You are currently browsing the category archive for the 'Information Warfare' category.
Hackers claim to have stolen all T-Mobile US’s corporate data, customer accounts and network infrastructure. More information from the Register can be found below:
The research team, which included Edith Cowan University of Australia and BT, revealed some early results yesterday in news reports by the BBC and British television affiliates.
To read more about the research go here:
http://news.bbc.co.uk/2/hi/uk_news/wales/8036324.stm
and here:
http://www.darkreading.com/security/storage/showArticle.jhtml?articleID=217400054&cid=nl_DR_DAILY_H
The video talks about a couple of people who’s lives are ruled by harrasing calls and threats. They claim that their phones are tapped with special software.
Rick Mislan talks about the software and how easy it is to be placed on mobile phones.
Software such as:
- http://www.mobile-spy.com/
- http://www.world-tracker.com/
- http://www.flexispy.com/
- http://www.e-stealth.com/
- http://www.fonefunshop.co.uk/spyphone/
- http://www.thespyphone.com/allinone.html
Link to Video on YouTube:
http://www.youtube.com/watch?v=uCyKcoDaofg
It looks and functions like a Blackberry 8830 but it sure is NOT a regular Blackberry. It is locked down by NSA. I am not really sure if it is a good idea at all. NSA is installing the SecurVoice software on it for both voice and messaging as one of the ways to secure the phone. I am sure that there is a whole infrastructure that is required to run his handset services. Even considering all that, I Still believe that a mobile-phone-carrying president opens so many doors for hackers.
Can NSA and Obama get away with using a (persumably) secure mobile phone service and handset? That is the question of the day!
Read more here:
http://blog.wired.com/gadgets/2009/04/obama-to-get-ba.html
Many gay and lesbian books on Amazon.com were incorrectly being flagged as adult due to a cataloging error which made the books hard to find in searches.
Twitters got angry about the issue and started a discussion called #AmazonFail. Thousands of people were angry that gay-themed books had disappeared from Amazon’s sales rankings and search algorithms. The number of Tweets on that easter sunday afternoon that had the term “AmazonFail” surpassed even those with the words “Easter” or “Jesus.”
This led Amazon.com to quickly fix the cataloging error.
Read more here:
http://www.nytimes.com/2009/04/14/technology/internet/14amazon.html?_r=1&src=twt&twt=nytimes
http://blog.seattlepi.com/amazon/archives/166384.asp?from=blog_last3
Read the discussion here:
http://search.twitter.com/search?q=%23AmazonFail
Attached with and armband, it is a portable and multi-purpose tool:
http://www.gizmodo.com.au/2008/12/the_us_armys_secret_weapon_the_ipod_touch-2.html
The LayerOne 2008 talk by David Hulton titled: Intercepting Mobile Phone/GSM
Visit the GSM Hakcing WIKI at:
http://wiki.thc.org/gsm
The USRP is available at: http://www.ettus.com
Learn more about the GNU RADIO project at: http://www.gnu.org/software/gnuradio
David is the Chairman of Toorcon
For dates, times and availability information on the workshops in UAE and Qatar visit link below:
http://www.oissg.org/certification-training-new-/index.php
http://www.oissg.org/certification-training-new-/index.php
Download the official brochure for the Dubai workshops here:
These certification workshops fund the Open Information Systems Security Group (OISSG) research and development of the ISSAF.
You can also download ISSAF for free! (9.59MB, 1264 pages)
Do you live in the United Arab Emirates? Are you a hacker? Then this site is made for you! Get the latest hacking news, exploits, links, pod casts and more through this easy to use website.
Feel like you want to contribute to the site? Then drop us a line at: (hackers) at {marwan} dot [com].
Apparently, it is easier than you think. A penetration tester said “It turned out to be one of the easiest penetration tests I’d ever done!”
To read more about it go to:
A simple idea that resulted in big fireworks! Just take the IP address information from wiki posts and cross it with DNS information from IP range owners and walla!
Still don’t know what this means? It means you can now find out if someone is editing their own wiki information (like deleting the bad stuff!… For shame!).
Good on you Virgil Griffith. I hope that you don’t edit your own wiki entry either 
Here are the links:
- An MP3 interview with Virgil: http://www.abc.net.au/melbourne/stories/s2017196.htm?backyard
- http://virgil.gr/ his website
- WikiScanner http://wikiscanner.virgil.gr/
This tool answers the question: who really edits wikis? Now you know!
Here is something to get your appetite going. WIRED Magazine’s list of salacious edits:
I know many people will look at this and go “We’ve seen this before… Cellular phone spying is not new” but I have to say that the technology is now more readily available than before. To understand what I am talking about, please read the following from zone labs:
- http://blog.zonelabs.com/blog/2007/04/they_can_hear_y.html
- http://blog.zonelabs.com/blog/2007/03/warning_this_ce_1.html
Also, visit this site:
Beware of cellphones left in your office, on your table at a coffee shop and in meetings. The FBI has been doing cell phone spying apparently:
http://www.youtube.com/watch?v=O61YfvPZGJs
Matt’s Blog is not frequently updated but his site crypto.com is an excelent resource for all kinds of information. Make sure you check it out.
Venue: Sheraton by the Creek,Dubai, UAE.
Duration: 2-5 April 2007
Details:
Date: 2nd April 2007
Time: 0900 - 1800
Item: 4-tracks Hands-On Technical Training (Day 1)
Date: 3rd April 2007
Time: 0900 - 1800
Item: 4-tracks Hands-On Technical Training (Day 2)
Date: 4th April 2007
Time: 0800 - 1600
Item: Dual Track Security Conference & Capture The Flag ‘Live Hacking’ Competition (Day 1)
Date: 5th April 2007
Time: 0800 - 1600
Item: Dual Track Security Conference & Capture The Flag ‘Live Hacking’ Competition (Day 2)
Hands-On Technical Training
TECH TRAINING 1 - Advanced Web Application & Services Hacking
Trainer: Shreeraj Shah (Director, Net-Square)
TECH TRAINING 2 - Tactical VoIP : Applied VoIPhreaking
Trainer: The Grugq (Independent Network Security Researcher)
TECH TRAINING 3 -Structured Network Threat Analysis and Forensics
Trainer: Meling Mudin (spoonfork) and Lee Chin Shing (geek00l)
TECH TRAINING 4 - Packetmastering the Monkey Way
Trainers: Dr. Jose Nazario (Senior Software Engineer, Arbor Networks)
Keynote Speakers
1.) Mikko Hypponen (Chief Research Officer, F-Secure Corp)
2.) Lance Spitzner (Founder, Honeynet Project.)
Invited Speakers (alphabetical order)
1.) Anthony Zboralski (Founder, HERT & PT. Bellua Asia Pacific)
2.) Emmanuel Gadaix (Founder, Telecom Security Task Force, TSTF)
3.) Fabrice Marie (Manager, FMA-RMS Singapore/Malaysia)
4.) Jim Geovedi (Member of HERT & Security Consultant, PT Bellua Asia Pacific)
5.) Dr. Jose Nazario (Senior Software Engineer, Arbor Networks)
6.) Raoul Chiesa (Board of Directors Member@ Mediaservice.net ISECOM Group & TSTF)
7.) Roberto Preatoni (Founder, Zone-H Defacement Mirror)
8.) Shreeraj Shah (Director, Net-Square)
9.) The Grugq (Independent Network Security Researcher)
10.) Window Snyder (Chief Security Something-or-Other, Mozilla Foundation)
Links:
http://conference.hitb.org/hitbsecconf2007dubai/
http://conference.hackinthebox.org/hitbsecconf2007dubai/?p=56
News Links:
http://star-techcentral.com/tech/story.asp?file=/2007/2/5/corpit/20070205183948&sec=corpit
http://www.itp.net/news/details.php?id=23403&category=
Thanks David for the heads up 
Read the full article at
Are LNG facilities an issue? Here in Italy I am living in an area that should host two new LNG facilities. Opponents to these projects come from different layers of the society and all group around the www.offshorenograzie.it web site. They have also set an electronic sign in the city to advertise their concern. Well, I have done some research on the topic and prepared a wide dossier mainly focusing on two aspects of the problem: effects of spill in case of accidental or man-made disaster and effects of industrial process on fishery and environments. The report were based on some of the best available scientific sources. I proposed it to different people: local newspaper, political parties, and even to free observer. Nobody seems like it, to say more: nobody wants even read it. This wonder me…. Is it a case of information warfare where all playing from the same side?
Well if you like the topic I will be happy to share some documents, but the best one you should read is ”Beliefs and Emotionality in Risk Appraisals” an article from A. Thalmann and P. Wiedemann published on Journal of Risk Research. The paper focus on effects of hot (emotional) words in risk analysis. It is a worthy reading.
The document is available from Ingenta Connect and if you will read it I would like your comments.
Two weeks ago I have been in Cambridge at XI ICCRP symposium were we had a speech on network centric principles and world cargo security. With Barbara Torell, who is an expert on advanced risk management, we wrote a paper on network centric principles and world cago security. Paper and presentation on the web site are not updated but are useful to have a clue of what we did. The title of the document is misleading, because the paper got an unexpect direction ending up to exposures of maritime supply chain but also on how complex adaptive systems manage their inner force (you can find more useful the presentation on this topic) and reasons for which law agencies at all levels (from upper military down to city bodies) should improve efforts for information sharing .
The good news for all aussie friends is that the best paper was the one written by Celina Pascoe and Irena Ali from DSTO “Network Centric Warfare and the New Command and Control: An Australian Perspective”.
All papers are available at CCRP web site in the Events section.
It was also my pleasure to meet Dr. Alberts - CCRP director, Dr. E. Smith (author of the EBO book on which I loosed more than one night to prepare exams on information warfare) with which we talked about boundaries and complexity, Dr. Hayes from EBR and Anne-Marie Grisogono still form DTSO author of very interesting papers I read during the research.
Well, all in all it was a very intersting conference and a great opportunity to meet some of best minds arounds.
I wish once again thank ECU professor Mr. Bill Hutchinson (my previous lecturer when I was a Perth student) who gave some interesting hints on which we worked during the writing.
See you next year in Newport, Rhode Island.
The 2006 RNSA conference will be held in Canberra and will showcase research fostered by the RNSA, with a focus on current issues in Australian CIP and comparisons with overseas experiences. The conference will feature the latest science, engineering and technology (SET) and social sciences developments designed to enhance national security. There conference will also include an Industry Exhibition. The conference is part of the 5th Homeland Security Summit & Exposition which is held between 19-21 of September 2006.Link:
http://www.secureaustralia.org/Activities/AnnualConference.php
Program:
http://www.safeguardingaustraliasummit.org.au/Program.html#rnsaprogram
Codeen is a proxy server system created at Princeton University. I felt that I needed to tell you about it in relation to my paper on Tracing E-mail Headers. CoDeeN operates in the following manner:
- Users connect to a proxy server nearest to them (or any proxy server in the codeen network).
- Requests are then forwarded to a network node that has cached the file and that has sent recent updates showing that it is still alive (in the form of heartbeats). The file is then forwarded to the proxy and from there to the client.
Interesting for caching purposes but has the potential of becoming a nightmare for network forensics including web and email tracing. Abuse was addressed by CoDeeN in the following statement:
All accesses via CoDeeN are logged, mostly to aid in identifying abuse and other forms of damage control. We sometimes monitor these logs, report abuse, and release entries to aid in investigations. In case of suspicious traffic, we may access URLs from the logs to determine what kind of content is passing through our network. We are also using these logs in our own research, so they may be examined as needed for non-abuse reasons. For normal users, we do not expect that we will intentionally release any personally-identifying information. To prevent abuse, some sites have requested we pass along the client IP addresses, and these are included with every request forwarded to those sites.
So, if you see a CoDeeN server IP in your logs, you know who to contact!
Links:
http://codeen.cs.princeton.edu/
http://en.wikipedia.org/wiki/Codeen
My Paper on Tracing E-mail Headers:
http://scissec.scis.ecu.edu.au/publications/forensics04/Al-Zarouni.pdf
Did I read this right?
Then there’s Idokorro, which means whereabouts in Japanese. That company found itself providing software to the U.S. Air Force, the National Guard and the FBI. The software — originally developed for the BlackBerry, but also compatible with other mobile devices — allows users to access computer servers remotely.
Hackers are defacing websites as a protest against the invasion of Lebanon by Israel. SQL Injection for example was used by hackers to gain user rights for some NASA servers. The defacements put pictures of wonded children on login pages of these servers wih text stating that this is done in protest against the war. Zone-h has more information on the attacks along with a list of mirror sites:
http://www.zone-h.org/content/view/13932/30/
In a world full of information, where you find what you need? How get the flower you are looking for in a world wide garden? And how you can defend your point of view against so much opposed controversial positions?
We would like start a project to investigate about
- the possibility that in such Land of i-Plenty, anybody could write a decent paper even on hard topics and not just playing on common sense
- in organizations, the change of hierarchy from pyramidal to short-cylindrical is due mainly because lowest segments of the command-control chain are more leterate and can access more information in shortest time than before
- new challenge for organizations to leverage and exploit higher sensemaking capabilities in more agyle structure (doing more with less human resources at middle management level)
- opportunity of inplacement (as opposit to outplacement) of people at middle management level
To start the project, we are looking for people that would help to write papers or to manage writers with some basic hints. Would you like to help? Do you have any topic could be of interest?
For more info, please post.
Do you like video games?
Which consolle is best for you? PSP or XBox? Uhm… never thought videogames could be used to change your mind or opinions? No? You should. Have a look what guys at Stanford Persuasive Technology Lab are doing, then think again.
If you reach their web site you will be introduced to persuasive interactive technologies aka captology.
Which consolle is best for you? PSP or XBox? Uhm… never thought videogames could be used to change your mind or opinions? No? You should. Have a look what guys at Stanford Persuasive Technology Lab are doing, then think again.
If you reach their web site you will be introduced to persuasive interactive technologies aka captology.
It is not new: it is subliminal advertising and abuses are mentioned in some cases such as the Pepsi six-pack, the standard box of Camel cigarettes and even in the Republican National Committee’s ad were the word “RATS” appeared clearly on the screen while an announcer criticized Gore’s prescription drug plan. But until now games were not on the list.
So what? Let children play.
Yeah, this is another post on sensemaking. The reason I’m stressing the area is because think it will be the next field of confrontation. Professionals working in infowarfare, infosec or knowledge management will soon or later have to deal with complexity and how knowledge spreads over networks. The paper, by C. F. Kurtz and D. J. Snowden, “The new dynamics of strategy: Sense-making in a complex and complicated world” is interesting also because will introduce you to the Cynefin project.
Some of you could find interesting the Karl Weick’s paper ”The collapse of sensemaking in organizations: The Mann Gulch disaster” and it is available Here. It is a worthy reading, whatever you do.
The conferences official website is http://scissec.scis.ecu.edu.au/conferences. The conferences will run concurrently and will be held on the ECU Mount Lawley Campus in Perth, Western Australia on 4th and 5th December 2006. The conferences are:
- 4th Australian Digital Forensics Conference
- 7th Australian Information Warfare Conference
- 4th Australian Information Security Management Conference
Important Dates (All Conferences)
Papers Due 1st October, 2006
Feedback 1st November, 2006
Final Papers Due 15th November,2006
