Hackin9
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-1718 Remote Memory Corruption Vulnerability
 
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
choice: Price tag Established a new plan for simply how much you will be able to invest in PAGE RANK. PUBLICITY services could expect you'll end up being obtained some pre-agreed, given level of a lot of time in succeed mobile agreement, plus it's good to stabilize the level of you have been prepared to commit together with ADVERTISING necessities. LocationThink about how exactly quite often you prefer to converse instantly with all the firm; if and when they are found from the alternative finish within the usa, it's not going to fit the bill that you should match quite often. Last experienceResearch PUBLIC RELATIONS institutions meticulously internet to discover more about its recent clientele plus degree past experiences �?hunt for customer stories, simply because these types of signify happy buyers, plus qualifications. When it isn't really constantly required to get a company who has caused buyers with your arena prior to, this is a very good sign that they may end up being competent good enough to look at ones profile effectively. Once you have chosen probably the most guaranteeing searching persons, assemble a gathering. Perhaps you may elect to keep these things come up with a web presentation, setting out information regarding his or her's small business together with what precisely these truly feel they were able to complete to advertise your internet business. As an alternative, keep these things communicate anyone by means of the various succeed that they have carried out to get alternative clientele. Examine your press announcements in addition to be certain there're pretty in addition to free of mistakes �?if you cannot determine what they have absolutely developed, afterward not definitely will a good correspondent. Last of all, normally pick a company using staff members that you choose to look you can find as well as; you'll certainly be doing the job tightly with one of these persons, thus good regard and additionally realizing are actually extremely important. Just what To consider Inside a Compact NAVIGATION SYSTEMS NavigationIt is definitely essential that you find out what to find inside any such model remember when you are thinking about purchasing a new handheld Gsp sat nav. There are various problems that all GPS SYSTEM equipment requires then there can be extra supplies who are unnecessary nevertheless will help make a person's GPS DEVICE work with far more a good choice for your own self. Comprehending just what exactly to think about is useful to aid you to without difficulty select one of the best Gsp sat nav for yourself. Below are a few belonging to the various things to consider. A: User-friendly - All the DEVICE should also be simple and easy to work with since the expense of definitely not and then you'll possess forfeited your hard earned cash. THE GPS NAVIGATION which may be way too intricate definitely will only just anger an individual and even will not be useful to get you actually whereby it is advisable to proceed. Preferably you'll be dropped as you aren't able to discover how to efficiently succeed all the GLOBAL POSITIONING SYSTEM item. Continually make certain that this GPS DEVICE you will get commonly be installed to work with in order to you shouldn't waste products your finances as well as result in missing some time. A couple of: Touchscreen - Lots of the GPS DEVICE versions as of late currently have impression watches which means that you can actually make use of equipment. You have to ensure that useful it again towards reviews details pertaining to adequate information and facts any deasily be prepared to look at the computer screen. Two: Tone guidelines meant for information - Wt is really important to be certain there are words guidance to aid you to work with it securely the moment you will benefit from GLOBAL POSITIONING SYSTEM with your truck. Because doing so may lead you to expect to have an automobile accident do not get the one which entails anyone to check out a tv screen to find out where you stand likely. 4: Pre-loaded current atlases - If you need to be certain to aren't getting displaced you might have in order that a GPS UNIT features recent atlases which are actually pre-loaded. If for example the atlases are certainly not current then you can certainly be certain they will not provide you genuine ways. A few: Pre-programmed recent locations - For all those during an not familiar with area together with will need to buy a unique vacation spot being a eatery a DEVICE may get everyone where by you should travel. Remain for sure any spots which might be pre-programmed are usually informed so that you you shouldn't result in throwing away occasion running someplace which is not certainly, there any further. Some: Hassle-free observe suitable for you - Almost all of the TRACKING units should have whether bird's eyes observe as well as a 3D perspective. One that you end up picking is determined by this you detect much easier to look at. Historic discover the things any significant difference is without a doubt concerning such feelings to aid you to pick the best one particular suitable for you. They are crucial points to think about just before choosing whatever transportable Gps device. Undertake one self a new love as well as begin your quest at present to help you to find the correct GPS SYSTEM to work with to ensure you won't ever have displaced once again regardless of where perhaps you may journey. Things to Find out about Propane Network Lending options together with Building LoansThere really are various vendors throughout the world recommending propane gas train station fiscal loans. They then are notable for finance traders and also employees. Not too long ago, any oil retail industry market includes been through the actual most detrimental click in the event the economic climate made worse. The actual files about foreclosed at gasoline stations plus benefits outlet stores have already been the largest together with the grow through petrol fees along with the not being able financial system. Inside today there can be only some suppliers what individuals make available all of these propane gas place borrowing products. These lenders supply air network personal loans designed for petrol section, services sta, natural gas and additionally c-store. Some of these lending products are offered to help everybody who would like to obtain or perhaps revive a fabulous fuel network. Right now, availing any such financial products has grown ever more problematic due to modifying sector, challenging company binding agreement, enviromentally friendly problems and various other components that in a negative way effects the. Most of these number of businesses so, who fully understand most of these situations currently have developed extraordinary natural gas network lending options decide to satisfy the wants as well as dependence on your. christian louboutin men
 
A bug bit Gmail on Monday and almost half of the webmail service's users are experiencing email delivery delays and problems downloading attachments.
 
Oracle has hyped its new 12c database as faster and more powerful than ones that have come before, and now it's highlighting the release's ability to easily serve up multiple databases of varying size and scope according to a particular user's needs.
 
Add style and beauty to your bracelet with a handmade clasp.Making your own handmade clasps allows you to add personal style to your jewelry. Not only do they look stylish, but they add security to your bracelet. When a clasp is properly added to your bracelet you can be sure it won't fall off or get lost. The most common styles of clasps are toggle, lobster claw and magnetic. You can add clasps to chain or string bracelets. Pandora UK
 
The group trying to buy BlackBerry for $4.7 billion could break up the company, wiping out its smartphone division while preserving BlackBerry's secure network services used by large enterprises. But one analyst said he hopes that's not the case.
 
The rendezvous and docking of a commercial cargo spacecraft with the International Space Station was rescheduled for Saturday at the earliest after a software glitch prevented the docking over the weekend.
 
According to one of the fundamentals of cybersecurity, you cant secure what you dont know you have. The National Cybersecurity Center of Excellence (NCCoE) at NIST has proposed a new 'building block' that will help organizations ...
 
After nearly nine years in space, traveling 4.7 billion miles, NASA's deep space comet hunter has come to the end of its mission.
 
Microsoft last week painted Windows XP consumer and small business customers into an even smaller corner when it said it could not recommend that they upgrade to Windows 8.1, the update to Windows 8 slated to ship Oct. 18.
 

Re: Smartphone app spyware: It

by the north face sale

final choice: Price Place some cover just how much you may be able to commit to PUBLIC REALTIONS. PUBLIC REALTIONS organizations might anticipate to possibly be bought an important pre-agreed, allocated level of periods from give good results each month, and even it's good to harmony what amount that you are ready to shell out together with PUBLICITY wants. LocationThink regarding how frequently you prefer to talk right considering the agent; if and when they live on the different last part from the land, you won't what you need for one to meet up with normally. Prior experienceResearch PUBLICITY bureaus methodically on line to discover more about their particular prior prospects and also a higher level past experiences �?try to find buyer opinions, because these kinds of reveal completely satisfied clientele, together with qualifications. Though it may not be generally required to retain the services of a company with caused prospects with your industry just before, it is a good sign they can possibly be professional plenty of to undertake ones profile the right way. When you have picked essentially the most offering on the lookout prospects, plan a gathering. You would possibly prefer to keep these things complete a powerpoint presentation, setting out more knowledge about its organization together with the things they will really feel they will achieve to develop your corporation. Then again, keep these things chat an individual throughout examples of the get the job done that they have executed designed for alternative customers. Check out his or her article writing not to mention assure they are simply brief plus totally free of problems �?if you find out what which they have created, then simply not can your surgeon. At last, at all times go for a company by means of office staff for you to come to feel you'll find coupled with; you're going to be doing work accurately easy families, which means common reverence and also awareness usually are the best policy. Precisely what To discover From a Transportable GLOBAL POSITIONING SYSTEM NavigationIt is certainly essential that you realize to seek through this particular system when you're thinking about purchasing some moveable Gps device. There's lots of points that each GPS DEVICE component will need to have and after that you can find additional which have been unnecessary and yet can make your current GLOBAL POSITIONING SYSTEM employ even more for your own. Figuring out the things to discover is effective to help you simply opt for the top Navigation to suit your needs. Below are a few from the various things to take into account. A: Ease-of-use - That GPS SYSTEM should also be straightforward to work with since the expense of certainly not after that you should have misused money. ANY GPS UNIT that could be far too difficult definitely will simply just irritate you will plus probably will not be successful when traveling you will the place you might want to get. As a substitute you're sacrificed once you aren't able to discover how to appropriately give good results the actual NAVIGATION SYSTEMS appliance. Frequently make sure all the GPS DEVICE you have is to work with in order that you you should not fritter away your dollars or possibly find yourself damaged or lost scattered. Only two: Touchscreen - Almost all of the TRACKING systems at present possess contact displays which means that it is possible to develop product. You might want to ensure that used the item that will effort information and facts meant for legitimate knowledge a good deasily manage to investigate display. A couple of: Tone of voice guidelines intended for guidelines - Wt is crucial when you there is thoughts plans to aid you to do it safely and securely anytime you will definitely work with GPS UNIT in your own automobile. Since it will be able to turn you into own an injury aren't getting one entails one looking at typically the panel to view in which you are looking. Five: Pre-loaded modern road directions - If you'd like to be certain to aren't getting displaced you might have to make certain all the GLOBAL POSITIONING SYSTEM comes with updated atlases which might be definitely pre-loaded. In the event the atlases are usually not current you'll make certain they don't present you with correct recommendations. All 5: Pre-programmed new areas - While you're on an not familiar put and also desire to pinpoint a specified place as a bistro your GPS UNIT could get a person just where it is advisable to proceed. You should be positive that attractions which can be pre-programmed are generally new this means you you shouldn't finally end up squandering instance heading a place that isn't at this time there any more. Half a dozen: Suitable observe for you personally - Almost all the NAVIGATION SYSTEMS products would have sometimes a bird's eyesight watch or maybe a 3D look at. One which you ultimately choose relies on this you unearth much better to browse. Remember to gain knowledge of everything that all the big difference will be approximately all these feelings so that you can select the right just one available for you. They're an important details to consider previously choosing all moveable Gsp sat nav. Perform your body some sort of enjoy and your quest currently so its possible to choose the best DEVICE to work with so that installed receive dropped yet again wherever you will travel and leisure. What you should Be familiar with Energy Rail station Financial products together with Structure LoansThere are actually lots of suppliers worldwide selling the cost of gas sta funds. These businesses are recognized for capital retailers in addition to agents. Most recently, the particular oil store field comes with struggled this most awful click when overall economy made worse. Any data relating to property foreclosures at filling stations and also efficiency retailers have already been the best while using the increase on gasoline or diesel charges as well as the screwing up financial state. On this period you'll find not many firms that give all of these petrol train station funds. These firms deliver the cost of gas channel funds pertaining to the cost of gas train station, assistance section, propane in addition to c-store. These kind of lending options are accessible to help just about anyone who would like to select or maybe revive some propane gas stop. At this time, availing the sort of fiscal loans has grown increasingly problematic as a consequence of modifying trade, hard distributor transaction, enviromentally friendly questions as well components in which badly have an effect on the. Such small amount of businesses that have an understanding of a lot of these troubles need put together wonderful air rail station financial products decide to satisfy the really needs and even feature the. the north face sale
 
final decision: Price tag Specify some plan for just how much you may be prepared investin ADVERTISING. PUBLICITY bureaus may be ready to become taken care of some sort of pre-agreed, designated volume of numerous hours about job each month, plus you should debt just how much you might be prepared to pay utilizing your PAGE RANK necessities. LocationThink about how precisely exactly generally you aspire to talk straightaway while using the company; if and when they are generally in the many other conclude for the place, it does not what you need so you might connect quite often. Original experienceResearch PAGE RANK bureaus carefully on the internet to discover more about his or her's last prospects plus volume of working experience 锟?try to look for consumer testimonies, like all these point out fulfilled shoppers, not to mention qualifications. Whilst it is far from usually important to implement a company containing caused customers inside your segment prior to when, it's actually a good sign that they're going to end up being professional sufficiently to control your current credit account thoroughly. When you've picked some of the most ensuring exploring persons, assemble a gathering. Perhaps you may opt to keep these things build a slideshow, setting out info on your provider and also what precisely they will experience they may achieve to encourage your internet business. However, keep these things conversation a person as a result of most of the operate they've got completed with regard to alternative clientele. Analyze their own pr announcements and also make sure that they may be short as well as freed from blunders 锟?if you cannot know what they have personally composed, next not will certainly a new writer. Last but not least, constantly go for a company utilizing team that you choose to think you will get using; you're going to be doing work faithfully using these people today, consequently common dignity as well as awareness are actually unequalled. Everything that To take into account Inside a Convenient DEVICE NavigationIt can be essential that you figure out what to take into consideration for this kind of system when you find yourself wishing to purchase a good mobile Gsp sat nav. There are lots of problems that every single NAVIGATION appliance must have and next you can find additional that will be unnecessary although probably will make ones own TRACKING work with a great deal more helpful for your true self. Recognizing exactly what to consider is effective so it鈥檚 possible to readily determine the right Gsp sat nav in your case. Here are several within the various things to consider. One particular: User-friendly - The particular GPS NAVIGATION should be quick to work with simply because when it is in no way then simply you should have exhausted your hard earned money. THE GLOBAL POSITIONING SYSTEM which is at the same time intricate might solely annoy a person as well as probably will not be reliable so you can get one whereby you should turn. As a substitute you're forfeited if you aren't able to work out how to efficiently succeed any TRACKING machine. Consistently be certain that any TRACKING you will get in your own home to work with to make sure you really don't fritter away your finances or maybe wind up wasted anywhere. Not one but two: Touchscreen technology - Almost all GPS SYSTEM gadgets at the moment include feel displays as a result present operate the model. You must be sure used it all to help you advice material for the purpose of correct tips a great deasily be capable to investigate display. Three or more: Express recommendations for the purpose of instructions - Wt is really important to make certain it's tone guidelines so that you can utilize it securely once you may take advantage of NAVIGATION SYSTEMS inside your motor vehicle. While it are able to cause you to be provide an vehicle accident aren't getting engineered so involves most people to check out any filter to find what your address is intending. 3: Pre-loaded up-to-date roadmaps - You need to remember to aren't getting missing you've gotten to be certain that all the GPS NAVIGATION seems to have up-to-date roadmaps which can be definitely pre-loaded. In the event the atlases are certainly not contemporary then you can certainly make sure they don't offer you complete information. Six: Pre-programmed updated attractions - If you find yourself inside an unidentified put as well as require to look through special desired destination as a cafe the actual GPS DEVICE could get anyone exactly where you'll want to turn. Come to be positive any spots which are pre-programmed are actually current in order to you shouldn't finally end up throwin away occasion proceeding in which is not generally there now. Some: Easy check out suitable for you - Almost all the GPS UNIT appliances are going to have the bird's vision watch or perhaps a 3D check out. One which you decide is based the brains behind you get quicker to understand. Take the time to master precisely what a change is actually approximately a lot of these landscapes allowing you to pick the best an individual for everyone. These are definitely a vey important important things to take into consideration in advance of buying every easily transportable Gps device. Implement oneself a new love you should your quest presently in order to find the correct NAVIGATION to work with in order that create obtain wasted once more irrespective it's possible you'll go. Learn about Be familiar with Propane gas Section Lending options plus Engineering LoansThere usually are several suppliers on the planet offering up the cost of gas radio station financial loans. They then are recognized for finance sellers and even staff. A short time ago, all the oil list field offers dealt with your toughest attack as soon as economic climate made worse. Any information for house foreclosures for gasoline stations plus ease shops have been completely the greatest along with the escalate through energy price tags plus the not being able financial state. On today you'll find several organizations so, who provide these kind of the cost of gas rail station personal loans. These lenders provide energy network fiscal loans pertaining to the cost of gas place, support place, propane gas along with c-store. Most of these fiscal loans can be found for you to virtually anyone who would like to get or simply restore your air network. In these days, availing the sort of lending products has grown to become a growing number of very difficult as a result of replacing business, tricky company settlement, environment problems and various issues in which in a negative way result the. All these a small number of firms which know those troubles own create exclusive air radio station financial products propose to satisfy the requirements and even element ones own. michael kors outlet
 

This weekend's decisive defeat of Touch ID is the most poignant reminder yet of the significant limitations of using fingerprints, iris scans, and other physical characteristics to prove our identities to computing devices. As previously reported, a team of German hackers who have long criticized biometrics-based authentication bypassed the new iPhone feature less than 48 hours after its debut.

Many security researchers and writers, yours truly included, predicted that the ability of the high-definition scanner included in the iPhone 5S wouldn't be fooled by attacks using scanned fingerprint smudges to impersonate an already enrolled thumb or finger. It's now clear we were wrong. Hacker Starbug overcame the purported ability of Touch ID to read prints at a sub-epidermal level by using a slightly higher resolution camera to generate a cloned fingerprint. The availability of a 3D printer also seemed to help.

Some critics have castigated the technique as too difficult for the average hacker. Others have argued that the hack has little significance in the real world. They cite Apple talking points that the protection of Touch ID represents a significant improvement over what many people have now, since a large percentage of iPhone users currently use no PIN at all to lock their phones. There's some merit in this second argument, since any protection, no matter how flawed, is better than none at all. But as Rob Graham, CEO of penetration testing firm Errata Security makes clear, Starbug's technique is easy for many people to carry out.

Read 5 remaining paragraphs | Comments


    






 
[IBliss Security Advisory] Cross-site scripting ( XSS ) in Bradesco gateway wordpress plugin
 
Microsoft's second-generation Surface tablets didn't dazzle analysts on Monday, even with improved processor speeds, better cameras and longer battery life.
 
Apple today said it had sold over 9 million iPhones during the opening three-day weekend of sales, an 80% increase over last year's launch of the iPhone 5 and a record by a major margin.
 
A consortium led by Canada's Fairfax Financial Holdings has offered to acquire struggling smartphone maker BlackBerry.
 
Next year, the number of cars with wireless charging will explode as auto makers representing 30% of the world's vehicle production plan to include it in various models.
 

Firstpost

iPhone 5S TouchID Fingerprint System Hacked – That Was Quick
SiliconANGLE (blog)
It's also pretty clear that anytime such a new popular device hits the market that the infosec and hacker communities are going to try to verify just how secure that certain technology is. Count on this: the next thing the community is coming for is ...
Charlatan hijacks iPhone 5S fingerprint hack contest, fools pressZDNet

all 1,400 news articles »
 
A consortium led by Canada's Fairfax Financial Holdings has offered to acquire struggling smartphone maker BlackBerry.
 
Cisco MediaSense CVE-2013-5501 Cross Site Scripting Vulnerability
 
Cisco MediaSense CVE-2013-5500 Multiple Cross Site Scripting Vulnerabilities
 
Oracle CEO Larry Ellison, who consistently ranks among the highest paid CEOs in the U.S., took an 18% pay cut this year. His total compensation, valued at $78.4 million, is down from $96.2 million in 2012.
 
Oracle is doubling down on "big data" with a number of new products and enhancements to existing ones, in hopes that customers looking to analyze massive amounts of information for business insights will in turn invest further in Oracle.
 
Microsoft today kicked off its second attempt at cracking the tablet market, unveiling replacements for both the Surface RT and Surface Pro.
 
Java was the most targeted development platform for exploit attacks during the first half of the year, and attacks have increasingly shifted to zero-day vulnerabilities, according to F-Secure's new threat report.
 
[SECURITY] [DSA 2762-1] icedove security update
 
Re: [ANN] Struts 2.3.15.2 GA release available - security fix
 
The National Institute of Standards and Technology (NIST) has awarded more than $2 million in grants to the states of Pennsylvania and Michigan to test new online identity technologies to improve access to government services and the ...
 
BlackBerry suspended the initial rollout of BlackBerry Messenger to iPhone and Android over the weekend in another blow to the phone maker following a week of bad news.
 
The vast majority of employees who leave a company are honest, upstanding corporate citizens. But you never know when someone might leave on bad terms and then attempt to hack back into your corporate systems.
 
Linux Kernel '_xfs_buf_find()' Function NULL Pointer Dereference Denial of Service Vulnerability
 

I came across an article today that demonstrates a compromise of the new Apple 5S fingerprint reader:
http://www.theguardian.com/technology/2013/sep/22/apple-iphone-fingerprint-scanner-hacked#!
http://www.ccc.de/en/updates/2013/ccc-breaks-apple-touchid

In other words, a copy of your fingerprint is your fingerprint.  And as Johannes discussed in the first article on this (https://isc.sans.edu/forums/diary/In+Defense+of+Biometrics/16553/), the screen on your phone is one of the better fingerprint collectors out there !
For me, this brings up both sides of "the fingerprint discussion"

  • You can't change your fingerprints - once a real copy of them are compromised, they are compromised forever
  • A representation of your fingerprint is stored on the device.  So if the device is lost or stolen, this representation could be used to compromise other things, if they use the same representation of your fingerprint (ie - any other device that uses the same manufacturer's hardware).  Again, once stolen, they are stolen forever.
  • After a couple of years, you'll likely trade your phone in for a new one, and today there isn't a way to know that a wipe of the phone wipes the saved representation of your fingerprint
  • Your fingerprint may be backed up with your phone backup.  Historically, your phone's backups have been easier to pillage than your phone.
  • If your phone is damaged, you may not have a way of wiping it


On the other hand:

  • On any given day, using your fingerprint is likely MUCH more secure for you than the 4 digit code you are likely using
  • Since your phone code likely matches either your phone number or your bank code, either it's very easy to guess, or compromising it might have other unpleasent consequences for you.


There's lots of discussion on this online, I think we're still waiting on Apple to respond definitively on any of them.

Anyway, none of these arguments are new, we've been round and round on them anytime these last 10 years, since they started putting readers on laptops for login.  What's changed is that there are way more phones than there are laptops, and in most cases the 4 digit unlock code on your phone is all that protects your chequing account, your facebook, paypal, twitter and email accounts.

So, am I using my fingerprints yet?  Not on any of my laptops, but once I upgrade my 4S to the new model, it'll be awfully tempting to take the plunge - I guess I'm still thinking about it.  If Apple would implement a "fingerprint + PIN" two factor authentication solution, it'd be an easier decision.

We welcome your comments in our discussion forum (comment button below).

===============
Rob VandenBrink
Metafore

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
A personal cloud service lets you share photos, music and documents among all your devices easily and quickly, but the way that sharing happens depends on which cloud service you choose.
 
A new version of the Apache Struts development framework released Friday fixes two problems that had developers worried.
 

Admin write is good, Thanks to wonderful sharing.

dissertation ideas

 
Print this articleJewelry clasps fasten necklaces and bracelets so that they remain in place on the wearer. There are a few different types of clasps, some of which work better at securing jewelry than others. Jewelry makers choose clasps not only based on their function, but also on how they work visually with their jewelry pieces. Some clasps are easier to open and close than others, but those that are easy to handle may not be as secure, making it easy for your necklace or bracelet to slip off. Pandora charms outlet
 

In my line of work, there is a lot of uses for a random sting of text.  Things like:

  • VPN Preshared Keys
  • RADIUS or TACACS  "shared secrets"
  • Windows Service Account Passwords
  • Administrative accounts (Windows local or domain Administrator, in some cases root in *nix)

You get the picture.  Strings that you need to key once, or once per instance.  In most cases, these are strings that after creation, you don't neccesarily need to know what they are, you just need to know how to change them.

With this list of parameters, you'd think that folks would use random characters for these functions right - at least do the random keyboard walk for it?  In my experience, this is almost NEVER the case.  People try spell things - "l3tm31n", D0ntg0th3r3" and the like.  They'll use their Company name, or the street address of their organization, or some other "meaningful" string.  And after using "leet-speak" passwords, they then carefully record the password and save it to a text file, usually on the server that's using the password.  As a pentester, this is a win for me, I don't even need to crack the password, you just gave it away!  As a system administrator, this horrifies me!

So, what to do?  In the past, I've used an excel spreadsheet to generate a random string of "n" characters, selected from a set of characters that do not include the "confusing" ones (Oo01lIiL and so on).   The "randomness" was defined by how long I felt like leaning on the F9 key that day.  After creating the string, I would then try to get my client to NOT write down the string - this almost never works, but it's worth a try.

For today's story, I decided to improve on this a bit, and re-coded it in python.  This was a 5 minute script (as most of mine are), so if you see a way to improve or neaten this up in any way, please - don't be shy - use our comment form.

========================================= psk.py =========================================

from random import randint
import sys
if not (len(sys.argv) == 2):                                           # verify syntax
        print "Syntax PSK LENGTH_OF_PSK"

        exit()

rndstrlen = int(sys.argv[1])                                           # how long is the output string?
outstring=""

chars = "abcedfghjkmnpqrstuvwxyzABCDEFGHJKMNPQRSTUVWXYZ23456789"       # define the list of valid characters
charlist = list(chars)                                                 # change it to a list for lookups

numchars = len(charlist)  -1                                           # get length of string list, -1 for start from zero

for i in range (0, rndstrlen):
     c = charlist[randint(0,numchars)]                                 # pick a random char from the list
     outstring += c                                                    # append it to outstring

print outstring

==========================================================================================

Running this as "python psk 15" will create a 15 character pseudo-random string:

C:\> python psk.py 15
xnHDCcRGetuswhf

C:\> python psk.py 15
bvDJhrtRC4QMmks

C:\> python psk.py 15
nWChNxBPMVZbaDb

C:\> python psk.py 15
UXbcSm9Bk9RHTWc

C:\> python psk.py 15
uVs34MZuta9PFTk

You can change the values that are permitted to be in the string (to exclude lower case values, or to add special characters) by adding or removing characters in the "chars" string.  Changing the length of the string is as simple as changing the  value in the command line option:

C:> python psk.py 32
pPPhe6Pn9RbGN3gr6UZZfqZYt4ajSfjg

C:> python psk.py 64
xsk9rNaX77UtSNfCGVVgWeEm9xS7mgMwcbx4FaquPz9cpMJFqRC5YYrf5Wyp8mp7

And please, in most cases there is NO reason to write down this password.  Your "windows service password for whichever service" for instance should be changed periodically, but in most cases there is no reason that you should know what it is, you just need to be able to change it. 

Also, if you use this to create a random pre-shared-key for your ste-to-site VPN, emailing it in cleartext is what we call "a bad idea".  Not only is it open for theft as it transits the internet (and both internal networks), it's also stored (likely forever) in your sent mail and in the recipients inbox, and likely in the Exchange Server message store - the whole cleartext data at rest / cleartext data in transit concept should ring a bell, especially if you've been audited for PCI lately.

As always, in these days when brute-forcing is simple, quick and cheap, bigger is in fact better.  For pre-shared keys or "write only" passwords, I generally start at 32 characters and go up from there.  Since you never need to re-key the thing, after it's generated you can cut/paste it and forget it.

I hope that you find this simple bit of code useful.  If you've got a simpler way of getting to the same results, or if you can improve on my quick-and-dirty python, please post to the comment field below!

===============
Rob VandenBrink
Metafore

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
The iPhone 5S is the first smartphone with fingerprint authentication. It's not perfect, but it could herald a new emphasis on security for mobile devices.
 
Schools that compel students to use commercial cloud services for email and documents are putting privacy at risk, says a campaign group calling for strict controls on the use of such services in education.
 
Unemployed? Don't sit at home and wait (and hope) for an opportunity. Volunteering your IT skills is a way to keep current and show potential employers your business and technical acumen, your character and your drive.
 
Faced with the challenge of converting subscribers to a new platform while implementing a price increase, Equipment Data Associates turned to Scout Analytics to provide the data analytics it needed to better understand and serve its customers.
 
Infor CEO Charles Phillips has made plenty of changes at the ERP software vendor since taking the top job after a long run as co-president of Oracle, and one of the most significant is a major investment in modern user interface design.
 
The spectacle of National Security Agency contractor Edward Snowden exposing the covert spying nature of US federal officials has sent ripple waves through the technology industry -- especially in the outsourcing arena.
 
Oracle CEO Larry Ellison has thrown his gauntlet down in the burgeoning market for in-memory computing, announcing a new option for Oracle's flagship database at the OpenWorld conference in San Francisco.
 

Special Training for Students to Overcome India's Cyber Security Experts' Shortage
Business Wire India (press release)
Powered by expert consultants from the industry, who pool their intellect & resources to formulate a comprehensive security study material, this new-age entity provides great opportunity for students who are looking to fashion a career in the InfoSec ...

and more »
 
These three organizations are taking steps into the unknown, changing business processes, even strategies, with social networking, cloud and more. Insider (registration required)
 
The list of IT skills that will be most in demand next year leads off with programming and application development, according to Computerworld's Forecast 2014 survey.
 
As IT executives watch the demands of mobile devices and cloud computing mercilessly hammer their wireless and wired networks, many anticipate needing to add bandwidth to their organization's infrastructures in 2014.
 
There are increasing calls for Microsoft to sell off Bing and walk away from mobile. Would those moves be good in the long term?
 
Dell officials vow that the company will continue making acquisitions and will remain committed to its struggling PC business once its $24.9 billion deal to go private is complete.
 
Much of what Apple offers enterprise workers and their IT departments in the new iPhone 5s and 5c comes by virtue of its new mobile operating system, iOS 7, which became available with the new smartphones last week. Insider (registration required)
 
Columnist Thornton A. May says in 2014, IT leaders will need to have regularly scheduled meetings that actively and aggressively seek to make sense of the changing world around them.
 
The Internet Storm Center on Saturday boosted its threat level to 'Yellow,' indicating a 'significant new threat' to Internet users from attacks exploiting an unpatched vulnerability in all versions of Microsoft's Internet Explorer (IE) browser.
 
Apple's Touch ID authentication system can be defeated using a well-honed technique for creating a latex copy of someone's fingerprint, according to a German hacking group.
 
Northeast Utilities has told IT employees that it is considering outsourcing IT work to India-based offshore firms, putting as many as 400 IT jobs at risk.
 
Wordpress fgallery_plus Plugin Xss vulnerabilities
 
[ANN] Struts 2.3.15.2 GA release available - security fix
 
Wordpress fgallery_plus Plugin Xss vulnerabilities
 
Wordpress fgallery_plus Plugin Xss vulnerabilities
 

Posted by InfoSec News on Sep 23

http://medcitynews.com/2013/09/mobile-health-meets-shark-tank-gets-totally-annihilated/

[I watched the episode and was shocked at these doctor's presentation, which
could be summed up by "Blah Blah Blah, RoloDoc, Twitter, Security, Social
Media, Facebook, Derp Derp Derp" and then I visited their website knowing this
episode was video taped months ago, and maybe they fixed their problems, Guess
again, if its down, check out the...
 

Posted by InfoSec News on Sep 23

http://www.govinfosecurity.com/dhss-huge-cybersecurity-skills-shortage-a-6080

By Eric Chabrow
Gov Info Security
September 20, 2013

More than one in five mission-critical cybersecurity-related jobs at a key
Department of Homeland Security unit are vacant, the Government
Accountability Office says.

That's a finding buried in a GAO report on how DHS could improve how it
tracks recruiting costs.

DHS's National Protection and Programs...
 

Posted by InfoSec News on Sep 23

http://www.bloomberg.com/news/2013-09-19/zte-device-called-american-spurned-after-china-spy-angst.html

By Kathleen Miller
Bloomberg.com
Sep 19, 2013

The U.S. government stripped a videoconferencing system contract from a
Maryland company after a federal agency said the device marketed as
American-made is really Chinese.

The technology is produced by Shenzhen-based ZTE Corp. (000063), China’s
No. 2 phone-equipment maker. It worked with...
 

Posted by InfoSec News on Sep 23

http://ca.news.yahoo.com/german-group-claims-hacked-apple-025253471.html

By Jim Finkle
Reuters
September 22, 2013

BOSTON - A group of German hackers claimed to have cracked the iPhone
fingerprint scanner on Sunday, just two days after Apple Inc(NSQ:AAPL)
launched the technology that it promises will better protect devices from
criminals and snoopers seeking access.

If the claim is verified, it will be embarrassing for Apple which is...
 

Posted by InfoSec News on Sep 23

http://www.informationdissemination.net/2013/09/signs-of-massive-cyber-security-incident.html

Information Dissemination
September 21, 2013

It started with an otherwise innocuous announcement earlier this week,
which at the time looked like due diligence in the context of the Navy
Yard shootings. This was posted Tuesday on the Submarine Force Reserve
Component Facebook page.

All SFRC personnel,

NMCI has implemented new account...
 

Posted by InfoSec News on Sep 23

http://www.washingtonpost.com/business/economy/security-clearance-contractor-usiss-workers-felt-pressure-to-do-more-and-faster/2013/09/20/c62c7498-2208-11e3-b73c-aab60bf735d0_story.html

By Jia Lynn Yang
The Washington Post
September 20, 2013

When Ileana Privetera started working for the contractor USIS, the firm
that vetted National Security Agency leaker Edward Snowden and Navy Yard
shooter Aaron Alexis, it sounded like the perfect job. A...
 

Posted by InfoSec News on Sep 23

http://www.nytimes.com/2013/09/21/world/asia/hacking-us-secrets-china-pushes-for-drones.html

By EDWARD WONG
The New York Times
September 20, 2013

BEIJING -- For almost two years, hackers based in Shanghai went after one
foreign defense contractor after another, at least 20 in all. Their
target, according to an American cybersecurity company that monitored the
attacks, was the technology behind the United States’ clear lead in
military...
 
Internet Storm Center Infocon Status