Operation n

Here’s six of the best from Marcus Ranum

1. Default Permit
2. Enumerating Badness (should only track the good things)
3. Penetrate and Patch
4. Hacking is Cool
5. Educating Users
6. Action is Better Than Inaction

Something that should have posted at the end of last year, it’s the top 10 security stories from 2007, well according to silicon anyways…

1. Missing: 25 million child benefit records
2. Q&A: Bruce Schneier, CTO of BT Counterpane
3. Top 10 weird data disasters
4. Police: There’s no piggybacking crackdown
5. ID cards will be secure, insists Home Office
6. Full Disclosure - silicon.com launches data breaches campaign
7. Nasa hacker granted Law Lords appeal
8. Businesses call for police cyber crime unit
9. Cyber criminals turn pro
10. Warning over ‘Storm Worm’ email

Another top 10 that maybe advisable to see is the skills stories top 10

The weirdest data disasters… It’s a bit like when I was in school and my cat ate my homework… really it did happen! This is courtesy of silicon

10. All in a spin: A customer who told engineers she had ‘washed away all her data’ after putting a USB stick through a cycle in her washing machine.
9. Feeding time: A father who, while feeding his baby daughter, forgot about the USB stick in his top pocket. As he leant over the high-chair the device fell into a dish of apple puree.
8. Row, row your boat: A fisherman took his laptop in his rowing boat. Both he and the laptop went overboard, taking all his data to the bottom of a lake.
7. Honeymoon hell: One wedding photographer overwrote the photos of one wedding with another event - and needed to escape the wrath of the newly weds.
6. Melting point: During an experiment, a scientist spilt acid on an external hard drive and burnt away his important data.
5. Shattering blow: In the middle of an argument, a businessman threw a USB stick at his partner, with the device ending up in several pieces on the floor. Unfortunately it contained valuable company plans.
4. Fire alarm: A fire destroyed an office, sparing only a few CDs which had melted to the inside of their cases.
3. Ooooops: A scientist was fed up with his hard drive squeaking, so drilled a hole through the casing and poured in oil - which stopped both the squeaking and the hard drive.
2. Here goes…: To test the functionality of a parachute, a camera was dropped from a plane. The parachute failed and the camera shattered into several pieces but the device’s memory stick was reassembled and the footage was recovered.

And the number one weird and wonderful data disaster is…
1. Data repellent: After discovering ants had taken up residence in his external hard drive, a photographer took the cover off and sprayed the interior with insect repellent. The ants were killed off and the data was eventually recovered.

All the hardware on the list was recovered, the company said.

Here’s a post from the popular ISC Sans Diary about declares, fetches, execs and system objects in SQL server that can be used in SQL injection

It looks like everyone is jumping on the home router attacks bandwagon. Zulfikar Ramzan restates his definition of drive-by pharming where it “It allows attackers to create a Web page that, simply when viewed, results in substantive configuration changes to your home broadband router or wireless access point.” There are some examples in there including attacks against the standard router used in Mexico. A combination of flaws in the router allow the reconfiguration of the router to point to a rogue DNS server, which can point to a popular/trusted website to an ip address of host of an attacker. All this comes with the recent findings that the BT home hubs had an authentication bypass vulnerability (requiring an user to click a malicious link) found by gnucitizen.