Introducing the USB Rubber Ducky HID Attack Platform - 10.06x1

Tech Quote of the Day: 9/30/11

"Access to computers and the Internet has become a basic need for education in our society." -Kent Conrad

Recycling Spare Hardware, x86 Routers and Living in the Cloud - 10x06.3

Beauty of the Baud: Nessus Setup On Backtrack 5

source: ehacking.net


"Nessus is one of my favorite and one of the best vulnerabilityscanner that are available for both home and enterprise usage, however OpenVas is a good replica of nessus to perform the same job as a open source vulnerability scanner. Just like I have discussed about OpenVas setup onbacktrack 5, on this article I will share you how to setup nessus on your backtrack machine specially on backtrack5. 

If you are using other distribution of Linux like ubuntu thanclick here to learn nessus tutorial."


Learn more here

Amazon's Tablet Focuses On Amazon

The Amazon Kindle Fire has finally arrived and is different from its competitors as expect; however, the difference may not be what people were expecting. Check out this Yahoo News article about the new tablet's features

Chris Pirillo Videos: 9/28/11

Can't enough of Chris Pirillo lockergnome videos? Get your Pirillo fix here.

Tech Quote of the Day: 9/28/11

"The question of whether computers can think is just like the question of whether submarines can swim." -Edsger W. Dijkstra

Tech Quote of the Day: 9/27/11

"Yesterday it worked Today it is not working Windows is like that" ~Margaret Segall

Today's Tech Deals: 9/27/11

PriceGrabber: 33% OFF Sony 3D LED TV, Apple iPad, Men's Sneakers and more!
website: http://tinyurl.com/5s8jstz

KodakStore: Introducing your new HERO…
website: http://tinyurl.com/3vgfoew

GlobalComputer: Spend Less on Your Next Server - Expert Advice is Available
website: http://tinyurl.com/3gnvkll

Geeks: No-Cost Shipping Event Going on Now
website: http://tinyurl.com/6x37epg
             http://tinyurl.com/663vfgq

ValoreBooks: Last Chance for Back-To-School Textbook Deals at 90% OFF!
website: http://tinyurl.com/3pjc5gn

CompUSA: Make $10 When You Take The ISS Challenge
website: http://tinyurl.com/6zda9no
             http://tinyurl.com/3rmp6h3

MusiciansFriend: Last Chance For 15% Off Any Item + 4 Days Of Stupid Deals!
website: http://tinyurl.com/3lhz7mf

Newegg: All-Stars Series: Best of Networking! Plus, our Top Deals of the Week
website: http://tinyurl.com/69xyg7x

Amazon.com: Top Deals in Electronics This Week
website: http://tinyurl.com/66azs2y

MicroCenter: $50 OFF Any Android or Windows Tablet $299.99 & up...$229.99 Dual-Core Laptop...$299.99 Dell Dual-Core Win7 Pro Desktop...Save 20% on Select BYO Computer Parts
website: http://tinyurl.com/5txsgm3

zZounds: 15 Big Deals on all things microphones!
website: http://tinyurl.com/2ye2s9

Corel: Deal Alert - Introducing five all-new options in photo and video editing
website: http://tinyurl.com/42v6nra

Best IT Security Products In 2011

Check out Information Security magazine's picks for best security products:

Best Antimalware Products 2011

Readers vote on the best business-grade desktop and server antivirus and antispyware products.

Best Authentication Products 2011

Readers vote on the best digital identity verification products, services, and management systems, including PKI, hardware and software tokens, smart cards.

Best Intrusion Detection/Prevention Products 2011

Readers vote on the best intrusion prevention/detection products, including network-based intrusion detection and prevention appliances, using signature-, behavior-, anomaly- and rate-based detection.

Best Identity and Access Management Products 2011

Readers vote on the best identity and access management products, including user identity access privilege and authorization management, single sign-on, user identity provisioning.

Best Messaging Security Products 2011

Readers vote on the best antispam, antiphishing, email antivirus and antimalware filtering, software and appliance products, as well as hosted "in-the-cloud" email security services.

Best Mobile Data Security Products 2011

Readers vote on the best mobile data security products, including hardware- and software-based file and full disk laptop encryption and removable storage device protection.

Best Network Access Control Products 2011

Readers vote for the best NAC products, including appliance, software and infrastructure user and device network access policy creation, compliance, enforcement and remediation.

Best Policy and Risk Management Products 2011

Readers vote on the best risk assessment and modeling, and policy creation, monitoring and reporting products and services, IT governance, risk and compliance products, and configuration management products.

Best Secure Remote Access Products 2011

Readers vote on the best remote access products, including IPsec VPN, SSL VPN, and combined systems and products, as well as other remote access products and services.

Best SIM Products 2011

Security information and event management and log management software, appliances and managed services for SMB and enterprise security monitoring, compliance and reporting.

Best Unified Threat Management Products 2011

Readers voted on the best unified threat management products, including UTM appliances that feature firewall, VPN, gateway antivirusm URL Web filtering and antispam.

Best Vulnerability Management Products 2011

Readers vote on the best vulnerability management products, including network vulnerability assessment scanners, vulnerability risk management, reporting, remediation and compliance, patch management and vulnerability management lifecycle products.

Best Web Application Firewalls 2011

Readers vote on the best standalone Web application firewalls as well as WAFs that are part of application acceleration/delivery systems.

Best Web Security Products 2011

Readers vote on the best Web security products, including software and hardware, hosted Web services for inbound and outbound content filtering for malware activity detection and prevention.

Beauty Of The Baud: OpenSSH Tutorial for Linux-Windows

source: ehacking.net


"SSH or secure shell is one of the best way to secure your communication on the Internet, if you want to connect remote computer from public places like coffee shop, work place and even from your home. It is recommended to use a secure channel (encrypted) to establish the connection and for transferring the files (Data). The theory behind SSH has been discussed before and as we have shared the best SSH clients for windows operating system. 

This article is a tutorial based article."


Find out about OpenSSH here.

Internet Security Alliance Daily Brief (9/27/2011)

Internet Security Alliance Daily Brief
** Your source for current and relevant cyber security issues ** 

***ONE week left of your FREE subscription, contact Tammi Boyce at tboyce@isalliance.org to find out how you can continue to receive ISA's Daily Brief after September 30, 2011***

For Your Immediate Attention 

NCCIC CA Trust Bulletin. The following NCCIC bulletin is regarding CA compromise and mitigation strategies. Please click here to view bulletin.
Track Cyber Security Legislation. ISA Sponsors are currently reviewing and sharing comments on cyber security legislation being drafted by the House Homeland Security Committee as well as the House Judiciary Committee and the Senate process being managed by Majority Leader Harry Reid. Sponsors also receive insider updates describing the political process affecting pending cyber security legislation. While this advanced service is available only to ISA sponsors, Daily Brief subscribers can track the public activities ongoing in the Congress through CipherLaw Group’s “Cybersecurity Legislation Tracker.” This blog is a valuable resource that provides notice and summaries of significant Cybersecurity developments on Capitol Hill, including postings with respect to hearings, proposed bills, and task force activities. Cybersecurity Legislation Tracker: https://www.cipherlawgroup.com/index.php/en/legislation-update
DHS Survey For Private Sector Infrastructure. Starting with testimony delivered in 2005, and every Congress since, the ISA has advocated that DHS cyber security programs designed to assist the private sector ought to be developed in collaboration with the private sector partnership and evaluated for cost effectiveness before being renewed or extended. To our knowledge the survey referenced below is the very first step in this direction. This need is especially pressing in the current environment where government resources are increasingly scarce and DHS is advocating to create a vast new regulatory structure with the power to mandate government determined infrastructure practices broadly upon the private sector. ISA strongly urges all our members and subscribers to answer this survey to provide our government partners with their candid assessment of the utility and value of current government programs to your enterprise infrastructure security. 
Click here for the Office of Infrastructure Protection Stakeholder Input Questionnaire 
ISA in the News  

UC becomes partner in Protected Health Information project. September 20, uticaod.com – Utica College’s Center for Identity Management and Information Protection has become a partner sponsor of the Protected Health Information (PHI) project. The project will seek to enhance the nation’s ability to protect PHI from the cyber hackers and criminal insiders who have legitimate access to this information and use it for criminal purposes. The project is a joint venture of the American National Standards Institute (ANSI) Identity Theft Prevention and Identity Management Standards Panel, The Shared Assessments Program and Healthcare Working Group, and the Internet Security Alliance. “As partner sponsor, CIMIP executive and research staff are making special efforts to identify and analyze financial and technical obstacles that organizations entrusted with safeguarding PHI face in preventing information breaches, and how they presently attempt to circumvent such security breaches,” said Donald Rebovich, executive director of CIMIP. CIMIP staff will examine areas such as the precise identification of information system protection areas that have high potential for criminal exploitation and the legal and financial aspects of effectively protecting this information. The final report of this project will be presented at a news conference at the National Press Club in Washington DC and will subsequently be presented at a Congressional staff briefing on Capitol Hill.

Source: http://www.uticaod.com/latestnews/x827644667/UC-becomes-partner-in-Protected-Health-Information-project

August 22, C-SPAN – In this edition of the "The Communicators," cybersecurity experts Larry Clinton, President and CEO of the Internet Security Alliance, and Marc Rotenberg, Executive Director of the Electronic Privacy Information Center, discuss the Obama Administration's proposals for reducing cyber threats against the U.S.
Source: http://www.youtube.com/watch?v=7u4YUpsGteQ
Trade group: Obama's cybersecurity plan won't protect networks. August 16, The HILL.com – The White House's cybersecurity plan is too focused on punishing companies that suffer attacks and does little to improve cybersecurity, said the head of an industry association representing firms that would be covered by the plan. Internet Security Alliance president and CEO Larry Clinton argued the White House's cybersecurity legislative proposal unveiled in May takes an antiquated approach to cybersecurity that fails to recognized how threats have evolved over the past several years.
Source: http://thehill.com/blogs/hillicon-valley/technology/177071-trade-group-blasts-white-house-cybersecurity-plan
In Today's News
Microsoft Security Chief Says Every Business Needs a Security Plan. September 27, Businessnewsdaily - Too many businesses wait until it's too late to think about their company's physical security and cybersecurity issues. That's not good for business, according to Mike Howard, chief security officer for Microsoft. Howard, an ex-CIA officer who handles all physical security for the company's worldwide operations, says that integrating a security team or plan into your company's day-to-day operations is the key to getting the most value from it. "Security is not something that should be thought of as 'break glass only in times of emergency,'" he told BusinessNewsDaily in an exclusive interview. "It affects a brand's reputation, can result in lawsuits, and requires initial investments up front." If you don't want to spend money on security now, you'll surely pay more later, he said. Howard should know. His security team is ultimately responsible for the safety and security of Microsoft's entire executive team, its 90,000 employees, roughly 90,000 contractors, 700 facilities in more than 100 countries worldwide and all of the visitors to those facilities. He's also responsible, of course, for all of their computers and hardware and the information it they contain. Source: http://www.businessnewsdaily.com/microsoft-business-security-plan-advice-1827/
In China, business travelers take extreme precautions to avoid cyber-espionage. September 26, Washington Post - Packing for business in China? Bring your passport and business cards, but maybe not that laptop loaded with contacts and corporate memos. China’s massive market beckons to American businesses — the nation is the United States’ second-largest trading partner — but many are increasingly concerned about working amid electronic surveillance that is sophisticated and pervasive. Security experts also warn about Russia, Israel and even France, which in the 1990s reportedly bugged first-class airplane cabins to capture business travelers’ conversations. Many other countries, including the United States, spy on one another for national security purposes. But China’s brazen use of ­cyber-espionage stands out because the focus is often corporate, part of a broader government strategy to help develop the country’s economy, according to experts who advise American businesses and government agencies. Source: http://www.washingtonpost.com/world/national-security/in-china-business-travelers-take-extreme-precautions-to-avoid-cyber-espionage/2011/09/20/gIQAM6cR0K_story.html
Pentagon Extends Program to Defend Cyber Networks. September 26, ABC - The Pentagon is extending a pilot program to help protect its prime defense contractors, an effort the Obama administration can use as a model to prevent hackers and hostile nations from breaching networks and stealing sensitive data. The move comes as cybersecurity officials warn of increasingly sophisticated cyberattacks against U.S. defense companies, including data related to critical Pentagon weapons systems and aircraft. Officials at the Department of Homeland Security are reviewing the program, with an eye toward extending similar protections to power plants, the electric grid and other critical infrastructure. Efforts to better harden the networks of defense contractors come as Pentagon analysts investigate a growing number of cases involving the mishandling or removal of classified data from military and corporate systems. Intrusions into defense networks are now close to 30 percent of the Pentagon's Cyber Crime Center's workload, according to senior defense officials. And they say it continues to increase. Source: http://abcnews.go.com/Politics/wireStory/pentagon-extends-program-defend-cyber-networks-14605098
Security Expert: U.S. 'Leading Force' Behind Stuxnet. September 26, NPR - One year ago, German cybersecurity expert Ralph Langner announced that he had found a computer worm designed to sabotage a nuclear facility in Iran. It's called Stuxnet, and it was the most sophisticated worm Langner had ever seen. In the year since, Stuxnet has been analyzed as a cyber-superweapon, one so dangerous it might even harm those who created it. In the summer of 2010, Langner and his partners went to work analyzing a malicious software program that was turning up in some equipment. Langner Communications is a small firm in Hamburg, Germany, but Langner and the two engineers with whom he works know a lot about industrial control systems. What they found in Stuxnet left them flabbergasted. "I'm in this business for 20 years, and what we saw in the lab when analyzing Stuxnet was far beyond everything we had ever imagined," Langner says. It was a worm that could burrow its way into an industrial control system, the kind of system used in power plants, refineries and nuclear stations. Amazingly, it ignored everything it found except the one piece of equipment it was seeking; when the worm reached its target, it would destroy it. Langner says that the more his team analyzed the Stuxnet worm, the more they knew they were onto something big. Source: http://www.npr.org/2011/09/26/140789306/security-expert-u-s-leading-force-behind-stuxnet
Homeland Security Revamps Cyber Arm. September 26, InformationWeek - The National Protection and Programs Directorate, the Department of Homeland Security agency that handles many of the government's cybersecurity responsibilities is about to get a makeover in the wake of the departure of former deputy undersecretary Phil Reitinger. The directorate, among other things, is in works to secure federal civilian agency networks and coordinate cybersecurity with the private sector. In an email obtained by InformationWeek, DHS undersecretary Rand Beers announced to staff that, in response to "the growing importance of cybersecurity to DHS and the nation as a whole," DHS is splitting Reitinger's former job in two. DHS will now have one new deputy undersecretary position that exclusively deals with cybersecurity and another that helps protect critical infrastructure, secures federal facilities, and the manages the US-VISIT biometric identity management system used to identify and track foreign visitors. Source: http://www.informationweek.com/news/government/security/231602168
Upcoming Events     

October 3 at 5:00pm: IT-Sector Coordinating Council Executive Committee Conference Call
October 4: Larry Clinton speaking on the “Current Policy Impacts on Innovation in the Cybersecurity Domain” panel at MIT
October 5: Larry Clinton speaking on "Cyber Security and Critical Energy Infrastructure: Its Importance, Challenges and Solutions" in Washington, DC 
October 6: DHS Critical Infrastructure Partnership Advisory Council Plenary
October 7 at 1:00pm: IT-Sector Coordinating Council – Risk Assessment Committee Working Group Meeting
October 10 at 5:00pm: Partnership for Critical Infrastructure Security Conference Call
October 11 at 3:00pm: IT-Sector Coordinating Council International Committee
October 17: Larry Clinton giving the Keynote Speech at the Joint AIA/NDIA Industrial Security Committee Meeting in Orlando, FL
October 17: Larry Clinton speaking at the 5th Transatlantic Market Conference: "Transatlantic Cooperation for Growth and Security - Protecting Critical Technology and Infrastructure" in Washington, DC
October 17 at 1:00pm: Cross Sector Cyber Security Working Group Meeting
October 17 at 5:00pm: IT-Sector Coordinating Council Executive Committee Conference Call
October 18 at 2:00pm: IT-Sector Coordinating Council Plans Working Group Meeting
October 21 - 22: NSA: Maryland Cyber Challenge and Conference (MDC3) in Baltimore, MD
October 21: Larry Clinton speaking at the Maryland Cyber Challenge and Conference (MDC3) in Baltimore, MD
In Case You Missed It 
ISA to Appear on C-SPAN
C-SPAN, the official, but independently operated, network of the US Congress is doing a special program covering the Administration's Cyber Security Legislative proposal.  They have asked the Internet Security Alliance to provide the private sector perspective.  Marc Rotenberg from the Electronic Privacy Information Center will be interviewed to represent individual privacy perspectives on the proposal.  ISA’s comments during the interview were based on the ISA testimony before the House Homeland Security Committee in June and Larry Clinton’s appearance before the Congressional cyber Security Task Force set up by Speaker Boehner in July.
The 30 minute C-SPAN program aired three times - Saturday, August 20 at 6:30 PM EDT on C-SPAN, Monday, August 22 at 8 AM, and again, at 8 PM on C-SPAN II.
NIST Seeks Comment on the National Initiative for Cybersecurity Education Draft Strategic Plan
The National Institute of Standards and Technology (NIST) is pleased to announce that the Draft National Initiative for Cybersecurity Education (NICE) Strategic Plan is available for comment.  The plan, “Building a Digital Nation,” outlines NICE’s mission, vision, goals and objectives. NIST and its interagency NICE partners seek comments from all interested citizens and organizations concerned with cybersecurity awareness, training and education.  

Comments on this draft should be entered into the Comment-Template_Draft-NICE.xls  and e-mailed  to nicestratplan@nist.gov. Comments on the NICE draft strategic plan are due by September 12. NIST’s federal partners that contributed to the plan include the Department of Homeland Security, the Department of Defense, the Department of Education, the National Science Foundation, the Office of Personnel Management, and the National Security Agency.

NIST coordinates the interagency NICE program, which is a national campaign focused on enhancing cybersecurity in the United States by accelerating the availability of educational and training resources designed to improve the cyber behavior, skills and knowledge of every segment of the population. The program aims to improve secure use and access to digital information in a way that advances America’s economic prosperity and national security.

http://csrc.nist.gov/nice/documents/nicestratplan/NICE-Strategic-Plan-Announcement.pdf
Draft Guideline for Securing Electronics Supply Chain Available for Comment
ISA is circulating to its members the product of its multi-year effort to outline cost effective measures for securing the electronics supply chain. The paper is a 50 page set of instructions intended to be a both a guidebook for managing the supply chain as well as reference document in drafting contracts between producers and suppliers of electronic products in a way that hopefully secures greater benefits from globalization. The guidelines are affirmatively shaped by technical as well as economic considerations.  The guidelines are written so as to be accessible both to technical as well non-technical personnel. More than 60 government and industry players collaborated in the development of the guidelines in a series of technical and legal workshops under the direction of Scott Borg of the US-CCU. Member comments can be provided to Josh Magri at jmagri@isalliance.org.
DPA Survey Request for Comments
ISA has developed a set of bullet points that speak to the fact that an effort is underway to compel potentially thousands of companies to provide proprietary data under the Defense Production Act (DPA) under the threat of fines and criminal prosecution. While use of the DPA has ample precedent, the current use seems to go well beyond its intended purposes with targets well beyond the traditional DIB companies. We are told as many as 5000 companies from a variety of industry sectors may receive these compulsory surveys.
US House Homeland Security Committee Hearing
ISA President, Larry Clinton has been ask to testify before the  Homeland Security subcommittee on Cybersecurity, Infrastructure Protection and Security Technologies.  The hearing is entitled "Examining the Homeland Security Impact of the Obama Administration's Cybersecurity Proposal. The webcast can be viewed live through the following link: http://homeland.house.gov/hearing/subcommittee-hearing-examining-homeland-security-impact-obamaadministrations-cybersecurity
Summer 2011, Journal of Strategic Security
"A Relationship on the Rocks: Industry-Government Partnership for Cyber Defense" authored by Larry Clinton was published in a recent issue.  To view click here and then select the PDF file next to the article's title.
May 2011, Cutter IT Journal
ISA President Larry Clinton authored the article, "A Theory to Guide US Cyber Security Policy."  To view the article click here, download the issue and go to page 30.
Spring 2012, Conflict and Cooperation in the Commons
Larry Clinton has authored the chapter "Cyber Security Social Contract".  This book is forthcoming from Georgetown University Press. 

Beauty Of The Baud: Tabnapping Tutorial- Social Engineering Toolkit Backtrack 5

source: ehacking.net


"Social engineering toolkit is complete toolkit that contain relevant tools that will really help penetration tester and ethical hacker in the process of auditing and penetration testing. As discussed before about different aspect of social engineering toolkit on backtrack 5 like, credential harvester attack method and others. For this article I will discuss the famous attack called tab-nabbing (tabnapping)."


Want to know what Tabnapping is? click here.

Tech Quote of the Day: 9/26/11

"Industry executives and analysts often mistakenly talk about strategy as if it were some kind of chess match. But in chess, you have just two opponents, each with identical resources, and with luck playing a minimal role. The real world is much more like a poker game, with multiple players trying to make the best of whatever hand fortune has dealt them. In our industry, Bill Gates owns the table until someone proves otherwise." ~David Moschella

Beauty Of The Baud: Owasp-Goatdroid Android Mobile Application Security

source: ehacking.net


"The Open Web Application Security Project (OWASP) is an open source project that mainly work for application layer security projects, OWASP has released several tools before like OWASP ZAP. This is not over OWASP has published different documents and OWASP has set a standard for web application security. Mobile technology is the growing technology and every one of us has mobile phones. The are different mobile software (mobile operating system) available like android, Linux mobile, Windows mobile, iOS and others.

Android is one of the best and most famous mobile operating system and now a days android got a lot of attention from security researchers, OWASP has also started a project for Android operating system and the project called OWASP GoatDroid Project."


Learn more about the OWASP GoatDroid Project here.

Beauty Of The Baud: NetworkMiner - Windows Packet Analyzer & Sniffer

source: ehacking.net


"There are various operating system available like Windows, Linux, MAC, BSD and more but most of the penetration tester and researcher prefer to use Unix like OS like Linux and BSD, while Windows is one of the famous OS and different type of people from every corner of the world are using Windows as their primary OS. So our aim is to share the ethical hacking tools and techniques for cross platform OS so many of you can use it.

Forensic is an important division in the field of information security and penetration testing, Linux distribution like backtrack contain a list of different tools that can be used in the process of Digital forensic, some of the best tool below."


Learn more by clicking here

Beauty Of The Baud: Hacking Application for Android

source: ehacking.net


"Mobile devices is now very common now a days and mobile devices has changed the way of bi-directional communication. There are many operating system for mobile devices available but the most common and the best operating system for mobile is Android, it is an OS means you can install other applications (software's) on it. In Android application usually called apps or android apps.

The risk of hacking by using mobile devices is very common and people are developing and using different apps (application) for their hacking attack. Android has faced different challenges from hacking application and below is the list of application for android hacking."

To learn more about the Android network toolkit click here.

Beauty Of The Baud: Trixbox Tutorial for Asterisk- Virtualbox

Asterisk is a open source telephonic project that has been developed by the open source community and it can turn a computer into a communication server. Asterisk can be used as a VoIP gateway, it can do all the stuffs that an PBX do. Call detail recording for accounting and billing, Routing and call handling for incoming calls, Media management functions (record, play, generate tone, etc.). In short asterisk provide a complete telephonic platform for cheap calls.

So in this article we will configure trixbox for asterisk, but now the question what is Trixbox? Asterisk need some software's and hardware to implement the open source communication server or VoIP server.

What Is Trixbox ?

Trixbox is a IP based solution for small and medium business, there is a two version of trixbox available one is open source (free) while the other is for commercial purposes (need to purchase). Trixbox is based on asterisk project.

How to configure trixbox for asterisk project ? This is the main objective of this article and in this article we will cover how to install trixbox on virtual machine (Vmware, Virtual box).

Trixbox Tutorial- Asterisk

• On a vary first step you need to download trixbox download the latest version in ISO.
• Start your virtual machine, in my case virtual box (virtual box tutorial).
• Create a new virtual machine
• Name of the virtual box is trixbox and select your OS
• 512MB of memory is enough for trixbox
• Make sure to check on dynamic expanding storage
• Now select the HDD memory 8-10 GB is enough
• Now finish this setup

From this point we need to configure our VM for Trixbox, follow the tutorial below.

• Click on the setting button from main window
  From the left side select Storage and on the right under IDE Controller choose Empty and click the folder icon.

• Now from virtual media manager click on add and browse trixbox ISO image on it than click on select.
• You have just created the boot-able CD-ROM for your trxibox and you have to set network for trixbox, on the setting panel click on the network than enable network adapter-->attached to-->bridge adapter
• Its time to start and install trixbox from the main panel click on start, you will get the trixbox boot screen.

• The later steps is very easy just select your keyboard layout, your time zone, create a password for root account.
• Its almost done just reboot your VM and than unmount the boot-able CD-ROM.

• After reboot you will the welcome screen hit enter than after some time you will get the screen to enter password for root user.
• You are done enjoy your trixbox, more tutorial realated to asterisk and trixbox will publish soon.

Credit

Note: If you want to learn more about Linux and Windows based Penetration testing, you might want to subscribe our RSS feed and Email Subscription  or become our Facebook fan! You will get all the latest updates at both the places.

Invisibility Becoming A Reality

Webcast: eDiscovery Trends, Case Studies and Solutions

eDiscovery can be a costly and time consuming endeavor. And recent survey result show that enterprises have found email is not the primary source of records that companies need to produce.

Join this webcast and hear trends in the use of technology for eDiscovery and case studies to illustrate the impact these trends are having. Get recommendations that can help better prepare for an eDiscovery request that results in minimal risk and can reduce overall costs.

We will discuss:

• Factors driving the growth of e-discovery and vendor-by-vendor evaluation
• Benefits of automating workflow to make eDiscovery part of core business processes
• Insights into emerging trends and market dynamics

Streamline your company's eDiscovery processes today!

Live Webcast Details eDiscovery Trends, Case Studies and Solutions Date: Tuesday, September 27 Time:10:00am PT / 1:00pm ET

Facebook Changes, And Future Changes

Unless you're blind or been under a rock, chances are you've noticed some changes to Facebook's user interface. These changes have caused an uproar among its users who have made it quite clear they don't like nor do they want the changes. The new News Feed and 'ticker' are ruining some users' experience, and they simply want them to go away. Oh and lump the new Subscribe button in there too.

I completely understand Facebook wanting to constantly improve its users' social network experience where the user can have access to endless streams of information, but where the company goes wrong with rolling out major changes like this is it just springs new changes on its users, instead of taking a more subtle approach. A couple of things Facebook could do to make their roll out of changes go a little more smoothly are:

• Invite users to beta test the changes- similar to how Twitter introduced it's new layout; they gave the users time to tinker with the new layout and revert back to the old one for a time until they got used to the new one.
• Listen to your users- you may want to introduce the social network to an idea that may seem to be the greatest idea in the world, but what good is it if users don't want it? 

Even if the changes are inevitable, at least make the users feel as if they had a chance to voice their opinions. Facebook really needs to be careful and consider how it approaches introducing new features and stay in-tuned with its users likes and dislike because there is little room for error with Google+ waiting to snatch up disgruntled Facebook users. Facebook is on top of the world, but so was Myspace at one point in time.

@ITSecPro

Riverbed Technology Chalk Talk Clips- Disaster Recovery, Private Cloud Consolidation, etc

Today's Tech Deals 9/23/11

Geeks:26" 1080p LCD HDTV Blow-out
website: http://tinyurl.com/3cju2be

MusiciansFriend: Save Up To 15% On Your Order - 2 Days Only!
website: http://tinyurl.com/3n5tm72

CafePress: Up to 30% off T-shirts PLUS new products!
website: http://tinyurl.com/4355s2c

GlobalComputer: Lenovo: Take your small business to a new level...
website: http://tinyurl.com/4yhdevb

PCConnectionExpress: Improve Network Performance & Connectivity for Work and Play
website: http://tinyurl.com/3j9ysjc

CompUSA: SUMMER CLEAROUT: $99 Android Tablet...46" Samsung 3D LED w/ Blu-ray $999...Our #1 Gaming Laptop SLASHED...$29 HD FLip Camcorder...$14 HDMI Video Card
website: http://tinyurl.com/3znp8xe
             http://tinyurl.com/4yp576b

NewEgg: Autumn Arrivals & Deals: $329.99 3GB Laptop, $44.99 Antec Case, $119.99 Windows 7 Pro…
website: http://tinyurl.com/3flkwlb

MicroCenter: iPad 2 Customer Exclusive Offer...4 Days...September 22nd - 25th
website: http://tinyurl.com/3t9vb8w
             http://tinyurl.com/3udv8pd

Tech Quote of the Day 9/23/11

Microsoft: "You've got questions. We've got dancing paperclips."

Tech Quote of the Day: 9/21/11

"Unix is user-friendly. It's just very selective about who its friends are."

Google+ Now Open To Everyone

Today's Tech Deals: 9/19/11

Native Instruments: SOLID MIX SERIES out now: high-end studio effects
website: http://tinyurl.com/3zub9yj

Corel: Deal Alert - Announcing Four New Options in Photo and Video Editing
website: http://tinyurl.com/44jm9cl

CompUSA: Monitor Madness: 20" LED $89 & More...PC Pandemonium: Dual-Core 4GB PC $249 & More...
website: http://tinyurl.com/3tqhet5

MicroCenter: $229.99 2GB/250GB Laptop...$89.99 HP 20" LCD Display...$39.99 8GB DDR3 Memory Kit...Save 20% on Select BYO Computer Parts
website: http://tinyurl.com/44czg6v

Tech Quote of the Day: 9/19/11

"A computer once beat me at chess, but it was no match for me at kick boxing."

-Emo Philips

Event Reminder: Make the Case for Business Analytics in Your Organization

Making the Case for Business Analytics in Your Organization
	FREE LIVE Webinar: Thursday, September 22, 2011 10 AM PDT / 1 PM EDT Experts in Business Intelligence lead you through this step-by-step approach. Register Now!

Tech Quote of the Day: 9/16/11

"The most overlooked advantage to owning a computer is that if they foul up, there's no law against whacking them around a little." ~Eric Porterfield

Facebook STALKER Subscribe Button!

TechCrunch News & Schwag Roundup

Accurate Active Directory groups keep kids out of jail

Accurate Active Directory groups keep kids out of jail

There can be no argument that accurate AD groups keep kids out of jail; in this video we pose the question, “what else can accurate AD groups do?” We perform scientific “man on the street” interviews of IT pros to determine what accurate group membership does for you.
The choices?

• solve world hunger
• keep kids out of jail
• improve security & productivity in your organization
• promote world peace

Check out our 3 minute video titled “Accurate AD groups keep kids out of jail” to see the surprising results of what dynamic AD groups, group lifecycle management, and self service delegation can do for the world and your organization. We wield a light humorous touch on this very serious subject. Please view it and take action.

Windows 8 For Tablets

Check out this preview of Windows 8 on a tablet:



Read more here.

Beauty Of The Baud: Fbpwn- A cross-platform Java based Facebook profile dumper

If you are popular than you are at risk, the same thing applies on Facebook one of the most popular social networking website. Social networking websites are good for social engineers because in the first step of hacking (Information gathering) social networking websites like Twitter, facebook linkedin plays an important role. Just like TheHarvester (a tool to gather information from search engine) there are different tools that can be useful to gather information from social networking websites.

So, for gather information from Facebook an attacker can use Fbpwn, now the question is, what is Fbpwn and how it gather information? Below is the answer.

What Is Fbpwn

Fbpwn is a cross-platform Java based Facebook profile dumper, sends friend requests to a list of Facebook profiles, and polls for the acceptance notification. Once the victim accepts the invitation, it dumps all their information,photos and friend list to a local folder.

In simple it can do all the stuffs automatically that you can do manually, it is an open source tool and available for free of cost so you don't need to worry about it.

Download

Fbpwn is best tool for the new users who don't know about programming because as discussed Facebook graph API information gathering, Fbpwn do all the stuffs automatically.

FBPwn modules

• AddVictimFriends: Request to add some or all friends of bob to increase the chance of bob accepting any future requests, after he finds that you have common friends.
• ProfileCloner: A list of all bob's friends is displayed, you choose one of them (we'll call him andy). FBPwn will change mallory's display picture, and basic info to match andy's. This will generate more chance that bob accepts requests from mallory as he thinks he is accepting from andy. Eventually bob will realize this is not andy's account, but probably it would be too late as all his info are already saved for offline checking by mallory.
  
• CheckFriendRequest: Check if mallory is already friend of bob, then just end execution. If not, the module tries to add bob as as a friend and poll waiting for him to accept. The module will not stop executing until the friend request is accepted.
  
• DumpFriends: Accessable friends of bob is saved for offline viewing. The output of the module depends on other modues, if mallory is not a friend of bob yet, the data might not be accessable and nothing will be dumped.
  
• DumpImages: Accessable images (tagged and albums) are saved for offline viewing. Same limitations of dump friends applies.
  
• DumpInfo: Accessable basic info are saved for offline viewing. Same limitations of dump friends applies.
  

Note: If you want to learn more about Linux and Windows based Penetration testing, you might want to subscribe our RSS feed and Email Subscription  or become our Facebook fan! You will get all the latest updates at both the places.