Powershell Ping Sweep
I’m a HUGE fan of powershell!  I’m definitely not a master at it, but I can definitely get around with it.  If you don’t know much about powershell or how to use it – this would be a good introduction!  The blog entry at securitywhole.com deconstructs the powershell command for a very helpful ping sweep.  Make sure to check their blog often – the next post over there is going to be the powershell version of nslookup and brute-force reverse DNS lookup!

Bank Sues Google After Email is Sent with Sensitive Info to Wrong Address
I’m not going to lie – I’m not a huge fan of Wired.  However, when I read this story it make me chuckle a bit.  Brief summary: bank employee sends an email with sensitive information unencrypted (information that isn’t supposed to sent in the first place) – employee realizes that it’s going to the wrong address – employee tries to contact email owner – employee receives no answer – Bank sues Google to try and get information about the owner of the email address.  Oh, they’re also asking the court that the information be under seal so that the information isn’t disclosed.  Since a good part of my life revolves around compalince, it just leaves me saying that if you’re going to send confidential information: encrypt it!  In this case, don’t send information that isn’t supposed to be leaving the confines of the office in the first place!

The current course is being offered as donation-only.  So, if you take the course and you like what you learned – make a donation to help a great cause!  There’s going to be a video/PDF version of this as well in the future, but it’s currently being held back until MSF v3.3.

@Jabra just released this video showcasing all of the new features in BeEF 0.4 – check it out!

HITECH Act Encryption Loophole
The HITECH Act (as well as PCI-DSS) has consumed my time (read: overtaken my life) for quite some time now, so it’s no surprise that I bring up things from this from time to time.  The Register talks about how the Act states that if an organization utilizes encryption (mainly at a disk-level), they’re under no obligation to report a breach to their clients – essentially giving these companies a ‘get out of jail free’ card if a breach were to happen.  Just because you can encrypt your data doesn’t mean you shouldn’t be held liable for a breach of information!

Other Fun Tidbits:

• PBS Website Compromised – Used to Serve Malware
• Exotic Liability Podcast Ep. 34 (social-engineer.org special) is OUT!
• New PaulDotCom recording tonight with special guest: ethicalhack3r!

• The monthly newsletter that’s going to contain “tips and tricks on Social Engineering, Deception Detection, Influence, Neuro Lingusitic Programming, Interviews, tactics, skill enhancers and early bird announcements on some very important industry related items.”
• The Resources page that contains helpful tutorial videos and tools
• Most importantly, the Framework – this contains the newest and most innovative information regarding social engineering and is constantly growing thanks to the contributors to the site

Sharing Files Over SocNets??
Ever wanted to share files on your hard drive with people on Twitter and Facebook? NOW YOU CAN! This gets filed in the ‘Are You $#%&ing Kidding Me!?’ category.  From what I’ve read, the PogoPlug device sits on your external USB hard drive and allows you to share whatever resides on that drive.  Can you say P2P via SocNets??  I have a feeling that maybe @Agent0x0 will take this a bit further at some point (I hope, I hope, I hope!)?

New Security Tools Released by Microsoft
HelpNet Security released a quick blurb about the Software Development Lifecycle team at MS releasing two new tools: BinScope Binary Analyzer and MiniFuzz File Fuzzer.  Both I believe are pretty self-explanatory.

Securabit Live Podcast Tonight!
The good folks at Securabit are doing a live podcast tonight (actually…it’s right now) with their special guest: Paul Asadorian from PaulDotCom.com!  Take a listen and learn a thing or two!

According to previous posts by Offensive Security, there will be a free version which will include the PDF and offline labs.  However, if you want to become an OSMP (Offensive Security Metasploit Professional), you’ll need to purchase the videos for a small fee.  All proceeds are going towards a great cause: Hackers for Charity!  If you don’t know about HFC, click on that link and check out Johnny Long’s story!  More preliminary info about MSF Unleashed can be found in this entry on Offensive Security’s blog.

I enjoy the work I do. I enjoy the work that I do outside of work even more. I want to look back and say that I kicked much ass and I took many-a-name in regards to my work. I’m not saying that a blog is going to really change a whole lot, but I’m hoping that it’ll be another place where I can post my thoughts, projects, rants, etc. and get some feedback from my fellow geeks that’s longer than 140 characters! Also, if I get to educate/help a person or three along the way – that’d be swell.