A few nice machining solutions images I found:
Houston, Texas (1956) … Tools published that exploit router flaw (December 30, 2011) …item 4.. Hackers continue to exploit outdated browser plug-ins (Posted on 07. Mar, 2012) …
Image by marsmet481
Typically, it would take a hacker about 100 million tries to crack an eight digit code. But because the router indicates whether or not some digits are correct, that number drops to around 11,000 attempts before access can be gained, according to Viehbock’s research paper.
Once an hacker figures out the PIN, it’s much easier to figure out the router’s password and gain access to the network.
.
……..***** All images are copyrighted by their respective authors ……..
.
… marsmet501 photostream
www.flickr.com/photos/63583766@N04/
.
………………………………………………………………………………………………………………………………………………………………………..
.
…..item 1)…. CNET … news.cnet.com … Tools published that exploit router flaw …
by Marguerite Reardon … December 30, 2011 8:32 AM PST ….
Researchers have released two tools that can be used to exploit a vulnerability in a protocol that makes it easier to set up secure home Wi-Fi networks.
news.cnet.com/8301-1009_3-57350220-83/tools-published-tha…
Stefan Viehbock, who first reported the vulnerability to the U.S. Computer Emergency Readiness Team, released a tool that can crack a home Wi-Fi network in two hours. And Craig Heffner of Tactical Network Solutions, who had been working independently on figuring out the same vulnerability that Viebock reported to US-CERT, has also developed a tool that will allow hackers to gain access to some secure Wi-Fi networks in four to 10 hours. His tool called Reaver is hosted on Google Code.
The vulnerability itself is inherent in the Wi-Fi Protected Set-up protocol. This protocol, which is often bundled into Wi-Fi routers, is designed to allow unskilled home users to set up secure networks using WPA encryption without much hassle. Users are then able to type in a shortened PIN instead of a long pass-phrase when adding a new device to the secure network.
The problem is that when security PINs are entered for access to the network, the router actually lets the user know if has gotten the first or last numbers of the 8-digit code correct. The code that Viehbock and Heffner have written use a brute-force approach, which means different combinations of PINs are tried over and over until one is found that allows the hacker access. This can be done since most routers don’t limit the number of attempts on the passwords used to access the router.
Typically, it would take a hacker about 100 million tries to crack an eight digit code. But because the router indicates whether or not some digits are correct, that number drops to around 11,000 attempts before access can be gained, according to Viehbock’s research paper. Once an hacker figures out the PIN, it’s much easier to figure out the router’s password and gain access to the network.
The security flaw could affect millions of people with Wi-Fi routers in their homes and businesses, since the protocol is integrated into most new wireless routers sold today. The US-CERT warning named all the major wireless router brands: Buffalo, D-Link, Cisco Linksys, Netgear, Technicolor, TP-Link, and ZyXEL.
So far none of these companies have responded to the US-CERT warning with a fix, nor have they provided comment to the press on this situation. CNET reached out to each of these companies. Buffalo and Cisco representatives said they were looking into the issue, but they have still not officially responded.
Viehbock and Heffner say this is why they have published their tools, so that they could draw attention to the issue.
The fix right now is that users can disable the WPS set-up on their routers.
Originally posted at Signal Strength
Marguerite Reardon
Marguerite Reardon has been a CNET News reporter since 2004, covering cell phone services, broadband, citywide Wi-Fi, the Net neutrality debate, as well as the ongoing consolidation of the phone companies.
.
.
……………………………………………………………………………………………………………………………………………………………………….
.
…..item 2)…. Yahoo! Finance … finance.yahoo.com/news … If You’re Using ‘Password1,’ Change It. Now.
By Stacy Cowley | CNNMoney.com – 6 hours ago ….. Thursday March 01, 2012 …
finance.yahoo.com/news/if-you-re-using–password1—chang…
The number one way hackers get into protected systems isn’t through a fancy technical exploit. It’s by guessing the password.
That’s not too hard when the most common password used on business systems is "Password1."
There’s a technical reason for Password1’s popularity: It’s got an upper-case letter, a number and nine characters. That satisfies the complexity rules for many systems, including the default settings for Microsoft’s widely used Active Directory identity management software.
Security services firm Trustwave spotlighted the "Password1" problem in its recently released "2012 Global Security Report," which summarizes the firm’s findings from nearly 2 million network vulnerability scans and 300 recent security breach investigations.
Around 5% of passwords involve a variation of the word "password," the company’s researchers found. The runner-up, "welcome," turns up in more than 1%.
Easily guessable or entirely blank passwords were the most common vulnerability Trustwave’s SpiderLabs unit found in its penetration tests last year on clients’ systems. The firm set an assortment of widely available password-cracking tools loose on 2.5 million passwords, and successfully broke more than 200,000 of them.
Verizon came up with similar results in its 2012 Data Breach Investigations Report, one of the security industry’s most comprehensive annual studies. The full report will be released in several months, but Verizon previewed some of its findings at this week’s RSA conference in San Francisco.
Exploiting weak or guessable passwords was the top method attackers used to gain access last year. It played a role in 29% of the security breaches Verizon’s response team investigated.
[Related: Smartphone Features You Don’t Really Need]
Verizon’s scariest finding was that attackers are often inside victims’ networks for months or years before they’re discovered. Less than 20% of the intrusions Verizon studied were discovered within days, let alone hours.
Even scarier: Few companies discovered the breach on their own. More than two-thirds learned they’d been attacked only after an external party, such as a law-enforcement agency, notified them. Trustwave’s findings were almost identical: Only 16% of the cases it investigated last year were internally detected.
So if your password is something guessable, what’s the best way to make it more secure? Make it longer.
Adding complexity to your password — swapping "password" for "p@S$ w0rd" — protects against so-called "dictionary" attacks, which automatically check against a list of standard words.
But attackers are increasingly using brute-force tools that simply cycle through all possible character combinations. Length is the only effective guard against those. A seven-character password has 70 trillion possible combinations; an eight-character password takes that to more than 6 quadrillion.
Even a few quadrillion options isn’t a big deal for modern machines, though. Using a ,500 computer built with off-the-shelf parts, it took Trustwave just 10 hours to harvest its 200,000 broken passwords.
"We’ve got to get ourselves using stuff larger than human memory capacity," independent security researcher Dan Kaminsky said during an RSA presentation on why passwords don’t work.
He acknowledged that it’s an uphill fight. Biometric authentication, smartcards, one-time key generators and other solutions can increase security, but at the cost of adding complexity.
"The fundamental win of the password over every other authentication technology is its utter simplicity on every device," Kaminsky said. "This is, of course, also their fundamental failing." To top of page
.
.
……………………………………………………………………………………………………………………………………………………………………..
.
…..item 3)…. Phantom Report … www.phantomreport.com … Resistance Against the Enemies of Freedom …
China testing cyber-attack capabilities
March 8, 2012 Posted by Phantom Report
www.phantomreport.com/china-testing-cyber-attack-capabili…
For a decade or more, Chinese military officials have talked about conducting warfare in cyberspace, but in recent years they have progressed to testing attack capabilities during exercises, according to a congressional report to be released Thursday.
The People’s Liberation Army (PLA) probably would target transportation and logistics networks before an actual conflict to try to delay or disrupt the United States’ ability to fight, according to the report prepared by Northrop Grumman for the U.S.-China Economic and Security Review Commission.
The Chinese military conducted an exercise in October involving “joint information offensive and defensive operations” and another in 2010 featuring attacks on communications command-and-control systems, according to the commission, which was set up by Congress.
Such exercises, combined with evidence that China is streamlining its forces to integrate cyber and electronic warfare and is financing research in the two areas, show that “Chinese capabilities in computer network operations have advanced sufficiently to pose genuine risk to U.S. military operations in the event of a conflict,” the report asserted.
Although the report provides no evidence that China can launch destructive attacks on U.S. targets, it serves as yet another warning to policymakers and the public that the United States has adversaries intent on catching up to, or surpassing, it in cyber capabilities. The report comes as Congress considers major cybersecurity legislation.
Read More: Washington Post
.
………………………………….
In our age there is no such thing as ‘keeping out of politics.’ All issues are political issues, and politics itself is a mass of lies, evasions, folly, hatred and schizophrenia.
-George Orwell
………………………………….
.
.
……………………………………………………………………………………………………………………………………………………………………….
.
…..item 4)…. CYBER WAR ZONE … www.cyberwarzone.com … Hackers continue to exploit outdated browser plug-ins
Posted on 07. Mar, 2012 by siavash
Tag: Adobe Shockwave, Android devices, attack vector, blackberry, hackers, iPhone, Malicious URLs Pick a random article for me
www.cyberwarzone.com/cyberwarfare/hackers-continue-exploi…
.
.
…………………………………
img code photo … cybersecurity
www.cyberwarzone.com/sites/default/files/images/cybersecu…
…………………………………
.
Outdated browser plug-ins continue to be a leading attack vector, according to a recent Zscaler ThreatLabZ report.
Zscaler ThreatLabZ, the research arm of cloud security firm Zscaler, observed that Adobe Shockwave was the most outdated browser plug-in during the third quarter of 2011, with 94% of those installed being outdated.
According to its most recent ‘2011 State of the Web’ report, there was a dramatic shift in the fourth quarter. Shockwave is down to 52% outdated of all installed, and Adobe Reader now tops the list at 61%. Hackers are aware that large amounts of users continue to run outdated plug-ins and use these as an easy attack vector, the report warned.
Botnets comprised the majority of threats seen in December, at 80% of Zscaler blocks. Malicious URLs followed far behind at 14%, while a mere 3% of threats blocked were identified by anti-virus/signature detection.
The report found that enterprises are moving to the more secure Internet Explorer 8. The use of IE 8 has more than doubled in the enterprise over 2011, from 26% of overall IE traffic in January to 55% in December. The report noted that while enterprises are moving to newer and more secure web browsers, IE 9 adoption remains very low.
Overall, IE use in the enterprise followed a slow decline, down to 53% in the fourth quarter from 58% in the third quarter. Meanwhile, Chrome usage saw a big jump from 0.17% of all web browser use in the third quarter to 5% in the fourth quarter, while Safari saw a decline from 7% in third quarter to 4% in the fourth quarter. Firefox usage remained constant at 10%.
In addition, Zscaler ThreatLabZ observed an 85% increase in mobile traffic during the fourth quarter. iPhone and Android devices dominated mobile traffic, accounting for about 87% of such, while Blackberry use fell sharply from 27% to 13% over the quarter.
Info
Article Author:
infosecurity
Source: www.infosecurity-magazine.com/view/24383/hackers-continue…
.
.
……………………………………………………………………………………………………………………………………………………………………….
.
…..item 5)…. The SCADA & Smart Grid Cyber Security Summit 2012 … April 26th & 27th, London ..
…..MARCH 08, 2012….
scadacybersecuritysummit.com/index.html
Assess the nature of the latest threats being faced by energy companies and the impact of these upon your organisation.
Discover why Utility Cyber Security has been reaching a state of near chaos and the latest strategies from utilities to gain the upper-hand against hackers.
Understand the importance of industrial control system (ICS) security and assess the latest solutions on offer.
Discuss the most promising cyber security technologies in the marketplace.
Assess the trends to watch in utility cyber security.
Discover the best practice from across Europe in protecting SCADA and the Smart Grid from cyber-attack.
Benefit from case study presentations from a wide range of international utilities and energy companies.
Network with your industry peers in the comfort of a 5 star venue.
—Featuring a two-day Conference & Exhibition, with over 25 top level speakers.
—Discover the latest technologies and solutions for cyber security in the Technology Exhibition
—By popular demand from Utilities this year’s event will include a selection of 3 not to be missed training workshops on SCADA and Smart Grid Cyber Security.
—Network with your industry peers and make vital new contacts.
.
.
………………………………………..
High level event taking place in Miami 21st & 22nd May – REGISTRATIONS are now open to attend & sponsor the…: t.co/5FTZjgy4
@ Thu Mar 08 19:45:15
White House simulates cyberattack for senators in push for more regulation – t.co/NWshFv6O
@ Thu Mar 08 17:27:28
Apple takes wraps off iPad 3 – t.co/yeytOrf2
@ Thu Mar 08 17:27:01
join the conversation
………………………………………..
.
.
……………………………………………………………………………………………………………………………………………………………………….
.
.
Toxic Wasteland – Cyanide Storage Room
Image by RightBrainPhotography
These wooden barrels contained some sort of toxic waste, cyanide I think. They are housed in a building which looks more like a little jail cell. Bars are on all windows, and there is a smell coming from them!
You can not go inside this building. It is only visable inside thru the four barred windows (like the ones that you see in the picture), one on each wall.
The only way that I could get this shot was to set up the camera INSIDE the window, through the bars. Without a camera having Live-View, I had to guess on the position of the camera, as well as the exposure settings. As you can see, it all worked out quite well.
4 Au + 8(NaCN) +O2 + 2 H2O = 4 NaAu(CN)2 + 4 NaOH