= Stories For Discussion =
#[http://www.hackinthebox.org/index.php?name=News&file=article&sid=33063 Chat-in-the-middle] - [Larry] - Wow, don't believe anything you read, and half of what you see. Now, Phishers are spawning up those nice web chat assistance windows to help you give them the keys to your account. Nice.
#[http://www.social-engineer.org/ Do not go to this site] - [Larry] - I'm really glad these guys are putting this project together, as there aren;t a lot of good resources on teaching/learning social engineering. So far the info and resources are great, and will evolve in time. I wonder if they have plans to include defensive measures…. [
PaulDotCom] - Gave this a quick look today and looks like it has a good chance of becoming THE social engineering resource on the web. I read the page on pre-texting and was delighted to read accurate descriptions and examples that have occured in the real world. I also think that while you can have the technical abilities to execute social engineering, its one of those things that you have to be the kind of person that can execute them successfully, and thats something you can't teach.
#[http://tools.ietf.org/html/draft-oreirdan-mody-bot-remediation-03 Got Bots?] - [Larry] - The IETF has released a document entitled "Recommendations for the Remediation of Bots in ISP Networks". Talks about what to do, and how to notify customers and manage. One might even adopt this for internal practices as well….
#[http://www.xssed.com/mirror/64138/ For the love of all that is holy!] - [Larry] - OK, who spent the time finding XSS at this site? I mean, sometimes security is a dirty job, but for fun?
#[http://www.theregister.co.uk/2009/09/16/power_grid_weakness/ So, are we going to take this SCADA Stuff seriously?] - [Larry] - Ok, so China is speculating that taking out a smaller power operation can have larger effects. Sounds like a parallel to attacking computer systems, and not just the power grid.
# [http://www.cybercrime.gov/gonzalesPlea.pdf Albert Gonzalez pleads guilty to New England attacks] - [MikeP.] - 130 Million credit cards later, the Feds allegedly have their man.
#[http://taosecurity.blogspot.com/2009/09/microsoft-updates-ms09-048-to-show-xp.html MS09-048] - [
PaulDotCom] - A DoS condition, patched in Win 7 and Server 2008, leaves all other OSes vulnerable, NICE! It is a true TCPIP exhaustion type attack, so seems to me it will remain a DoS.#[http://isc.sans.org/diary.php?storyid=7141&rss DoS -> Local and Remote Exploit SMBv2 vuln] - [ PaulDotCom] - Gotta love the 0day love on this one with Immunity releasing to their customers both a local and remote exploit for Vista and server 2008.
#[http://socialmediasecurity.com/security-guides/facebook/ Facebook security from the experts!] - [Mick] - Tom Eston made this amazing guide. Be sure to check it out and follow the advice! I'm sure you'll be glad you did.
#[http://money.cnn.com/2009/09/16/technology/cybercrime/index.htm?postversion=2009091613 Cybercrime underground economics 101] - [Mick] - Hey! Since it's on CNN, it has to be real! I actually like the fact that this brings some exposure to the non-techs.