Morning all! Sorry I’m running a bit late this morning, been one helluva week. I hope you all are enjoying amazing weather as I am in New York. Time to go outside and drink my coffee.

Signed,

Matt

Click here to subscribe to Liquidmatrix Security Digest!.

And now, the news…

1. Microsoft: Vista Infected 62% Less Often Than XP – Network World
2. Symantec Uncovers Scheme to Use Facebook to Relay Commands to Trojan – EWeek
3. New Ransomware Variant Features Novel Payment SC Magazine
4. Microsoft Report: Worms Rise, New Vulnerabilities Decline – Dark Reading
5. Dutch hacker holds jailbroken iPhones “hostage” for €5 – Ars
6. The Reality Behind Facebook Ads – Mckeay
7. Cracking Passwords in the Cloud – Electric Alchemy
8. We need to do more than raise the bar – Developing Security
9. FBI Says ‘Money Mule’ Scams Now Top $100 Million – Threat Level

Tags: News, Daily Links, Security Blog, Information Security, Security News

So, the Shmoocon tickets started round one today. And, people were pissed. The ticketing system immediately showed signs of being off kilter. It appeared to many that tickets were sold out in the first few minutes. Having successfully navigated the CAPTCHA from hell it was disconcerting to see a failure message saying that round two would take place in December. Most people missed the link buried at the bottom of the page to get tickets once having navigated the CAPTCHA. It couldn’t have been in a worse spot. Shmoo responded on their news page today,

It really was there folks…at the bottom of the page. Yes, we should have top posted and made it easier on all of you. It was an inadvertent overlook on our part and we’re sorry.

That being said, it is a hacker con. Maybe next time we’ll put the link in the middle.

But, after some griping, whining, bitching and a touch of rage…I noticed something.

A chap in Belgium, Security4all on Twitter, mentioned that he had refreshed the page and got a ticket code. My eyebrow went up.

“You don’t say?”

I then took a sip of coffee and proceeded to exercise my F5 foo. Eventually the system coughed up a ticket.

(A keen eye will notice that the time stamps are out of order on the screen caps. These are the caps from an unsuccessful attempt)

This one was a success. So, in an effort to help others I opted to tried to get a second ticket. Not wanting to run afoul of the Shmoo folks I stayed to my two ticket maximum. Others decided to play Robin Hood to get codes for others. Good on them for that. All in all it was a massively frustrating experience. Getting a vasectomy from a rottweiler would have been more pleasant.

Then the tide began to turn. Slowly but surely, folks started to have success getting their tickets.

Griping at the ticket purchase process notwithstanding, I have to say that I’m really looking forward to the great times at Shmoocon.

That being said, I GOTS MA TICKET!

Morning all! Everybody update their Firefox? Good. I finally got around to installing Windows 7 and so far so good. I’m still happier with Ubuntu but that is just me.

Also very excited about the Droid Hopefully I’ll have a chance to pick it up when it comes out. Looks very promising.

Anywho, news!

Signed,

Matt

Click here to subscribe to Liquidmatrix Security Digest!.

And now, the news…

1. Orange County California Medicaid Members at Risk – SC Magazine
2. India’s new IT law increases surveillance powers – Network World
3. SF Bay Area News: Random Hacks of Kindness @ HackerDojo – November 12, 2009 – Random Hacks of Kindness
4. Twitter phishers are after your password – Sophos
5. Phishing trends according to the Anti-Phishing Working Group – Net Security
6. Bank Trojan botnet targets Facebook users – CNet
7. Opera 10.01 fixes severe security problem – Net Security
8. Black Box vs. White Box: Youare doing it wrong – Jeremiah Grossman
9. Enterprise Open Source Intelligence Gathering – Part 2 Blogs, Message Boards and Metadata – Spylogic

Tags: News, Daily Links, Security Blog, Information Security, Security News

Morning all! Hope your week is going well. I’m lucky I remembered what day it was. Wheeeeeee!

Signed,

Matt

Click here to subscribe to Liquidmatrix Security Digest!.

And now, the news…

1. Former Anti-Virus Researcher Turns Tables On Industry – Washington Post
2. From Pizza Delivery to ATM Hacker to Criminal in Two Years – Infosecurity Magazine
3. Facebook Spam Contains Trojan – SC Magazine
4. Announcing the Release of the Enhanced Mitigation Evaluation – Technet
5. Cisco to buy cloud security firm for $183 million – CNet
6. 2010 Predictions: Will social media reach ubiquity? – ZDnet
7. Internet Phone Systems Become the Fraudsters Tool – PC World
8. Free Microsoft security tool locks down buggy apps – The Register UK

Tags: News, Daily Links, Security Blog, Information Security, Security News

Morning all! Metasploit was bought eh? Sorry for the overload of links on that topic I just think it is all important news.

Have a good weekend folks!

Signed,

Matt

Click here to subscribe to Liquidmatrix Security Digest!.

And now, the news…

1. Cyber Attacks Smite Atheist Websites – SMH
2. Understanding How Secure Your Medical Information Is And Who Has Access To It – I’ve Been Mugged
3. RSA Europe 2009 Day 1 Recap – Infosec Ramblings
4. Opinions of a Contributor to Metasploit about the sale to Rapid7 – Pauldotcom
5. Metasploit Rising – Offensive-Security
6. FTC Orders ChoicePoint To Pay $275,000 For 2008 Data Breach – Dark Reading

Job Posting:

1. Security Analyst C&A: Location: Washington, DC – CSO
2. Immunet is Hiring Senior Software Developers – Immunet
3. We’re looking for a strong Director of Product Marketing – @Digital_Defense

Tags: News, Daily Links, Security Blog, Information Security, Security News

Well, nothing like an open source project being bought by a company to cure my writers block. That’s right the company Rapid7 purchased the Metasploit project. Now, before panic sets in, they have committed to keeping the project open source and community based. This will no doubt lead to some raised eyebrows as some will agonize over the corporate spectre on this project. I have had some people privately comment to me that they aren’t overly happy with this as they don’t feel like doing Rapid7’s work for them pro bono.

A different view is that now the project has the resources to commit to growing and improving the Metasploit project.

I myself have yet to formulate an opinion either way. I would like to say thanks to my tipsters that gave me a heads up earlier this week.

Most importantly, congrats to HD Moore for seeing his love child grow to fruition!

From Metasploit:

I created the Metasploit Project over six years ago as way to publish security information to those who needed it most, the security professionals in the field. The project has evolved from a personal web site, to a collaborative effort with a small group of friends, and finally to the robust community-driven project that we know today. This progress came at the cost of the evenings, lunch hours, early mornings, and weekends of countless contributors who donate their time for the benefit of the community. The volunteer nature of the project has lead to innovation in niche areas and has driven research across a wide range of topics.

Read on for the full post.

…now if I could just get some one to buy Liquidma…er, nevermind.

Article Link

Morning message here.

Click here to subscribe to Liquidmatrix Security Digest!.

And now, the news…

1. Time Warner Cable Exposes 65,000 Customer Routers to Remote Hacks – Threat Level
2. Google Voice and URL Obfuscation No Nos – ha.ckers
3. Red and Tiger Team – Chris Nickerson – BruCON 2009 – Security4all
4. Methods to Bypass Web Application Firewalls – Security-Sh3ll
5. Ex Ford Engineer Charged With Trade Secret Theft – Computer World
6. Have You Seen the New Facebook Gadget for Google Wave – The Harmony Guy
7. A Twitter hole lets you Google protected tweets – LA Times

Tags: News, Daily Links, Security Blog, Information Security, Security News

From PC World:

Mozilla developers have blocked a Firefox plugin that was quietly pushed out by Microsoft, saying that it presents a security risk.

Microsoft shipped the Firefox add-on as part of a .Net software update last February, causing outrage among some Firefox users, who complained that the software was sneaked onto their systems without their knowledge or approval and was extremely difficult to remove.

Article Link

(Image used under CC from LordSchrammi’s Flickr stream)

Good day!

I hope this finds everyone in the thick of challenging projects and interesting conversations. I’ve missed the hallowed halls and thought today I’d make a brief reappearance. School is what is. Sometimes very interesting, sometimes very boring, mostly a whole lot of work. Mid-terms are around the corner, maybe I’ll see you again after that.

I was at SecTor last week, working and listening. If you were unable or didn’t get to see all the talks you wanted to, the presentations are now online.

Take good care!

Signed,

The Intern

Click here to subscribe to Liquidmatrix Security Digest.

And now, the news…

1. Adobe fixes 29 flaws in Acrobat, Reader – Search Security
2. Microsoft Patch Tuesday – 34 security vulnerabilities addressed – Heise
3. Security Experts Pinpoint Biggest Threats, Best Patches – PC World
4. 8% of web users have considered hacking – Network World
5. Delta Air Lines Sued Over Alleged E-mail Hacking – PC World
6. Air NZ CIO sheds light on Sunday’s outage – Computer World
7. Sweden loses its internet connection – Telegraph Um, woops?
8. Employees skirting office web blocks to get Facebook, Twitter fix – Globe and Mail

Tags: News, Daily Links, Security Blog, Information Security, Security News

From Computer Weekly:

Users of Adobe Reader should disable JavaScript to avoid a zero-day hacking attack on the PDF document reader software.

This is the latest in a series of major security holes in the Adobe software. The company said it is planning to release an update for Adobe Reader tomorrow. This update represents the second quarterly security update for Adobe Reader and Acrobat

Sure. Disable javascript. How about, just a thought, writing some good code?

Hmm, ya think? Maybe?

Article Link

(Image used under CC from LordSchrammi’s Flickr stream)