lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue Jun 27 00:58:14 2006 From: n3td3v at gmail.com (n3td3v) Subject: Attachable devices; corporate networks; yahoo; securityfocus This stuck out for me today when I opened up Securityfocus, and I don't usually mention Securityfocus News articles because they are crimge worthy nearly everyday, although this one today hit a nerve for me... I wasn't allowed to say on Securityfocus.com that I thought usb drives just come under the "wireless" threat. Like laptops, like mobile phone and other attachable devices, which walk into Sunnyvale. And that the Securityfocus news article was a "non news". We've been hacking Yahoo for years by first of all tracking down employees via weblogs (another threat Yahoo won't listen to us about), where employees are openly saying their job tlte description and talking about inside yahoo, (which is a security threat in its self), so we are able to know we're targeting the right employee. (Plus we are able to target Yahoo employees because of this http://www.flickr.com/photos/ycantpark website where yahoo employees take pictures of cars parked outside sunnyvale, including number plates in full view, so now we know where exactly employees live. Yahoo security team do not see the flickr account as a threat to corporate security of data or its employees and will not shut the web site down. Even though we've e-mailed yahoo security to tell them that its directly a threat. I won't go into detail on a public list exactly how these photos can be used, but think about the 'mind think' of stealing devices (or paperwork) from that car if its down town away from sunnyvale, or /and/ follow car to home address of employee... break into home... infect computer, or steal paperwork, or device. Under normal circumstances a member of the public cannot stand in a sunnyvale carpark and take pictures can they? with yahoo employees, the task of the corporate hacker is made easy.). We then goto hack their weblog, server, and personal home computer. This is the same home personal computer that they plug in their 'plug n play devices', including USB, like all other attachable plug n' play device. We infect that flash drive, laptop, mobile phone, and then wait for Yahoo employee to walk into the Sunnyvale internal backyard network, where the employee plugs in their plug n play device. This allows us to take over complete comtrol of that employees corporate-side computer, and the enitr entire network that device has plugged into. It makes no difference if its USB , or a laptop, mobile phone, the threat is the same. Securityfocus wouldn't let me post under their article, as they don't believe in freedom of speech, even though we have killed all over 38,000 civilians (so far) in Iraq for freedom of speech seems to have gone to waste, and a statistic which i am personally furious about, especially when I try and post on a western security news site and i am denied my right to express my personal opinion. People we've killed for freedom of speech http://www.iraqbodycount.net/ Securityfocus "News" article about attachable devices http://www.securityfocus.com/news/11397 which everyone has been exploiting for years, although Securityfocus think this is news worthy. The technique to hack a corporate network has been used for years using plug n play devices... (Yes, including USB flash memory sticks...). Securityfocus didn't research the technique before reporting "Secure Network Technologies" and how credible that news would be for the Securityfocus front page readers. And that was all before the biggest surprise of all, once you open the article, I was met with a commercial banner at the top of the Securityfocus website advertisng this: http://adserver.securityfocus.com/RealMedia/ads/click_lx.ads/www.securityfocus.com/home/1879095141/Top/OasDefault/GFI_05_24_06_Banner/ESEC_BlueUSBstick(728x90).gif/63336263393830653434386663623430 Which then made me think, why am I visiting Securityfocus, they are just writing up articles depending on what sponsors they have that month, than actual "news" that people need to know about to security their corporate network. Thanks for listening, n3td3v Yahoo don't see a computer threat being a real life threat... people stealing attachable devices / paper work from cars etc. We tried mailing Yahoo for years about all of the above, they don't listen. Yahoo, why don't you start taking security seriously, not just a slogan you give to your Yahoo media relations team to push out to online news journalists, to look professional. Actually mean what you say, and secure Yahoo from electronic computer attacks on your network, which have originated from targeting Yahoo employees via weblogs, cars in your car park and the home computers of your employees and the devices (including USB flash memory) they carry in and out of Sunnyvale everyday.
Powered by blists - more mailing lists