beyond security’s besirt just released this document, detailing one of the
recent cyber-terrorism defacement attacks on pro-israeli servers by team
evil, following the political tensions in gaza, with:

*. tech details.
*. log of the incident response team, detailing the experience.
*. some conclusions and lessons-learned.

you can find the document here:
http://www.beyondsecurity.com/besirt/advisories/team-evil-incident.pdf

gadi evron,
ge@beyondsecurity.com.

A security consultant working for the FBI, got a hold of Robert Mueller’s password because he, and I quote: “[he wanted] avoid bureaucratic obstacles and better help the FBI install its new computer system”. Good thing for Robert, now he no longer has to remember that pesky password, he can call Joseph Thomas Colon – the consultant – and ask him what is password is.. I comic strip in the making (hint hint).

Human history is marked with many years that caused people to fear from the unknown, just because it is unknown…
You may think that we have learn by now that we must know things in order to use and trust them …

Well I read a small advisory about NTFS Data Stream.

For those of you that do not know, data streams allow users to set file properties that can store any amount of data, and can be accessed only when you know the name of that stream.

When using a Data stream of NTFS , the original file size or content is not effected, so in fact, I can hide information from other users, that do not know what are the names of the file custom properties.

Yea this issue is very very old, we at SecuriTeam reported it back in 1998. So why is it, that still most AntiVirus out there do not scan these sections ?

Why I can still bypass Quota settings, and evade other users ?
While Microsoft have made a long road from not caring about security issues, to actually fix them, they still do not touch the “by design” security risks, just like when the WMF gate has merged. Now a very old issue is raising again.

So, now it’s time for us to see if Microsoft will wait for a new highly contiguous worm. or we shell see Redmond taking a nice marketing step and fix this by design issue prior to that…

According to research, recently conducted by Radicati Group, every 20th corporate worker at least once used email to send information classified as corporate sensitive or even as commercial secret. Among with it every 2 out of 3 workers use personal email boxes such as publicly available web mail services to exchange corporate information.

Public email services are not always secure as corporate email. Insufficient privacy policies of those services make its use for corporative data illegitimate.

“We reserve the right to transfer your personal information in the event of a transfer of ownership of XXXX, …. ” sounds familiar ?