Raesene's Ramblings

Bluetooth adverts spark virus fears - vnunet.com
Story discussing a new advertising technique whereby content is transmitted directly to bluetooth phones, and pointing out the risks of getting users in the habit of accepting content beamed to them.
The comments from the company making the advertising mechanism are interesting. They seem to be saying it's ok because their campaigns only contain music and video and not applications, and that users should never install unrecognised applications...
To me this seems either a bit naive. If you look at the PC market, you see exploits where malicious code pretending to be music or video files can be executed due to vulnerabilities in media players. Also you're relying on users to be able to tell the difference, and spyware makers have proven very good at getting people to believe that their content is not an "unrecognised application" in order to get installed....

ISO 17799 and BS7799 User Group
A useful source of information about 17799.

BBC NEWS | Technology | Tracking a suspect by mobile phone
A decent description of the ease with which people can be tracked, based on their mobile phones. In this case used to track down a terrorist suspect.
Also describes potential methods of phone tapping used by the police.

How a Bookmaker and a Whiz Kid Took On an Extortionist and Won - CSO Magazine - May 2005
The story recounts the efforts of one company to resist an extortion attempt based on DDoS of the targets website. This seems to be an increasing trend at the moment, and is additional evidence that the worm and virus writers we'll be seeing in the future won't be kids looking for kudos on IRC, but professionals who view compromised systems as a resource to be used, in this case, for criminal ends.

The Musings of Harry: Let's not loose our heads
This is a very interesting post. "Harry" has done some work looking at the number of deaths from terrorism as opposed to other causes, in the UK and asks some questions about the level of emphasis and spending on those topics.
It's pretty obvious that a lot of this is based on the shock effect and media coverage. If you take heart disease as an example.. what sort of coverage do the 110,000 people who died in the UK of preventable heart disease, get... compared with the coverage of the London bombings...
Also if you think about it, if the governments goal was preventing the deaths of UK citizens, would they not be better legislating to ban (not just get rid of direct advertising for) unhealthy foods and cigarettes, instead of passing legislation which has a dubious effect, at best, on terrorism....

Nitesh Dhanjani
Post about using ToR to launch attacks (or in this case vulnerability scanners). Using this it appears that you can be more or less anonymous on the Internet, at a network level anyway. Only the entry point to the ToR network will know the origin of your traffic. Of course if you get to the site and put in identifiable information about yourself, that would somewhat defeat the purpose ;op
Of course it would be probably be possible to reconstruct traffic if you could grab the whole ToR network... but unless you're wanted by governmental agencies.. that shouldn't be a problem!
One thing though. I wonder whether we'll see cases of uninformed courts trying to press charges against the exit points of networks like ToR as they will be what turns up in the logs of destination web servers....

Building Secure Wireless Networks @ LinuxWorld
Good articles from the guys who wrote Wi-Foo on some tools to help build secure wireless networks.

There's a great presentation on Web Application Security Testing tools over at OWASP . It breaks the available tools down into sensible categories and also has some quite comprehensive lists of available tools for each category.

EclipsePlugins : ratings for the EPIC - Eclipse Perl Integration Eclipse plugin (Languages)
I've been looking for a free perl IDE for a while now, to help my infrequent programming efforts. This seems to work quite well with eclipse....

SABRE Security
An interesting demo of a MS patch being reversed engineered to make creation of an exploit simple.
This shows an good reason for installing any security patches as soon as possible.....