http://blog.phishme.com Internet Security Professionals comment on innovative phishing ploys, social engineering techniques, and the latest hacks. Bashing or bowing to the latest and greatest news in the security community. Keep up to speed with what phishers, hackers, and spammers are doing or just listen in on the latest geek rants. PhishMe is your one stop blog for the latest in anti-phishing and security news. Mon, 05 May 2008 17:06:27 +0000 http://backend.userland.com/rss092 en Most vulnerability scanners will allow you to configure an exception list. If an organization has an internal vulnerability scanning program in place they are probably aware of a few troublesome systems that don’t respond well to poking and prodding.  (That ancient VAX, those Dell DRACs, that crazy plotter, etc…) It’s not ... http://blog.phishme.com/2008/05/peer-guardian-for-internal-penetration-tests/ In past years I never attended the RSA conference; it always came across as too much of a vendor show to me. This year I didn't think I would go, until rsnake convinced me otherwise. So I bought myself an Expo Only pass. I had a lot of fun, meeting ... http://blog.phishme.com/2008/04/rsa-conference-circus-of-vendors/ A lot of web applications use port 80 and 443, but don't necessarily speak HTTP or live inside a web browser. Many of these web apps utilize rich content and compiled code, such as Flash/ActiveX/Java, that have the ability to open their own TCP sockets to remote servers, by-passing the ... http://blog.phishme.com/2008/04/mitm-tcp-tools/ At this year’s RSA conference Ira Winkler went on to tell the audience about hacking into an energy company (via an authorized penetration test) using a targeted phishing email. Details are in this networkwold article: http://www.networkworld.com/news/2008/040908-rsa-hack-power-grid.html “The penetration team started by tapping into distribution lists for SCADA user groups, where ... http://blog.phishme.com/2008/04/scada-hacking-what-if-they-used-phishmecom/ On Friday afternoon, I headed off to the airport for a trip to Chicago to visit a friend. I should have checked the flight status, because it turns out my flight was canceled. All other flights to Chicago were on time, and full. The über-helpful lady at Continental advised me ... http://blog.phishme.com/2008/04/pwn3d-by-the-ts/ I’ve been mouthing off about the much anticipated arrival of my new EEE PC, and when it arrived at work for its glorious unboxing, my wonderful co-workers were ready to own me with a samba exploit -locked and loaded. Reference: ASUS Eee PC rooted out of the box That’s what ... http://blog.phishme.com/2008/04/asus-eee-pc-samba-security-updates/ What is http://port139online.com:139/ ? Port139online.com:139/ IS a website Port139online.com:139/ IS a protocol Port139online.com:139/ IS a service (a service that tells you if your ISP is providing a tampered, filtered, limited, and incomplete service.) I started port139online.com:139 to annoy the tech support agents at Cox Communications. I subscribed to their ... http://blog.phishme.com/2008/02/bold-face-lie-in-a-clash-at-fcc-hearing-port139onlinecom139/ Someone beat us to the shmooball launcher.  It's probably for the best since we were going to order parts from this company. We heard ambulances only take 180 seconds to get to the hotel. The presentations were very hit or miss this year, with unfortunately a bit more of the latter.  ... http://blog.phishme.com/2008/02/shmoocon-2008-wrap-up-the-non-moose-stuff/ Intrepidusgroup had a good time at shmoocon this year.  Jaime and I would like to thank those that came to our presentation on Saturday to learn a little bit about the history of Internet service providers changing the Internet on us when it doesn’t fit their business model. After seeing ... http://blog.phishme.com/2008/02/shmoocon-2008-wrap-up-forced-internet-condom/ I just got back from The Credit Union Information Security Professionals Association 3rd annual National event in Austin Texas where Rohyt and I were talking to the folks about www.PhishMe.com. I have never attended a CUISPA event before and welcomed the opportunity. It was refreshing to see this industry work ... http://blog.phishme.com/2008/02/whitepaper-the-state-of-information-security-2008/