After FBI says “We have Dismantled Anonymous”, Anons hacked them to show the presence
An interesting article about Anonymous’ response to the FBI’s recent comment by HackersNewsBullentin.com:
FBI says that they have dismantled the Anonymous group of hackers because most of its “largest players” have been arrested or detained by US law enforcement authorities.
But do you think, something like this, NO because everything is going invert of this just after this announcement from FBI that they have cut down Anonymous in pieces or dismantled them, Anonymous group of hackers dumped large amounts of data that appears to have been stolen from FBI servers.
“The movement is still there, and they’re still yacking on Twitter and posting things, but you don’t hear about these guys coming forward with those large breaches,” Austin P. Berglas, assistant special agent in charge of the FBI’s cyber division, told the Huffington Post.
Read more on their site here.
A Discussion with Vivek Ramachandran of SecurityTube.net and Author of BackTrack 5 Wireless Penetration Testing
SecurityOrb.com’s Kellep Charles had a discussion with Vivek Ramachandran about the idea behind the SecurityTube.net website, his book “BackTrack 5 Wireless Penetration Testing” and other interesting topics.
More about Vivek:
Vivek Ramachandran
SecurityTube.net
Vivek Ramachandran is the Founder and Chief Trainer at SecurityTube.net. He discovered the Caffe Latte attack, broke WEP Cloaking, a WEP protection schema in 2007 publicly at DEF CON and conceptualized enterprise Wi-Fi Backdoors. He is also the author of the book “Backtrack 5 Wireless Penetration Testing“. His book “The Metasploit Megaprimer” focused on Advanced Metasploit usage for Pentesting and Exploit Development is up for release in July 2013. And also known for his site called securitytube.net
Vivek currently runs the SecurityTube Wi-Fi Security, Metasploit Framework, Python Scripting, iOS Security, GNU Debugger Expert online course and certifications, which is currently being taken by students from over 67+ countries around the world. He also conducts in-person trainings in the US, Europe and Asia.
In a past life, he was one of the programmers of the 802.1x protocol and Port Security in Cisco’s 6500 Catalyst series of switches. He was also one of the winners of the Microsoft Security Shootout contest held in India among a reported 65,000 participants. He has also published multiple research papers in the field of DDoS, ARP Spoofing Detection and Anomaly based Intrusion Detection Systems.
Vivek’s work on wireless security, has been quoted in BBC online, InfoWorld, MacWorld, The Register, IT World Canada etc. places. He has spoken/trained at top conferences around the world including Black Hat USA and Abu Dhabi, DEF CON, Hacktivity, Brucon, ClubHack, SecurityByte, SecurityZone, Nullcon, C0C0n etc.
Calling All Researchers: A Discussion on Building a Security Research Framework – Michael “@DrBearSec” Smith
Independent researchers are lifeblood of the hacking community. Discovering new vulnerabilities, formulating new strategies and ideas, publishing white papers and blogs, and creating new tools, these visionaries help move our community and industry forward.
Unfortunately, many outside of the community look down upon independent security researchers and dismiss their ideas and work. This can be for numerous reasons, such as the research not working for a specific organization or company, the lack of scientific and academic standards, or just a prejudice against the concept of independent research. Even worse, for our community, we have recently witnessed the prosecution of some of these researchers for crossing real or imaginary legal lines during the pursuit of their study.
One way to help legitimize the researchers to others in the corporate and academic communities, as well as help them avoid legal trouble, is the creation and adoption of research guidelines. The first half of the talk discusses some of the potential pitfalls and prejudices independent security researchers face, especially in regards to security disclosures. After that, there will be a frank discussion with audience members about their concerns and fears in terms of research, as well as what they would like to see in a research framework. Finally, volunteers will be invited to help create the framework.
BIO: Michael Smith is a senior security engineer and consultant for ePlus Security. A long time veteran of the industry, he has a diverse IT background, although his true passion remains security. Michael is currently a Doctoral candidate at Capital College, researching the usage of qualitative and quantitative intelligence in security analytics. He holds several certifications including his CISSP, OSCP, and GPEN. When not testing or securing the enterprise, Michael enjoys spending time with his family, pursuing his many geeky interests, wearing strange hats, and traveling especially to see the Mouse.
Google Releases Google Chrome 29.0.1547.57
Google has released Google Chrome 29.0.1547.57 for Windows, Mac, Linux, and Chrome Frame to address multiple vulnerabilities. These vulnerabilities could allow a remote attacker to cause a denial of service condition, conduct a directory traversal attack, or obtain sensitive information.
US-CERT encourages users and administrators to review the Google Chrome release blog entry and follow best practice security policies to determine which updates should be applied.
One way to get Facebook’s attention: Hack Zuckerberg’s personal page
An interesting article from NBCNEWS.com Security Section:
A security researcher attempting to report a site vulnerability to Facebook’s security team got the kind of robotic non-response that civilian users often gripe about when reporting problems to the world’s largest social network. So how did he finally get the company’s attention? In a dramatic attempt to raise awareness of this privacy hole, he used that very exploit to post a bug report on CEO Mark Zuckerberg’s page.
When he hacked the site, Palestinian developer Khalil Shreateh did get Facebook’s attention. But he didn’t receive the $500 minimum from Facebook’s Bug Bounty program, which — in keeping the site’s hacker pose — offers rewards to infrastructure sleuths. He didn’t get a thank-you note. Nobody bought him a Coke. Instead, for violating Facebook’s terms of service — “Thou shalt not hack Facebook” — Shreateh got his own Facebook profile bounced from the site, at least temporarily.
Read the rest here.
NSA has access to 75 percent of US Internet traffic, says WSJ
An interesting article by Michael Erman of Reuters about how The National Security Agency’s surveillance network has the capacity to reach around 75 percent of all U.S. Internet communications in the hunt for foreign intelligence. They have been in the News a lot lately.
The National Security Agency’s surveillance network has the capacity to reach around 75 percent of all U.S. Internet communications in the hunt for foreign intelligence, the Wall Street Journal reported on Tuesday.
Citing current and former NSA officials, the newspaper said the 75 percent coverage is more of Americans’ Internet communications than officials have publicly disclosed.
The Journal said the agency keeps the content of some emails sent between U.S. citizens and also filters domestic phone calls made over the Internet.
The NSA’s filtering, carried out with telecom companies, looks for communications that either originate or end abroad, or are entirely foreign but happen to be passing through the United States, the paper said.
But officials told the Journal the system’s broad reach makes it more likely that purely domestic communications will be incidentally intercepted and collected in the hunt for foreign ones.
The Journal said that these surveillance programs show the NSA can track almost anything that happens online, so long as it is covered by a broad court order, the Journal said.
Edward Snowden, a former NSA contractor, first disclosed details of secret U.S. programs to monitor Americans’ telephone and Internet traffic earlier this summer.
The NSA could not be immediately reached for comment but has said its surveillance is legal.
(Reporting by Michael Erman; Editing by Philip Barbara)
Copyright 2013 Thomson Reuters.
