Check out The Social-Engineer.org Podcast
I just finished listening to the first episode of The Social-Engineer.org Podcast, hosted by Chris, Mati, Jim, and Dave over at the relatively new social-engineer.org. The podcast has been available for nearly two weeks now, and I had been looking forward to listening to it once I finished the audiobook of The Lost Symbol. The [...]
Great Targeted Social Engineering Attack on our CTF
We encourage the students to try social-engineering attacks on us before, and leading up to, the end-of-semester Capture The Flag exercise we run. We rarely get any serious attempts. Yesterday evening, however, I received this email:
From: drjohn.wlsn@gmail.com
Subject: Blog
Date: April 16, 2008 6:02:09 PM CDT
To: wesley@mcgrewsecurity.com
Dear Mr McGrew,
As [...]
In Defense of MediaDefender?
I’ve been posting on the Binary Revolution Forums a bit lately, mostly in threads with a technical theme. I’m mostly doing it to sort of contribute to a place that’s popular among people just starting out in the field. Today, a link was posted about the recent attacks against MediaDefender, where a large [...]
How to hack World of Warcraft (WoW) accounts!
(according to youtube ;) )
This scam dates back to stealing AOL accounts in the mid-90s. Here’s some modern examples (obviously the technique has moved to a new media with little improvement):
Hack A wow Account In 15 minutes
Easy WoW account hack
Hack Msn
How To Hack Runescape
Hack Steam Accounts 100% working no Scam
Certainly these will be gone [...]
NBC Dateline Reporter Gets Escorted Out of Defcon 15
http://youtube.com/watch?v=nCvmkxO5hoQ
Apparently, this reporter had turned down a press pass, which would identify her as a reporter to those she interacted with. Her plan seemed to be to catch people engaging in illegal activities as part of an undercover report on “hackers for hire”. She was outed on stage and escorted out, and followed [...]
Tactical Exploitation at BlackHat 2007
HD Moore has placed the slides online for the talk he and Valsmith gave on “Tactical Exploitation” yesterday at Black Hat. I normally don’t like just reading through the slides for a talk, but until I can obtain some audio/video this’ll definitely do. One of the reasons I don’t like having only the [...]
Little Things: Last Checks Before Locking Your Screen
(I haven’t posted in a while, since I meant to do a post about various apps a security professional might want on their Windows Mobile/Pocket PC phone. Aside from other engagements, I’ve just been having too much fun playing with the different programs available for my phone to actually write anything down. It’s [...]
Reading employee mail after they’re long gone…
I’ve neglected this blog a little bit for the past few days while I’ve been playing with my new toy (a Cingular 8125, basically a re-branded HTC Wizard). I should be back soon, with a neat post or two about the sort of tools a security geek might want on his or her Windows [...]
Mitnick tells some more of his story
Kevin Mitnick has revealed some very interesting details, concerning how he obtained access to cell phone firmware source code (great story, with some good lessons for people to take away, even today) and his involvement in hacking Tsutomu Shimomura’s computer at the San Diego Supercomputer Center. It’s all wrapped up in a nice, short, [...]