Security experts view Black Hat as the premier event to discuss and explore Internet vulnerabilities. At this year’s event, Michael Lynn, a member of ISS’ X-Force R&D team, gave a talk Wednesday on vulnerabilities in Cisco’s IOS, but he did so only after resigning from ISS, according to a company spokesperson.

Lynn is MemeStreams user abaddon.

Cisco’s statement added that Lynn’s presentation was not a disclosure of a new vulnerability or a flaw with Cisco IOS software, but an exploration of “ways to expand exploitations of existing security vulnerabilities impacting routers.”

Cisco PR is spinning at top speed right now. Lynn did infact demonstrate the remote injection of shellcode to a Cisco router. Lynn is able to make a Cisco router connect back to his attack host with an enable shell. For those unfamilar with Cisco routers, that basically means its possible to hack the router and get full control of it. This is not a DoS attack. This is a full on compromise.

This is basically the bug that could be used to take down the Internet. No bullshit.

Abaddon Drops The Bomb on Cisco

News.com laments the passing of Phrack.

Pete Simpson, ThreatLab manager at security company Clearswift, said he is very surprised to see Phrack disappear. He added that a world without the journal is actually less secure.

"Phrack's visibility was a blessing in disguise, pretty much in the same way as the Full Disclosure community," Simpson said, referring to the unmoderated Full Disclosure forum for disclosure of security information.

The 63rd and final edition of Phrack will come out as a hardback collectors copy and will be available to attendees at the DefCon conference in Las Vegas between July 29 and 31, as well as at the What The Hack conference in the Netherlands from July 28 to 31.

Long-lived hacker mag shuts down | CNET News.com

The random chatter of several hundred Microsoft engineers filled the cavernous executive briefing center recently at the company's sprawling campus outside Seattle.

Within minutes after their meeting was convened, however, the hall became hushed. Hackers had successfully lured a Windows laptop onto a malicious wireless network.

"It was just silent," said Stephen Toulouse, a program manager in Microsoft's security unit. "You couldn't hear anybody breathe."

Matt Thomlinson, whose job it is to help make Microsoft engineers create more secure code, noticed that some of the engineers were turning red, becoming obviously angry at the demo hacking incident. Yet as painful as the lesson was, he was glad to see the crowd of engineers taking things personally.

Microsoft meets the hackers | CNET News.com

MemeStreams user (and good friend) Dagmar is currently under FBI investigation due to some mysterious systems break in at the university he works. Click through to read his story about it.

He says he didn't do anything, and I believe him.. Its not out of the norm for the feds to vet anyone who has ever been associated with the word "hacker" when an intrusion takes place where they work. Happens all the time. Friends here in the south-eastern security scene have often joked that somewhere the FBI keeps a list of us all, which it refers to and updates regularly. I expect this will be resolved quickly, and have either an amusing or positive outcome. If it doesn't, I guess we just have to make a big stink over it. We've done that before too..

Yesterday's Nightmare (Dagmar's, not mine)

A London man described as the "world's biggest computer hacker" has been arrested.

Biggest? Does that mean he is fat or something?

The unemployed former computer engineer is accused of causing the US government $1billion of damage by breaking into its most secure computers at the Pentagon and Nasa. He is likely to be extradited to America to face eight counts of computer crime in 14 states and could be jailed for 70 years.

Most of the alleged hacking took place in 2001 and 2002. At one stage the US thought it was the work of the al Qaeda terror network.

Nope, he's not Al-Qaeda.. Keeping that in mind, here is where it gets amusing:

Friends said that he broke into the networks from his home computer to try to prove his theory that the US was covering up the existence of UFOs.

Friends said he was desperate to prove that the Americans had mounted a huge cover-up to deny his belief that aliens had visited earth.

"He's been interested in UFOs for some time and believes the Americans are holding back information - although he didn't find any proof."

"The truth is out there."

'World's biggest computer hacker' attempts to break into The X-Files

What follows is an overview of what's happening on the Internet right now, and what we expect to happen in the coming months.

I admire Schneier and all, but this article is a piece of self-serving shit.

We expect to see ever-more-complex worms and viruses in the wild

We expect to see more blended threats: exploit code that combines malicious code with vulnerabilities in order to launch an attack. We expect Microsoft's IIS (Internet Information Services) Web server to continue to be an attractive target

[Worms targeted at a specific entity] are another trend we're starting to see.

We expect to see more attacks against financial institutions, as criminals look for new ways to commit fraud. [...]

We also expect to see more politically motivated hacking, whether against countries, companies in "political" industries (petrochemicals, pharmaceuticals, etc.), or political organizations

Well, I predict that people will continue to make obvious predictions. These predictions (with slight modifications) could apply to any of the last 10-15 years or so.

Schneier on Security: Attack Trends

"The wave of the future is getting inside these groups, developing intelligence, and taking them down."

Today's cybercrooks are becoming ever more tightly organized. Like the Mafia, hacker groups have virtual godfathers to map strategy, capos to issue orders, and soldiers to do the dirty work. Their omertà, or vow of silence, is made easier by the anonymity of the Web. And like legit businesses, they're going global. The ShadowCrew allegedly had 4,000 members operating worldwide -- including Americans, Brazilians, Britons, Russians, and Spaniards. "Organized crime has realized what it can do on the street, it can do in cyberspace," says Peter G. Allor, a former Green Beret who heads the intelligence team at Internet Security Systems Inc. in Atlanta.

The bust yielded of ShadowCrew a treasure trove of evidence. "We will be arresting people for months and months and months," says the Secret Service.

Hacker Hunters

] The incident seemed alarming enough: a breach of a Cisco
] Systems network in which an intruder seized programming
] instructions for many of the computers that control the
] flow of the Internet.
]
] Now federal officials and computer security investigators
] have acknowledged that the Cisco break-in last year was
] only part of a more extensive operation - involving a single
] intruder or a small band, apparently based in Europe - in
] which thousands of computer systems were similarly penetrated.

] As the attacks were first noted in April 2004, a
] researcher at the University of California, Berkeley,
] found that her own computer had been invaded. The
] researcher, Wren Montgomery, began to receive taunting
] e-mail messages from someone going by the name Stakkato -
] now believed by the authorities to have been the primary
] intruder - who also boasted of breaking in to computers
] at military installations.
]
] "Patuxent River totally closed their networks," he wrote
] in a message sent that month, referring to the Patuxent
] River Naval Air Station in Maryland. "They freaked out
] when I said I stole F-18 blueprints."

NYT| Intruder Attack on Computer Net Is Called Broad

] The U.S. military has assembled the world's most
] formidable hacker posse: a super-secret,
] multimillion-dollar weapons program that may be ready to
] launch bloodless cyberwar against enemy networks -- from
] electric grids to telephone nets.
]
] The group's existence was revealed during a U.S. Senate
] Armed Services Committee hearing last month. Military
] leaders from U.S. Strategic Command, or Stratcom,
] disclosed the existence of a unit called the Joint
] Functional Component Command for Network Warfare, or
] JFCCNW.
]
] In simple terms and sans any military jargon, the unit
] could best be described as the world's most formidable
] hacker posse. Ever.

] "I've got to tell you we spend more time on the computer
] network attack business than we do on computer network
] defense because so many people at very high levels are
] interested," said former CNA commander, Air Force Maj.
] Gen. John Bradley, during a speech at a 2002 Association
] of Old Crows conference. The group is the leading think
] tank on information and electronic warfare.

Script soldiers?

Wired News: U.S. Military's Elite Hacker Crew

] I'm Stratton, the CEO. This is a picture of me on the
] left. Nice tie eh?

IDN spoofing Verisign parody example