NetSec

9.18.2004

Steve Bellovin Presentation - Realistic Security I like the pictures of the "firewalls".

posted by GeeWhiz Saturday, September 18, 2004

9.17.2004

Achilles from Brian (two posts down)
Brian: Google is your friend

posted by Brenda Friday, September 17, 2004

FTC Report Outlines, among other things, the Good and the Bad of Offering Rewards for Turning in Spammers

posted by GeeWhiz Friday, September 17, 2004

State Of The Union: Opposing the Patriot Act from Clyde

posted by GeeWhiz Friday, September 17, 2004

Symantec to Acquire @Stake: Dave Aitel of ImmunitySec comments: "...Symantec bought @stake. NAI bought Foundstone, INS bought Global Integrity. Microsoft bought LSD. The era of consolodation is upon us."

posted by GeeWhiz Friday, September 17, 2004

9.16.2004

SC Magazine: Free Subscriptions

posted by GeeWhiz Thursday, September 16, 2004

A Common Language for Computer Security Incidents by John D. Howard, Thomas A. Longstaff

posted by GeeWhiz Thursday, September 16, 2004

The Google Hacker's Guide v1.0 from Johnny.ihackstuff.com Coming soon: Google Hacking for Penetration Testers

posted by GeeWhiz Thursday, September 16, 2004

Banner Grabbers: Mothra, Amap and Superscan

posted by GeeWhiz Thursday, September 16, 2004

IBM Workstations and Laptops Running XP Have No Password By Default on the Administrator Account and Does Not Prompt the User to Change or Set One as M$ Policy Dictates for OEM's

In Similar News, IBM Plans to Store Password and Other Autheticators in a Trusted Hardware Chip. Where will the passwords that do not exist by default be stored? ; - P

posted by GeeWhiz Thursday, September 16, 2004

Multiple Vulnerabilities in All Mozilla Versions (Ouch)

posted by GeeWhiz Thursday, September 16, 2004

Worm (SDBOT-UH) Carries Sniffer Payload - from Lance

posted by GeeWhiz Thursday, September 16, 2004

9.15.2004

MS04-028 PoC

posted by GeeWhiz Wednesday, September 15, 2004

Here is an article on NFC (Near Field Communications), soon to be included in cell phones. It touts low power and high security. I'm thinking we will see another blue rifle....

posted by arkng Wednesday, September 15, 2004

META Group: Most customer password implementations and policies are ineffective. Like we didn't know that...

posted by arkng Wednesday, September 15, 2004

So, where is the hacking capital of the world? China, Russia, US? Nope! Click here to find out...

posted by arkng Wednesday, September 15, 2004

Maryland court rejects e-voting safeguards

posted by GeeWhiz Wednesday, September 15, 2004

Lexar JumpDrive Secure(tm) Password Extraction advisory.
posted by arkng Wednesday, September 15, 2004

9.14.2004

Information on the JPEG Vulnerability in Windows
A JPEG file comment is indicated by a 0xFFFE Value followed by two bytes specifying the length of the comment (max comment size is therefore 65535-2). A Minimum Length of Two is specified in this position. When a value of 0 or 1 is specified a signedness error occurs. The comment length is interpreted as 4GB(-1 or -2) and heap corruption results since all memory (on an IA32 system) is technically allocated. Ouch.

posted by GeeWhiz Tuesday, September 14, 2004

Alpha 2: Zero Tolerance is a Shellcode to ASCII Alphanumeric Converter

posted by GeeWhiz Tuesday, September 14, 2004

Metasploit Framework Article Part III from SecurityFocus

posted by GeeWhiz Tuesday, September 14, 2004

Microsoft Security Bulletin MS04-028
Buffer Overrun in JPEG Processing (GDI+) Allows for Arbitrary Remote Code Execution. All that this requires is that you get a remote user to load a JPG. This is Classified as "Critical".

Microsoft Security Bulletin MS04-027
Vulnerability in WordPerfect Converter Could Allow Code Execution (884933)

posted by GeeWhiz Tuesday, September 14, 2004

Telenor shuts down 10,000 PC Botnet

Justice Department Plans to Expand Computer Hacking and Intellectual Piracy (CHIPs) Units from 5 to 13

posted by GeeWhiz Tuesday, September 14, 2004

Caller ID spoofing service for sale

posted by Brenda Tuesday, September 14, 2004

9.13.2004

I heard recently that two major WIndows flaws will be announced tomorrow.

posted by GeeWhiz Monday, September 13, 2004

Samba smbd ASN.1 Parsing DoS and nmbd DoS. Most ASN.1 Interpreters have severe exploitable flaws due to the complexity of the protocol. Any protocol that allows data to define it's own structure must be constructed (program specifications, error handling) and tested with misuse in mind (fuzzing).

posted by GeeWhiz Monday, September 13, 2004

200 Hours Community Service for Hacking a DoE Facility. This is clearly not the example we would like to be setting. Another article. Links from Jim.

posted by GeeWhiz Monday, September 13, 2004

Located a site with roughly 55MB of dictionary wordlists. 3y3 W1LL 0wn j00 Webster!

posted by Anonymous Monday, September 13, 2004

9.12.2004

Collective Wisdom by Brian Hayes

posted by GeeWhiz Sunday, September 12, 2004

Infowar
Asymmetrical Adversarialism in National Defense Policy, The Marketplace and Personal Privacy by Winn Schwartau

Information Warfare by Winn Schwartau

posted by GeeWhiz Sunday, September 12, 2004