on gizmodo

Jeff Moss is not only a celebrity in the world of hacking, he is also a powerbroker. He is a respected force to be reckoned with. I am not going to say that I think he is some sort of cyber mafia boss but I will say that he could destroy just about anyone with a 100 word post on a forum. Getting “street cred” in the hacker world is something that must be truly earned usually by technical expertise proven by hundreds or even thousands of your hacker peers validated by published technical papers, famous/infamous system infiltrations, the discovery of 0-day exploits that make major corporations take notice, or some combination of these.

Jeff has his finger on the pulse of the entire spectrum of hacking.

Jeff is now going to advise the president.

Now that is good judgement.

The United States’ top commanding officer for the space and cyber domains told reporters last week that a cyber attack could merit a more conventional military response.

During a press briefing on Thursday, U.S. Air Force General Kevin Chilton, who heads the U.S. Strategic Command, told reporters that top Pentagon advisors would not rule out a physical attack on any force that attacks the United States through the Internet. Currently, the military’s networks are probed thousands of times a day, but the goal of attackers seems to be espionage, not to take down critical networks, he told reporters –

– Security Focus

I don’t believe that military force is the equivalent action for a cyber attack. Arrest and/or apprehension is the physical response necessary for criminal hackers attacking from other countries. Cyber counter-attacks are the correct response for government funded & coordinated attacks.

I think if the U.S. reciprocates a cyber attack x10 when other countries are playing little games, we’d get our message across effectively. We should do so in a well funded and covert way in which the enemy has NO DOUBT that the face slap came from a U.S, hand, but no proof at all allowing plausible deniability. It should be black Ops hacks, very well coordinated, very well funded and full time.

I don’t think the US can be complacent or wrecklessly meek in matters of cyber warfare. Instead, it must be fair, quiet and heavy handed when it comes to one of its most valuable asset, information.

Everyone seems to have a crew there. All loners I meet are to paranoid to talk to anyone. So I end up going from lecture to lecture alone. Don’t get me wrong. I like learning new things.. But too often I feel like it was something I could have just watched on TV (if it was on TV). I want to get more involved, but I don’t have skills or the time to dedicate to another mega hobby like Hacking.

So I thought about rolling out with DC719 (my local defcon group), but I’ve yet to find them. dc719.org seems to have not paid their bill or something. I heard they are all crazy gun nuts, which I think is pretty awesome. Guns and hacking seems like my kind of crowd. Strange, huh?

Anyway, dc719.. if your out there hit me up .. I might want to roll with you guys [or at least say hi]. elamb[dot]security[at]gmail.com

Octavia Nasr | BIO
CNN senior editor for Arab affairs

A hacking war is raging on Jihadi websites. Radical Islamist sites have been attacking and getting attacked for quite some time. The website hacking practice was common in 2001 and 2002… Following the 9/11 attacks when al Qaeda used only one website to communicate its messages to supporters and foes alike. That website was called alneda.com. It was getting constantly hacked… sometimes several hackings a day. After every hacking the site managed to resurface on the net until it disappeared from the scene in 2004 to be replaced by other websites — What started as one al Qaeda-linked site mushroomed into dozens which branched out into hundreds of supporting sites that serve as dissemination centers over the internet.

More.

I’m hope my corporate master will let me go to the Blackhat and Defcon training/convention this year. I doubt it since “Massa” Corporate isn’t in the business of giving out anything that the gubment hasn’t paid for. Then again… they did offer to pay my way through a Masters degree program provided I stay with them for the entire time. Over all, they are not a bad lot… I’ve dealt with much worse that is for certain.

If I go to BlackHat 2008, I’ll probably attend Security Horizons, NSA Information Assurance Management course.

I was hoping to snatch it up for $3. To my surprise, it is over 200 duckets! The hell with that.

Tags: schneier, defcon

The counter to this is to NEVER login at open networks (particularly the blackhat and for the love of all things holy and good NEVER login without encryption at the defcon)

td daily – gmail hack @ blackhat

Tags: gmail, hack

This is the number of possible IPv6 numbers that are possible:
340,282,366,920,938,463,463,374,607,431,768,211,456

2^128=340,282,366,920,938,463,463,374,607,431,768,211,456 = 3.4×10^38
– 50 octillion addresses for each of the 6.5 Billion people on earth
– Every atom in the human body could have IPv6 address
– Windshield wipers on your car may have and IPv6 address (every device can be “pingable”)

Pros and Cons of IPv6:

CON
• Lack of migration plan
• Definition of “compliance”? (dod)
• Long address (2001:0000:1080:8c88:8:800:200C:417A)
• Security issues

• No tools to check IPv6 packets, so this exploit has no way to be stopped yet
– Windows XP supports IPv6 but the SP2 firewall would not detect rogue data inside ICMPv6 packets

PRO
• ipv6 for everything
• Japan already on top of it
• Help countries like China and India