For almost two years, intelligence services around the world tried to uncover the identity of an Internet hacker who had become a key conduit for al-Qaeda. The savvy, English-speaking, presumably young webmaster taunted his pursuers, calling himself Irhabi -- Terrorist -- 007. He hacked into American university computers, propagandized for the Iraq insurgents led by Abu Musab al-Zarqawi and taught other online jihadists how to wield their computers for the cause.

Suddenly last fall, Irhabi 007 disappeared from the message boards. The postings ended after Scotland Yard arrested a 22-year-old West Londoner, Younis Tsouli, suspected of participating in an alleged bomb plot. In November, British authorities brought a range of charges against him related to that plot. Only later, according to our sources familiar with the British probe, was Tsouli's other suspected identity revealed. British investigators eventually confirmed to us that they believe he is Irhabi 007.

For full story:
http://www.washingtonpost.com/wp-dyn/content/article/2006/03/25/AR2006032500020_pf.html

Don

Those helpful security researchers have once again publicized a hole in IE before telling Microsoft. Read about the latest zero-day vulnerability in the Top Threat section.

http://ct.enews.pcmag.com/rd/cts?d=184-2658-14-56-160610-323252-0-0-0-1

Don

You've probably seen the Skillz Category with a 'Coming Soon' announcement just sitting there for months. Now in its place are the details of our new bi-monthly contest.

Friend and colleague, Ed Skoudis of Counter Hack Reloaded fame, will write and judge our first contest. He will also act as host for all subsequent challenges.

I'm really excited, and I feel this will quickly become the main attraction of this site.

Let me know what you think,
Don

Anyone going to InfoSec World 2006? We'd love to hear your thoughts on this event, how it compares to previous years and other events, how's the training, keynotes, exhibit hall, those in attendance, etc.

Don

What a pain in the ...

I'll forgoe the details and just say that we are now on the dedicated server, and I am very happy with the performance gains.

Thanks for your patience, and let me know if you notice any problems at all.

Don

PS - Stay tuned for my latest news from the editor article. Sneak Peak: hacker challenges are coming soon!

For those of you unfamiliar with the Fedora Project, this is Red Hat's proving ground for new technology. Not meant to be as stable as Red Hat Enterprise Linux (RHEL), everything but the kitchen sink is included in Fedora Core releases. Then, if it meets strict requirements, the best features from Fedora may make it into the next version of RHEL.

Get it here:

http://fedora.redhat.com/

Don

CBT Nuggets has announced that the Certified Ethical Hacker Series is now available. We will soon be reviewing this series, so stay tuned.


Series Breakdown
Title:  Certified Ethical Hacker Series
Exam targeted:  Ethical Hacking & Countermeasures (312-50)
Certification information:  EC-Council: Certified Ethical Hacker
Number of videos included:  21
Total hours of video training:  11
Trainer:  James I. Conrad
Free Video from this series: (no login required) Introduction to Ethical Hacking

To see this and other security related titles and free videos, visit CBT Nuggets Web Site.

Don

As many of you know, our sister site, The Certified Security Professional Online Magazine, has monthly giveaways for its members. We have on occasion included EH-Net members when the prize relates to topics on this site.

Good News!!

We have decided to include EH-Net members in All Monthly Giveaways from here on out.

Please see our changes to the selection of the winner(s):
http://www.certifiedsecuritypro.com/component/option,com_smf/Itemid,190/topic,274.0

Thanks and good luck,
Don

PS - Teaser... Later today (or tomorrow) the new contest will be announced with CEH exam vouchers!

BLOOMINGTON, Ind. -- A new technique developed by an Indiana University School of Informatics scientist provides a strong shield against identity theft and cyber attacks.

Cybersecurity expert Markus Jakobsson and the start-up RavenWhite Inc., of which Jakobsson is a co-founder, have developed an "active cookie," a countermeasure designed to protect against online scams such as pharming and man-in-the-middle attacks.

Pharming is obtaining personal or private (usually financial) information through domain spoofing. Rather than spamming with malicious and mischievous e-mail requests for users to visit fake Web sites which appear legitimate, pharming "poisons" a domain name server by planting false information in the server, resulting in a user's request being redirected elsewhere. The browser, however, tells users they are at the correct Web site.

"There are no reliable commercial tools currently available to protect users from such attacks," said Jakobsson, associate professor of informatics and associate director of the IU Center for Applied Cybersecurity Research. "We believe that active cookies can provide such protection."

RavenWhite provides a new use of cookies, which are coded pieces of information stored on a person's computer that identify that computer during the current and subsequent visits to a Web site. Active cookies can be used in some situations where traditional cookies are not practical. Jakobsson's invention helps protect against known types of pharming attacks and man-in-the-middle attacks, but also against new and threatening versions such as two new attacks discovered by Mark Meiss and Alex Tsow, both computer science doctoral students at IU.

Meiss discovered a technique that allows an attacker to hijack almost any Wi-Fi (wireless fidelity) connection with the purpose of redirecting users to incorrect sites. He recently verified that the technique works in a local hotspot, a location where Wi-Fi users pick up an active signal.

"There is no way a user can determine that this attack takes place," explained Meiss, a researcher at IU's Advanced Network Management Lab. "You can't be sure you are actually visiting your banking site, for example, even though it looks like you are. There is simply no way of telling."

Tsow discovered that consumer routers can be trivially modified to stealthily redirect users to fake sites. He showed a browser window where he typed eBay into the address bar, but where the loaded content showed the Web page of the Anti-Phishing Working Group.

"In a real attack, the user would be taken to a site that is a true clone of the place they intended to go, but the cloned site would be operated by the attacker and would steal the user's password," said Tsow, a visiting research associate who works with Jakobsson.

Jakobsson believes these kinds of attacks pose threats that few have considered. "How can I dare to connect in a hotspot when the guy next to me may be hijacking my connection and taking me to the wrong site to steal my password?" Jakobsson asked. "And how can anybody buy hardware from sellers they don't trust? These attacks are not detectable by the ordinary Internet user."

Jakobsson cautions that consumers should not buy a router from online services if they fear the seller might really be a phisher in disguise. Apart from being a problem for online auction sites such as eBay, it is also a problem for financial service providers, whose customers are the potential victims of attacks of this type.

"Those are the organizations that would benefit most from using active cookies," Jakobsson added.

Original Story:
http://newsinfo.iu.edu/news/page/normal/2953.html

Don

Lab rats at Microsoft Research and the University of Michigan have teamed up to create prototypes for virtual machine-based rootkits that significantly push the envelope for hiding malware and that can maintain control of a target operating system.

The proof-of-concept rootkit, called SubVirt, exploits known security flaws and drops a VMM (virtual machine monitor) underneath a Windows or Linux installation.

Once the target operating system is hoisted into a virtual machine, the rootkit becomes impossible to detect because its state cannot be accessed by security software running in the target system, according to documentation seen by eWEEK.

The prototype, which will be presented at the IEEE Symposium on Security and Privacy later in 2006, is the brainchild of Microsoft's Cybersecurity and Systems Management Research Group, the Redmond, Wash., unit responsible for the Strider GhostBuster anti-rootkit scanner and the Strider HoneyMonkey exploit detection patrol.

For full story:
http://www.eweek.com/article2/0,1759,1936666,00.asp

Don

Actually, Negrita was one of the first to register on CSP Mag (April 8 of last year) and has been with us a while.

Glad to see you participating on this site, too.

Don

Here you go...




http://www.knopper.net/knoppix/index-en.html

Don

I have no idea what a "Mary Had A Little Lamb" Formula for cracking passwords is. I could make some guesses, but that's all they would be... guesses. I'll ask around.

Also, I have no problem with you leading the study group. I'll try to participate as much as I can. Also, being part of a group may help motivate me.

Should we continue this part of the conversation in a new thread of The Charter Study Group?

Don

Anyone attend this event last week? Share your thoughts on this and other Black Hat events.

Don

Try these out:

TechNet Webcast: Assessing Network Security (Part 1 of 2): Planning and Research (Level 200)

TechNet Webcast: Assessing Network Security (Part 2 of 2): Penetration Testing (Level 200)

Let us know what you think,
Don