Re: [funsec] Rules keep hackers from helping government
http://www.govexec.com/features/1110-01/1110-01s1.htm snip But the alliance is an uneasy one. Hackers feel persecuted by the rest of the world and the government . . . because they're scaring the shit out of people who are dumb, says Darren Greco, a computer specialist who does security auditing for federal agency affiliates and who attended the ideologically charged, left-leaning Hackers on Planet Earth Conference in New York in July. If the two parties can work out an understanding, then their collaboration could bolster vulnerable federal networks. But both sides would have to put aside their paranoia. /snip sigh...i'm paranoid even posting this ;) Cheers, --scm On Wed, Mar 2, 2011 at 11:04, phester fun...@armorfirewall.com wrote: http://www.nextgov.com/nextgov/ng_20110301_1957.php Friendly hackers and other computer whizzes who could help bolster government's cyber defenses often are unable to collaborate with the Homeland Security Department because of outdated policies that Congress and the White House must reform, former DHS Secretary Tom Ridge said on Tuesday. ... Despite such opportunities, members of the hacker community remain wary of working with the government. They know how to find network weaknesses, but might be leery of sharing such talents, if lending a hand requires navigating through too much red tape. ... The [regulations] are written to the extent where, we're not really going to trust people in the private sector because, heaven forbid, they might be financially advantaged either with a contract or just general information. __ Maybe they can use the federal courts to steal hackers' work, like Sony is doing with GeoHot. ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] DIY bookscanner
A very cool hack. Even a bit of dumpster-diving in the video :) http://www.instructables.com/id/DIY-High-Speed-Book-Scanner-from-Trash-and-Cheap-C/ cheers, --scm ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] [ article ] How to secure medical data on your iPhone
FYI Thoughts? Step-by-step instructions for securing patients' medical data on your iPhone or iPad, courtesy of Dr. John Halamka, chief information officer for Boston's Beth Israel Deaconess Medical Center and Harvard Medical School. http://www.massdevice.com/blogs/massdevice/how-secure-medical-data-your-iphone Cheers, --scm ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] [ article ] Monitor Control Your SCADA System With SMS Text Messages
sigh...hopefully a fat-fingered 'OMG' text message doesn't 'Open Main Gate' http://www.wateronline.com/article.mvc/Monitor-Control-Your-SCADA-System-With-SMS-0001 snip ...captures data from field devices in the form of text messages using the SMS protocol. The driver sends and receives these messages through a central GPRS/GSM modem. ...allows authorized users to send text messages that query these devices for information and issue commands to do things like start pumps or close valves or capture alarm. /snip Cheers, --scm ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] The Coolest Locksmith Shop in New York City
http://www.scoutingny.com/?p=3534 ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] best 'danger' sign ever?
http://everythingninja.files.wordpress.com/2010/01/big_4220399.jpg ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] OpenCRS: Internet Domain Names: Background and Policy Issues
http://opencrs.com/document/97-868/ Summary Navigating the Internet requires using addresses and corresponding names that identify the location of individual computers. The Domain Name System (DNS) is the distributed set of databases residing in computers around the world that contain address numbers mapped to corresponding domain names, making it possible to send and receive messages and to access information from computers anywhere on the Internet. The DNS is managed and operated by a not-for-profit public benefit corporation called the Internet Corporation for Assigned Names and Numbers (ICANN). Because the Internet evolved from a network infrastructure created by the Department of Defense, the U.S. government originally owned and operated (primarily through private contractors) the key components of network architecture that enable the domain name system to function. A 1998 Memorandum of Understanding (MOU) between ICANN and the Department of Commerce (DOC) initiated a process intended to transition technical DNS coordination and management functions to a private-sector not-for-profit entity. While the DOC has played no role in the internal governance or day- to-day operations of the DNS, ICANN remained accountable to the U.S. government through the MOU, which was superseded in 2006 by a Joint Project Agreement (JPA). On September 30, 2009, the JPA between ICANN and DOC expired and was replaced by an Affirmation of Commitments (AoC), which provides for review panels to periodically assess ICANN processes and activities. Many of the technical, operational, and management decisions regarding the DNS can have significant impacts on Internet-related policy issues such as intellectual property, privacy, e- commerce, and cybersecurity. With the expiration of the ICANN-DOC Joint Project Agreement on September 30, 2009, and the announcement of the new AoC, the 112th Congress and the Administration may continue to assess the appropriate federal role with respect to ICANN and the DNS, and examine to what extent ICANN is positioned to ensure Internet stability and security, competition, private and bottom-up policymaking and coordination, and fair representation of the global Internet community. A related issue is whether the U.S. government's unique authority over the DNS root zone should continue indefinitely. Foreign governments have argued that it is inappropriate for the U.S. government to have exclusive authority over the worldwide DNS, and that technical coordination and management of the DNS should be accountable to international governmental entities. On the other hand, many U.S. officials argue that it is critical for the U.S. government to maintain authority over the DNS in order to guarantee the stability and security of the Internet. The expiration of the JPA, the implementation of the Affirmation of Commitments, and the continuing U.S. authority over the DNS root zone remain issues of interest to the 112th Congress, the Administration, foreign governments, and other Internet stakeholders worldwide. Other specific issues include the possible addition of new generic top-level domain names (gTLDs), .xxx and the protection of children on the Internet, the security and stability of the DNS, and the status of the WHOIS database. How all of these issues are ultimately addressed could have profound impacts on the continuing evolution of ICANN, the DNS, and the Internet. ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] Fun with vehicle airbag compartments
http://www.bimmerfest.com/forums/showthread.php?t=331276 ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] Leak prevention leaked
On Thu, Jan 27, 2011 at 14:06, Rob, grandpa of Ryan, Trevor, Devon Hannah rmsl...@shaw.ca wrote: http://www.techspot.com/news/41889-leaked-us-government-strategy-to-prevent- leaks.html It doesn't get any more ironic than that Fwiw, this is a OMB document intentionally published on whitehouse.gov http://www.whitehouse.gov/sites/default/files/omb/memoranda/2011/m11-08.pdf An infosecisland article covered this as well [1] Still, some gems in that doc like the following: snip • What metrics do you use to measure “trustworthiness” without alienating employees? • Do you use psychiatrist and sociologist to measure: o Relative happiness as a means to gauge trustworthiness? o Despondence and grumpiness as a means to gauge waning trustworthiness? /snip Cheers, --scm [1] https://www.infosecisland.com/blogview/10742-White-House-Strategy-to-Prevent-Leaks-is-Leaked.html ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] [article] The iPad in the Hospital and Operating Room
Hi James, On Mon, Jan 24, 2011 at 08:11, James Philput jamesphil...@gmail.com wrote: I've been trying to convince the powers that be to let me have a test iPad just for testing cleaners, but they won't do it. Hrm...I can see the rationale for that. After all, if a problem is discovered, especially with the current practices not being sufficient, the the powers that be have to do something about it, right? I suppose plausible deniability is a nice thing, so long as it's not their open sores rotting with Staph infection. I was thinking that with Steve Jobs about to get serious medical treatment, it would be interesting to see if his medical doctors show up carring iPads with his medical information on them. Perhaps the doctors are using opensource, non-FDA-approved medical image software for diagnosis [1]. Or perhaps those same doctors' iPads ealier in the day had a couple of kids playing Angry Birds, and later that afternoon, after meeting worth Mr. Jobs, the doctors will be at Starbucks, using their iPads on a open wireless connection? Let me be clear in that I wish Mr. Jobs the speediest full recovery and that my heart goes out to his family. But I do hope that with his downtime and likely exposure to iPads in medical environments -- that is, his own treatment -- he will gain some insights and clarity concerning the risks of consumer devices used in these environments. We're eating our own dogfood now, no? Cheers, --scm [1] http://www.imedicalapps.com/2010/09/radiologist-review-ipad-medical-imaging-dicom/ ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] [article] The iPad in the Hospital and Operating Room
Hi Phester, On Thu, Jan 20, 2011 at 20:50, phester fun...@armorfirewall.com wrote: Yeah, but it illustrates an universal issue. If users can't do what they want over the network, they'll find a way around it. Exactly. This is great technology and enables medical pros to do more for patients. But it's also worth mentioning that security people can expect a great deal of pushback from medical pros when trying to assign the risk and place limitations on these kind of consumer devices in a medical environment -- and believe me, they can be a tough group of articulate, forceful and powerful people to deal with. As a lowly network security monkey, I can vouch that it's no fun to go head-to-head with with a MD with a Ph.D who brings in millions in grants to the organization and wants to use his fancy iPad or iPhone for medical work. And I would go even further in that the article mentions medical schools like Stanford issuing iPads to incoming med students beginning 2014. So we can expect a entire new group of medical pros who expect support and security with these devices. What's also interesting and a huge, undefined challenge is the blending of these consumer devices into medical devices. With the addition of medical image viewing software on the iPad, that device has now transitioned from a personal learning/entertainment platform to a bona fide medical device, which opens up many more questions in terms of organizational policy, data management/retention, and regulatory requirements (HIPAA/HITECH, etc.). After all, one can jailbreak an iPad by visiting a website, clearly there are risks to PHI on a iPad, no? Further compounding the issue are cloud applications, specifically the growing use of personal cloud services like DropBox. There's a great deal of uncertainty as to the DropBox use with medical information and regulatory requirements. For more than a year on the DropBox forums, folks have been going back and forth as to if this application meets regulatory requirements. But, as you note, people are going to do what they want, and this is reinforced by DropBox making it way into Top 20 Lists of apps for medical pros [1] And with medical pros not fully understanding how personal storage cloud apps like DropBox actually work insofar as data retention and flow, we are facing tremendous challenges. When asked about security concerns with the iPad, especially if one is left behind inadvertently, Dr. Feldman pointed out that as with everything web-based, nothing is stored on the device. [2] From a vendor perspective, there are huge opportunities in this space to provide workable security solutions for these kinds of devices and, as Bruce Schneier writes, the Consumerization and Corporate IT Security [3] Bottom line is that we need these solutions to keep the management folks happy with their regulatory compliance goals, and to provide more assurance to network security guys like me who are sweating bullets and worrying in the trenches as we face irate medical pros with serious pull who expect us to not only secure these devices, but also take on the liability risks of data loss. Said hospitals need to find a way to provide function securely. Solutions are out there. You mention there are solutions out there. I welcome further discussion, either off-list or on-list. Cheers, --scm [1] http://www.imedicalapps.com/2010/12/bes-free-iphone-medical-apps-doctors-health-care-professionals/19/ [2] http://www.imedicalapps.com/2010/12/dropbox-osirix-ipad-radiology-images-operating-room/ [3] http://www.schneier.com/blog/archives/2010/09/consumerization.html ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] [article] The iPad in the Hospital and Operating Room
Hi James, Thanks for sharing your insights. sigh...maybe I'm just getting old, being pragmatic, or selling out -- but my takeaway from this iPad/OR stuff is to patent a single-use iPad sterile wrapping solution and sell the rights to a medical sterile packaging company. Considering the pervasive threat of nasties like MRSA [1] in medical environments, a single-use sterile iPad bag would help mitigate the most likely immediate threat to patient safety: dirty iPads crawling with Staphylococcus Aureus. ughi'm almost ashamed of myself ;) Cheers, --scm [1] http://www.cdc.gov/mrsa/ Cheers, --scm On Fri, Jan 21, 2011 at 12:50, James Philput jamesphil...@gmail.com wrote: I'm in a similar situation. We're currently rolling out security policies for tablet devices, and have been getting a lot of push back from the medical staff. The thing that seems to be working here is a combination of policy and education. We're allowing personal iPads to be used if the user agrees to let us install a basic security profile on the device. The standard profile includes the usual wireless, email and VPN settings that we give to other remote users, but it also forces stronger passwords and a shorter idle screen lock. Those settings, coupled with treating all of the iDevice/tablets as untrusted resources, have gone a long way toward making the things less of a security risk. We've been trying to plan for more consumer devices on the network. It takes some effort and a bit more flexibility from a policy and procedure standpoint, but our willingness to work with the non-tech staff on this seems to have gained us a lot of good will. The users are much more willing to listen to why we don't want them to do something rather than just trying to find ways to evade us. Regards, James On Fri, Jan 21, 2011 at 11:25 AM, Shawn Merdinger shawn...@gmail.com wrote: Hi Phester, On Thu, Jan 20, 2011 at 20:50, phester fun...@armorfirewall.com wrote: Yeah, but it illustrates an universal issue. If users can't do what they want over the network, they'll find a way around it. Exactly. This is great technology and enables medical pros to do more for patients. But it's also worth mentioning that security people can expect a great deal of pushback from medical pros when trying to assign the risk and place limitations on these kind of consumer devices in a medical environment -- and believe me, they can be a tough group of articulate, forceful and powerful people to deal with. As a lowly network security monkey, I can vouch that it's no fun to go head-to-head with with a MD with a Ph.D who brings in millions in grants to the organization and wants to use his fancy iPad or iPhone for medical work. And I would go even further in that the article mentions medical schools like Stanford issuing iPads to incoming med students beginning 2014. So we can expect a entire new group of medical pros who expect support and security with these devices. What's also interesting and a huge, undefined challenge is the blending of these consumer devices into medical devices. With the addition of medical image viewing software on the iPad, that device has now transitioned from a personal learning/entertainment platform to a bona fide medical device, which opens up many more questions in terms of organizational policy, data management/retention, and regulatory requirements (HIPAA/HITECH, etc.). After all, one can jailbreak an iPad by visiting a website, clearly there are risks to PHI on a iPad, no? Further compounding the issue are cloud applications, specifically the growing use of personal cloud services like DropBox. There's a great deal of uncertainty as to the DropBox use with medical information and regulatory requirements. For more than a year on the DropBox forums, folks have been going back and forth as to if this application meets regulatory requirements. But, as you note, people are going to do what they want, and this is reinforced by DropBox making it way into Top 20 Lists of apps for medical pros [1] And with medical pros not fully understanding how personal storage cloud apps like DropBox actually work insofar as data retention and flow, we are facing tremendous challenges. When asked about security concerns with the iPad, especially if one is left behind inadvertently, Dr. Feldman pointed out that as with everything web-based, nothing is stored on the device. [2] From a vendor perspective, there are huge opportunities in this space to provide workable security solutions for these kinds of devices and, as Bruce Schneier writes, the Consumerization and Corporate IT Security [3] Bottom line is that we need these solutions to keep the management folks happy with their regulatory compliance goals, and to provide more assurance to network security guys like me who are sweating bullets and worrying in the trenches as we face irate medical pros with serious
[funsec] [article] The iPad in the Hospital and Operating Room
http://www.healthcareitscope.com/ipad-hospital-operating-room/ It can also be useful in bypassing hospitals’ restrictive networks to access remote files and office electronic medical records (EMRs) using the cellular 3G networks. ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] Marin County bans smartmeters
http://www.co.marin.ca.us/efiles/BS/AgMn/agdocs/110104/110104-11-CL-ord-ORD.pdf ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] Marin County bans smartmeters
whew...some boat payments might have been at risk there for a moment :) On Fri, Jan 7, 2011 at 16:50, Paul Ferguson fergdawgs...@gmail.com wrote: PGE to ignore Marin Co moratorium on SmartMeters http://www.sfgate.com/cgi-bin/article.cgi?f=%2Fn%2Fa%2F2011%2F01%2F05%2Fstate%2Fn123609S38.DTL ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] [news] Court: No warrant needed to search cell phone
interesting http://redtape.msnbc.com/2011/01/court-cops-can-search-cell-phone-without-warrant.html ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] [news] Doctors' use of mobile phone apps rising, says study
http://www.pharmatimes.com/Article/11-01-05/Doctors_use_of_mobile_phone_apps_rising_says_study.aspx In 2010 more than 50% of physicians were using a smartphone or PDA device on a regular basis for everyday treatment activity, says the firm in its just-published Worldwide Market for Mobile Medical Apps report. In 2004 that figure was just 25%, while in 2008 it was 35%-40% ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] Dance Gooshers = the new RickRoll?
Super Toll :) http://www.youtube.com/watch?v=h1gI10Ru1As ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] CRS report: Criminal Prohibitions on the Publication of Classified Defense Information
http://opencrs.com/document/R41404/ Summary The recent online publication of classified defense documents and diplomatic cables by the organization WikiLeaks and subsequent reporting by the New York Times and other news media have focused attention on whether such publication violates U.S. criminal law. The Attorney General has reportedly stated that the Justice Department and Department of Defense are investigating the circumstances to determine whether any prosecutions will be undertaken in connection with the disclosure. This report identifies some criminal statutes that may apply, but notes that these have been used almost exclusively to prosecute individuals with access to classified information (and a corresponding obligation to protect it) who make it available to foreign agents, or to foreign agents who obtain classified information unlawfully while present in the United States. Leaks of classified information to the press have only rarely been punished as crimes, and we are aware of no case in which a publisher of information obtained through unauthorized disclosure by a government employee has been prosecuted for publishing it. There may be First Amendment implications that would make such a prosecution difficult, not to mention political ramifications based on concerns about government censorship. To the extent that the investigation implicates any foreign nationals whose conduct occurred entirely overseas, any resulting prosecution may carry foreign policy implications related to the exercise of extraterritorial jurisdiction and whether suspected persons may be extradited to the United States under applicable treaty provisions. This report will discuss the statutory prohibitions that may be implicated, including the Espionage Act; the extraterritorial application of such statutes; and the First Amendment implications related to such prosecutions against domestic or foreign media organizations and associated individuals. The report will also provide a summary of pending legislation relevant to the issue, including S. 4004. ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] How I taught rats to sniff out land mines: Bart Weetjens on TED.com
http://blog.ted.com/2010/12/02/how-i-taught-rats-to-sniff-out-land-mines-bart-weetjens-on-ted-com/ Cheers, --scm ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] 2011 Security Predictions?
Hi List, Hide your kids, hide your wife -- it's the time of year when we start seeing articles on their crystal ball security predictions. I'm wondering what folks on the list expect for 2011? Thoughts? Cheers, --scm ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] Hacking Christmas Lights
http://www.deepdarc.com/2010/11/27/hacking-christmas-lights/ http://www.youtube.com/watch?v=AySja69jvHMfeature=player_embedded ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] Inmate E-Mail (someone guessed right)
Hi Justin, On Wed, Dec 1, 2010 at 11:15 AM, Justin Scott ad...@dtdns.com wrote: If anyone has suggestions on improving the invitation process or anything else I'm all ears. Nice to see this option for incarcerated people and their families, though at 50 cents per email it's a bit costly imho. 1. I've noticed a the lack of SSL on the credit ordering page where credit card info is entered [1] 2. The TOS section here is a bit confusing, especially the term public area -- am I to understand that all user content/communication/emails posted are in the public area by this TOS? [2] Some folks might wonder how this comes into play regarding attorney/client privilege, etc. snip By posting Content to any public area of SmartJailMail.com, you automatically grant, and you represent and warrant that you have the right to grant, to SmartJailMail.com, its affiliates, licensees and successors, an irrevocable, perpetual, non-exclusive, fully paid, worldwide license to use, copy, perform, display, reproduce, adapt, modify and distribute such information and content and to prepare derivative works of, or incorporate into other works, such information and content, and to grant and authorize sublicenses of the foregoing. You further represent and warrant that public posting and use of your content by SmartJailMail.com will not infringe or violate the rights of any third party. /snip 3. I expect there's likely some very interesting intelligence that could be gathered from these communications, both from a LEA and more academic nature. Will be interesting to see how this plays out. Cheers, --scm [1] screenshot: http://img573.imageshack.us/img573/3650/screenshot1020.png [2] http://www.smartjailmail.com/terms-of-service.cfm ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] Inmate E-Mail (someone guessed right)
Hi Michael, On Wed, Dec 1, 2010 at 2:40 PM, michael.blanch...@emc.com wrote: ... not everyone is in jail for a heinous crime like that... The smartjailmail.com site has at-the-moment only the Martin County Jail, and you can see who's there and their charge with the search below.There's certainly a few scary types with 'heinous' charges like murder, arson -- but quickly eyeballing the search results I see a lot of DUI, low-level drug possession, petty theft, etc. http://198.136.35.4/jailinmatesearch/JailInmateSearch.asp?SelStart1=SelStart2=SelStart3=SelStart4=RunReport=Run+Report Cheers, --scm ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] Academic Cyberbully Is Sentenced to Jail in Dead Sea Scrolls Case
http://chronicle.com/blogs/wiredcampus/academic-cyberbully-sentenced-to-jail-in-dead-sea-scrolls-case/28269 The Dead Sea Scrolls cyberbully is being sent to jail. A judge in New York State’s main trial court sentenced Raphael Golb, a lawyer, to six months in prison for using false online identities to harass and discredit academics in a debate over the origin of the Dead Sea Scrolls, the Associated Press reported. ... Update: Raphael Golb has been granted bail and will be released from prison tomorrow, pending the outcome of his appeal. ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] Don't tell me you weren't all thinking that anyhow.. :)
On Mon, Nov 15, 2010 at 7:38 AM, valdis.kletni...@vt.edu wrote: I'll just leave this here... http://2.bp.blogspot.com/_CfxSWwq8cVo/TN7QL6JCbiI/CQE/8FIQOOYiqw8/s1600/OfficerSqueeze.jpg Japanese animated news does a fine job too ;) http://www.youtube.com/watch?v=TBL3ux1o0tM ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] thanx so much for uhelp ican going to graduate to now
http://chronicle.com/article/The-Shadow-Scholar/125329/ The Shadow Scholar The man who writes your students' papers tells his story ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] University Begins Reporting All P2P Users to the Police
“Once individuals are identified, VSU hands responsibility over to police. Users can face felony punishments, including a possible prison sentence of up to five years and a fine of up to $250,000 per offense,” reports the student newspaper http://torrentfreak.com/university-begins-reporting-all-p2p-users-to-the-police-101112/ http://www.vsuspectator.com/2010/11/11/new-software-traces-illegal-downloads-on-campus/ ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] Security theatre of the absurd--that's a print
hrm, perhaps your semtex font as well... http://www.ffonts.net/tag/0/semtex cheers, --scm On Mon, Nov 8, 2010 at 2:27 PM, Rob, grandpa of Ryan, Trevor, Devon Hannah rmsl...@shaw.ca wrote: http://www.bbc.co.uk/news/world-us-canada-11713958 So, this means I can no longer bring my printer on the plane with me? An outrage! ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] [ blog ] Hacking the Brother KH-930e knitting machine
On Wed, Nov 3, 2010 at 8:43 PM, valdis.kletni...@vt.edu wrote: Zawinski's Law? :) hehe, that's funny. also, there's the sterling silver firefox emblem necklace. damn cool. http://blog.craftzine.com/archive/2010/09/make_a_firefox_necklace.html http://sternlab.org/ cheers, --scm ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] [ blog ] Hacking the Brother KH-930e knitting machine
Useful for all your LOL cats holiday sweaters... http://ladyada.net/learn/electroknit/ ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] NIST Electronic Health Record Approved Test Procedures Version 1.0
Hi FD, The list below contains the Approved Test Procedures, Version 1.0, for evaluating conformance of complete EHRs and/or EHR Modules to the initial set of standards, implementation specifications, and certification criteria defined in the Health Information Technology: Initial Set of Standards, Implementation Specifications, and Certification Criteria published on July 13, 2010. [1] An example of testing under the 170.302.t Authentication criteria [2] snip This test procedure consists of one section: Verify authorization– evaluates the capability to verify that a person or entity seeking access to electronic health information is the one claimed and is authorized o The Tester creates a new user account and assigns permissions o The Tester performs an action authorized by the assigned permissions and verifies that the authorized activity was performed o The Tester performs an action that is not authorized by the assigned permissions and verifies that the action was not performed o The Tester deletes (e.g., deactivates or disables) the user account o The Tester attempts to login to the account and verifies that the login attempt failed /snip Fwiw, we'll likely need more work on these kinds of requirements if testing is even going to begin to address issues such as, for example, McKesson's use of hardcoded passwords. [3] After all, a good chunk of the American Recovery and Investment Act of 2009 is going to towards health IT investments and incentives. [4] Electronic Health Record search at www.recovery.gov [5] Cheers, --scm [1] http://healthcare.nist.gov/use_testing/finalized_requirements.html [2] http://healthcare.nist.gov/docs/170.302.t_Authentication_v1.0.pdf [3] http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-10/msg00140.html [4] http://en.wikipedia.org/wiki/American_Recovery_and_Reinvestment_Act_of_2009#Healthcare [5] http://www.recovery.gov/espsearch/Pages/default.aspx?k=EHR ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] Feedback on EMET v2.0?
Wondering if folks here have any +/- feedback on Microsoft's EMET v2.0? http://blogs.technet.com/b/srd/archive/2010/09/02/enhanced-mitigation-experience-toolkit-emet-v2-0-0.aspx http://www.darkreading.com/blog/archives/2010/10/blocking_zero_d.html Cheers, --scm ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] NerdKits' Halloween Project: The Human Theremin
http://www.nerdkits.com/videos/theremin_with_ir_distance_sensor/ In this special Halloween video tutorial, we have recreated the idea behind a musical instrument called the theremin, and built one into a Halloween costume. This not only gives you the ability to wear a costume that is loud and very likely obnoxious, but also to have a costume that is fun for others to interact with. The project uses two infrared distance sensors, as well as PWM (Pulse Width Modulation) and a piezoelectric buzzer to create a sound, and brings together quite a few concepts to make the whole thing work. ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] New device lets diners swipe credit cards themselves
Crooks who engage in identity theft and credit card fraud will find thin pickings at restaurants with the new CATS encrypted card reader developed by Bellatrix Systems of Bend. CATS is short for Card At Table Service. http://www.heraldnet.com/article/20101012/BIZ/710129926/-1/RSS03 CATS Introductory Package; http://www.bellatrix.com/cats/cats-introductory-program/default.aspx ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] Free Public WiFi
Hi Robert, Simple Nomad discussed this issue at ShmooCon back in '06 in his awesome Hacking the Friendly Skies preso. http://www.nmrc.org/pub/advise/20060114.txt http://www.nmrc.org/pub/present/shmoocon-2006-sn.ppt http://mirror.fpux.com/HackerCons/Shmoocon_2006/videos/Nomad-Sky.mp4 Cheers, --scm On Sun, Oct 17, 2010 at 3:15 PM, Robert Slade rmsl...@shaw.ca wrote: OK, maybe this is way old news for a lot of you, but I'd never come across it. I've always seen Free Public Wifi, of course, ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] PROVE THIS!
got snopes? On Thu, Oct 14, 2010 at 7:56 PM, RandallM randa...@fidmail.com wrote: staring at breast good for you: http://www.themedguru.com/20091206/newsfeature/stare-boobs-longer-life-study-86131320.html?page=2 ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] [ news ] Tracking devices used in school badges -- Two districts are first in the area to use ID tags that raise privacy, security concerns
It feels like someone's watching you at all times, said Jacorey Jackson, 11, a sixth-grader at Bailey Middle School. http://www.chron.com/disp/story.mpl/metropolitan/7241100.html Tracking devices used in school badges Two districts are first in the area to use ID tags that raise privacy, security concerns By JENNIFER RADCLIFFE HOUSTON CHRONICLE Oct. 11, 2010, 10:00AM ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] [ news ] Chapel Hill Researcher Fights Demotion After Security Breach
http://chronicle.com/article/Chapel-Hill-Researcher-Fights/124821/ A prominent cancer researcher at the University of North Carolina at Chapel Hill is fighting the university's decision to demote her and cut her pay in half after a security breach in a medical study she directs was discovered. The breach could have revealed medical records of of more than 100,000 women whose data were studied. ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] Hackers (the movie) 15th Anniversary Party on Oct 2nd
Review of the party. http://www.observer.com/2010/daily-transom/revenge-cyberpunks On Fri, Sep 24, 2010 at 3:56 PM, Shawn Merdinger shawn...@gmail.com wrote: A fun Kickstarter.com project. http://www.kickstarter.com/projects/fred/hackers-the-movie-15th-anniversary-party-on-oct-2n ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] [ news ] Hacker infiltration ends D.C. online voting trial
http://voices.washingtonpost.com/debonis/2010/10/hacker_infiltration_ends_dc_on.html After casting a vote, according to test observers, the Web site played Hail to the Victors -- the University of Michigan fight song. ...The program, called 'digital vote by mail' ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] How to protect yourself from webcam hacking
hrm, seems like more fear than mitigation... http://www.necn.com/10/03/10/How-to-protect-yourself-from-webcam-hack/landing.html?blockID=323697feedID=4213 ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] Bombile
http://www.wired.com/beyond_the_beyond/2010/09/bombiles-inflict-cellphone-voodoo-on-assamese/ ‘I got a phone call from an unknown number and I noticed on my handset that the numbers were highlighted in red colour. Soon after I received the call, there was a loud sound and I was left unconscious,’ said Mujib Ali, the driver of a doctor in Guwahati. ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] adopt-a-hacker
http://adoptahacker.com ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] Snoop Dogg's Magic Symantec Bus
http://www.huffingtonpost.com/2010/08/31/snoop-dogg-raps-about-cyb_n_700876.html The legendary LBC rapper held court inside a Symantec Corporation 18-wheeler across from Bryant Park... ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] [ book ] Cooking for Geeks: Real Science, Great Hacks, and Good Food
http://www.cookingforgeeks.com books.google.com/books?isbn=0596805888 ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] paper: “New shit has come to light ”: Information seeking behavior in The Big Le bowski
https://scholarworks.iupui.edu/handle/1805/2099 ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] Computer Criminals of the Future (1981)
Best helmet ever? http://www.paleofuture.com/blog/2009/3/23/computer-criminals-of-the-future-1981.html snip Computers will make the world of tomorrow a much safe place. They will do away with cash, so that you need no longer fear being attacked for your money. In addition, you need not worry that your home will be burgled or your car stolen. The computers in your home and car will guard them, allowing only yourself to enter or someone with your permission. However, there is one kind of crime which may exist in the future - computer crime. /snip ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] Control Nokia n900 with your brain
Using the MindSet headphones and a new Maemo app, you can dial contacts using brainwaves. Wondering how long before one can run Metasploit in this fashion...perhaps lip-syncing to Lady Gaga and all that ;) Cheers, --scm http://maemoarena.com/2010/08/control-your-nokia-n900-by-your-mind/ http://www.neurosky.com/mindset/mindset.html http://www.metasploit.com/redmine/projects/framework/wiki/Install_N900 ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] [Full-disclosure] Paper on the law and Implantable Devices security
Hi Gadi, On Mon, Jul 26, 2010 at 6:44 AM, Gadi Evron g...@linuxbox.org wrote: A new research paper from the Freedom And Law Center deals with issues Killed by Code: Software Transparency in Implantable Medical Devices One of the more useful aspects I found in that paper are the references to FDA databases. There's a great deal of information in the List of Recalls one the paper mentioned [1]. However, it's worth checking out the listing of several other FDA databases relating to medical devices are also useful, even if defunct/retired/no longer updated (go figure...) [2]. Fwiw, I'm starting to work on a research guide of sorts for medical device security, and if folks are interested, they might check out the LinkedIn MedSec group as that's where I'll likely start offering a draft for peer review RSN [3]. Cheers, --scm [1] http://www.fda.gov/MedicalDevices/Safety/RecallsCorrectionsRemovals/ListofRecalls/default.htm [2] http://www.fda.gov/MedicalDevices/DeviceRegulationandGuidance/Databases/default.htm [3] http://www.linkedin.com/groups?mostPopular=gid=2206357 (requires signing in) ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] Bad People Project by ISECOM
kind cool. http://www.isecom.org/bpp/bpp.html ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] How heavy is a chip?
On Wed, Jul 21, 2010 at 8:52 PM, Rob, grandpa of Ryan, Trevor, Devon Hannah rmsl...@shaw.ca wrote: Interesting juxtaposition of news items. A week or so ago, Visa recommended weighing card readers, in order to detect those that had been tampered with. Reminds me of Ray Zoppoth's Xerox spy camera. I recall that one target got suspicious of of the copier service technician and started weighing copiers... http://www.parascope.com/articles/0197/xerox.htm Cheers, --scm ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] Microsoft wants you to be funny
People can get a OS anywhere, ok? They come to Microsoft for the atmosphere and the attitude. That's what the flair's about. It's about fun. http://www.imsdb.com/scripts/Office-Space.html On Fri, Apr 30, 2010 at 5:35 PM, Alex Eckelberry al...@sunbelt-software.com wrote: The corporate method to understanding and appreciating humor. http://www.microsoft.com/education/competencies/humor.mspx Cheers, --scm ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] [ movie ] Patent Absurdity: how software patents broke the system
Patent Absurdity: how software patents broke the system is a half-hour film about software patents, published on the 16th of April, 2010. http://patentabsurdity.com http://en.swpat.org/wiki/Patently_Absurd Cheers, --scm ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] Promotional security theatre
hmmmis it TSA approved? http://www.tsa.gov/travelers/airtravel/assistant/locks.shtm cheers, --scm On Mon, Mar 15, 2010 at 6:06 PM, Rob, grandpa of Ryan, Trevor, Devon Hannah rmsl...@shaw.ca wrote: Put your logo on this baby! Prove to the world that you really don't think about security much! http://www.staplespromotionalproducts.com/ProductDetail.aspx?id=2953 http://bit.ly/9NdVst ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] Ford's SyncMyRide -- all your voice are belong to us?
Interesting news: http://www.darkreading.com/vulnerability_management/security/client/showArticle.jhtml?articleID=223200163 Ya gotta love this lovely tidbit of fine print from the SyncMyRide terms and conditions: http://www.syncmyride.com/Own/Modules/PageTools/TermsAndConditions.aspx snip Ford's Service provider Tellme Networks, Inc. (Tellme), a subsidiary of Microsoft Corporation, may record and retain user voice utterances (recorded utterances), which are recordings of sounds made when the TDI Service is in listen state and waiting for a user command or response. These recorded utterances may include all sounds in the vehicle, including the voice of the user and voices of other vehicle occupants, while the service is in listen state. Tellme may also, at Ford's request, randomly record and assemble in sequence, all voice communications made from the time the Service is connected (by the user pressing the VOICE button) to the time the Service is disconnected. (Whole call recordings (WCRs)). WCRs will include voice utterances and may include any other sounds in the vehicle, including the voices of the user and other vehicle occupants, during the entire time the Service is connected. Both recorded utterances and WCRs may be associated with you or the cell phone number assigned to the Service. /snip Cheers, --scm ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] Ford's SyncMyRide -- all your voice are belong to us?
On Wed, Mar 10, 2010 at 11:02 AM, Benjamin Brown optik...@gmail.com wrote: creeptastic I kinda think it gets better...or worse ;) From what I've seen so far, the SyncMyRide registration site to obtain the Vehicle Health Report only requires a VIN. Those are easy to get, such as from Ebay Motors (and of course plenty of other places, the vehicle dashboard, accident reports, etc.). With the vehicle's VIN, *it seems* that anyone can go to SyncMyRide website, then register someone else's car to anyone's contact information (cell phone, email) to receive Vehicle Health Reports. The tie-in of the registered cell phone to that vehicle' SyncMyRide service audio recording capability becomes an issue if we recall from the terms of service: Both recorded utterances and WCRs may be associated with you or the cell phone number assigned to the Service Btw, has anyone seen the actual Vehicle Health Report from SyncMyRide? Wondering what kind of info is there. Cheers, --scm ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] North Korea develops own Linux distribution
hrm, power might be an issue... http://www.globalsecurity.org/military/world/dprk/dprk-dark.htm Cheers, --scm On Fri, Mar 5, 2010 at 7:25 AM, Rich Kulawiec r...@gsp.org wrote: On Fri, Mar 05, 2010 at 11:02:38AM +0200, Juha-Matti Laurio wrote: North Korea has reportedly developed its own version of the Linux operating with a graphical user interface that closely resembles Microsoft Windows. Ah, good news then: any tactical advantage that they might have accrued by using a markedly superior operating system has been neatly undercut by their decision to saddle it with a primitive UI. ---Rsk ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] i lost my buzz with Google Buzz...
hi Michal, thanks for the insight, and you're right in your assessment of the value of my unsolicited rant. in the future, i'll give my posts more consideration and try to instill some value. fwiw, i did write that 4 days ago (not sure what the delay was in getting to the list) and since then, a number of people have complained about Google Buzz. afaik, revised the Buzz privacy settings twice in as many days. also, according to the NYT, EPIC is considering a lawsuit: http://www.nytimes.com/2010/02/13/technology/internet/13google.html Mr. Rotenberg said that his organization planned to file a complaint with the Federal Trade Commission claiming that the Google’s use of e-mail conversations to build a social network was unfair and deceptive. and EFF has published a page on how to Protect Your Privacy on Google Buzz http://www.eff.org/deeplinks/2010/02/protect-your-privacy-google-buzz cheers, --scm On Mon, Feb 15, 2010 at 2:30 AM, Michal Zalewski lcam...@coredump.cx wrote: Too bad nobody came up with a communication tool where random, hastily written, unsolicited statements about your daily life would fit better than on this mailing list. Maybe one day? ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] NYT: Medical Radiation: A Plan Goes Wrong
fyi, Via RISKS: http://catless.ncl.ac.uk/Risks/25.93.html A New York City hospital treating him for tongue cancer had failed to detect a computer error that directed a linear accelerator to blast his brain stem and neck with errant beams of radiation. Not once, but on three consecutive days. Mr. Jerome-Parks died several weeks later in 2007. He was 43. NYT Article: http://www.nytimes.com/2010/01/24/health/24radiation.html NYT Slideshow: http://www.nytimes.com/slideshow/2010/01/24/us/20100124RADIATION1_index.html --scm ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] bomb implants
hrm...assuming the scanners are effective... http://www.theregister.co.uk/2010/01/24/body_scanner_fail/ * the magic happens towards the end of the video (in German) cheers, ---scm On Tue, Feb 2, 2010 at 7:01 AM, Martin Tomasek toma...@ufe.cz wrote: Jihadists plan attack with bombs inside their bodies, to foil new airport scanners ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] bomb implants
Southpark's The Snuke comes to mind :) http://en.wikipedia.org/wiki/The_Snuke http://stansdad.com/season11/episode4/ cheers, --scm ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] Can you trust Chinese computer equipment?
Chisco: Welcome to the Hunan network could make a cool t-shirt... ;- cheers, --scm On Fri, Feb 5, 2010 at 12:30 PM, Robert Portvliet robert.portvl...@gmail.com wrote: http://hardware.slashdot.org/story/10/02/05/1548226/Can-You-Trust-Chinese-Computer-Equipment ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] i lost my buzz with Google Buzz...
Well, Google Buzz just invaded my Gmail account. crap, I feel like I just got RickRolled. An annoying check Buzz out page after i login to Gmail? Automatically following people I don't know? Creepy people automatically following me? wtf...i think i just lost my buzz. --scm ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] news: Confidential Shell database published on web
1. http://business.timesonline.co.uk/tol/business/industry_sectors/natural_resources/article7024417.ece Royal Dutch Shell was at the centre of a major security breach last night after the names and telephone numbers of tens of thousands of the oil company’s staff were circulating freely on the internet. The details of up to 170,000 workers and contractors linked to the company, including some workers’ addresses, were contained in a database of Shell’s global workforce. 2. http://royaldutchshellplc.com/2010/02/12/contact-details-for-17-shell-employees-a-prize-for-hackers/ ...the company subsequently told the press, including the FT, that the database leak was not a security risk. 3. http://royaldutchshellplc.com/2010/02/12/which-shell-official-lied-about-employee-data-breach-implications/ “the leak is no more dangerous than handing out business cards” cheers, --scm ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.