Six rising threats from cybercriminals

[~BD~]

Watch out for these cyberattacks that can turn smartphones into texting
botnets, shut off electricity, jam GPS signals and more!

Computerworld - Criminal hackers never sleep, it seems. Just when you
think you've battened down the hatches and fully protected yourself or
your business from electronic security risks, along comes a new exploit
to keep you up at night. It might be an SMS text message with a
malevolent payload or a stalker who dogs your every step online. Or
maybe it's an emerging technology like in-car Wi-Fi that suddenly
creates a whole new attack vector.


Whether you're an IT manager protecting employees and corporate systems
or you're simply trying to keep your own personal data safe, these
threats -- some rapidly growing, others still emerging -- pose a
potential risk. Fortunately, there are some security procedures and
tools available to help you win the fight against the bad guys.

http://www.computerworld.com/s/artic...=Yahoo%21+Mail

[Dustin]

~BD~ <~BD~@nomail.afraid.com> wrote in
news:M_2dnRZDVZgGwUjQnZ2dnUVZ7qadnZ2d@bt.com:

> Watch out for these cyberattacks that can turn smartphones into
> texting botnets, shut off electricity, jam GPS signals and more!
>
> Computerworld - Criminal hackers never sleep, it seems. Just when
> you think you've battened down the hatches and fully protected
> yourself or your business from electronic security risks, along
> comes a new exploit to keep you up at night. It might be an SMS text
> message with a malevolent payload or a stalker who dogs your every
> step online. Or maybe it's an emerging technology like in-car Wi-Fi
> that suddenly creates a whole new attack vector.

What's saddest tho, is that you will never be able to help anyone find
any bad guys. You don't have the skills and you never will acquire them
at this rate. You continue to alienate all who could in some fashion be
of use to you.

> a potential risk. Fortunately, there are some security procedures
> and tools available to help you win the fight against the bad guys.

You need to learn basic html and basic networking 101 before the
article and the tools will make any real sense to you. Until you decide
to take the plunge and learn something, you're screwed.

I'm in an especially good mood today, so I will attempt to educate you
slightly in assembler. I wrote this the other night screwing off with
nasm.

segment code

start:
mov ax,data
mov ds,ax
mov ax,stack
mov ss,ax
mov sp,stacktop

mov dx,hello
mov ah,9
int 0x21

mov ax,0x4c00
int 0x21

segment data

hello: db 'hello, ****ing, world',13,10,'$'

segment stack stack
resb 64
stacktop:

It doesn't do anything complicated. You need to learn what each line is
doing. It'll be a good start for you. Basic's 101.


--
Why drink the water from my hand?
Contagious as you think I am
Just tilt my sun towards your domain
Your cup runneth over again

[~BD~]

Dustin wrote:
> ~BD~<~BD~@nomail.afraid.com> wrote in
> news:M_2dnRZDVZgGwUjQnZ2dnUVZ7qadnZ2d@bt.com:
>
>> Watch out for these cyberattacks that can turn smartphones into
>> texting botnets, shut off electricity, jam GPS signals and more!
>>
>> Computerworld - Criminal hackers never sleep, it seems. Just when
>> you think you've battened down the hatches and fully protected
>> yourself or your business from electronic security risks, along
>> comes a new exploit to keep you up at night. It might be an SMS text
>> message with a malevolent payload or a stalker who dogs your every
>> step online. Or maybe it's an emerging technology like in-car Wi-Fi
>> that suddenly creates a whole new attack vector.
>
> What's saddest tho, is that you will never be able to help anyone find
> any bad guys. You don't have the skills and you never will acquire them
> at this rate. You continue to alienate all who could in some fashion be
> of use to you.

A number of articles have been posted that discuss attribution for the
Stuxnet cyberattack. Attribution is tricky — I’ve been there and made
that mistake. The articles actually named China, Israel, United Kingdom
and the United States as being behind what has come to be known as the
most sophisticated cyber weapon and attack seen to date, at least in the
public domain.

Although it's true that all of these countries have the capacity and
know-how needed to create Stuxnet, they also have the technical
knowledge needed to cloak their activities and mask the identities often
found in the code artifacts of cyber weapons. It is amazing to see the
number of small and midsize organizations with limited resources that
release articles and reports that name who is behind Stuxnet. The egos
and attitudes that combine to make the authors believe they have the
intelligence assets, resources, knowledge and capabilities to compete
with the thought leaders in the weaponry and strategies of digital
conflict that created Stuxnet are gigantic.

Do they really think they have what's necessary to unravel the mysteries
behind the Stuxnet code if it were developed by China’s State Security
Ministry, Israel’s Mossad, Britain’s MI6 or our CIA? These same
reporters and organizations, when pushed for evidence, offer little or
no substance behind their attribution, and when cornered, most fall back
to the position, “They [meaning who the security firm believes was
behind the attack] had motive.�

Ref:
http://gcn.com/Articles/2011/02/28/D...lang=en&Page=1

>> a potential risk. Fortunately, there are some security procedures
>> and tools available to help you win the fight against the bad guys.
>
> You need to learn basic html and basic networking 101 before the
> article and the tools will make any real sense to you. Until you decide
> to take the plunge and learn something, you're screwed.

As you can see from the extract from the article above, there's no way
that I could ever hope to develop sufficient skills - technical skills,
that is!

If catching bad guys relied solely on technical skill, us good guys
would /never/ win! ;-)

> I'm in an especially good mood today, so I will attempt to educate you
> slightly in assembler. I wrote this the other night screwing off with
> nasm.
>
> segment code
>
> start:
> mov ax,data
> mov ds,ax
> mov ax,stack
> mov ss,ax
> mov sp,stacktop
>
> mov dx,hello
> mov ah,9
> int 0x21
>
> mov ax,0x4c00
> int 0x21
>
> segment data
>
> hello: db 'hello, ****ing, world',13,10,'$'
>
> segment stack stack
> resb 64
> stacktop:
>
> It doesn't do anything complicated. You need to learn what each line is
> doing. It'll be a good start for you. Basic's 101.

OK, I thought, I'll do just that! Turn back the clock 30 years and learn
it all again!

I went back to HP to see what's available now and hey-ho, lookee here:-

https://h30187.www3.hp.com/security/...f2ac22b235f454

You'll note the 's' after http - I was therefore rather surprised that,
in three separate browsers, I got a security warning pop up when I went
to that URL! Here's an example:

http://i52.tinypic.com/t8t7vr.jpg

*Is that a reasonable thing to occur*? <shrug> I just don't know.


Nevertheless .....

I *have* though, downloaded a PDF file for later study: content:-


Lesson 1: Networking definitions: terms, concepts, and technologies
This lesson helps you to understand what a network is, how it works and
what kinds of technologies play a role in networked communications.
You'll build on this foundation in all of the lessons that follow.
» Lesson
» Assignment: Become familiar with networking
» Quiz: Lesson 1, quiz 1

Lesson 2: Understanding networking software
This lesson explores networking software operating systems and how they
provide communication across the network. You'll also look at client
versus server operating systems, and how applications share data.
» Lesson
» Assignment: Investigate networking software
» Quiz: Lesson 2, quiz 1

Lesson 3: Connecting a wireless network
Whether wired or wireless, every network uses some type of layout and
requires addresses to connect to and communicate with other devices.
This lesson covers basic network layout and design, network addressing,
access and more.
» Lesson
» Assignment: Select a topology and IP addresses
» Quiz: Lesson 3, quiz 1

Lesson 4: Network tutorial: working with servers
In this lesson, you'll delve into server setup and management, learn
about different uses for servers and determine which factors will help
you make a wise decision about whether to host your own services or have
someone else do it.
» Lesson
» Assignment: Determine server roles and your email application
» Quiz: Lesson 4, quiz 1

Lesson 5: Managing network security
In this lesson, you'll learn what it takes to properly maintain a wired
or wireless network. You'll learn about network performance
optimization, how to make sure your network is secure and how to
establish a network maintenance routine.
» Lesson
» Assignment: Minimize security risks
» Quiz: Lesson 5, quiz 1

Lesson 6: Troubleshooting: a networking toolkit
This final lesson helps you understand how to identify and address
common problems that affect a network, and how to effectively
troubleshoot issues so your network stays healthy.
» Lesson
» Assignment: Use troubleshooting tools
» Quiz: Lesson 6, quiz 1
» Your opinion counts. Please take our brief survey.

[G. Morgan]

~BD~ wrote:

>I went back to HP to see what's available now and hey-ho, lookee here:-
>
>https://h30187.www3.hp.com/security/...f2ac22b235f454

I went there and got this:
http://i53.tinypic.com/r9ka6s.jpg

FF 4.0.1 (Windows)

[Dustin]

~BD~ <~BD~@nomail.afraid.com> wrote in
news:ir7viq$e97$1@dont-email.me:

>> What's saddest tho, is that you will never be able to help anyone
>> find any bad guys. You don't have the skills and you never will
>> acquire them at this rate. You continue to alienate all who could
>> in some fashion be of use to you.
>
> A number of articles have been posted that discuss attribution for
> the Stuxnet cyberattack. Attribution is tricky — I’ve been there
> and made that mistake. The articles actually named China, Israel,
> United Kingdom and the United States as being behind what has come
> to be known as the most sophisticated cyber weapon and attack seen
> to date, at least in the public domain.

This isn't your style of writing.. Copy/pasted?

> Ref:
> http://gcn.com/Articles/2011/02/28/D...xnet-Mystery-c
> yberattack.aspx?sc_lang=en&Page=1

Ahh, yep.. see above.

>> You need to learn basic html and basic networking 101 before the
>> article and the tools will make any real sense to you. Until you
>> decide to take the plunge and learn something, you're screwed.
>
> As you can see from the extract from the article above, there's no
> way that I could ever hope to develop sufficient skills - technical
> skills, that is!

Your efforts to hunt bad guys are a lost cause then. Until you
understand them and can discuss the technology which is their world,
you're screwed.

> If catching bad guys relied solely on technical skill, us good guys
> would /never/ win! ;-)

For the most part, in the digital age, it does and you typically don't
win.

> OK, I thought, I'll do just that! Turn back the clock 30 years and
> learn it all again!

Turn back the clock? Nasm is still updated. [g]
Assembler might be old, but it's still useful and needed. Think of the
malware researchers. Sadly, some aren't actually programmers (let
alone coders) so they are limited in what they can do. Then you have
the coders bunch, we aren't limited in such a manner. We can take the
program apart and have a look around.

I won't provide you names of those who do/don't code, either, so don't
bother asking.

> You'll note the 's' after http - I was therefore rather surprised
> that, in three separate browsers, I got a security warning pop up
> when I went to that URL! Here's an example:

I've noticed you avoided the simple task I provided you, yes. And
instead are asking about SSL again. (that's the [s] in http(s))

> *Is that a reasonable thing to occur*? <shrug> I just don't know.

You have been told and told and told and told how SSL works. It's time
for you to use google, now.

> In this lesson, you'll learn what it takes to properly maintain a
> wired or wireless network. You'll learn about network performance
> optimization, how to make sure your network is secure and how to
> establish a network maintenance routine.


Many will, many have. I have my doubts with regards to you
specifically tho.



--
Why drink the water from my hand?
Contagious as you think I am
Just tilt my sun towards your domain
Your cup runneth over again

[~BD~]

G. Morgan wrote:
> ~BD~ wrote:
>
>> I went back to HP to see what's available now and hey-ho, lookee here:-
>>
>> https://h30187.www3.hp.com/security/...f2ac22b235f454
>
> I went there and got this:
> http://i53.tinypic.com/r9ka6s.jpg
>
> FF 4.0.1 (Windows)
>
>

Thanks for looking.

Here's Chrome http://i55.tinypic.com/35d3sqd.jpg

You'll see that https is red with a line through it!

Here's what SeaMonkey throws up:-

http://i51.tinypic.com/726cee.jpg

Both using Apple OS X.

[~BD~]

ASCII wrote:
> ~BD~ wrote:
>>
>> I went back to HP to see what's available now and hey-ho, lookee here:-
>>
>> https://h30187.www3.hp.com/security/...f2ac22b235f454
>>
>> You'll note the 's' after http - I was therefore rather surprised that,
>> in three separate browsers, I got a security warning pop up when I went
>> to that URL! Here's an example:
>>
>> http://i52.tinypic.com/t8t7vr.jpg
>>
>> *Is that a reasonable thing to occur*?<shrug> I just don't know.
>
> I enabled the security alert in Opera v11.01
> http://oi51.tinypic.com/1440dhe.jpg
> yet still didn't get any popup
> as you've indicated.
> Is there some other activation required?

Not as far as I'm aware!

I'm no longer seeing that 'alert' in Opera here, either.

Strange. It's almost as if 'somebody' has altered matters since my
original post! But that's just being parnoid, isn't?!!!

My only comment is that the most current version (for my mac) is 11.11

Thank you for taking an interest, ASCII. It's appreciated!


--
Dave - chasing straws!

[~BD~]

Dustin wrote:
> ~BD~<~BD~@nomail.afraid.com> wrote in
> news:ir7viq$e97$1@dont-email.me:
>
>>> What's saddest tho, is that you will never be able to help anyone
>>> find any bad guys. You don't have the skills and you never will
>>> acquire them at this rate. You continue to alienate all who could
>>> in some fashion be of use to you.
>>
>> A number of articles have been posted that discuss attribution for
>> the Stuxnet cyberattack. Attribution is tricky — I’ve been there
>> and made that mistake. The articles actually named China, Israel,
>> United Kingdom and the United States as being behind what has come
>> to be known as the most sophisticated cyber weapon and attack seen
>> to date, at least in the public domain.
>
> This isn't your style of writing.. Copy/pasted?

Yes - but still interestin, don't you agree?

>> Ref:
>> http://gcn.com/Articles/2011/02/28/D...xnet-Mystery-c
>> yberattack.aspx?sc_lang=en&Page=1
>
> Ahh, yep.. see above.

I wasn't trying to 'fool' anyone!

>>> You need to learn basic html and basic networking 101 before the
>>> article and the tools will make any real sense to you. Until you
>>> decide to take the plunge and learn something, you're screwed.
>>
>> As you can see from the extract from the article above, there's no
>> way that I could ever hope to develop sufficient skills - technical
>> skills, that is!
>
> Your efforts to hunt bad guys are a lost cause then. Until you
> understand them and can discuss the technology which is their world,
> you're screwed.

Those really clever technical fellows are already being screwed as you
so eloquently put it!

>> If catching bad guys relied solely on technical skill, us good guys
>> would /never/ win! ;-)
>
> For the most part, in the digital age, it does and *you* typically don't
> win.

I'd like you to have used *we* - rather than *you*!

It sounds as if you are on the opposite side to me, Dustin!

Surely you've changed your spots - haven't you?

>> OK, I thought, I'll do just that! Turn back the clock 30 years and
>> learn it all again!
>
> Turn back the clock? Nasm is still updated. [g]

I meant that I was doing such stuff 30 years ago with my boys! Duh!

> Assembler might be old, but it's still useful and needed. Think of the
> malware researchers. Sadly, some aren't actually programmers (let
> alone coders) so they are limited in what they can do. Then you have
> the coders bunch, we aren't limited in such a manner. We can take the
> program apart and have a look around.
>
> I won't provide you names of those who do/don't code, either, so don't
> bother asking.

I wasn't even dreaming of so doing! What good would names do?!!

>> You'll note the 's' after http - I was therefore rather surprised
>> that, in three separate browsers, I got a security warning pop up
>> when I went to that URL! Here's an example:
>
> I've noticed you avoided the simple task I provided you, yes. And
> instead are asking about SSL again. (that's the [s] in http(s))

I've been busy enjoying real life Dustin! Maybe I'll post a photo or two
later!

>> *Is that a reasonable thing to occur*?<shrug> I just don't know.
>
> You have been told and told and told and told how SSL works. It's time
> for you to use google, now.

You *never* show the curiosity I expect from a young and bright mind!

Why are the warnings issued - and then not? <shrug>

>> In this lesson, you'll learn what it takes to properly maintain a
>> wired or wireless network. You'll learn about network performance
>> optimization, how to make sure your network is secure and how to
>> establish a network maintenance routine.
>
>
> Many will, many have. I have my doubts with regards to you
> specifically tho.

I did it all years ago, Dustin. In the whole scheme of things, it's not
necessary for *me* to remember such detail!

[Mike Easter]

~BD~ wrote:

> Here's Chrome http://i55.tinypic.com/35d3sqd.jpg
>
> You'll see that https is red with a line through it!

http://www.google.com/support/chrome...n&answer=95617
Google Chrome › Help articles › Learn more › Page tools › Website
security indicators


--
Mike Easter

[David W. Hodgins]

On Sat, 21 May 2011 08:30:33 -0400, ASCII <me2@privacy.net> wrote:

> ~BD~ wrote:
>>
>> I went back to HP to see what's available now and hey-ho, lookee here:-
>> https://h30187.www3.hp.com/security/...f2ac22b235f454

> I enabled the security alert in Opera v11.01
> http://oi51.tinypic.com/1440dhe.jpg
> yet still didn't get any popup

It isn't a pop-up, nor is it related to the fraud/malware check.

First, install the security update for opera, 11.11.

Go to the above site. Note that you do not see a green or yellow padlock.

Where the padlock should be, it just shows a gray circle in front of
the word Web, in front of the url in the address bar.

Click on that gray circle, and then click on details, to see the
warning.

The site fails because it has lines such as
src="http://www.hp.com/country/js/hpweb_syn_con.js

Loading javascript from an unencrypted site stops the site from being
considered to be a secure connection.

Regards, Dave Hodgins

--
Change nomail.afraid.org to ody.ca to reply by email.
(nomail.afraid.org has been set up specifically for
use in usenet. Feel free to use it yourself.)