One of my favorite web sites "Hack a Day" has a really good and detailed (with pictures) article on how to solder. While this may seem an easy task to some..it is a whole new experience for others. Now you can take apart and hack gadgets like the best of them! Click here for the article.

I thought this article was very interesting. You can now harness the unique power of a GPU (Graphics Processing Unit) (ie: video card CPU) to crack password hashes. In the article a Moscow software company discovered that you can use a nVidia GeForce 8800 video card to crack Windows NTLM password hashes apparently 25 times faster then normal! From Elcomsoft's website:

"Using the "brute force" technique of recovering passwords, it was possible, though time-consuming, to recover passwords from popular applications. For example, let's assume that logon passwords for Windows Vista is composed of uppercase and lowercase alphabetic characters, and up to eight characters long. There are about 55 trillion (52 to the eighth power) possible passwords in this range. Windows Vista uses NTLM hashing by default, so using a modern dual-core PC you could test up to 10,000,000 passwords per second, and perform a complete analysis in about two months. With ElcomSoft's new technology, the process would take only three to five days, depending upon the CPU and GPU."

Also note that the product used distributed processing in a client/server architecture so it can harness the power of multiple GPU's when cracking passwords. A 20 client license is only $599 US. Read more about this product here.

Password-cracking chip causes security concerns - tech - 24 October 2007 - New Scientist Tech

Interesting article on password lists that are being published on the Internet. Tens of thousands of forum password hashes were posted (79,000) to a Finnish website. Most of these were from Finnish forums but none the less, it goes to show you that webmasters need to continuously patch their websites or their databases will be pwnd!

Passwords on the Loose - F-Secure Weblog : News from the Lab

The link in this article about the embassy pop3 passwords is very interesting as well.

I guess it was just a matter of time that Fraudwatchers.org would be completely shut down because of a massive botnet DDoS attack that started in August. Even after moving to another server, the attacks got more intense! This goes to show you that botnets are still a very real and serious threat. While Fraudwatchers.org couldn't stop an attack like this (mostly because of cost and feasibility issues) other sites like CastleCops have been dealing with this for sometime as well. This could really happen to any organization, not just anti-fraud/crime websites. Unless an organization has some serious cash, how can one defend against something like this?

Good article about this over at Darkreading.org.

Here is a good site with some ideas on how to prevent DDoS attacks. Not a whole lot of information out there, hopefully there is more research done on this subject soon.