Funtime Xtreme

Google has finally done something worth while with it’s Google Voice application. While you could always use it as a sort of ring everywhere primary phone number, who do we know that actually does that? I use my GV number for my resume because I can set it to do certain things. I also use it when selling stuff on Craigslist because then numbers and VMs are stored online for me to access later on. But now you can use GV to voice/video chat with people through your computer Skype style…only its free for any numbers in the US and Canada. Hell yes. I need to try this out ASAP.

Check out Lifehacker’s post on this, and there included video showing how it works.

Gmail Integrates with Google Voice for Free Calls from Your Inbox (Updated) [Lifehacker]

It has been reported, and verified, that multiple web-mail service providers have been compromised and tens of thousands of usernames and passwords have been leaked. Services compromised included Yahoo! Mail, Gmail, Hotmail (to included MSN Mail and Live.com mail), AOL Mail, and others. It is highly recommended that anybody actively using one of these services change their passwords IMMEDIATELY. Let me know in the comments if you have any questions.

References:
Time to change your hotmail/gmail/yahoo password
Tens Of Thousands of Email Usernames and Passwords Posted Online By Phishers
Gmail, AOL, Yahoo! all hit by webmail phishing scam

It all started 40 years ago today, when a couple of computers were connected by a long gray cable in order to pass some data. The experiment was funded by the Advanced Projects Research Agency (ARPA) and the project was called the ARPANET. By the end of the year, four sites were connected. Today it’s hundreds of millions of computers and we call it the Internet.
National Geographic has a story and some video here.
Wikipedia has a nice timeline for the ARPANET here.

That is the question. I got offered a position working back out in Kuwait doing Information Security, much like I am now, but I’m not sure if I should take it or not. A lot of people are telling me I should go, and it would definitely be a great opportunity for me, but I’m just not sure. The pay would of course be big, and it would be huge for my career (working with new tools, senior level position, ability to further education through certs and college) but I’ve gained a lot since I came back to the states and am not sure I really want to give all that up. I will be making my decision today as the offer expires at COB (close of business) today, so I will update the blog tomorrow with my final decision. Any ideas, thoughts, or comments feel free to let me know in the comments section.

I know how much you guys love your PDF files out there, so be sure to check this out.

A critical vulnerability has been discovered in the JavaScript handling within Adobe Reader and Acrobat versions 9.1 and earlier. According to the announcement, Adobe expects to make available Windows updates for Adobe Reader/Acrobat versions 9.X, 8.X, and 7.X, Macintosh updates for Adobe Reader/Acrobat versions 9.X and 8.X, as well as Adobe Reader for Unix versions 9.X and 8.X, by May 12th, 2009.

In the meantime, disable JavaScript in Reader and Acrobat by performing the following:

1. Launch Acrobat or Adobe Reader.
2. Select Edit > Preferences
3. Select the JavaScript Category
4. Uncheck the ‘Enable Acrobat JavaScript’ option
5. Click OK

That should disable the JavaScrpt functionality of Adobe products until the patch is pushed out next Tuesday…which also happens to be Microsoft patch Tuesday so I’m sure there will be a handful of Important/Critical patches to be installed on the 12th. Yea to M$ products! Lol

So in my job, I deal with a lot of different issues having to do with information security. This facebook phishing attack has been hitting lately and popped up on some of the security blogs I read.

This Phishing attack is an email that has the subject “Hello”  (First off, if you receive an email that has a subject of “Hello”, and that’s all…  immediately suspect for nonsense.)

The phishing attack with read something like “”YOURFRIEND” sent you a message” with a link to go click on and read what your “friend” wrote.

The link instead sends you off to fbaction.net (Don’t go there.)  Where the page looks like the Facebook login page and they are hoping you will type in your credentials.  Farily simple phish, so keep your eyes open.

There you have it. Beware of fbaction.net because it is NOT the real facebook site.

Facebook Phishing attack — Don’t go to fbaction.net [SANS ISC]