Our guest was Patrick Martin, Senior Product Manager, Symantec
Security Response Team.
Topic: Symantec just released the 8th Internet Security Threat Report, one of
the most comprehensive sources of Internet threat data in the world. The
semiannual report, covering the six-month period from January 1 to June 30,
2005, identified new methods of using malicious code for financial gain with
increasing frequency to target desktops rather than enterprise perimeters. The
report also found a rise in the exposure of confidential information. Such
threats are more worrisome as online shopping and Internet banking continue to
increase in popularity. Viruses, Spyware, Spam, Phishing are all up
significantly... What can we expect the next 6 months to bring? What can we do
to protect ourselves?
Take a test to see if you can spot the phony, scam emails
If you get sent a phishing email message, report it to the Anti Phishing
Working Group www.antiphishing.org
In The News
All software has bugs: Apple plugs 'critical' holes in OS X
September 23, 2005. CNET News.com
About Security Update 2005-008from Apple.
Writers group sues Google over copyrights
by Globe Wire Services September 21, 2005.
Google Print Pressures Libraries
PC Magazine September 23, 2005
Print for yourself.
Firefox just released a new version that addressed a number of bugs. Version
1.0.7 offers no new features and installs exactly the same as previous versions.
It can be downloaded from www.mozilla.org.
Between October 15th and October 29th the Department
will hold Recycling Events where you can donate old computers,
printers, monitors, cellphones, etc. to be re-cycled. For more see October
2005 Electronics Recycling Events
Johnny Long was our guest.
- He is the author of the book Google
Hacking for Penetration Testers.
- He was subject of an article September 5th in Network World
hacking By Robert McMillan. What started
as a joke builds into a movement.
- His personal web site is johnny.ihackstuff.com
- He has spoken on network security and Google hacking at several computer security conferences around the world
Google can be bent by hackers to find hidden information, break into sites, and access supposedly secure information.
Search Engines have changed the way internet users search for information. Many assume that people who search for information do so for benevolent reasons. Other times, people publish information in the hopes of becoming "known."
Yet that same content can actually be used against us, whether we are users surfing the web, publishing information about ourselves or our companies. Some of this information is even more deadly than the
dumpster diving hackers continue to do, because the information is already in digital form. Openly available company email directories have turned into spam email lists. A new generation of security professionals, called "penetration testers", search for information about you and your company by "hacking"
Google and other search engines- literally running strings and scripts within Google to see how much the Internet "knows" about you and your business.
Google continues to distance itself from the competition and has reached an all-time high in U.S. search referral market share.
Google's market dominance is due in large part to the detail, sophistication, and accuracy of the results it provides. These same factors that make Google so useful to you are the same ones that make it so dangerous in the hands of a malicious hacker.
Book Review Excerpt:
While Google is a researcher's friend, it is a hacker's dream.
The subtitle of Google Hacking for Penetration Testers is "Explore the Dark Side of Googling". The dark side of Google is that far too many networks are insecure with inadequate security and enable unauthorized information to leak into Google. This leakage creates the situation where significant amounts of password files, confidential information
, and configuration data and much more are easily available.
After reading Google Hacks: Tips & Tools for Smarter Searching, the real power and potential danger of Google is easily understood. Author Johnny Long details how penetration testers can harvest information that has been crawled by Google.
.... The book is not meant to be a crutch for script kiddies, its aim is rather to show how Google can be used to uncover data that most companies would rather remain secured. ...
The book's 12 chapters show how one can plunder and pillage corporate data via Google. Chapters 1 and 2 provide a basic introduction to Google searching, including building Google queries, URL and operator syntax, search reduction, and more.
Chapters 3 through 10 detail the internals of Google hacking. The avenues of attack are nearly endless and various methods are detailed from traversal techniques, site crawling, tracking down Web server logins, and much more. With the sheer amount of data produced on corporate Web sites, it is hard not to have information leakage. The problem is that Google is the perfect glue to bond those disparate pieces of data together to form a dangerous set of connected data. Google is now gluing isolated data, which is dangerous data when in the wrong hands.
Chapter 11 details what can be done to protect an organization from Google hackers. While author Johnny Long may be a hacker, he is quite mainstream when he writes that the best hardware and software configuration money can buy can't protect computing resources if an effective security policy is not in place. ....
A decade ago, Google was the type of powerful search tool that was rumored to be used within the NSA. Today, petabytes of data are only a few clicks away on Google, and with the Google API, all of that information can be seamlessly integrated into a few scripts. The challenge companies face is to take security seriously and stop making it easy for their password files, payroll data, and other confidential information to be entered into Google's server farm.
Our topic was the confusion over the next generation of high-capacity writable DVDs that rely on blue lasers instead of the red lasers used in current DVD players and writers. Will HD DVD or
Blu-Ray win? Can the movie studios choose the winner? Will the consumer ultimately win or lose?
Our guest will be Andy Marken - the man behind Marken Communications, which is a public relations and marketing firm, but so much more. Unlike so many of his colleagues, Andy not only understands the finer points of the technology that he represents, he also cares passionately about it. He has spent many years toiling in the fields of optical disc storage, from before the days of writeable DVDs. He's watched the market grow, as the technology has changed, taken some dead-end turns, and evolved into an essential part of business and entertainment.
In The News
Beware of scam web sites collecting money for Hurricane Katrina disaster
relief. The Attorney General of New York State issued a warning about this.
Never click on a link in an email message asking for money, the destination of
the link can be forged. For
lists of trusted organizations, see the web sites of any media organization,
such as CNN
or the Today Show. See
also www.usafreedomcorps.gov. The
Better Business Bureau has a charity monitoring service at www.give.org.
Hurricane drives interest in online backups September 1, 2005. CNET News.com
Apple just released a new iPod, the
Nano. It's big selling point is size, it's much smaller than the iPod
mini, only .27 inch thick. It comes in black and white models and 2GB ($200) and
4GB ($250) models. As with all iPods the battery is rechargeable, not
replaceable. It runs for 14 hours and takes 3 hours to re-charge. Unlike the
iPod Mini, which it replaces, the Nano is based on flash ram.
IPod Nano Combines Beauty, Function
by Walter S. Mossberg September 8, 2005
Samsung is planning on releasing a DVD burner that will be able to burn both
of the next generation formats: HD-DVD and Blu-Ray.
Next month Hitachi will release a one inch hard disk, matching Seagate for
the smallest available disk drive. The Hitachi disk holds 8 GB of data and can
sense when the disk is being dropped to stop it and hopefully avoid damage. This
may make the disk usable in cell phones.
Sony Brings Location Free TV to PCs IDG News Service September
6, 2005. Network base station can stream live television and video content to remote PCs.
It competes with the $250 Slingbox from Sling Media. Local computers can get TV
signal either via Ethernet or WiFi. It can also be sent over the Internet.
Whereas VCRs do time-shifting, this does place-shifting. It requires Sony
software on the client PC.
Olivia reviewed Degunking Your Email, Spam, and Viruses
by Jeff Duntemann. It is 340 pages and under $25. Quoting Olivia:
The book, is good but I think I would like to clarify who it would be good
for. If you are already, have more than one email address, if you already use Adware
and Spyware, if you know how to boot up in safe mode, disable macros in Microsoft Office applications,
reinstall CD's if your computer crashes, then this book might be too basic for you.
If you are timid and you don't feel comfortable reading help menus, and the fear of crashing your computer terrifies you then don't buy
this book because you are still going to be terrified.
But, if you are new to all of this and you want to protect your computer and are comfortable reading instructions and trust the author and are not
afraid that your machine will end then up broken, you will learn alot from this
book. All the suggestions are excellent. Whether you do them all will depend on your personality.
The number one tip is to get rid of Internet Explorer and find yourself another browser. This will eliminate
a lot of the problems we hear and read about every week. The book also gives some useful web addresses to explore. A few are:
Hank reviewed the Brother
HL-2070N laser printer. It's a black/white network printer that is unusually
small for a laser printer (14x14x6). The manual was all but non-existent. The
printer can not be assigned a permanent IP address and it seems to hold on to
the IP address it is dynamically assigned forever. It prints fine.
Alfred reviewed an HP color networked laser printer.