NetSec

9.16.2005

Google Bombing failure. The beginning of Google's statment - "If you do a Google search on the word [failure] or the phrase [miserable failure], the top result is currently the White House’s official biographical page for President Bush. We've received some complaints recently from users who assume that this reflects a political bias on our part. I'd like to explain how these results come up in order to allay these concerns." See the rest of Google's statement by following the link above. You may have to scroll down the page a bit.

posted by Theobromine Friday, September 16, 2005

The Side Channel Cryptanalysis Lounge

posted by GeeWhiz Friday, September 16, 2005

9.15.2005

Here is the link to the Magical Jellybean utility referenced in the below article titled "Companies Urged to Move Beyond Passwords." "The Magical Jelly Bean Keyfinder is a freeware utility that retrieves your Product Key (cd key) used to install windows from your registry. It has the options to copy the key to clipboard, save it to a text file, or print it for safekeeping. It works on Windows 95, 98, ME, NT4, 2000, XP, Server 2003, Office 97, and Office XP. (The newest) version is a quick update to make it work with Windows Server 2003."

Teen jailed over Paris Hilton Hack

posted by Theobromine Thursday, September 15, 2005

9.14.2005

Snort denial of service vulnerability found up to version 2.4.0. The exploit for this flaw was discovered, developed, and released by Nitr 0 us. If you didn't know about it, you should be reading the SecurityFocus Vuln-Dev list.

The latest CVS snapshot of Snort is not vulnerable.

posted by Autonomous Coward Wednesday, September 14, 2005

Companies urged to move beyond passwords

posted by GeeWhiz Wednesday, September 14, 2005

Headlines:
If this ain't asking for it... New Microsoft portal will help cops
Dutch ISPs sue government for wiretapping costs
OK, so you know computers but not enough to hide you IP. Hmmm... Expert charged in computer hacking
Ex-student sentenced in UT computer hacking case

posted by arkng Wednesday, September 14, 2005

Why Johnny Can’t Encrypt - A Usability Evaluation of PGP 5.0 and "Usability of Security: A Case Study"by ALMA WHITTEN and J. D. TYGAR

posted by GeeWhiz Wednesday, September 14, 2005

In case you missed it, the Autonomous Cowards' post from yesterday included some very interesting reading:

Are accoustic emanations from your computer dangerous?

According to Li Zhuang, Feng Zhou, and Doug Tygar at Berkeley, statistical analysis of sounds made by clicking keyboard buttons can lead to disclosure of the letters being typed. The research team has finally released a whitepaper on this subject.

Edward W. Felten pointed out research performed by Adi Shamir and Eran Tromer on analysing accoustics emanations from computers to derive what they might be computing. Shamir, of course, discusses how this applies to the RSA encrytion algorithm.

Soundproofing, anyone?

posted by GeeWhiz Wednesday, September 14, 2005

Employing Disinformation Security to Protect Corporate Networks with NetBait

posted by GeeWhiz Wednesday, September 14, 2005

FEMA Hit by DNS Hijacking?

posted by GeeWhiz Wednesday, September 14, 2005

9.13.2005

The Next 50 Years of Computer Security: An Interview with Alan Cox

posted by Jscott Tuesday, September 13, 2005

Linksys WRT54G Wireless Router Multiple Remote Vulnerabilities:

Linksys WRT54G Router Remote Administration apply.cgi Buffer Overflow Vulnerability

Linksys WRT54G 'upgrade.cgi' Firmware Upload Design Error Vulnerability

Linksys WRT54G Management Interface DoS Vulnerability

Arkng forgot a couple from the same batch:

Linksys WRT54G 'restore.cgi' Configuration Modification Design Error
Vulnerability
Linksys WRT54G 'restore.cgi' Configuration Modification Design Error Vulnerability

Hmmm.... do you patch those old boxen or shoot them?

posted by arkng Tuesday, September 13, 2005

Are accoustic emanations from your computer dangerous?

According to Li Zhuang, Feng Zhou, and Doug Tygar at Berkeley, statistical analysis of sounds made by clicking keyboard buttons can lead to disclosure of the letters being typed. The research team has finally released a whitepaper on this subject.

Edward W. Felten pointed out research performed by Adi Shamir and Eran Tromer on analysing accoustics emanations from computers to derive what they might be computing. Shamir, of course, discusses how this applies to the RSA encrytion algorithm.

Soundproofing, anyone?

posted by Autonomous Coward Tuesday, September 13, 2005

How secure is VoIP?

posted by GeeWhiz Tuesday, September 13, 2005

Bot herder websites in internet take-down

posted by GeeWhiz Tuesday, September 13, 2005

According to South Korea and Thailand, Google Earth threatens democracy - Perhaps they should read "The Open Society Paradox: Why the 21st Century Calls for More Openness, Not Less"? If you are curious, check out Chapter 1.

posted by GeeWhiz Tuesday, September 13, 2005

WIPO Gives Bill Cosby Rights to Fat Albert Domain Name

posted by GeeWhiz Tuesday, September 13, 2005

Spreadsheet of Common Trojan Ports from Andy

Online Version from NeoHapsis

posted by GeeWhiz Tuesday, September 13, 2005

Digital Investigation - The International Journal of Digital Forensics & Incident Response - Articles of the Year

posted by GeeWhiz Tuesday, September 13, 2005

9.12.2005

The Eventlog to Syslog utility is a program that runs on Microsoft Windows NT, 2000, or 2003 server, monitoring eventlog messages. When a new message appears in the eventlog, it is read, formatted, and forwarded to a UNIX syslog server.

NTlast and NTsyslog

Syslog.Org from Mark

posted by GeeWhiz Monday, September 12, 2005

The Hashing Function Lounge

posted by joat Monday, September 12, 2005

Hash Function Workshop: NIST is planning on hosting a Hash Function Workshop to solicit public input in how best to respond to the issues arising from Wang, Yin, and Yu's paper on SHA-1 collisions.

posted by joat Monday, September 12, 2005

If a Lie is Repeated Often Enough, Can The Person Come to Believe That The Lie Is True? September 2005 - John Reid and Associates - Interview Techniques

posted by GeeWhiz Monday, September 12, 2005

MPAA and RIAA participate in Internet2 project. "Internet2 connects more than 200 universities in a closed environment. The network technology is based on fiber backbone which enables a stable data bandwidth of 10 Gbit per second...The two organizations intend to use the Internet2 to develop and test content distribution and digital rights management technologies."

Microsoft Patch requires Patching. This is news?

What Firefox and Mozilla users should know about the IDN buffer overflow security issue

posted by Theobromine Monday, September 12, 2005

The BBC Talks to Ian Clarke of Freenet in "The cost of online anonymity"

posted by GeeWhiz Monday, September 12, 2005

NerdTV is a new weekly online TV show from PBS.org technology columnist Robert X. Cringely

posted by GeeWhiz Monday, September 12, 2005

Check today's Dilbert for a funny take on Netsec...

posted by arkng Monday, September 12, 2005

9.11.2005

OSSIM: The Open Source Security Information Management System

posted by GeeWhiz Sunday, September 11, 2005