NetSec

7.17.2009

The Curse of Cheddar Bay - RHEL5 2.6.18 local kernel exploit in /dev/net/tun - "A vulnerability which, when viewed at the source level, is unexploitable! But which, thanks to gcc optimizations, becomes exploitable. Also, bypass of mmap_min_addr via SELinux vulnerability! (where having SELinux enabled actually increases your risk against a large class of kernel vulnerabilities)" [from DailyDave]

posted by GeeWhiz Friday, July 17, 2009

Jobs - Looking for A) Code reviewers B) People with Novell and SGI IRIX skills - Email if interested

posted by GeeWhiz Friday, July 17, 2009

7.16.2009

Top five improvements in the new version of Nmap, available today.

posted by cafen8d Thursday, July 16, 2009

7.15.2009

datalossdb.org - The Open Security Foundation's DataLossDB gathers information about events involving the loss, theft, or exposure of personally identifiable information (PII). DataLossDB's dataset, in current and previous forms, has been used in research by numerous educational, governmental, and commercial entities, which often have been able to provide statistical analysis with graphical presentations. The Open Security Foundation and their volunteers feel that there is a distinct need for tools that provide unbiased, high quality data regarding data loss.

posted by GeeWhiz Wednesday, July 15, 2009

Security Maxims - Galileo’s Maxim: The more important the assets being guarded, or the more vulnerable the security program, the less willing its security managers will be to hear about vulnerabilities.

Bruce Schneier on the North Korean "Cyberattacks"

Related-key Cryptanalysis of the Full AES-192 and AES-256 - Potentially brings the effort needed to attack AES256 down to 2^119

Differential Path for SHA-1 with complexity O(2^52)

posted by GeeWhiz Wednesday, July 15, 2009