I guess anyone visiting this blog knows we dont have any privacy, but just to add to this a new service is being setup called 118 800. This service is going to be a directory of every UK mobile number. The idea is that you type in the name and home location of someone whos mobile you would like to contact, they then search the database and then offer to connect you to this person for £1. Apparently they dont share the actual number with the requestor, but send a txt to the owner of the number with the details of the requestor asking you to contact them, or they call you directly and ask if you want to accept a call from the requestor if you were to dial the number (like when you call the operator and reverse the charges I guess).
I am probably being overly paranoid as I guess its no different to the fact landlines are registered and you can be ex directory, but just feels abit odd to me with it being a mobile. You can become ex directory from the service by texting E to 118 800, or completing an online form. They say they wont be handing out numbers or selling them to anyone (hmmm), time will tell I guess.
How about they set up a service with no information, and if I want all my information shared with the world I will submit it to them
I meant to post this yesterday, but I just couldnt get the time, and today the site has gone from the Intertubes, so I just got the above from the Google Cache.
milw0rm was an excellent site, with all the latest exploits, vids and white papers and it will be surely missed. I wonder if anyone wants to step up and take it over.
Update : July 9th 2009 – milw0rm has risen again, there has been a change of mind
I posted previously about Schneier and Nielsen saying that the masking of passwords had no value, and decreased security.
Bruce has since made a posting on his blog retracting his comments some what.
I was certainly too glib. Like any security countermeasure, password masking has value. But like any countermeasure, password masking is not a panacea. And the costs of password masking need to be balanced with the benefits.
So was I wrong? Maybe. Okay, probably. Password masking definitely improves security; many readers pointed out that they regularly use their computer in crowded environments, and rely on password masking to protect their passwords. On the other hand, password masking reduces accuracy and makes it less likely that users will choose secure and hard-to-remember passwords, I will concede that the password masking trade-off is more beneficial than I thought in my snap reaction, but also that the answer is not nearly as obvious as we have historically assumed.
I think its good he has had time to think about his initial response, and I agree there are pros and cons, but he was wrong to totally dismiss the benefits.
So good one Bruce on posting, what I would call a more realistic opinion.
So EnCase are releasing a new USB offering, called EnCase Portable. I am a big fan of the EnCase product, having attending many of their training courses, and using their product in the corporate environment.
EnCase say this new tool makes data gathering in the field a doddle, and I guess it something similar to Microsofts Cofee Offering (I will speak about this more once I get a copy) and allows anyone to plug in, say whats needed and let the software do the data collection.
I think this is the way alot of these tools will be going for data collection, especially as the use of NetBooks is growing and they dont have a CD drive to boot from.
EnCase Portable is a data acquisition solution delivered on a USB drive that leverages the powerful search and acquisition capabilities of EnCase®. The solution searches a targeted computer and automatically collects data, including documents, Internet history and artifacts, images, other digital evidence, and even entire hard drives.
Unlike other solutions that reside on laptops, EnCase Portable is a pocket-sized tool that saves time and money. Users can collect forensically-sound data when target systems cannot be transported due to cost or time constraints imposed in field situations.
Key Features
Plug in and collect data immediately
Enable novice computer users to be data collectors in matter of minutes
Acquire data anywhere with EnCase Portable’s pocket-sized kit
Search and collect cyber-intelligence without leaving a trace
Store collected data in the forensically sound, court-validated EnCase® Logical Evidence File format
Capture data from running or powered-off systems
Customize search and collection jobs to create and configure more complex search criteria
Exotic Liability is an excellent InfoSec podcast. I know there are lots around, and I enjoy them to. Chris Nickerson, Ryan Jones and Karen Maeda (aka Jackalope) provide an informative and entertaining show, with great guests and topics of discussions. Also check out the site and the live chat room. Also they are looking for people to call in and say hi, I did on EP#24.
Sick of the podcasts that are telling you stuff you already know? Tired of the same old “read the sheet” presentation skills of most podcasts? Looking for fresh content and expert outlook? Bleeding edge and beyond…. Exotic Liability will push you into the new generation of Security. On your own or by force, we will be bringing you the best content from the TOP of the Security industry. No more firewall admins speculating about how attacks happen, these are the pros. These are the people that make Security tick. If you are tired of the old solutions and rhetoric, join in.
Here’s an Idea of the guests and talent past and future joining us:
HD Moore (http://en.wikipedia.org/wiki/H_D_Moore)
Chris Roberts (http://www.cyopsis.com/company/executive-team/15)
Eric Cole (http://www.oreillynet.com/pub/au/2038)
Dark Tangent (http://en.wikipedia.org/wiki/Jeff_Moss_(hacker))
Chris Wysopal (http://www.veracode.com)
Christien Rioux (http://en.wikipedia.org/wiki/Dildog)
Frank Thornton (http://www.oreillynet.com/pub/au/1383)
Mubix (http://www.room362.com)
Alex Horan (http://blog.coresecurity.com/?author=3)
Mike Kershaw: ((http://www.kismetwireless.net))
Nick Farr (http://hacdc.org)
Don Bailey
ValSmith (http://www.attackresearch.com/)
Chris Gates (http://carnal0wnage.blogspot.com/)
Max Caceres (http://www.matasano.com/)
Delchi (http://video.google.com/videoplay?docid=-4771262945479844976)
Mike Murray (http://episteme.ca/)
Those of you that use LinkedIn may have noticed that your getting a certificate verification issue with trying to authenticate yourself. Seems someone at LinkedIn forgot to set a reminder and pay the bill as the cert expired 06/07/2009 @ 17:14:16 PM GMT.
So all aboard the Fail bus for those guys today. Its an easy mistake to make I guess, but you would have hoped for something abit better.
