If you want to get into the low level molecular details of how exploits work and the systems they target work then read this very well done book by Jon Erickson: "Hacking: The Art of Exploitation".
Hacking: The Art of Exploitation, 2nd Edition
Monday, May 3, 2010
hacking: the art of exploitation
Saturday, May 1, 2010
List of Security Related Blogs / RSS Feeds
here we have a list of security related weblogs and RSS feeds:
use at will.
* www.0x000000.com
* blog.ncircle.com/
* blogs.technet.com/antimalware/default.aspx
* chuvakin.blogspot.com/
* ddanchev.blogspot.com/
* www.darkreading.com/
* www.darknet.org.uk
* www.defcon.org/
* www.doxpara.com
* dvlabs.tippingpoint.com/blog/
* eavesdropdc.blogspot.com/
* research.eeye.com/html/alerts/zeroday/index.html
* www.f-secure.com/weblog
* www.bing.com/travel/?cid=44
* www.fthe.net/blog
* seclists.org/#fulldisclosure
* googleonlinesecurity.blogspot.com/
* ha.ckers.org/blog
* honeyblog.org/
* www.insecuremag.com
* www.irongeek.com/
* www.macworld.com
* www.macosxhints.com
* www.mal-aware.org/
* www.malwarehelp.org
* blogs.technet.com/markrussinovich/default.aspx
* chargen.matasano.com/chargen/
* blog.metasploit.com/
* www.communities.hp.com/securitysoftware/blogs/msutton/default.aspx
* blogs.technet.com/mmpc/default.aspx
* milw0rm.com/
* www.oreillynet.com/
* www.offensivecomputing.net
* onlamp.com
* www.oreillynet.com/
* www.openpacket.org
* www.openrce.org/rss/feeds/blogs
* packetstormsecurity.org/
* pandalabs.pandasecurity.com/
* seclists.org/#pen-test
* port25.technet.com/default.aspx
* rbnexploit.blogspot.com/
* www.sans.org/reading_room/
* www.sans.org/webcasts/
* isc.sans.org
* www.sans.org/alerts/
* www.secguru.com
* secunia.com/virus_information/
* blogs.securiteam.com
* blogs.technet.com/srd/default.aspx
* www.securityfocus.com
* taosecurity.blogspot.com/
* www.thedarkvisitor.com
* www.ethicalhacker.net
* blogs.technet.com/msrc/default.aspx
* websense.com/securitylabs/
* xfruits.com/aludwig/
* www.zone-h.org/rss/news
Blog services
Wednesday, June 24, 2009
Computing Safely In Windows XP
In today's world of computer fraud and identity theft, there are many reasons to be cautious when using the internet or the computer in general. Many problems arise today due to human error.
For example, a beginner computer user gets an e-mail from their bank. To the untrained eye that e-mail can look genuinely from the bank, but to the trained eye it is a phishing e-mail trying to steal your personal banking information. That is malicious deception. What you as a computer user need to do is fight back and become tactically deceptive.
A couple pointers when using a computer for example are:
- Using easy to remember but complex passwords.
Having all your passwords as the same word can ruin you financially. Switch it up when creating passwords. If you have to, physically write them down but NEVER take whatever you write your passwords in out of your computer area. It is also smart to understand if you are sharing a public computer, don't leave that paper with your passwords in that area!
- Do not click on anything that could possibly have a 1 in a 1000000000 chance of not being legit.
Unless you are 110% sure the link / e-mail attachment / website / etc. are what you are intending to go to. This means if you have any feeling of suspicion, do not go through with what you are doing. Examine closely and if you are sure, then surf to your heart's content!
- Install and use Anti-Malware software.
Most free software you download has adware and malware waiting to be installed right under your nose. Use something like Adaware from Lavasoft
- Update Windows XP or whatever version you have.
This is the single most important part of being safe while using Windows XP. If you have an unpatched computer, you will be hacked within 10 minutes. Google it.
Monday, June 2, 2008
H-1B opponents challenge Bush administration in court
The opponents argue that the administration exceeded its legal authority by stretching the rules for foreign students by extending the length of the visas from one year to 29 months.
The suit, filed in U.S. District Court in Newark, N.J., by the Immigration Reform Law Institute and joined by The Programmers Guild and other groups, charges that the administration's decision in April to extend the work period for students under the Optional Practical Training provision is little more than an effort to get around the H-1B cap limit.
"They did this with absolutely no legal basis," said John Miano, founder of The Programmers Guild in Summit, N.J. He said the federal extension will hurt U.S. workers who are seeking job training because it will divert training resources to foreign workers. "We hear over and over again that U.S. workers do not have the skills to do the job," he said.
Others that have joined in the lawsuit are the American Engineering Association and Brightfuturejobs.com.
Until the Bush administration, through the U.S. Department of Homeland Security, made the change earlier this year, foreign national students typically worked for one year after graduation on their student visa while their employers filed for an H-1B visa. Tech industry groups, however, had sought the extension because of the backlog for H-1B visas.
The U.S. has an annual H-1B visa cap of 85,000, which includes 20,000 reserved for advanced degree holders. But demand for the visas has exceeded the cap and for the last two years the government has quickly exhausted the number of visas available. Industry groups argued that, as a result, it was becoming impossible for students to apply for an H-1B visa, through their employer, in the same year they graduate.
In foreclosure capital, USA, signs of life are amid low prices.
STOCKTON, California - In some areas of
California, so many foreclosed homes are available to buy on the cheap
that real estate agents are discouraging prospective sellers from even
putting their houses on the market.
Perhaps
the most extreme example of this is Stockton, about 85 miles east of
San Francisco, where roughly three of every four homes for sale are in
or on the path to foreclosure.
The city's resale market is "pretty much gone," said Cameron Pannabecker, owner of Cal-Pro Mortgage Inc.
"I don't know an agent today who would take
your listing unless you're a hard-luck case. There is just too much
competition," Pannabecker said. Properties that at the peak of the
market two years ago were selling at $500,000, or appraised at
$500,000, are now selling for $200,000, he said.
And
because foreclosures dot all areas of Stockton, buyers have their pick
of properties, said John Knight, a professor of finance and real estate
at Stockton's University of the Pacific Eberhardt School of Business.
"Honestly, there isn't a huge amount of difference between a foreclosed
home and a regular home than the prices," Knight said.
Worse
for people trying to sell their homes, lenders in possession of houses
and condominiums may keep their fire-sale in full swing for months to
come to attract investors to a market near the top of U.S. surveys of
areas hit by foreclosures.
"It's
a tough market to be a normal seller," said Stockton real estate agent
Michael Blower of Blower Realtors. "I'll really ask them, 'Do you need
to sell?' Because your competition are banks who want to clean it off
their books."
Calling
up listings on a database, Blower noted just over 3,500 of nearly 5,000
local homes listed for sale are in some stage of foreclosure. "There
are more listings coming," he added.
More
listings would add pressure on local home prices. But they may only
hold prices down rather than drag them lower because investors are
slowly coming to Stockton in search of bargains, and in some cases they
are in bidding wars, albeit at comparatively low prices.
"We
heard yesterday there were 36 offers on one house," said Terry Hull
Sr., a veteran Stockton property manager and owner of property
management company W.T. Hull Co Inc.
Hull
said he, too, may soon put offers on local properties because they have
become so cheap: "We're going to buy about 50 houses because we know
it's an opportunity you rarely see."
Stockton's
home prices surged earlier this decade amid a building boom seizing on
skyrocketing prices in the San Francisco Bay area displacing
middle-class buyers.
Many
headed to Stockton, historically a sleepy agricultural distribution
center, and neighboring towns more than hour's driving commute east.
Routine home financing, as in many other markets, was in the form of
risky adjustable-rate mortgages.
When
low interest rates reset, many of those mortgages became too expensive
to maintain, triggering a wave of defaults and foreclosures.
Distressed
borrowers who manage to sell their houses are in many cases able to
rent equivalent properties for about half the cost of their monthly
mortgage payments. "I don't know of anybody who has been foreclosed who
is moving into an apartment," said Paul Jacobson, an associate at W.T.
Hull Co.
Investors
have taken notice that rental demand in Stockton is on the upswing
while home prices have fallen, providing an opportunity to turn
foreclosures into profits, said Cesar Dias, a Stockton real estate
agent who arranges bus tours of foreclosed properties.
Dias said one foreclosed home he showed last
month sold for $80,000, or $11,000 above its asking price, after 12
days on the market. The two-bedroom, one-bathroom house may rent for up
to $1,000 a month and generate a monthly profit of up to $400.
Investors
likewise pounced on a three-bedroom, three-bathroom home in a gated
subdivision that Dias just showed. It has at least three offers at its
$220,000 asking price, he said. "People are cherry-picking and finding
the right ones," Dias said. "They see prices are at a bottom."
"Do I see the tide turning? Yes," Dias added.
Sunday, June 1, 2008
Bush Claims More Powers Than King George III
The Bush
administration has arrogated powers to itself that the
British people even refused to grant King George III at the
time of the Revolutionary War, an eminent political
scientist says.
“No executive in the history of the
Anglo-American world since the Civil War in England in the
17th century has laid claim to such broad power,” said
David Adler, a prolific author of articles on the U.S.
Constitution. “George Bush has exceeded the claims of
Oliver Cromwell who anointed himself Lord Protector of
England.”
Adler, a professor of political science at
Idaho State University at Pocatello, is the author of “The
Constitution and the Termination of Treaties”(Taylor &
Francis), among other books, and some 100 scholarly articles
in his field. Adler made his comments comparing the powers
of President Bush and King George III at a conference on
“Presidential Power in America” at the Massachusetts
School of Law, Andover, April 26th.
Adler said, Bush has
“claimed the authority to suspend the Geneva Convention,
to terminate treaties, to seize American citizens from the
streets to detain them indefinitely without benefit of legal
counseling, without benefit of judicial review. He has
ordered a domestic surveillance program which violates the
statutory law of the United States as well as the Fourth
Amendment.”
Adler said the authors of the U.S.
Constitution wrote that the president “shall take care to
faithfully execute the laws of the land” because “the
king of England possessed a suspending power” to set aside
laws with which he disagreed, “the very same kind of power
that the Bush Administration has claimed.”
Former
Attorney General Alberto Gonzalez, Adler said, repeatedly
referred to the President’s “override” authority,
“which effectively meant that the Bush Administration was
claiming on behalf of President Bush a power that the
English people themselves had rejected by the time of the
framing of the Constitution.”
Adler said the Framers
sought an “Administrator in Chief” that would execute
the will of Congress and the Framers understood that the
President, as Commander-in-Chief “was subordinate to
Congress.” The very C-in-C concept, the historian said,
derived from the British, who conferred it on one of their
battlefield commanders in a war on Scotland in 1639 and it
“did not carry with it the power over war and peace” or
“authority to conduct foreign policy or to formulate
foreign policy.”
That the C-in-C was subordinate to the
will of Congress was demonstrated in the Revolutionary War
when George Washington, granted that title by Congress,
“was ordered punctually to respond to instructions and
directions by Congress and the dutiful Washington did
that,” Adler said.
Adler said that John Yoo, formerly
of the Office of Legal Counsel, wrote in 2003 that the
President as C-in-C could authorize the CIA or other
intelligence agencies to resort to torture to extract
information from suspects based on his authority. However,
Adler said, the U.S. Supreme Court in 1804 in Little vs.
Barreme affirmed the President is duty-bound to obey
statutory instructions and reaffirmed opinion two years
later in United States vs. Smith.
“In these last
eight years,” Adler said, “we have seen presidential
powers soar beyond the confines of the Constitution. We have
understood that his presidency bears no resemblance to the
Office created by the Framers… This is the time for us to
demand a return to the constitutional presidency. If we
don’t, we will have only ourselves to blame as we go
marching into the next war as we witness even greater claims
of presidential power.”
The Massachusetts School of Law
is a non-profit educational institution purposefully
dedicated to providing an affordable, quality legal
education to minorities, immigrants, and students from
economic backgrounds that would not otherwise be able to
afford to attend law school and enter the legal
profession.
Indiana man drills for backyard oil
Selma - An Indiana man is capitalizing on high oil prices with his own oil well - in his yard. Greg Losh began drilling on his ten acre property for natural gas to heat his home and found it. Then he found more. "Let's see if we can drill for oil. If there's gas here, there's got to be oil here," Losh said. "So, we drilled 300 feet deeper to see if we hit oil." A camera shows where Losh and his fellow investors found oil, almost 1,300 feet below the surface. While he won't say how many barrels his well pumps each day, the $100,000 start-up cost will pay for itself in one year. The oil is pumped twice a day for 30 minutes into a tank, then it's sold. Losh says his group of investors will drill four more wells nearby, confident that one of the nation's biggest oil fields in the late 1800's still has plenty of black gold. While he concedes that he's making money, Losh says there's another incentive for drilling at home. "It's mainly that we don't have to depend on foreign oil. There's oil here, let's see if we can get it again," he said. "It's time to get our homegrown oil back to Indiana." Losh adds that his goal will be to fill 100 barrels a day.