USB Condoms

1.   Ever heard of this term : USB CONDOM..first as I read about this though like some tech humour but it was not...it was for real.This device prevents accidental data exchange when device is plugged into someone else’s computer or a public charging station. This is achieved by blocking the data pins on any USB cable and allowing only power to flow through. This minimizes opportunities to steal your data or install malware on your mobile device.

2.  As I read this ,the term became ok :-) to discuss around in my blog here.So the basic Juicejacking attack becomes null and void by the use of a USB Condom.

"The simple board at its core carries only the current from the outside pins on a USB connector — which pass along the 5V needed to charge. The middle pins that would normally transmit data can’t, as there’s no circuitry to do so on the Condom. You’ll be able to confidently charge in public as long as you’ve got your USB Condom handy, safe in the knowledge that no juice jacker is going to mess with your precious device." from : http://www.geek.com

FLIRT BOTS

1.   I am sure most of you at at some point of time in your cyber surfing would have come across chat/messenging softwares like MSN or yahoo to mention a few....now although pretty old for the regular security guys, but thought of mentioning it here in my blog of how many of us succumb to the meanly desires of hackers via FLIRT BOTS.....u heard it correctly they are known as FLIRT BOTS.... 

2.  Here's how Flirt Bots work:

- The Bot strikes up a conversation in a chat room

- The Bots use a series of easily configurable "dialogue scenarios" with pre-programmed questions and discussion topics to compile a report on every person it meets

E.g.: ilovyou@yahoo.com says: "hey, whats up?" and further to this conversation they are invited to visit a website which could be used for any variety of malicious activity.

E.g.: ilovyou@yahoo.com says: "Ok go to http://??????.??/?????? and accept the invite on the page baby"

3.   In this case the victim is sent to a website "?????????.com" and is asked to provide personal information including credit card details in order to view the "webcam."

4.   The site can be used for many things - to host malicious downloads, or to try to sell you Fake AntiVirus software. The URL can do and host whatever the "bot master" specifies it to be .Frequently cyber-criminals collect a database of personal information and sell it to the highest bidder or anyone who will pay

5.   These "Flirt Bots", were first reported as a proof of concept(Evidence that demonstrates that a business model or idea is feasible.) by PC Tools in 2007.Thanks http://www.pctools.com

OPERATION CISCO RAIDER

1.   Counterfeiting is not new....since we were born we have been seeing dupli's and counterfiets of Reebok,nike,hmv etc...the list is actually endless....this endless list is now augmented with IT inventory....to cite you an example which has rocked the nations across is about OPERATION CISCO RAIDER.

2.    Relevant original EXTRACT FROM http://www.coastnetwork.com is produced below : 

" Cisco made a decision a decade ago to manufacture product in China as a way of cutting production costs. A great deal of Cisco manufacturing is now done overseas, specifically in China. What has happened is that many of the companies that do the outsourcing for Cisco now run an extra shift and sell the now counterfeit hardware out the back door. After all, they have the manufacturing capability, the expertise and the full blessing of Cisco. The result? More and more counterfeit Cisco hardware is now showing up on American shores. Part of the problem is that China does not have strong intellectual property protection laws. This is a situation that Cisco and many other companies are still struggling to solve and one that does not promise to be resolved soon.

Warning signs of a possible counterfeited item:

If you are getting discounts of 40-55% off the list price for brand new hardware, i.e. sealed boxes, then it is a red flag. The largest of Cisco’s customers – the Bank of Americas, Ford Motor Company, United Airlines, AT&T, etc. get these discounts. You don’t. If it is any consolation, even dealers do not get the top corporate discounts.       

While it is flattering and tempting to receive big discounts for new Cisco hardware, it is also unrealistic and should be treated with the utmost caution. 

Ask what the retail price is and compare it to the price you are being quoted. If you are getting a 15-25% discount from the list price for new/sealed hardware, then you are being quoted a fair and realistic price. Expect a reasonable discount, however; too big a discount often spells trouble.

Another sign to be aware of is the receipt of unsolicited email from unknown dealers offering you Cisco hardware at very good prices. This warning is doubly true if the email or company originates from mainland China.

3.     Thanks http://www.coastnetwork.com/counterfeitcisco