Wikileaks Releases Documents. Again…

Again Wikileaks proves they are on a mission to destroy the United States. Wikileaks released thousands of sensitive US documents today through proxy. The main Wikileaks site was under massive denial of service attack (any guesses here?), but that did not stop the release.

Several large news agencies already had copies of the information and released it today. The New York Times in the US, the Guardian in the UK, and three European news agencies went ahead and released portions of the leaked information.

Much of the information released was a no brainer. It is not earth shattering news that we spy on our allies and they spy on us. This has been going on for years. Ambassadors are trained in espionage, its standard operating procedures (SOP).

What wasn’t SOP though is that many personal correspondences were revealed that weren’t meant for public release. But, that is probably why they were marked “Classified” or “Secret” in the first place…

Some of it was just political name calling:

“The cables contain specific allegations of corruption, as well as harsh criticism by US embassy staff of their host governments, from Caribbean islands to China and Russia. The material includes a reference to Putin as an “alpha-dog”, Hamid Karzai as being “driven by paranoia” while Angela Merkel allegedly “avoids risk and is rarely creative”. There is also a comparison between Mahmoud Ahmadinejad and Adolf Hitler.” – The Guardian

But some of the information covered was much more serious:  

“Mixed records against terrorism: Saudi donors remain the chief financiers of Sunni militant groups like Al Qaeda, and the tiny Persian Gulf state of Qatar, a generous host to the American military for years, was the “worst in the region” in counterterrorism efforts, according to a State Department cable last December. Qatar’s security service was “hesitant to act against known terrorists out of concern for appearing to be aligned with the U.S. and provoking reprisals,” the cable said.”  – New York Times

The release also included information that the Chinese Politburo was behind Google being hacked. The US is very concerned about Pakistan and its handling of nuclear material. And Saudi Arabia is pushing for the US to bomb Iran.

The information in this release seemed to focus again solely around the US, even though Wikileaks founder claimed that their next release would focus on Russian and Chinese documents.

Wikileaks seems to be on a personal vendetta against the US and needs to be shut down, now.


Social Engineering: No Tech Hacking

One of the best videos on social engineering from one of the best. Security expert and author Johnny Long of “Google Hacking” and “Hackers for Charity” fame, wrote an exceptional book called “No Tech Hacking”. Johnny proves that low tech or “no tech” skills are sometimes all that are needed in a penetration test. “No Tech Hacking” was probably one of the most enjoyable computer security books that I have ever read.

In this YouTube video from DefCon 15, Johnny covers many of the same topics from his book. You will be treated to Johnny’s unique observation skills, humor and whit. But you will also learn about bypassing a multi-million dollar security system with a coat hanger and a wash cloth, how to walk through walls, how to disappear and Jedi mind tricks.

It is definitely worth checking out.

Computer Book Review: No Tech Hacking

One of the largest and most overlooked security vulnerability that exists in every company is… people. Many times, complex security can be bypassed by using low tech attacks or simple techniques. In “No Tech Hacking: A Guide to Social Engineering, Dumpster Diving, and Shoulder Surfing” author Johnny Long along with Kevin Mitnick take a look at some commonly used social engineering techniques.

People will always be the weakest link in security. In 15 years of providing onsite computer support to manufacturing companies, hospitals, banks, military, correctional facilities and government offices,   I have only been challenged for credentials four times.  People tend to be trusting and if you are already inside a building, they usually assume that you belong there.

Sad, but true, you are judged by the way you look. For instance, a person in a shirt and tie will be ignored by most shop floor employees; someone in jeans will be invisible to executives. Also, if you look a certain way, people will assume what your occupation is. For example, If you show up to a company carrying technical gear, they will assume that you are a repairman.

Johnny  Long’s book takes a very good look at this ignored side of computer security. Many times information can be gleaned just with the power of observation. Johnny talks about everything including finding administrator passwords in a dumpster to defeating a very expensive state of the art security system with a coat hanger and a wet wash cloth.

Sections on physical security like motion and infra red sensors are present. There is even a section on how insecure locks really are. Some of it is downright scary. For example, why use the key when you can open locks with a McDonald’s straw? Or open a laptop lock by using a beer can.

If you have seen Johnny in person or in a webcast, rest assured, his humor and wit are present in spades. The reading is light, informative and downright whimsical at times. It is a great book to read when you just want to kick back, relax and read something enjoyable. And being Johnny Long, rest assured, there is a section on Google Hacking.

Network security is an ongoing war, and as Sun Tzu said, ‘Know thy Enemy’. Learning about the techniques that social engineers use will allow you to look at your corporate security in a whole new light.

Aurora Google Hackers Stole Source Code

Just what were the hackers after in the recent attack against Google, Adobe and Intel? Source code, specifically, Software Configuration Managers, according to a  Techworld article.

Software Configuration Managers are collaboration systems where employees from all over the world can work on new software products. Apparently, the security is not to tight on some of these systems:

“To illustrate this point, McAfee researchers took a look at a source code management system used by Google itself, software called Perforce. They found a number of problems. Perforce sends passwords across the network in unencrypted form, allows anonymous users to create new accounts, and runs with a higher-than-necessary level of privileges, giving hackers an extra way to exploit the system it’s running on.

“There’s not a lot of security in place and there’s not a lot of logging,” to protect source code within most companies, Kurtz said. “If that’s your crown jewels, you might want to think twice about how you’re protected.””

Read the full article at Techworld.