DarkMarket.ws, an online watering hole for thousands of identify thieves, hackers and credit card swindlers, has been secretly run by an FBI cybercrime agent for the last two years, until its voluntary shutdown earlier this month, according to documents unearthed by a German radio network.
Cybercrime Supersite ‘DarkMarket’ Was FBI Sting, Documents Confirm | Threat Level from Wired.com
Comments (View)

Shoot

This Sat, as part of the FBI Citizens Academy, I had a chance to go out into a local police firing range and shoot a few rounds off. This was pretty cool, as up to this point the only other time I had shot a weapon was in summer camp when I was around 10. And even then it was a .22 rifle, so I am not even sure if that counts.

Before shooting any weapons, we had a chance to watch some members of the local FBI SWAT team take a building. I think in today’s society, between TV, Movies, and games we have a tendency to get a bit jaded when it comes to some things, sort of a “seen it all” attitude. I have to say however, watching them take the building in person was a lot different then playing Call of Duty or watching some movie. I was impressed with all members of the SWAT team that I got a chance to meet as well. All had the calm confidence of someone that knows what they are doing, not just looking to impress someone. And really, I would not want these guys coming for me.

When it came to shooting the weapons, one member of the SWAT team was there with us the whole time, making sure we did not do anything stupid. Instructions on how to hold the weapons to how to actually hit the target were given.

I got a chance to shoot a Glock 22 handgun, a M4, a MP5, and a Remington 870 short barrel shotgun. I thought I did best with the M4, which was an amazingly easy gun to shoot. For that matter, all were much easier then I expected. Even the kick of the shotgun was not bad at all. On the MP5, I kept pulling to the left. The agent assisting me saw I was right handed but left eye dominant, and had me switch to shooting the weapon with my left hand for the second clip. That was very helpful, as I did much better afterward. We got a chance to fire a fair number of rounds for each weapon, and the entire experience was very enjoyable.

After the shooting was over, there was a very nice lunch with a lot of great discussion. The local Special Agent in Charge had a lot of interesting stories from his time in Iraq.

Overall, the program has been top notch so far. A great PR piece for them to be putting out. There is always so many misconceptions about law enforcement and what they do, that these sorts of programs serve a great community service. In my line of work, its not uncommon for me to deal with law enforcement to some capacity, but having the opportunity to build these contacts has been great.

Comments (View)
It looks like the World Bank has come under systematic compromise. Documents released show that this was discovered a few months ago and the full extent may not be known yet. Everyone thinks they know everything about their networks until it comes time to make sure that you really do, it’s just a sad fact of life.
Various Items: Oct 10, 2008 | Security to the Core | Arbor Networks Security
Comments (View)
Metasploit 3.2 Offers More 'Evil Deeds'
Comments (View)
Getting your security sorted for the sake of compliance is wrong. It does not make any business sense. Well, not from the way I look at it. At the end of the day it does not matter whether you comply with whichever 3-4 letter acronym. What matters the most is how secure you are and from my experience compliances only create a false sense of security.
Compliance | GNUCITIZEN
Comments (View)
But I was told by multiple law enforcement personal that unless there was financial theft or fraud over 10k the federal government will not get involved.
StillSecure, After All These Years: Am I chopped liver compared to Sarah Palin?
Comments (View)
There is NOTHING "overplayed" about privacy concerns
Comments (View)
I can still break into your TCP connection if you are surfing the web in a coffee shop using ObsTCP. However, I would no longer be able to do so in a completely passive way like Sidejacking. I’d have to instead transmit some packets. This means you could catch me if you were paying attention.
Errata Security: Google’s “obfuscated TCP”
Comments (View)
Clickjacking Details ha.ckers.org web application security lab
Comments (View)
ClearNet Security : powersploiting
Comments (View)
Scare Fail (via failblog)
Comments (View)
Photo Essay: The Denim Factory
Comments (View)

Workspace

One thing I can not complain about is my workspace. Only real problem with it, I can feel the heat radiate off those monitors.

The iPwn is still kicking butt btw.

Comments (View)
Carnal0wnage Blog: ToorconX Wrap-Up
Comments (View)
Researcher finds evidence of massive site compromise
Comments (View)