To: funsec@linuxbox.org Subject: [funsec] BitDefender, you've created a monster! (story ...) www.infosecurity-magazine.com/view/23465/viruses-and-worms-are-evolving-into-frankenmalware/ OK, this is obviously going to be the AV/infosec story of the week. (At least this particular story notes that it isn't a big deal, although they don't seem to realize it's old news.) (If any AV/anti-malware/security company wants to hire me, I'd be glad to look back through my archives and find threats from 25 years ago and dress them up in new jargon in order to seed out stupid press releases like the one that started this. I've got a million of 'em ...) == rsl...@computercrime.org sl...@victoria.tc.ca rsl...@vcn.bc.ca If you do buy a computer, don't turn it on. - Richards' 2nd Law = for back issues: [Base URL] site http://victoria.tc.ca/techrev/ CISSP refs: [Base URL]mnbksccd.htm Security Dict.: [Base URL]secgloss.htm Book reviews: [Base URL]mnbk.htm [Base URL]review.htm Partial/recent: http://groups.yahoo.com/group/techbooks/ Review mailing list: send mail to techbooks-subscr...@egroups.com http://blogs.securiteam.com/index.php/archives/author/p1/ http://blog.isc2.org/isc2_blog/slade/index.html http://twitter.com/rslade ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] Teaching reporters infosec ...
I just type everything in using on the fly, in my head blowfish encryption to fool the keyloggers Michael P. Blanchard Senior Security Engineer, CISSP, GCIH, CCSA-NGX, MCSE Office of Information Security Risk Management EMC ² Corporation 32 Coslin Drive Southboro, MA 01772 From: funsec-boun...@linuxbox.org [mailto:funsec-boun...@linuxbox.org] On Behalf Of Kyle Creyts Sent: Thursday, January 26, 2012 2:10 AM To: Paul M Moriarty Cc: funsec Subject: Re: [funsec] Teaching reporters infosec ... Flashy and interesting like using the mouse to move your cursor around, entering strings out of order and/or changing focus to a junk pad, etc... not quite strong protection, but better than nothing in some cases. On Jan 25, 2012 9:20 PM, Paul M Moriarty p...@igtc.commailto:p...@igtc.com wrote: While doing something flashy and interesting with your left hand, type your message quickly with your right hand. The keyloggers fall for it every time. :) On Jan 25, 2012, at 4:44 PM, Patrick Laverty wrote: I thought this line interesting: using Tor for online anonymity, the benefits of no-contract cell phones, and how to trick keyloggers, What does that mean to trick a keylogger? On Wed, Jan 25, 2012 at 2:49 PM, Paul M Moriarty p...@igtc.commailto:p...@igtc.com wrote: On Jan 25, 2012, at 10:48 AM, Robert Slade wrote: http://www.cjr.org/the_news_frontier/teaching_cyber-security.php Does this provide us with any level of comfort or confidence? (Those two are not necessarily equal ...) It's a step in the right direction, though clearly it will be a long journey. - Paul - ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] Did the borg start this way?
-Original Message- From: valdis.kletni...@vt.edu [mailto:valdis.kletni...@vt.edu] Sent: Monday, January 23, 2012 11:51 PM To: Patrick Laverty Cc: Blanchard, Michael (InfoSec); funsec@linuxbox.org; rmsl...@shaw.ca Subject: Re: [funsec] Did the borg start this way? On Tue, 17 Jan 2012 16:24:27 EST, Patrick Laverty said: I know Kung Fu. Show me. At which point we'll need even better anti-virus software for memes, because otherwise you just can't win The Game. Interesting game The only way to win, is to not play at all... Mike B ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] Consumer group accuses Hollywood of 'threatening politicians'
Is there anyone who would claim a PAC contribution is not a bride (other than Congress and lobbyists)? Yes, a PAC contribution is certainly NOT a bride. now it's sure close to, if not a full on, BRIBE if you ask me ;-) Sorry, couldn't resist ;-) Michael P. Blanchard Senior Security Engineer, CISSP, GCIH, CCSA-NGX, MCSE Office of Information Security Risk Management EMC ² Corporation 32 Coslin Drive Southboro, MA 01772 -Original Message- From: funsec-boun...@linuxbox.org [mailto:funsec-boun...@linuxbox.org] On Behalf Of Jeffrey Walton Sent: Saturday, January 21, 2012 11:48 AM To: FunSec List Subject: [funsec] Consumer group accuses Hollywood of 'threatening politicians' Is there anyone who would claim a PAC contribution is not a bride (other than Congress and lobbyists)? http://thehill.com/blogs/hillicon-valley/technology/205491-consumer-group-accuses-hollywood-of-threatening-politicians Consumer group Public Knowledge on Friday accused the Motion Picture Association of America (MPAA) and its head, former Sen. Chris Dodd, of trying to intimidate lawmakers into supporting a pair of controversial anti-piracy bills. In recent days, Dodd and other top Hollywood figures have threatened to cut off campaign donations to politicians who do not support their effort to crackdown on online copyright infringement. Those who count on quote 'Hollywood' for support need to understand that this industry is watching very carefully who's going to stand up for them when their job is at stake. Don't ask me to write a check for you when you think your job is at risk and then don't pay any attention to me when my job is at stake, Dodd said on Fox News on Thursday. ... ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] SOPA is only the first step ...
Holey crap What's the Canadian government doing about this? That poor guy I wonder what the US gov would do if it was a US citizen I wonder what could be done I know, send in Chuck Norris's chin! Michael P. Blanchard Senior Security Engineer, CISSP, GCIH, CCSA-NGX, MCSE Office of Information Security Risk Management EMC ² Corporation 32 Coslin Drive Southboro, MA 01772 From: funsec-boun...@linuxbox.org [mailto:funsec-boun...@linuxbox.org] On Behalf Of steve pirk [egrep] Sent: Friday, January 20, 2012 5:03 AM To: rmsl...@shaw.ca Cc: funsec@linuxbox.org Subject: Re: [funsec] SOPA is only the first step ... That story makes me want to puke. On Jan 19, 2012 7:30 PM, Rob, grandpa of Ryan, Trevor, Devon Hannah rmsl...@shaw.camailto:rmsl...@shaw.ca wrote: http://thenextweb.com/me/2012/01/19/death-sentence-for-iranian-programmer- accused-of-developing-software-used-by-porn-sites/http://thenextweb.com/me/2012/01/19/death-sentence-for-iranian-programmer-%0d%0aaccused-of-developing-software-used-by-porn-sites/ == (quote inserted randomly by Pegasus Mailer) rsl...@vcn.bc.camailto:rsl...@vcn.bc.ca sl...@victoria.tc.camailto:sl...@victoria.tc.ca rsl...@computercrime.orgmailto:rsl...@computercrime.org We have met the enemy and he is us. - Walt Kelly 1913-1973 victoria.tc.ca/techrev/rms.htmhttp://victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links http://blogs.securiteam.com/index.php/archives/author/p1/ http://twitter.com/rslade ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] Corporate social media rules
Well, it's just like any other socmed page, they have the right to remove any posting for any reason or without reason... it's their page, they can do what they wish or allow what they wish on it... I don't' think there are any legalities involved, I don't' even think that the rules have to be there... Now that doesn't mean that you can't go ahead and say that their product or service is a piece of steaming poop on YOUR page :-) Michael P. Blanchard Senior Security Engineer, CISSP, GCIH, CCSA-NGX, MCSE Office of Information Security Risk Management EMC ² Corporation 32 Coslin Drive Southboro, MA 01772 -Original Message- From: funsec-boun...@linuxbox.org [mailto:funsec-boun...@linuxbox.org] On Behalf Of Rob, grandpa of Ryan, Trevor, Devon Hannah Sent: Tuesday, January 17, 2012 7:15 PM To: funsec@linuxbox.org Subject: [funsec] Corporate social media rules An item for discussion: I've see this stuff in some recent reports of lawsuits. First people started using social media, for social things. Then corps decided that socmed was a great way to spam people without being accused of spamming. Then corps suddenly realized, to their horror, that, on socmed, people can talk back. And maybe alert other people to the fact that you a) don't fulfill on your promises, b) make lousy products, c) provide lousy service, and d) so on. Gloria ran into this today and asked me about the legalities of it. I imagine that it has all the legality of any waiver: you can't sign away your rights, and a waiver has slightly less value than the paper it's printed on (or, slightly more, if a fraudster can copy your signature off it [Sorry, I'm a professional paranoid. My brain just works that way.]). Anyway, what she ran into today (a Facebook page that was offering to let you in on a draw if you liked them) (don't worry, we've already discussed the security problems of likes): We're honoured that you're a fan of [us], and we look forward to hearing what you have to say. To ensure a positive online experience for the entire community, we may monitor and remove certain postings. Be kind and have fun is the short version of our rules. What follows is the longer version of rules for posts, communications and general behaviour on [our] Facebook page: [fairly standard we're nice people marketing type bumpf - rms] The following should not be posted on [our] Facebook pages: Now, some of this is good: Unauthorized commercial communications (such as spam) Content meant to bully, intimidate or harass any user Content that is hateful, threatening, discriminatory, pornographic, or that contains nudity or graphic or gratuitous violence Content that infringes or violates someone else's rights or otherwise violates the law Personal, sensitive or financial information on this page (this includes but is not limited to email addresses, phone numbers, etc.) Unlawful or misleading posts Some of it is protecting their brand: Competitor material such as pictures, videos, or site links Some has to do with the fact that they are a franchise operation: Links to personal [agent] websites, or invitations from [agents] to connect with them privately But some it is limits freedom of expression: Unconstructive, negative or derogatory comments Repeat postings of unconstructive comments/statements And, of course, the kicker: [We] reserves the right to remove any postings deemed to be inappropriate or in violation of these rules. Now, it's probably the case that they do have the right to manipulate the content on their site/page any way they want to. But, how far can these rules go? == (quote inserted randomly by Pegasus Mailer) rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org (sqrt(-1)) before (2.71828), except after (186,242 miles/sec) victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links http://blogs.securiteam.com/index.php/archives/author/p1/ http://twitter.com/rslade ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] Yet more evidence that US law is now clinically insane ...
Wow, that's just crazy like there aren't REAL criminals that the feds should be going after oh wait, I get it now... they can't CATCH the real bad guys because it's too much like work... so they'll happily go after someone that's doing nothing wrong and prosecute them for some stupid ass thing I blame Obama! Well, ok, I guess it's really Nixon's fault in this case... 1972 was when that law went into effect, I think Nixon was still in office then... might have been Ford ok, I blame the democrats! LOL Michael P. Blanchard Senior Security Engineer, CISSP, GCIH, CCSA-NGX, MCSE Office of Information Security Risk Management EMC ² Corporation 32 Coslin Drive Southboro, MA 01772 Office: (508)898-7102 Cell: (508)958-2780 email: blanchard_mich...@emc.com -Original Message- From: funsec-boun...@linuxbox.org [mailto:funsec-boun...@linuxbox.org] On Behalf Of Rob, grandpa of Ryan, Trevor, Devon Hannah Sent: Wednesday, January 18, 2012 2:23 PM To: funsec@linuxbox.org Subject: [funsec] Yet more evidence that US law is now clinically insane ... http://www.economist.com/node/21542772 Whale watching is illegal ... == (quote inserted randomly by Pegasus Mailer) rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org With what shall I come before the Lord and bow down before the exalted God? Shall I come before him with burnt offerings, with calves a year old? Will the Lord be pleased with thousands of rams, with ten thousand rivers of oil? Shall I offer my first born for my transgression, the fruit of my body for the sin of my soul? He has showed you, O Man, what is good. And what does the Lord require of you? To act justly and to love mercy and to talk humbly with your God. - Micah 6:6-8 victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links http://blogs.securiteam.com/index.php/archives/author/p1/ http://twitter.com/rslade ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] Did the borg start this way?
I'm sorry, but that is AWESOME! Think about all the diseases that a microchip can cure... Parkinson's, epilepsy, Alzhiemers, etc etc And OMFG! One philosophical question could arise once we'll be able to download a person's whole brain onto a chip and then implant the chip into someone else's body. Wouldn't it be cool to back up your brain? Sort through the memories and go through them oh, think about cerebral-hackers or cerebral-hijackers! Change someone's memories to whatever they want Full on total recall baby! why actually go on vacation when you can simply remember going for a fraction of the cost! Michael P. Blanchard Senior Security Engineer, CISSP, GCIH, CCSA-NGX, MCSE Office of Information Security Risk Management EMC ² Corporation 32 Coslin Drive Southboro, MA 01772 -Original Message- From: funsec-boun...@linuxbox.org [mailto:funsec-boun...@linuxbox.org] On Behalf Of Rob, grandpa of Ryan, Trevor, Devon Hannah Sent: Tuesday, January 17, 2012 3:01 PM To: funsec@linuxbox.org Subject: [funsec] Did the borg start this way? http://www.bbc.co.uk/news/technology-16305299 == (quote inserted randomly by Pegasus Mailer) rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org If you can tell good advice from bad advice, you don't *need* any advice victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links http://blogs.securiteam.com/index.php/archives/author/p1/ http://twitter.com/rslade ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] Dr. Who returns!
How can they be sure that these are not re-broadcasts of our 50 year old signals? Would a reflection really be as clear as they state? 25 light years away, that's a hell of a skip! Michael P. Blanchard Senior Security Engineer, CISSP, GCIH, CCSA-NGX, MCSE Office of Information Security Risk Management EMC ² Corporation 32 Coslin Drive Southboro, MA 01772 -Original Message- From: funsec-boun...@linuxbox.org [mailto:funsec-boun...@linuxbox.org] On Behalf Of Rob, grandpa of Ryan, Trevor, Devon Hannah Sent: Tuesday, January 17, 2012 3:19 PM To: funsec@linuxbox.org Subject: [funsec] Dr. Who returns! http://www.rimmell.com/bbc/news.htm == (quote inserted randomly by Pegasus Mailer) rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org __ || /\ || swiped || __ | | __ || from || \ \/ / || Mike || /\ || Church ||_][_|| @sfu.ca victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links http://blogs.securiteam.com/index.php/archives/author/p1/ http://twitter.com/rslade ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] Dr. Who returns!
LOL april 1, 2009 didn't even notice that! Michael P. Blanchard Senior Security Engineer, CISSP, GCIH, CCSA-NGX, MCSE Office of Information Security Risk Management EMC ² Corporation 32 Coslin Drive Southboro, MA 01772 -Original Message- From: Brance Amussen [mailto:bra...@jhu.edu] Sent: Tuesday, January 17, 2012 3:50 PM To: Blanchard, Michael (InfoSec); rmsl...@shaw.ca; funsec@linuxbox.org Subject: RE: [funsec] Dr. Who returns! This was an April Fools joke by the BBC, check the date of the article. They did find those two lost episodes but they were found in an Australian BBC station. B -Original Message- From: funsec-boun...@linuxbox.org [mailto:funsec-boun...@linuxbox.org] On Behalf Of michael.blanch...@emc.com Sent: Tuesday, January 17, 2012 3:41 PM To: rmsl...@shaw.ca; funsec@linuxbox.org Subject: Re: [funsec] Dr. Who returns! How can they be sure that these are not re-broadcasts of our 50 year old signals? Would a reflection really be as clear as they state? 25 light years away, that's a hell of a skip! Michael P. Blanchard Senior Security Engineer, CISSP, GCIH, CCSA-NGX, MCSE Office of Information Security Risk Management EMC ² Corporation 32 Coslin Drive Southboro, MA 01772 -Original Message- From: funsec-boun...@linuxbox.org [mailto:funsec-boun...@linuxbox.org] On Behalf Of Rob, grandpa of Ryan, Trevor, Devon Hannah Sent: Tuesday, January 17, 2012 3:19 PM To: funsec@linuxbox.org Subject: [funsec] Dr. Who returns! http://www.rimmell.com/bbc/news.htm == (quote inserted randomly by Pegasus Mailer) rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org __ || /\ || swiped || __ | | __ || from || \ \/ / || Mike || /\ || Church ||_][_|| @sfu.ca victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links http://blogs.securiteam.com/index.php/archives/author/p1/ http://twitter.com/rslade ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] bitching- java updates and ask toobar
OMFG don't get me started I don't want the flippin ASK toolbar, and NO I don't want that friggin, flippin, piece of crap Mcafee retail thing either! You know how many people installed that crap by accident that has called me because something else isn't working now and they're blaming a security product that corporate security installed on their machine? When did updates become a means to force all kinds of crap over to people? I don't' care if Java sold that spot in their installer for 80 trazillion dollars either, IT DOESN'T BELONG IN THERE TO BEGIN WITH breathing heavy from screaming Mike B Michael P. Blanchard Senior Security Engineer, CISSP, GCIH, CCSA-NGX, MCSE Office of Information Security Risk Management EMC ² Corporation 32 Coslin Drive Southboro, MA 01772 -Original Message- From: funsec-boun...@linuxbox.org [mailto:funsec-boun...@linuxbox.org] On Behalf Of RandallM Sent: Friday, November 18, 2011 12:00 PM To: funsec Subject: [funsec] bitching- java updates and ask toobar What part of I dont want your damn ASK toobar with JAVA update to they dont get?? In fact.. how bout just update alone! -- been great, thanks RandyM a.k.a System ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] outlaw on the net in the UK
Amateur Action BBS... Tom was one of the guy's names I believe, not sure how much time he did, but it was actually a postal inspector that brought the charges up against them... I thought it was because Amateur Action BBS sent him some video tapes, but downloading porn was part of it too now that I think of it... yah, content not suitable to community standards in Tenn, yet perfectly fine in California... I think it was a ridiculous case if you ask me, but it was argued that Tom should have known the laws in the location he was sending stuff too either via the board or via the postal service Rusty and Edie's was a different case, although they came to mind as well... they were charged with copywrite infringement by Playboy among others... Play boy is just as bad a Disney for protecting their IP... Yah, those of you that know me well shouldn't be surprised that I know the porn BBS's name and some info about it :-) Mike B Michael P. Blanchard Senior Security Engineer, CISSP, GCIH, CCSA-NGX, MCSE Office of Information Security Risk Management EMC ² Corporation 32 Coslin Drive Southboro, MA 01772 -Original Message- From: funsec-boun...@linuxbox.org [mailto:funsec-boun...@linuxbox.org] On Behalf Of Rob, grandpa of Ryan, Trevor, Devon Hannah Sent: Wednesday, November 16, 2011 3:23 PM To: funsec Subject: Re: [funsec] outlaw on the net in the UK Date sent: Wed, 16 Nov 2011 13:36:42 -0600 From: RandallM randa...@fidmail.com wonder how close the laws with US are ( I want to be a good citizen) Since you guys don't have a legal system (you have at least *53* legal systems), you're probably at greater risk. I know the US Justice Department used to have a project that tracked all the crimes in the US, according to all the laws. Some years back they gave up (the total then stood at 29,000), stating that the legal situation in the US was too complex for anyone to be completely certain as to whether a particular act was a crime or not. (I also recall the case [roughly 20 years back?] where someone in Tennesee took offence at an adult BBS operating in California. Dismayed that it was apparently legal in California, they set up a situation where they dialed into the BBS, set up a download, brought in a 10-year old kid and told him to hit enter [then rushed him out before he saw anything], and extradited the California couple who ran the BBS to Tennesee to stand trial for corrupting the morals of a minor. Put at least one of them in jail.) == (quote inserted randomly by Pegasus Mailer) rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org Bodily exercise, when compulsory, does no harm to the body; but knowledge which is acquired under compulsion obtains no hold on the mind. - Plato, The Republic victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links http://blogs.securiteam.com/index.php/archives/author/p1/ http://twitter.com/rslade ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] Sesame Street is 42 years old today
I just love Grover! Ernie too... oh and can't forget Snufaluficous :-) I'll just continue to feed the dolphins plenty of fish, checking my digital watch, feed this dog a cheese sandwich, and wonder why this bowl of petunias just fell near me again Where's my towel? Here it is, you always have to know where your towel is! Michael P. Blanchard Senior Security Engineer, CISSP, GCIH, CCSA-NGX, MCSE Office of Information Security Risk Management EMC ² Corporation 32 Coslin Drive Southboro, MA 01772 -Original Message- From: funsec-boun...@linuxbox.org [mailto:funsec-boun...@linuxbox.org] On Behalf Of Rob, grandpa of Ryan, Trevor, Devon Hannah Sent: Thursday, November 10, 2011 11:52 AM To: funsec@linuxbox.org Subject: [funsec] Sesame Street is 42 years old today The answer to life, the universe, and everything is ... SuperGrover? (There will be a Tri-lateral Commission meeting next Tuesday in Mr. Hooper's store.) == (quote inserted randomly by Pegasus Mailer) rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org The very first step toward success in any occupation is to become interested in it.- Sir William Oster (1849 - 1919) Physician victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links http://blogs.securiteam.com/index.php/archives/author/p1/ http://twitter.com/rslade ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] Unstable search engine
Doesn't work for me :-( running firefox 3.6.6 Try to type tilt oraskew for another fun easter egg that does seem to work for me :-) Michael P. Blanchard Senior Security Engineer, CISSP, GCIH, CCSA-NGX, MCSE Office of Information Security Risk Management EMC ² Corporation 32 Coslin Drive Southboro, MA 01772 -Original Message- From: funsec-boun...@linuxbox.org [mailto:funsec-boun...@linuxbox.org] On Behalf Of Rob, grandpa of Ryan, Trevor, Devon Hannah Sent: Thursday, November 03, 2011 1:53 PM To: funsec@linuxbox.org Subject: [funsec] Unstable search engine Go to Google and type do a barrel roll == (quote inserted randomly by Pegasus Mailer) rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org Fate has no happiness in store for you, unless your quiet home [times] in the old family residence [...] deserve to be called happiness. Why not? If not the thing itself, it is marvelously like it, and the more so for that ethereal and intangible quality, which causes it all to vanish, at too close an introspection. Take it, therefore, while you may. Murmur not --question not--but make the most of it! - The House of the Seven Gables victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links http://blogs.securiteam.com/index.php/archives/author/p1/ http://twitter.com/rslade ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] APT Summit
I LOL'd at the newly found #1 threat when I first read that PDF a few days ago social engineering is now the #1 threat Let's ask Kevin Mitnik and countless others if they feel that Social Engineering is NOW the #1 threat it's always been the #1 threat... People WANT to help people, especially in Customer Service... Ugh... Mike B -Original Message- From: funsec-boun...@linuxbox.org [mailto:funsec-boun...@linuxbox.org] On Behalf Of Rob, grandpa of Ryan, Trevor, Devon Hannah Sent: Friday, September 16, 2011 2:08 PM To: funsec@linuxbox.org Subject: [funsec] APT Summit 'On July 13 and 14, 2011, RSA and TechAmerica hosted an Advanced Persistent Threats Summit in Washington, D.C. The Summit brought together senior leaders from government and business to address both the impact of APTs and strategies for defense and mitigation. During the Summit, detailed perspectives on protecting against today's most menacing information security threats surfaced. These findings, which are highlighted below, will be expanded upon in an in-depth report, scheduled to be published in the coming months..' http://www.rsa.com/innovation/docs/APT_findings.pdf I feel ill ... I have to go along with: http://www.esecurityplanet.com/network-security/targeted-attacks-arent-as- targeted-as-you-think.html == (quote inserted randomly by Pegasus Mailer) rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org Vah! Denuone Latine loquebar? Me ineptum. Interdum modo elabitur. Oh! Was I speaking Latin again? Silly me. Sometimes it just sort of slips out. victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links http://blogs.securiteam.com/index.php/archives/author/p1/ http://twitter.com/rslade ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] Fight! Fight!
Hmmm it would appear that our good friends at McAfee have forgotten the definition of botnet... let me help them out a bit :-) bot·net noun /ˈbätˌnet/ botnets, plural 1. A network of private computers infected with malicious software and controlled as a group without the owners' knowledge Michael P. Blanchard Senior Security Engineer, CISSP, GCIH, CCSA-NGX, MCSE Office of Information Security Risk Management EMC ² Corporation 32 Coslin Drive Southboro, MA 01772 -Original Message- From: funsec-boun...@linuxbox.org [mailto:funsec-boun...@linuxbox.org] On Behalf Of valdis.kletni...@vt.edu Sent: Friday, August 19, 2011 3:45 PM To: rmsl...@shaw.ca Cc: funsec@linuxbox.org Subject: Re: [funsec] Fight! Fight! On Fri, 19 Aug 2011 12:20:39 PDT, Rob, grandpa of Ryan, Trevor, Devon Hannah said: http://blogs.mcafee.com/mcafee-labs/shady-rat-is-not-a-botnet Well.. she says: Speaking of technical arguments, apparently Mr. Kaspersky has gotten it in his head that Shady RAT is a botnet. And then continues with: that we only know of 72 companies/organizations victimized through one command control server, out of hundreds or more used by this adversary. OK, I'll bite, if it was a CC server, *what do we call the thing being controlled* if it wasn't a botnet? ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] Cybercrime Targets Revealed
So, how many requests have you guys received that sounded like this: Does our antivirus software cover this new Shady Rat virus? :-) Michael P. Blanchard Senior Security Engineer, CISSP, GCIH, CCSA-NGX, MCSE Office of Information Security Risk Management EMC ² Corporation 32 Coslin Drive Southboro, MA 01772 -Original Message- From: funsec-boun...@linuxbox.org [mailto:funsec-boun...@linuxbox.org] On Behalf Of Rob, grandpa of Ryan, Trevor, Devon Hannah Sent: Thursday, August 04, 2011 3:25 PM To: FunSec List Subject: Re: [funsec] Cybercrime Targets Revealed Date sent: Wed, 03 Aug 2011 16:26:44 -0400 From: Jeffrey Walton noloa...@gmail.com http://www.rfa.org/english/news/china/cybercrime-08032011102704.html It being a low news day, A top security company tried to recycle a bunch of old news and make it appear that they had discovered a new threat. == (quote inserted randomly by Pegasus Mailer) rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org Man is only a subject full of error, natural and ineffaceable, without grace. Nothing shows him the truth. Everything deceives him. These two sources of truth, reason and the senses, besides being both wanting in sincerity, deceive each other in turn. - Blaise Pascal (1623-1662), Pensees (1660) victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links http://blogs.securiteam.com/index.php/archives/author/p1/ http://twitter.com/rslade ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] Microsoft Online Customer Service
Oh my! Why do I find that really really funny? :-)Especially because on the radio just Friday they were talking about the school systems removing geography from the curriculum because we are all one world now and they were touting that it's no longer necessary in the modern world that you know the exact location and shape of every country Yah, there are so many flaws with their argument it truly isn't funny Michael P. Blanchard Senior Security Engineer, CISSP, GCIH, CCSA-NGX, MCSE Office of Information Security Risk Management EMC ² Corporation 32 Coslin Drive Southboro, MA 01772 -Original Message- From: funsec-boun...@linuxbox.org [mailto:funsec-boun...@linuxbox.org] On Behalf Of Rob, grandpa of Ryan, Trevor, Devon Hannah Sent: Sunday, July 31, 2011 9:41 PM To: funsec@linuxbox.org Subject: [funsec] Microsoft Online Customer Service From: Microsoft Online Customer Service Date sent: Sat, 30 Jul 2011 17:59:25 -0700 Thank you for contacting Microsoft North America Customer Service. From the information you have provided in your message, I understand that you are located in United Kingdom. The Customer Service team you have reached is for North America. There are significant differences between North American versions of Microsoft products and those localized for your country. Dear Microsoft Online Customer Service: If you will look at my: --- Original Message --- You will notice that I included my address: North Vancouver, BC Canada Thank you for informing me that Canada was in the UK. I was previously unaware of this. All my life I had been told I lived in North America, and I'm glad you've set me straight. == (quote inserted randomly by Pegasus Mailer) rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org Life was simple before World War II. After that, we had systems. - Admiral Grace Murray Hopper victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links http://blogs.securiteam.com/index.php/archives/author/p1/ http://twitter.com/rslade ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] Microsoft Online Customer Service
Yah, seriously ;-( It was on the morning talk radio 96.9 WTKK here in Boston that they were talking about it. Crazy huh? There were also talking about the removal of teaching how to write in Cursive and only teaching the kids how to sign their names That scares me too... Hopefully none of this will actually happen, it would be bd. Mike b Michael P. Blanchard Senior Security Engineer, CISSP, GCIH, CCSA-NGX, MCSE Office of Information Security Risk Management EMC ² Corporation 32 Coslin Drive Southboro, MA 01772 -Original Message- From: Dan White [mailto:dwh...@olp.net] Sent: Monday, August 01, 2011 10:52 AM To: Blanchard, Michael (InfoSec) Cc: rmsl...@shaw.ca; funsec@linuxbox.org Subject: Re: Microsoft Online Customer Service Seriously? Do you have any links? Do you recall where you heard that? On 01/08/11 10:28 -0400, michael.blanch...@emc.com wrote: Oh my! Why do I find that really really funny? :-)Especially because on the radio just Friday they were talking about the school systems removing geography from the curriculum because we are all one world now and they were touting that it's no longer necessary in the modern world that you know the exact location and shape of every country Yah, there are so many flaws with their argument it truly isn't funny Michael P. Blanchard Senior Security Engineer, CISSP, GCIH, CCSA-NGX, MCSE Office of Information Security Risk Management EMC ² Corporation 32 Coslin Drive Southboro, MA 01772 -Original Message- From: funsec-boun...@linuxbox.org [mailto:funsec-boun...@linuxbox.org] On Behalf Of Rob, grandpa of Ryan, Trevor, Devon Hannah Sent: Sunday, July 31, 2011 9:41 PM To: funsec@linuxbox.org Subject: [funsec] Microsoft Online Customer Service From: Microsoft Online Customer Service Date sent: Sat, 30 Jul 2011 17:59:25 -0700 Thank you for contacting Microsoft North America Customer Service. From the information you have provided in your message, I understand that you are located in United Kingdom. The Customer Service team you have reached is for North America. There are significant differences between North American versions of Microsoft products and those localized for your country. Dear Microsoft Online Customer Service: If you will look at my: --- Original Message --- You will notice that I included my address: North Vancouver, BC Canada Thank you for informing me that Canada was in the UK. I was previously unaware of this. All my life I had been told I lived in North America, and I'm glad you've set me straight. == (quote inserted randomly by Pegasus Mailer) rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org Life was simple before World War II. After that, we had systems. - Admiral Grace Murray Hopper victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links http://blogs.securiteam.com/index.php/archives/author/p1/ http://twitter.com/rslade ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. -- Dan White BTC Broadband Ph 918.366.0248 (direct) main: (918)366-8000 Fax 918.366.6610email: dwh...@olp.net http://www.btcbroadband.com ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] Fired IT guy puts porn in ex-boss' PowerPoint, gets sweet revenge
Hm: ... faces federal charges connected to the guns and homemade silencer supplies cops found when they searched his home for evidence of hacking. So, they found something that clearly wasn't related to what they were supposed to be looking for. How can they seize guns and silencers if they're looking for evidence of hacking. Wouldn't the search warrant be pretty specific for Computer type equipment? Michael P. Blanchard Senior Security Engineer, CISSP, GCIH, CCSA-NGX, MCSE Office of Information Security Risk Management EMC ² Corporation 32 Coslin Drive Southboro, MA 01772 -Original Message- From: funsec-boun...@linuxbox.org [mailto:funsec-boun...@linuxbox.org] On Behalf Of Jeffrey Walton Sent: Friday, June 24, 2011 9:20 AM To: FunSec Subject: [funsec] Fired IT guy puts porn in ex-boss' PowerPoint, gets sweet revenge http://technolog.msnbc.msn.com/_news/2011/06/23/6925925-fired-it-guy-puts-porn-in-ex-boss-powerpoint-gets-sweet-revenge A guy who slips porn into a CEO's PowerPoint presentation isn't the kind of computer nerd you'd expect to spend his off-Internet hours making homemade gun silencers. But disgruntled IT guy Walter Powell, 52, apparently wasn't in it for the lulz. . there are two survival skills we must always remember: Never mess with people who handle your food; and never, whenever possible, enrage the IT guy. ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] Fired IT guy puts porn in ex-boss' PowerPoint, gets sweet revenge
LOL, see I never do I like the loud, satisfying BANG! :-) Michael P. Blanchard Senior Security Engineer, CISSP, GCIH, CCSA-NGX, MCSE Office of Information Security Risk Management EMC ² Corporation 32 Coslin Drive Southboro, MA 01772 -Original Message- From: Thomas J. Raef [mailto:tr...@wewatchyourwebsite.com] Sent: Friday, June 24, 2011 11:00 AM To: Blanchard, Michael (InfoSec); noloa...@gmail.com; funsec@linuxbox.org Subject: RE: [funsec] Fired IT guy puts porn in ex-boss' PowerPoint, gets sweet revenge So, they found something that clearly wasn't related to what they were supposed to be looking for. How can they seize guns and silencers if they're looking for evidence of hacking. Wouldn't the search warrant be pretty specific for Computer type equipment? Michael P. Blanchard Senior Security Engineer, CISSP, GCIH, CCSA-NGX, MCSE Office of Information Security Risk Management EMC ² Corporation 32 Coslin Drive Southboro, MA 01772 [] When I shoot my laptop after a Blue Screen, I always use a silencer. It's related. ;-) Thomas J. Raef We Watch Your Website We Watch Your Website - so you don't have to! tr...@wewatchyourwebsite.com 847.728.0214 ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] first inline graphic on browser
LOL, brings back memoeries of when the first program was available that would allow you to view .GIFs AS they were downloading Wow, to be able to see if the playboy pinup was what you wanted or not before the entire picture was downloaded was awesome! I remember watching pixel line by pixel line as a picture would download Maybe 10 mins per picture That was awesome! Before that, you had to wait until the picture was fully downloaded... No graphics can be transmitted... Oh yah! And it all had to be UUencoded and UUdecoded too! That's right, that inline viewer would auto uudecode too Wow, kids today don't know how good they have it :-) Mike B (the not quite yet old fart) From: RandallM [mailto:randa...@fidmail.com] Sent: Saturday, June 04, 2011 09:27 AM To: funsec funsec@linuxbox.org Subject: [funsec] first inline graphic on browser Ok. My memory is a little foggy here but what I remember is I couldnt wait to get home to see the first inline graphic shown in a browser (think it was mosaic or netscape). I was just sitting here thinking bout my age and the net to www I've seen and used. Thought bout this and tried to google it. -- been great, thanks RandyM a.k.a System ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] Eat this, it's good for you ...
I thought excessive sampling would make you go blind or was that something else... Michael P. Blanchard Senior Security Engineer, CISSP, GCIH, CCSA-NGX, MCSE Office of Information Security Risk Management EMC ² Corporation 32 Coslin Drive Southboro, MA 01772 -Original Message- From: funsec-boun...@linuxbox.org [mailto:funsec-boun...@linuxbox.org] On Behalf Of Paul Ferguson Sent: Friday, May 13, 2011 3:53 PM To: rl_vau...@baylor.edu Cc: funsec@linuxbox.org; rmsl...@shaw.ca Subject: Re: [funsec] Eat this, it's good for you ... Excessive sampling kills brain cells. ;-) - ferg On Fri, May 13, 2011 at 12:51 PM, rl_vau...@baylor.edu rl_vau...@baylor.edu wrote: Bonychev sampled 3% of the population. Ferg sampled 14% . A clear example of over sampling. - Reply message - From: Randy Abrams abr...@eset.com Date: Fri, May 13, 2011 3:17 pm Subject: [funsec] Eat this, it's good for you ... To: 'fergdawgs...@gmail.com' fergdawgs...@gmail.com, 'rmsl...@shaw.ca' rmsl...@shaw.ca Cc: 'funsec@linuxbox.org' funsec@linuxbox.org I think Bontchev's research from 15 years ago set that a t 97% Typos courtesy of Blackberry - Original Message - From: Paul Ferguson [mailto:fergdawgs...@gmail.com] Sent: Friday, May 13, 2011 11:59 AM To: rmsl...@shaw.ca rmsl...@shaw.ca Cc: funsec@linuxbox.org funsec@linuxbox.org Subject: Re: [funsec] Eat this, it's good for you ... On Fri, May 13, 2011 at 11:18 AM, Robert Slade rmsl...@shaw.ca wrote: http://au.news.yahoo.com/odd/a/-/odd/9268075/police-dress-up-as-doctors-to-test-citizens/ This supports my research that states that 86% of the population are idiots. ;-) - ferg -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawgster(at)gmail.com ferg's tech blog: http://fergdawg.blogspot.com/ ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] curve vs torch? (WAS:Why I no longer Jailbreak my IPhone)
Not to completely hijack, but speaking of BlackBerries, I'm about to go from a Curve 8320 to a Torch. I find myself with the need to look up data more and more often via my mobile and the Curve's browing leaves a lot to be desired. Not to mention the speed increase from 2g to 3g will help me quite a bit. Anyone have any pros and cons about the torch? Particularly those that moved from a curve to a torch? Michael P. Blanchard Senior Security Engineer, CISSP, GCIH, CCSA-NGX, MCSE Office of Information Security Risk Management EMC ² Corporation 32 Coslin Drive Southboro, MA 01772 -Original Message- From: funsec-boun...@linuxbox.org [mailto:funsec-boun...@linuxbox.org] On Behalf Of Randal T. Rioux Sent: Saturday, May 07, 2011 11:40 PM To: funsec@linuxbox.org Subject: Re: [funsec] Why I no longer Jailbreak my IPhone On 05/07/2011 08:59 AM, Joel Esler wrote: Okay, I'll play the other side. My phone is my everything (obviously except payment system) I eliminated carrying three or four devices for my iPhone. It's my phone, my mp3 player, my movie player, my gps device, my email system, my note taking system, my calendar, my to do list, etc I can go anywhere and do anything with my iPhone, even do light work if needed. Heck, with my iPad and iPhone together, I can rule the world. Muhahahaha. Okay, just kidding. But it does help me out a lot. For the adults on this list, my BlackBerry Curve (and all it's ugly brothers) is great for voice, text, music (use headphones, gat dangit) and email. I'm sure it does other things, but we have computers for that and there is nothing worse than being that guy. I still love you Joel. Oh yeah, and I can make a phone call on it too. Is that a separate app? Randy -- Disclaimer: By sending an email to ANY of my addresses you are agreeing that: 1. I am, by definition, the intended recipient 2. All information in the email is mine to do with as I see fit 3. I will take the contents as representing the views of your company 4. If your email is an Out of Office reply on a mailing list, I will social engineer your company 5. This notification overrides any disclaimer or statement of confidentiality that may be included on your message Further, you understand that if any of the following conditions are met that you are indeed, a bag of douche: 1. Your message identifies the device you sent it from 2. You messed up the thread by top-posting ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] Im lovin google spam filter
Just for the sake of argument alone, not that I doubt your findings by any means: Numbers can be skewed to behave in a manner that would prove anyone's point too... If we take 100 people on this list, have them all look in their backyards and report if there is any paper or plastic blowing around, I'll bet we can come up with a fairly high percentage of us that don't have any paper or plastic blowing around. I'll further say that I'll bet the number would be within a standard deviation of 4% error. So, if 96% of us don't have any paper or plastic blowing around in our yards, could we safely say that no-one litters? :-) Mike B Michael P. Blanchard Senior Security Engineer, CISSP, GCIH, CCSA-NGX, MCSE Office of Information Security Risk Management EMC ² Corporation 32 Coslin Drive Southboro, MA 01772 -Original Message- From: funsec-boun...@linuxbox.org [mailto:funsec-boun...@linuxbox.org] On Behalf Of Rich Kulawiec Sent: Thursday, April 07, 2011 11:57 AM To: funsec Subject: Re: [funsec] Im lovin google spam filter On Thu, Apr 07, 2011 at 10:04:49AM -0400, Patrick Laverty wrote: I just checked my spam box for gmail and see 1500 messages. A quick scan of the From and I saw zero false positive. Alternatively: I looked in my own back yard and there's no paper or plastic blowing around, therefore nobody litters. Meaningful tests of FP (and FN) rates require large sample sets (in the sense of number of messages and number of accounts); moreover, they require careful attention to the composition of those sample sets, both in terms of how the addresses are actively used, and how they're passively used (by spammers). They also require far more than a single snapshot; one day's sample is meaningless. They require more than casual analysis: human eyeballs are far too unreliable to accurately process that much data. And so on: this isn't an easy or quick measurement to make, even for those of us who have been studying the problem for a very long time. I've done all that, which is how I know that Gmail's FP (and FN, incidentally) classification performance is mediocre. ---rsk ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] Im lovin google spam filter
Ahh, but after my study of 100 back yards I can have the Media report: A new study has shown that over 95% of the land surveyed for litter, is completely without any signs of litter. This gives us proof positive that the litter laws are working! As we all know, people in general will believe anything the media states, and only a small minority of us folks will even bother to question it. :-) Michael P. Blanchard Senior Security Engineer, CISSP, GCIH, CCSA-NGX, MCSE Office of Information Security Risk Management EMC ² Corporation 32 Coslin Drive Southboro, MA 01772 -Original Message- From: valdis.kletni...@vt.edu [mailto:valdis.kletni...@vt.edu] Sent: Thursday, April 07, 2011 1:11 PM To: Blanchard, Michael (InfoSec) Cc: r...@gsp.org; funsec@linuxbox.org Subject: Re: [funsec] Im lovin google spam filter On Thu, 07 Apr 2011 12:49:34 EDT, michael.blanch...@emc.com said: If we take 100 people on this list, have them all look in their backyards and report if there is any paper or plastic blowing around, I'll bet we can come up with a fairly high percentage of us that don't have any paper or plastic blowing around. I'll further say that I'll bet the number would be within a standard deviation of 4% error. So, if 96% of us don't have any paper or plastic blowing around in our yards, could we safely say that no-one litters? No, you can safely say that the population average of litter-free backyards is has a 70% chance between 92% and 100%, and about 95% chance of being between 88% and 100%. (Yes, it's likely to be closer to a chi-squared curve than a gaussian bell curve due to the constraint of one tail). The problem is that careful analysis is needed - I'll make a prediction that yards with chain link fences have a lot higher level of wind-born litter than unfenced yards. This of course impacts your analysis of litter sources. And incidentally, Rick *has* done the take 100 people type analysis, which is why he commented that (basically) the plural of anecdote isn't data. ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] Im lovin google spam filter
LOL, exactly! :-) But I thought a green jelly bean was a home run? Michael P. Blanchard Senior Security Engineer, CISSP, GCIH, CCSA-NGX, MCSE Office of Information Security Risk Management EMC ² Corporation 32 Coslin Drive Southboro, MA 01772 -Original Message- From: valdis.kletni...@vt.edu [mailto:valdis.kletni...@vt.edu] Sent: Thursday, April 07, 2011 2:48 PM To: Blanchard, Michael (InfoSec) Cc: r...@gsp.org; funsec@linuxbox.org Subject: Re: [funsec] Im lovin google spam filter On Thu, 07 Apr 2011 13:42:56 EDT, michael.blanch...@emc.com said: Ahh, but after my study of 100 back yards I can have the Media report: https://www.xkcd.com/882/ ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] Judge: Debt agency can't contact woman on Facebook
I hope this starts to set a precedent here. I've heard horror stories about people's parents and family being called, co-workers being called, neighbors being called etc. I was once called about a neighbor's debt, they were behind a payment, I proudly told the collection agency to go screw and if they called me again I'd file a harassment complaint, they never called me back A debt collector should only be able to contact the borrower via their phone number that was given on their application or registered mail. Failing that, the debt collector should bring the borrower to court or write it off as a loss and take the tax deduction Mike B Michael P. Blanchard Senior Security Engineer, CISSP, GCIH, CCSA-NGX, MCSE Office of Information Security Risk Management EMC ² Corporation 32 Coslin Drive Southboro, MA 01772 -Original Message- From: funsec-boun...@linuxbox.org [mailto:funsec-boun...@linuxbox.org] On Behalf Of Jeffrey Walton Sent: Tuesday, April 05, 2011 9:37 AM To: FunSec Subject: [funsec] Judge: Debt agency can't contact woman on Facebook A Florida judge has ordered a debt collection agency to not use Facebook or any other social media site in an attempt to locate a woman over a $362 unpaid car loan. Judge W. Douglas Baird also ordered Mark One Financial LLC of Jacksonville, Fla. to refrain from contacting the woman's family or friends on Facebook. The order is part of a lawsuit that Melanie Beacham filed last August against the debt collection agency. According to court documents, Beacham said Mark One sent messages to her and her family on the Facebook networking site to have her call the agency about the debt. http://www.msnbc.msn.com/id/41992979/ns/technology_and_science-security/ ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] Verified by ....
True, if it's a reputable company, you really don't have to rely on the CoA, but it's good to have if you ever want to sell that item. reputable company is the key for sure :) But, I've seen tons of Ebay auctions with CoA's that are just a piece of paper without apparent CoA serial numbers. I bought a knife at a gun show years back, it was a Chinese display type thing in the shape of a dragon, it was cheap and I thought it was cool so I bought it. It came with a CoA, no serial numbers, just small paragraph on it stating it was genuine. The blade itself was limited edition collectable or something like that... that type of CoA is worthless IMHO :) LOL, who knows, maybe in 50 years that worthless CoA might be worth more than the dagger :) Michael P. Blanchard Senior Security Engineer, CISSP, GCIH, CCSA-NGX, MCSE Office of Information Security Risk Management EMC ² Corporation 32 Coslin Drive Southboro, MA 01772 From: Patrick Laverty [mailto:patrick_lave...@brown.edu] Sent: Tuesday, April 05, 2011 9:26 AM To: Blanchard, Michael (InfoSec) Cc: funsec@linuxbox.org Subject: Re: [funsec] Verified by I always get a kick out of the certificates of Authenticity that people give with an autograph or some other collectable item. Hell, I can print a million of those certificates and have someone's signature printed on them too... with a cool color shifting official seal too! Without trying to hijack, actually if it's a good company giving out the CoA, then it has a number on it that matches to a database in the company that will tell you exactly what the item is and who the autograph is of. Sometimes, the item will have a second serial number that is also matched in the database. Now, if you can print up a million of those CoAs AND get that info into their database, sure, you've beat the system. But simply printing up a CoA from a reputable company doesn't get the job done. If you're selling fake memorabilia to someone who doesn't check the serial number, then they're not someone who needs a CoA anyway. ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] Verified by ....
It's just a bit harder to counterfeit with the little heat sensitive doo-dad on it. It also gives normal people the warm and fuzzies. People like things like that, makes them feel that the company is serious about security. In reality, it's no better than a picture of my big toe on the thing or, as you say, the words printed I'm genuine I always get a kick out of the certificates of Authenticity that people give with an autograph or some other collectable item. Hell, I can print a million of those certificates and have someone's signature printed on them too... with a cool color shifting official seal too! Mike B Michael P. Blanchard Senior Security Engineer, CISSP, GCIH, CCSA-NGX, MCSE Office of Information Security Risk Management EMC ² Corporation 32 Coslin Drive Southboro, MA 01772 -Original Message- From: funsec-boun...@linuxbox.org [mailto:funsec-boun...@linuxbox.org] On Behalf Of Drsolly Sent: Monday, April 04, 2011 3:41 PM To: funsec@linuxbox.org Subject: [funsec] Verified by I just got a moneygram. There's this cute thing thats a pink stop sign, it's heat sensitive, if you touch it, it fades and the reappears. It tells you so on the moneygram, and it's true. I'm confused about why they think that this is any different from a document that says I'm genuine. And I still can't get my bank to believe that asking me for my date of birth is any kind of evidence that I am who I say I am. Don't these people have *any* kind of security theory training? Or even any common sense? ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] Dumb computer virus story
And me with this pain in the diodes on my left side Life, don't' talk to me about life Michael P. Blanchard Senior Security Engineer, CISSP, GCIH, CCSA-NGX, MCSE Office of Information Security Risk Management EMC ² Corporation 32 Coslin Drive Southboro, MA 01772 -Original Message- From: funsec-boun...@linuxbox.org [mailto:funsec-boun...@linuxbox.org] On Behalf Of Rob, grandpa of Ryan, Trevor, Devon Hannah Sent: Monday, March 21, 2011 8:24 PM To: funsec@linuxbox.org Subject: Re: [funsec] Dumb computer virus story From: David Harley david.a.har...@gmail.com Date sent: Mon, 21 Mar 2011 19:44:21 + Thinking back to some of the stories in RSGTCV, right back where you started... Seventeen years later, body of knowledge the size of a small planet ... it's so depressing ... == (quote inserted randomly by Pegasus Mailer) rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org The simple fact that nobody understands you is not to be taken as proof that you are an artist victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links http://blogs.securiteam.com/index.php/archives/author/p1/ http://twitter.com/rslade ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] ARE YOU READY TO HAVE FUN FOR SPRING BREAK? GET YOUR FAKE IDs NOW!
LOL we are located in a safe country The only thing funnier would be if it was a Nigerian hosted site :) Michael P. Blanchard Senior Security Engineer, CISSP, GCIH, CCSA-NGX, MCSE Office of Information Security Risk Management EMC ² Corporation 32 Coslin Drive Southboro, MA 01772 From: funsec-boun...@linuxbox.org [mailto:funsec-boun...@linuxbox.org] On Behalf Of Larry Seltzer Sent: Monday, March 14, 2011 1:01 PM To: funsec@linuxbox.org Subject: [funsec] ARE YOU READY TO HAVE FUN FOR SPRING BREAK? GET YOUR FAKE IDs NOW! This site is a hoot. It appears to be based in China. http://www.idchief.com/ WHY SHOULD YOU BUY Fake IDs FROM IDCHIEF? 1. Ask your friends how much fun they are having! 2. Shipping is free! 3.Uv and holograms also all ids scan! 4. What you pay for is what you get no muss no fuss! 5.We are located in a safe country your info is safe with us! ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] Bank security
I've had similar calls and have always force their hand to provide me information that is not public information. But, because they called you about a complaint that you filed with them, isn't that pretty reasonable proof that they are whom they state they are? Unless the complain you filed was considered public knowledge. My issue would absolutely be with them calling me then asking for personal information for sure Oh and that other person that called you back, is a dope and clearly doesn't know how security works LOL... By his thinking, if a thief calls me, I should verify that the thief is not a thief by asking the thief for a callback number to verify the thief is not a thief, then when I callback the thief's number and he answers, I can then be assured that he is not a thief and give him any information the thief wants... LOL Sounds like a Monty Python skit to me! Mike B Michael P. Blanchard Senior Security Engineer, CISSP, GCIH, CCSA-NGX, MCSE Office of Information Security Risk Management EMC ² Corporation 32 Coslin Drive Southboro, MA 01772 -Original Message- From: funsec-boun...@linuxbox.org [mailto:funsec-boun...@linuxbox.org] On Behalf Of Drsolly Sent: Friday, March 04, 2011 10:45 AM To: funsec@linuxbox.org Subject: [funsec] Bank security I was called by my bank recently, to discuss a complaint I'd made. After a few minutes talking, my called decided she needed to do a security check. So she asked me for part of my sort code, part of my account number, part of my mother's maiden and, and my birth date. After we'd finished dealing with the original complaint, I told her that I now had another complaint - their security procedure. 1) Someone calling me, where I can't verify who th4ey are, should not be asking for such info. 2) My account number and sort code are on every check I send out, so are public info. My birth date and mother's maiden name, aren't hard to discover. So, it's asking for info they shouldn't ask for, and it isn't verifying that I'm who I say I am. I was called back by another person in their complaints department. I asked him, If I'm asked by someone who called me, for my account number, should I give it? He said that I should not. So I told him that his own department was asking people for that information. He was surprised. Then I explained to him how a proper security system should work (shared secret). He said that he was very familiar with how security works. He suggested that if I was unsure that a caller was from the bank, then I should call them back. And where do I get the number from? I asked. From the caller, he replied. So I explained to him why that was a very bad idea. I'm left with the conviction that my bank, at least, is clueless about how security works. I've escalated the issue. He told me I'd get a final resolution (which I take to mean, and we won't discuss the matter further after that). I don't suppose there's anyone here from a bank? ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] Some of y'all might like this (virus link)
I've seen that issue with VirusTotal and McAfee detections late last year with Downloader.cjx. virustotal said that Mcafee detected it, and yet when I performed my own test using the latest McAfee engine/DATs, McAfee really did not detect it. Mike B Michael P. Blanchard Senior Security Engineer, CISSP, GCIH, CCSA-NGX, MCSE Office of Information Security Risk Management EMC ² Corporation 32 Coslin Drive Southboro, MA 01772 -Original Message- From: funsec-boun...@linuxbox.org [mailto:funsec-boun...@linuxbox.org] On Behalf Of Nick FitzGerald Sent: Wednesday, January 19, 2011 1:42 PM To: 'funsec' Subject: Re: [funsec] Some of y'all might like this (virus link) Thomas J. Raef to Chris Boyd: This came in a spam today. http download card.exe from 200.223.205.137 Don't know what it is, but ClamAV latest version for Mac says it's not hostile. Funny, but I don't beleive that. [] sarcasmWait! It's not harmful to a Mac, right? They're not vulnerable to viruses are they?/sarcasm So ClamAV must know that and therefore doesn't think it's harmful. It seems odd that it was not detected, as according to this: http://www.virustotal.com/file-scan/report.html?id=4cc69ba312e2554f3070468398f339b44210ad4838c24ebe50debf02de3e019c-1294820720 ClamAV has been detecting that file since at least 2011-01-12 08:25:20 UTC... Regards, Nick FitzGerald ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] Fwd: [Dataloss] Two charged in ATT-iPad data breach
LOL sorry I just had to laugh at this piece of the article... ... Goatse Security, uncovered a hole... If they only knew what they just said! :-) yah, I may have to grow old, but I don't' have to grow up :-) Michael P. Blanchard Senior Security Engineer, CISSP, GCIH, CCSA-NGX, MCSE Office of Information Security Risk Management EMC ² Corporation 32 Coslin Drive Southboro, MA 01772 -Original Message- From: funsec-boun...@linuxbox.org [mailto:funsec-boun...@linuxbox.org] On Behalf Of Jeffrey Walton Sent: Wednesday, January 19, 2011 6:57 PM To: FunSec Subject: [funsec] Fwd: [Dataloss] Two charged in ATT-iPad data breach From the folks at the Dataloss Database (sorry about stoking the fire): Auernheimer told the magistrate that he had been drinking until 6:30 that morning and said of the complaint: This is a great affidavit--fantastic reading, according to the AP report. -- Forwarded message -- From: Jake Kouns jko...@opensecurityfoundation.org Date: Wed, Jan 19, 2011 at 1:43 AM Subject: [Dataloss] Two charged in ATT-iPad data breach To: dataloss-disc...@datalossdb.org, datal...@datalossdb.org http://news.cnet.com/8301-27080_3-20028799-245.html Two men were charged with computer crimes today for allegedly hacking into ATT servers and stealing e-mail addresses and other information of about 120,000 iPad users last summer. Andrew Auernheimer, 25, was arrested in his home town of Fayetteville, Ark., while appearing in state court on unrelated drug charges, and Daniel Spitler, 26, of San Francisco, surrendered to FBI agents in Newark, N.J., according to the U.S. Attorney's office in New Jersey. Both men were expected to appear before federal judges in Arkansas and New Jersey. They each face one count of conspiracy to access a computer without authorization and one count of fraud in connection with personal information. They're also looking at a maximum of 10 years in prison and a $500,000 fine. Auernheimer was ordered held until a bail hearing set for Friday, while Spitler was released on $50,000 bail and ordered not to use the Internet except at his job as a security at a Borders bookstore, according to an Associated Press report. In comments to reporters outside the Newark courthouse, Spitler said he was innocent and that: The information in the complaint is false. This case has been blown way out of proportion. Auernheimer told the magistrate that he had been drinking until 6:30 that morning and said of the complaint: This is a great affidavit--fantastic reading, according to the AP report. Last June, Auernheimer told CNET that members of his hacker group, which calls itself Goatse Security, uncovered a hole in ATT's Web site used by iPad customers on the 3G wireless network and went public with it by revealing details to Gawker Media. Up until then, ATT automatically linked an iPad 3G user's e-mail address to the iPad's unique number, called Integrated Circuit Card Identifier (ICC-ID) so that whenever the customer accessed the ATT Web site, the ICC-ID was recognized, the e-mail address was automatically populated and the ICC-ID was displayed in the URL in plain text. Spitler is accused of writing a script called the iPad 3G Account Slurper and using it to harvest ATT customer data via a brute force attack on the site, which fooled the site into revealing the confidential information, according to the criminal complaint filed last week but unsealed and released publicly today. The complaint includes Internet Relay Chat messages supposedly sent between Auernheimer and Spitler in which they talk about selling the e-mail addresses to spammers, shorting ATT stock before releasing details of the breach, and destroying evidence. If we can get a big dataset we could direct market iPad accessories, Auernheimer says in a message to Spitler, according to the complaint. In another chat session included in the complaint, Spitler says he would like to stay anonymous so he doesn't get sued. Absolutely may be legal risk yeah, mostly civil you absolutely could get sued, Auernheimer replied, the complaint read. Before going to Gawker, Auernheimer also allegedly contacted Thomson-Reuters and the San Francisco Chronicle, and sent an e-mail to a board member at News Corp. whose e-mail address was leaked in the breach in attempts to get news articles written about the incident, according to the complaint. Asked if he reported the hole to ATT, Auernheimer replied totally but not really...I don't (expletive) care I hope they sue me, according to the chat logs. Those chats not only demonstrate that Spitler and Auernheimer were responsible for the data breach, but also that they conducted the breach to simultaneously damage ATT and promote themselves and Goatse Security, the U.S. Attorney's office said in a statement. ATT has spent about $73,000 as a result of the breach, including contacting all iPad 3G customers to notify them, the complaint says. Among the iPad
Re: [funsec] Firefox slow?
Yes! I thought it was just me. FF v 3.6.6 Michael P. Blanchard Senior Security Engineer, CISSP, GCIH, CCSA-NGX, MCSE Office of Information Security Risk Management EMC ² Corporation 32 Coslin Drive Southboro, MA 01772 -Original Message- From: funsec-boun...@linuxbox.org [mailto:funsec-boun...@linuxbox.org] On Behalf Of Rob, grandpa of Ryan, Trevor, Devon Hannah Sent: Wednesday, January 12, 2011 8:45 PM To: funsec@linuxbox.org Subject: [funsec] Firefox slow? Anybody else seeing Firefox being terribly slow after yesterday's MS update patches? == (quote inserted randomly by Pegasus Mailer) rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org They read good books, and quote, but never learn a language other than the scream of rocket-burn. Our straighter talk is drowned but ironclad: Elections, money, empire, oil and Dad. - Andrew Motion, The Guardian, 20020109 victoria.tc.ca/techrev/rms.htm blog.isc2.org/isc2_blog/slade/index.html http://blogs.securiteam.com/index.php/archives/author/p1/ http://www.infosecbc.org/links http://twitter.com/rslade ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] WikiLeaks founder Julian Assange arrested on Swedish warrant
Assange is a clear criminal during a time of war to the USA. He should be tried and prosecuted as a war criminal an a terrorist Back in the day, he'd be hung from the neck until dead We should do that... Michael P. Blanchard Senior Security Engineer, CISSP, GCIH, CCSA-NGX, MCSE Office of Information Security Risk Management EMC ² Corporation 32 Coslin Drive Southboro, MA 01580 -Original Message- From: funsec-boun...@linuxbox.org [mailto:funsec-boun...@linuxbox.org] On Behalf Of Jeffrey Walton Sent: Tuesday, December 07, 2010 9:10 AM To: FunSec Subject: [funsec] WikiLeaks founder Julian Assange arrested on Swedish warrant http://www.washingtonpost.com/wp-dyn/content/article/2010/12/07/AR2010120700721.html US retribution for the leaks was swift, and the character assassination continues: Assange and his supporters have denied the accusations, calling them part of an elaborate plot to silence WikiLeaks. Since publication of the latest round of documents began last week, the pressure has mounted on Assange, who was being sought internationally on an Interpol warrant, and on WikiLeaks itself, which is in a global battle to keep its financial and distribution system intact. I find it interesting how quickly politicians turn to character assassinations in an attempt to discredit. I suppose its par for the course for a group, whose minds are *collectively* so lazy, that they will choose war rather than diplomacy (violence is an indication of a weak and lazy mind). Jeff ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] WikiLeaks founder Julian Assange arrested on Swedish warrant
Wether or not you agree as to WHY we're at war, does not change the fact that there have been over 3,000 US solders killed, and over US 5118 casualties... There have been over 5,970 UK casualties and 179 UK deaths (up to 7/31/09) there have been other untold deaths and casualties from other nations fighting in this war as well You go tell their families that we're not at war... Go out to this website and then tell me that we're not at war http://militarytimes.com/valor/ http://www.casualty-monitor.org/p/iraq.html Regardless of your feelings about the war, we are certainly, AT WAR. This WikiLeaks moron should be tried by a military tribunal for willfully exposing US confidential material. The traitor that actually downloaded and gave the WikiLeaks guy the material should be shot for treason. Are we at a time of war, absolutely we are. Do I agree we should end the war, I sure do. Just my 2cents Mike B -Original Message- From: Bill Woodcock [mailto:wo...@pch.net] Sent: Tuesday, December 07, 2010 1:29 PM To: Brance Amussen Cc: Blanchard, Michael (InfoSec); funsec@linuxbox.org Subject: Re: [funsec] WikiLeaks founder Julian Assange arrested on Swedish warrant This time of war business is a whole load of B.S.. This Time in the history of the U.S. is sad, and starting to feel more like occupation than war. We're demonstrably not at war, since if we were, Scooter Libby would have been subject to a mandatory death sentence. Yes, irony abounds. -Bill ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] WikiLeaks founder Julian Assange arrested on Swedish warrant
Because this fellow, has US Confidential documents and has given them to our enemy. That should put him right up there on the most wanted list for the US. The fellow that downloaded and gave him the files, should be shot for treason, as he is a US citizen... Mike B -Original Message- From: Nicolas Braud-Santoni [mailto:nicolas.braudsant...@gmail.com] On Behalf Of Nicolas Braud-Santoni Sent: Tuesday, December 07, 2010 2:49 PM To: Blanchard, Michael (InfoSec) Cc: wo...@pch.net; bra...@jhu.edu; funsec@linuxbox.org Subject: Re: [funsec] WikiLeaks founder Julian Assange arrested on Swedish warrant Hello, Could you explain me, then, how the fact that the United States are (supposedly) at war has any bearings on a civilian who isn't a US citizen, isn't living in either the United States or the country they are at war with ? Because, if US law had any significance abroad, The Pirate Bay (for example) would have been shut down long ago, seeing how the RIAA is a powerful lobby, has tons of lawyers, and is still whining about piracy ... My two (euro) cents, Nicolas Braud-Santoni Le mardi 07 décembre 2010 à 14:00 -0500, michael.blanch...@emc.com a écrit : Wether or not you agree as to WHY we're at war, does not change the fact that there have been over 3,000 US solders killed, and over US 5118 casualties... There have been over 5,970 UK casualties and 179 UK deaths (up to 7/31/09) there have been other untold deaths and casualties from other nations fighting in this war as well You go tell their families that we're not at war... Go out to this website and then tell me that we're not at war http://militarytimes.com/valor/ http://www.casualty-monitor.org/p/iraq.html Regardless of your feelings about the war, we are certainly, AT WAR. This WikiLeaks moron should be tried by a military tribunal for willfully exposing US confidential material. The traitor that actually downloaded and gave the WikiLeaks guy the material should be shot for treason. Are we at a time of war, absolutely we are. Do I agree we should end the war, I sure do. Just my 2cents Mike B ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] WikiLeaks founder Julian Assange arrested on Swedish warrant
Debateable, I can agree with that, as just about anything can be ;-) Michael P. Blanchard Senior Security Engineer, CISSP, GCIH, CCSA-NGX, MCSE Office of Information Security Risk Management EMC ² Corporation 32 Coslin Drive Southboro, MA 01580 -Original Message- From: Paul Ferguson [mailto:fergdawgs...@gmail.com] Sent: Tuesday, December 07, 2010 4:08 PM To: Blanchard, Michael (InfoSec) Cc: funsec@linuxbox.org Subject: Re: [funsec] WikiLeaks founder Julian Assange arrested on Swedish warrant -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, Dec 7, 2010 at 12:36 PM, michael.blanch...@emc.com wrote: Because this fellow, has US Confidential documents and has given them to our enemy. That should put him right up there on the most wanted list for the US. I think that is certainly debatable. In any event, this is highly relevant: http://garwarner.blogspot.com/2010/12/wikileaks-lessons-learned.html FYI, - - ferg -BEGIN PGP SIGNATURE- Version: PGP Desktop 9.5.3 (Build 5003) wj8DBQFM/qIVq1pz9mNUZTMRAnSjAKC/LP8Y1+FLaWS6iEj2FXSEyA2nZACghxJG 3r/n7CJPoKika+MRIMP3uA0= =4CuA -END PGP SIGNATURE- -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawgster(at)gmail.com ferg's tech blog: http://fergdawg.blogspot.com/ ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] WikiLeaks founder Julian Assange arrested on Swedish warrant
It's not that it's news, it's that it's classified documents. What would have already happened to this dude if they were Chinese Classified Documents? Yah, he'd already be in a shallow grave or fed to the sharks... Mike B -Original Message- From: funsec-boun...@linuxbox.org [mailto:funsec-boun...@linuxbox.org] On Behalf Of Brance Amussen Sent: Tuesday, December 07, 2010 3:35 PM To: 'Rich Kulawiec'; funsec@linuxbox.org Subject: Re: [funsec] WikiLeaks founder Julian Assange arrested on Swedish warrant This is exactly correct, IMHO. The only people these leaks are really news to, are the general public. B :)_S -Original Message- From: funsec-boun...@linuxbox.org [mailto:funsec-boun...@linuxbox.org] On Behalf Of Rich Kulawiec Sent: Tuesday, December 07, 2010 3:23 PM To: funsec@linuxbox.org Subject: Re: [funsec] WikiLeaks founder Julian Assange arrested on Swedish warrant Y'know, there's a fallacy being propagated here that's quite similar to one pertaining to security bugs and full disclosure debates. Consider nation A. Now consider its ally nation X, its enemy nation Y, and its neutral nation Z. And let's say that the diplomatic communications of nation A with X, Y, and Z (and others, of course) are all published on the Internet by Wikileaks. The presumption being made is that the contents of those communications are all news to X, Y, Z and all those other nations. Now let's presume that Wikileaks never existed. Do you REALLY think that X, Y, Z, and everyone else would not help themselves to any of those communications that they care to? They do have intelligence services, y'know, some of which actually have intelligent people working for them. And while nations X and Z might hesitate to use certain methods, there's really not much reason for nation Y to abstain. I would guess that the right combination of spies, thieves, bribes, wiretaps, malware, seduction, blackmail, flattery, drugs, alcohol, etc. would suffice -- doubly so for low-hanging fruit such as the cables currently being disclosed. A large number of people have access to those, presenting a large attack surface for anyone engaged in human engineering. Now of course we are seeing public pronouncements by nation X and the like that they are CaptainRenaultshocked, shocked/CaptainRenault at what we can now all read. Of course we are. They can't very well publicly admit that they've known this stuff all along and had already adjusted policy as necessary. But really, if I were one of the heads of state of nation X (or Y or Z) and my national intelligence service hadn't given me most of this on a silver platter a long time ago, I'd sack my espionage chief before tea-time today and tell my staff to find someone minimally competent. Everyone is aware, I trust, that some of these countries (like the US, for example) have huge intelligence services which spend all day, every day, trying to do just that: discovering everyone else's secrets. shrug This is how the game is played. Some people try to keep secrets, some people try to find them out. Those can't handle their secrets being discovered should probably reconsider their participation in the game -- or perhaps their decision to try to keep a billion secrets spread among several million people. Maybe a thousand secrets spread among 50 people would present a more tractable problem. The parallel, of course, is that we are supposed to believe that if security researcher R does not disclose such-and-such a flaw, that it'll remain hidden from all the other security researchers, some of whom may not be nice people. This is nonsense: they may not be nice people, but that doesn't prevent them from being smart, diligent, resourceful, highly motivated people -- and moreover, they have a very long track record indicating that they're quite capable of independent discovery. (Well, and there are ways to short-cut that: if I were one of the not-so-nice people, one of my approaches would be to try to buy an employee or two at major IT security companies. Sure, I'd hire my own researchers as well, but I'd like to give them an advantage by getting my hands on whatever R is up to this week. That way, it really doesn't matter if R discloses or not -- in fact, I'd prefer R didn't because the information will have more value to me if my competitors don't have it too, and if the pool of people trying to fix the problem is as small as possible.) My point here is that this pretend game is silly. It's a capital mistake to presume one's enemy is stupid and ignorant, merely because they're the enemy. And it's *really* a mistake when the enemy has furnished plenty of evidence that they're actually pretty bright and that they have ways of finding out lots of things. As to the posturing by Joe McCarthLieberman, someone should tell him that there are now over a thousand Wikileaks mirrors. And soon enough there will be 2 Wikileaks and then 5 and then 100 and
Re: [funsec] Inmate E-Mail (someone guessed right)
That is EXACTLY what I was thinking Folks in our jails eat better than most families, they get A/C in the summer and Heat in the winter, a roof over their head, etc etc etc... Many have TV's in their cells, phone privs, cable TV too, movies, etc etc They're in jail for a reason, they committed a crime... let them sit and stare at the walls for the duration of the sentence ok, maybe a bit too harsh.. give them a book, I'll even allow them a different paperback book a month. Jail should be like the movie Papilon when Dustin Hoffman was in the solitary confinement jail No-one would commit crimes if that was the case Michael P. Blanchard Senior Security Engineer, CISSP, GCIH, CCSA-NGX, MCSE Office of Information Security Risk Management EMC ² Corporation 32 Coslin Drive Southboro, MA 01580 -Original Message- From: funsec-boun...@linuxbox.org [mailto:funsec-boun...@linuxbox.org] On Behalf Of Brance Amussen Sent: Wednesday, December 01, 2010 11:32 AM To: funsec@linuxbox.org Subject: Re: [funsec] Inmate E-Mail (someone guessed right) Well, now I'll have no problem with going to jail. I mean the only thing keeping me from going was lack of internet access!!! Seriously, you're in jail! Why the hell do you get the privilege of anything. When my parents grounded me, I couldn't do anything, that was the punishment. I wouldn't have learned a lesson if I was grounded, and could still play on the computer, or go outside, or whatever. Jes Seriously. Wtf? -Original Message- From: funsec-boun...@linuxbox.org [mailto:funsec-boun...@linuxbox.org] On Behalf Of Justin Scott Sent: Wednesday, December 01, 2010 11:15 AM To: funsec@linuxbox.org Subject: [funsec] Inmate E-Mail (someone guessed right) You may recall several months ago there was a discussion regarding invitations from a member of a website/service sent by the service on behalf of one of its users. A lot of debate ensued and I tried to determine how best to approach it given a situation where it was the only viable option given certain circumstances. Somebody guessed correctly... the company I'm working with is bringing e-mail to inmates. Now that we're online and have the system up and running at a jail I can actually talk about it. In relation to the previous discussion, inmates have the option to invite their friends and family to connect with them by entering their e-mail address. The system then sends a rather generic e-mail letting the recipient know that inmate name at jail name is inviting them to connect on our service. Inmates are limited to sending to five e-mail addresses per day, and each e-mail address can only be send an invitation once every 12 hours. Invitations are never sent automatically (i.e. the inmate has to click the send button for the e-mail to go out). The e-mail also includes links to block requests from that inmate or to block all invitation requests to the system. Given the limited information I could provide initially, someone guessed that it could be in a jail environment, so kudos to whoever that was. g So far the system has opened to good feedback from the inmates and their families. If anyone has suggestions on improving the invitation process or anything else I'm all ears. For anyone interested, the website is at www.smartjailmail.com. -Justin Scott ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] Inmate E-Mail (someone guessed right)
Ok, understood and agreed although no contact with a rapist/murderer/scumbag parent is probably the best thing for these children... not everyone is in jail for a heinous crime like that... I'll give them a pad of paper, some crayons or other safe writing implement, paper, envelopes, and they'll have to purchase their own stamps... Michael P. Blanchard Senior Security Engineer, CISSP, GCIH, CCSA-NGX, MCSE Office of Information Security Risk Management EMC ² Corporation 32 Coslin Drive Southboro, MA 01580 -Original Message- From: funsec-boun...@linuxbox.org [mailto:funsec-boun...@linuxbox.org] On Behalf Of valdis.kletni...@vt.edu Sent: Wednesday, December 01, 2010 12:39 PM To: Brance Amussen Cc: funsec@linuxbox.org Subject: Re: [funsec] Inmate E-Mail (someone guessed right) On Wed, 01 Dec 2010 11:31:49 EST, Brance Amussen said: Seriously, you're in jail! Why the hell do you get the privilege of anything. When my parents grounded me, I couldn't do anything, that was the punishment. I wouldn't have learned a lesson if I was grounded, and could still play on the computer, or go outside, or whatever. Jes Seriously. Wtf? It lets you keep in touch with your family, your lawyer, etc. Especially if there's children involved, you really don't want to be punishing the innocent kids by removing the parent entirely from their life. Also, if the inmate becomes estranged from his/her family due to lack of contact, that's one less reason for them to go straight when they get released. ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] Inmate E-Mail (someone guessed right)
Oh yah, and this is the time of the year that Friendly's ice cream usually donates truck loads of their Jubilie Roll Ice Cream deserts to the Dept. of Corrections for the inmates as well... Just in time for them to email their family and say neener neener neener! I have Cool expensive Ice Cream from Friendly's and you don't! Don't believe me that the cons eat as good or even better than we do? Ask a correctional officer what the cons eat Now we're gunna allow them to have internet and email at will? BLEH!! I say Mike B Michael P. Blanchard Senior Security Engineer, CISSP, GCIH, CCSA-NGX, MCSE Office of Information Security Risk Management EMC ² Corporation 32 Coslin Drive Southboro, MA 01580 -Original Message- From: funsec-boun...@linuxbox.org [mailto:funsec-boun...@linuxbox.org] On Behalf Of Brance Amussen Sent: Wednesday, December 01, 2010 12:59 PM To: valdis.kletni...@vt.edu Cc: funsec@linuxbox.org Subject: Re: [funsec] Inmate E-Mail (someone guessed right) That's what snail mail is for, visitation days. Poor kids yes, but ultimately maybe they learn not to be like mom, or dad who's in jail. I highly doubt (while perhaps possible) that familial contact would actually be an impetus for going straight, a support group perhaps, but a reason, not likely. It's far more likely that lack of familial contact is an underlying cause of the incarceration. Do the crime, do the time, but now with more amenities, luxury, and Email! And when you come back for your second tour, your account will still exist! No need to sign up again, any credits your girlfriend, or partners in crime have purchased for you remain valid! Don't forget to have them buy more credits! Second incarcerations are generally longer remember! This is incarceration for profit, or profit from the incarcerated. -Original Message- From: valdis.kletni...@vt.edu [mailto:valdis.kletni...@vt.edu] Sent: Wednesday, December 01, 2010 12:39 PM To: Brance Amussen Cc: funsec@linuxbox.org Subject: Re: [funsec] Inmate E-Mail (someone guessed right) On Wed, 01 Dec 2010 11:31:49 EST, Brance Amussen said: Seriously, you're in jail! Why the hell do you get the privilege of anything. When my parents grounded me, I couldn't do anything, that was the punishment. I wouldn't have learned a lesson if I was grounded, and could still play on the computer, or go outside, or whatever. Jes Seriously. Wtf? It lets you keep in touch with your family, your lawyer, etc. Especially if there's children involved, you really don't want to be punishing the innocent kids by removing the parent entirely from their life. Also, if the inmate becomes estranged from his/her family due to lack of contact, that's one less reason for them to go straight when they get released. ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] big hit on US coming?
Randy that's scary I was thinking the same thing but didn't' want to verbalize it Big travel day coming up in 2 days too. biggest travel day of the year isn't it? Michael P. Blanchard Senior Security Engineer, CISSP, GCIH, CCSA-NGX, MCSE Office of Information Security Risk Management EMC ² Corporation 32 Coslin Drive Southboro, MA 01580 -Original Message- From: funsec-boun...@linuxbox.org [mailto:funsec-boun...@linuxbox.org] On Behalf Of RandallM Sent: Tuesday, November 23, 2010 12:27 PM To: funsec Subject: [funsec] big hit on US coming? lets see... 1. SCADA working almost well. 2. Printer cartridges almost got through 3. Federal Reserve test attempt. jus sayin. seems calm lately. -- been great, thanks RandyM a.k.a System ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] Hackers (the movie) 15th Anniversary Party on Oct 2nd
$500 gets you a hacker slave that has to wear a dress to the party. SWEET!!! ;-) Michael P. Blanchard Senior Security Engineer, CISSP, GCIH, CCSA-NGX, MCSE Office of Information Security Risk Management EMC ² Corporation 4400 Computer Dr. Westboro, MA 01580 -Original Message- From: funsec-boun...@linuxbox.org [mailto:funsec-boun...@linuxbox.org] On Behalf Of Shawn Merdinger Sent: Friday, September 24, 2010 3:56 PM To: funsec Subject: [funsec] Hackers (the movie) 15th Anniversary Party on Oct 2nd A fun Kickstarter.com project. http://www.kickstarter.com/projects/fred/hackers-the-movie-15th-anniversary-party-on-oct-2n ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] How heavy is a chip?
All I have to say to that is ... Yuck! Michael P. Blanchard Senior Security Engineer, CISSP, GCIH, CCSA-NGX, MCSE Office of Information Security Risk Management EMC ² Corporation 4400 Computer Dr. Westboro, MA 01580 -Original Message- From: funsec-boun...@linuxbox.org [mailto:funsec-boun...@linuxbox.org] On Behalf Of Ned Fleming Sent: Thursday, July 22, 2010 5:20 PM To: funsec@linuxbox.org Subject: Re: [funsec] How heavy is a chip? On Thu, 22 Jul 2010 12:27:32 -0800, Rob, grandpa of Ryan, Trevor, Devon Hannah rmsl...@shaw.ca wrote: Date sent: Wed, 21 Jul 2010 20:27:32 -0400 From: Joel Esler joel.es...@me.com Seems simple to me, just weigh the ATM! Then we can start weighing gas pumps! Yup. Just make sure you wash the gas pump before you weigh it. Seems to me that one of two greasy gas jockey fingerprints would probably be equivalent to a chip weight. When they allowed smoking on airplanes, a Boeing 747 would weigh 300 pounds more after a year of service than it did when it rolled out of the factory. ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] Teens now getting high off 'digital drugs'
I looked into this a bit over the weekend. It's following in what Robert Monroe used for his Hemi-Synch tapes/cd's of the late 80's to help achieve astral projection. I remember making the drive from Boston to Virginia to pick up his wave 1: Discovery from the Monroe Institue back in 1989 actually. After listening to Gates of Hades, Orgasm, and one other I've come to the conclusion that it's all based upon power of suggestion. I'd like to see a study where someone takes the description of Hand of God, or Gates of Hades but has the test subject listen to one of the supposed calming ones and I'll bet they have the fear type reaction. Although, Gates of Hades does have some bursts of this aweful static like sound that comes up all of the sudden and startles you a bit. Tell you what, Isabella Valentine's stuff is better. At least you have a nice sensual voice to listen to while she trys to hypnotize you :-) Mike B Michael P. Blanchard Senior Security Engineer, CISSP, GCIH, CCSA-NGX, MCSE Office of Information Security Risk Management EMC ² Corporation 4400 Computer Dr. Westboro, MA 01580 -Original Message- From: funsec-boun...@linuxbox.org [mailto:funsec-boun...@linuxbox.org] On Behalf Of Randy Abrams Sent: Thursday, July 15, 2010 11:46 PM To: Juha-Matti Laurio; funsec@linuxbox.org Subject: Re: [funsec] Teens now getting high off 'digital drugs' I blogged this story at http://blog.eset.com/2010/07/15/let%E2%80%99s-get-high-at-work Can anyone say nueroacoustics? Cheers, Randy -Original Message- From: funsec-boun...@linuxbox.org [mailto:funsec-boun...@linuxbox.org] On Behalf Of Juha-Matti Laurio Sent: Thursday, July 15, 2010 6:19 AM To: funsec@linuxbox.org Subject: [funsec] Teens now getting high off 'digital drugs' Scary and dangerous: I-dosing on digital drugs is becoming an alarming new trend amongst teens. Web sites are luring kids with free downloads of digital drugs, which are audio files designed to induce drug-like effects. The sites claim it is a safe and legal way to get high, but parents fear it could lead to illegal drug use. Videos of teenagers trying digital drugs are all over YouTube, leaving parents, educators and law enforcement officials with the Oklahoma Bureau of Narcotics and Dangerous Drugs concerned. http://www.newson6.com/global/story.asp?s=12793977 Juha-Matti ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.