Yeah, right. Security on MySpace. The place *filled* with blindingly hideous profile pages, tons of women that are 'just looking for a good time', and phishing scams has never made me feel good about submitting any form data. It seems that others are not so worried though, here is a page that details a leak of 40,000 MySpace passwords and even tells you the frequency of the most commonly used passwords and what they actually are. Of course, it doesn't give you any usernames to go along with them but it wouldn't be hard for a devious individual to try some. Please, if you use MySpace and don't want your account to get hacked (again), go look. If you're using one of the passwords, or even one that's kinda similar, stop. Use a good password with random uppercase and lowercase letters and at least one number. And for God's sakes, don't use the same password on MySpace that you use on your banking websites or any other websites where you do financial transactions (like eBay).

As a long time lover of the hacker arts, something that has long gone neglected is the fine arts of Ascii Art. I just found this page that has some excellent Ascii Art works. Check it out Here

It should be noted that some of these images are NSFW, that is if your workplace prohibits images of nude women rendered in ASCII text.

The National Institute for Standards and Technology has a great online resource for learning about cryptography methodologies and algorithms. It covers everything from block ciphers to random number generation. A terrific resource for anyone learning about security systems and cryptographic mechanisms.

Link

There is a great post over on Security Focus detailing the methods available to hackers to bypass your IDS systems and exploit your network. While many of the basic attacks this paper covers are already addressed with Snort rules (and other IDS systems), the methods can be made more elaborate to trick your IDS rules. As a security professional, its important to understand how session splicing, fragmentation, and shellcode attacks take place and this paper underlines how each work (and a few more).

Read it Here

OK, for some reason, the CRC press let the University of Waterloo give away all the chapters in the Handbook of Applied Cryptography for free. You can still buy the book on Amazon for $85 though, so if you like the book and find it useful you should go pay for it so the author can get some cash.

This is a great resource for anyone curious about cryptography, especially those that intend on getting a career in information security. Subject covered in the book include cryptographic mathematics, public key infrastructure, hash functions and data integrity, digital signatures and much more. Really interesting (and informative) stuff, I suggest you go check it out.

Cult of the Dead Cow (cDc) released a program and website called Goolag a few weeks ago, it provides an easy front end to running well known Google Dorks (Google hack strings) against your website to see if you have any of the common vulnerabilities indexed by Google. You can also find out quite a bit about your company's organization if you know what you're doing. It includes scans for server errors, well known files that contain password information, webcams, server errors, well known vulnerable files, and alot more. Unfortunately, the only binary available right now is for Windows but us Linux users can always just fire up a virtual machine and get it to work (it might work in Wine too, with a little tweaking). Its an interesting experiment in using Google to gather information about a target (of a LEGAL penetration test or vulnerability scan).

Check it out

Johnny Long, of johnny.ihackstuff.com fame, has started a new charity foundation with his wife that enlists the aid of hackers to help with IT problems in the developing world, a place that honestly can't afford real IT guys. This is a really great thing for Johnny and the hacker community to take part in and it really does make a difference in the lives of people in various African countries.

In case you're a selfish asshole and don't have the desire to help people for the sake of help, there's something in it for you as well, especially if you need resume fodder. For each project you help complete, you are able to reference the project on your resume and you'll get a professional reference from Johnny Long on LinkedIn. For more details, watch his video on Google Video about No-Tech hacking, which really opened my eyes to some great techniques for seeing things important to security without the use of technology.

IHACKCHARITY.ORG

Defcon 15 - NoTech Hacking

The great thing about the internet is that you can access all kinds of information at the touch of your fingertips. Some of that information is being broadcast LIVE 24/7 over unsecured webcams. Given, some of them are meant to be open and available to anyone, but then again, some aren't. The great thing is, its legal to look at any of them that don't require you to login! Here's a great list of Google hacks on finding open webcams.

Hacking Internet Web Cameras @ GeniusHackers

There are a few online MD5sum crackers/search engines. They do the job for alot of md5sums but if you've got a complex password that you wanna crack, you're still better off bruteforcing it. But its still fun to throw a few hashes at it and see what it actually can get. Here are a couple:

• Rednoize
• GData
• milw0rm
• Waraxe
• Passcracking