Man this stinks!  Every time I come up with a good idea it turns out that someone else thought of it first.  At this rate I'm never going to invent something super cool and get my birthday made into a national holiday.
http://it.slashdot.org/article.pl?sid=06/11/05/2234252

I saw this article on Slashdot this morning.
http://www.tech2.com/india/news/telecom/wikipedia-hijacked-to-spread-malware/2667/0


The article wrongly claims that Wikipedia was "hijacked" when in fact the perpetrators simply created a new article and put information in it with the same permission of any ordinary user.  No exploit was used against wikipedia, however the attack did take advantage of wikipedia's good name.  As wikipedia has become more popular and it's credibility has increased people are more trusting of the links presented on the site.  One of the links that the perpetrators put on their article was a link to a malicious web site that was spreading a virus.

I wonder if Wikipedia blocks any attempt to put scripting code into an article.  I've used mediawiki software before and usually I can put whatever code I want to in an article as long as I put the code between <nowiki> tags.  I'm not going to edit a wikipedia article to find out, but I would like to know if that stuff is blocked.  If not it would present a tempting target for people trying to spread malware.

I was recently asked to speak in an information security class that is being taught on my campus.  The professor wanted me to speak about developing Information Security Policies since that has been my primary role at the University where I work.

Being a particularly sadistic person, I wrote a paper on information policy development and user education to share with the class.  Now I know that security policy development is nobody's favorite subject, but since there has been a call for more content, I thought I would share what I could.

So if you're looking for some light reading to help put you to sleep, here is an excellent guide to developing Information Security Policies and User Education programs.  Enjoy!

http://mavdisk.mnsu.edu/kevin/security/secuser.html

I'd like to add to what Kev said.  "Script Kiddie" is a term of derision for an individual who doesn't look for new exploits and doesn't do anything to improve the security posture of the computer using community, he or she simply downloads a tool and starts searching for a place to use it.

There is a big difference between that individual and a penetration tester, a respected professional that is hired to assess the security of an organization and improve the security posture of that organization.

Although it may be difficult to see a major difference, I think the motivation of the person using the tools is one of the ways to distinguish between a script kiddie and a penetration tester.  That is, of course, in addition to what Kev said about script kiddies not understanding how the tools work.

I have been reading the Security+ Exam cram book as I prepare for this exam.  Do you believe that the book will continue to be a useful resource for studying for the test, or do I need to go out and buy new study material?

Thanks for the clarification!  Sometimes my enthusiasm gets the best of me.

I don't understand why electronic voting is so difficult.  This should be an open source project funded by the federal government.  That way there would be widespread faith that there wasn't any trickery in the code.  That takes care of the code.

The same government agency should also come up with specifications so that MULTIPLE companies or non-profit agencies can develop certified machines to run the open source code.  No proprietary stuff, or non-standard implementations, it has to match the specifications perfectly.  That takes care of the hardware.

Election observers would need to be trained in how to load the open source code onto the certified hardware.  No using the code that came from the factory, it has to be a fresh install for each election cycle.

Finally, there has to be some kind of auditing.  I like a distributed auditing systems.  I think each person's vote should be encoded and put on a public website.  The voter gets a PRINTED receipt with a pin number after their vote and they can use that pin number to view the official vote that was recorded for them.  This allows for widespread certification that the votes recorded are the votes intended.

Last idea: The system should continue to use the current paper ballots that are used by the machines for a period of a few years until the voters, the vote counters, and the election officials are satisfied that the electronic voting system has matured enough to replace paper ballots.

You know it took me longer to write this post than it took for me to think of these ideas. 

I'm getting an error that I'm not allowed to view this resource.  Is there something wrong with my account?

I think you're being too hard on Microsoft, Negrita; this can only be good news for the open source community.

Whether you believed in the threat or not, there was a very real threat out there that Microsoft, which has a ton of patents, might start flexing that muscle and run some linux vendors our of business.  Not having support for your products is not a good position to be in from a business continuity standpoint and so the safest course of action for some has been to not adopt.  Remember when SCO first started suing IBM over linux?  The primary concern in the open source community was that their action (along with their letters to companies) would scare people away from linux entirely.

Also if Microsoft is going to make their office suite work better with Open Office then it will benefit all users of OO, not just the ones that use SUSE.  I think this move, along with the recent change to the EULA in Vista regarding re installation of the product, show that Microsoft is taking serious steps to be less of a bully...and that is probably the best news ever for Open Source.  I admit that they should have done these things sooner.  However, when someone is doing something bad, and then they start doing something good, I'm not going to kick them around too much for having been bad in the first place.  I'm just going to say thank you.

By the way, Negrita, have I seen you posting on the Ubuntu forums?  Just wondering if it was the same person.

This week I attended a conference in Fargo, ND; IT Security: a call to action for the education community.  Being someone that works for a University, I am well aware of the poor reputation that Universities have for security.

One evening while I was there I went over to Barnes and Noble and had the opportunity to browse Hackers Challenge 3, and I read about the DNS Cache attack in Chapter 3.  By the way, that is a great book.

The next day one of the presenters, Joe St. Sauver, was talking about the four biggest monsters that are lurking out there threatening to bite our organizations, and he presented a statistic from a survey that found that 75% of all name servers world wide run as open recursive name servers.  He also provided a link to http://dnsreport.com where you can check out the status of your own domain.  I was disappointed to learn that my own domain has some serious flaws that need to be addressed.

The speaker went on to discuss using open recursive name servers to launch distributed denial of service attacks, or using DNS cache poisoning to lure people to fishing sites.

It was a very good presentation, and if you ever have the opportunity to hear Joe St. Sauver speak I encourage you to take advantage.  The main point of this posting though is to bring up how widespread these problems are, and the damage that can be done.  If 75% of DNS Servers are open to this kind of attack then chances are someone who is reading this is vulnerable.  So please take a moment to check our your domain with http://dnsreport.com.

Wow, Chris, thanks for the push.  I still dont really understand the answer though.  If you have a moment could you explain this to me?

I was trying to send the following to the server as the username:
' or 1=1; --

I thought that would have given me a final query of
SELECT * FROM $table WHERE user='' or 1=1; --' AND pass='$password'

which should have returned the first username in the table.  Why wasn't that working?  Was it something I was doing wrong?  Did the injected code have to be in the password field or should it also work in the username field?

Also, in the answer key you sent it appears that the solution is to basically do what I was doing, but replace every space with a quote in the password field, which would result in the following query, if I'm not mistaken
SELECT * FROM $table WHERE user='admin' AND pass='bla'or'1=1--'
or
SELECT * FROM $table WHERE user='admin' AND pass='bla'or'a'='a

Why would we want to put quotes around 1=1--?  And what's up with the second one?  MySQL would throw a fit if I sent that to it. 

Thanks for any additional help you can provide.

I just started them yesterday, and I'm having some difficulty with level 5 of game 1.  This is the first SQL injection challenge in the game.  I've looked over the psuedo code and injected the SQL that I believe would cause rows to come back, but I keep getting an error on the next page.  Unfortunately the error is rather generic and could mean a whole host of things.  I think I'm close to solving this, but I just need a push in the right direction.  Can anyone lend some assistance?

I'm not sure if i'm posting in the proper place so forgive me if this should go elsewhere.

I'm evaluating hard disk encryption software for the University that I work for and there is one that I really like, Pointsec for PC.  I've encrypted the disk on a testing laptop and gone over it with a Helix CD and i wasn't able to do anything, which is to be expected.

The question is, how could I verify that things are actually encrypted?  I know, this is a reputable product with certifications from everyone under the sun and I'm sure they're not cheating me, but hacking is about curiosity and learning new things.  How do I know that the software really encrypts the disk and doesn't just mess with the partition table or make some modifications to the MBR while leaving all of my precious data in the clear?  What would it take (other than independent certification) to satisfy you that the data was encrypted?  How would you verify it?

Thanks!