NetSec

8.28.2004

Cisco Security Advisory: Cisco Telnet Denial of Service Vulnerability

posted by GeeWhiz Saturday, August 28, 2004

M$ Announces 2006 Target Date for Broad Availability Of Windows "Longhorn" Client Operating System

Microsoft Corp. announced yesterday it will target broad availability of the Windows® client operating system code-named "Longhorn" in 2006, and make key elements of the Windows WinFXTM developer platform in "Longhorn" available for Windows XP and Windows ServerTM 2003.

"Longhorn" will deliver major improvements in user productivity, important new capabilities for software developers, and significant advancements in security, deployment and reliability.

M$ will deliver a Windows storage subsystem, code-named "WinFS," after the "Longhorn" release. The new storage system provides advanced data organization and management capabilities and will be in beta testing when the "Longhorn" client becomes available.

Yesterday’s announcements relate only to the "Longhorn" client operating system. Anticipated availability for the Windows "Longhorn" Server operating system continues to be 2007.

Oh goodie, another unfinished operating system rushed to market. I can't wait.

posted by Brenda Saturday, August 28, 2004

8.27.2004

Cisco Security Advisory: Cisco Telnet Denial of Service Vulnerability

A specifically crafted Transmission Control Protocol (TCP) connection to a telnet or reverse telnet port of a Cisco device running Internetwork Operating System (IOS) may block further telnet, reverse telnet, Remote Shell (RSH), Secure Shell (SSH), and in some cases Hypertext Transport Protocol (HTTP) access to the Cisco device. Telnet, reverse telnet, RSH and SSH sessions established prior to exploitation are not affected.

posted by Brenda Friday, August 27, 2004

Raw Sockets Gone in XP SP2: Why?

posted by GeeWhiz Friday, August 27, 2004

Phreaknic 8 October 22nd-24th

posted by GeeWhiz Friday, August 27, 2004

Hackers target French ISP's site

posted by arkng Friday, August 27, 2004

Chinese Virus Engaged in Exam Theft

posted by GeeWhiz Friday, August 27, 2004

Wireless Intrusion Detection and Response

posted by GeeWhiz Friday, August 27, 2004

Reg Hacks to Bypass the XP SP2 "Firewall"

posted by GeeWhiz Friday, August 27, 2004

NetworkTools.com offers Whois and other utils for infogathering (link from Keith)

posted by GeeWhiz Friday, August 27, 2004

Wanadoo.fr Hacked. The Irony Abounds. Link from Ron.

posted by GeeWhiz Friday, August 27, 2004

8.26.2004

Joe Klein's Phreaknik Presentation on InfoLeakage

posted by Anonymous Thursday, August 26, 2004

Materials for Tonight:
Distributed Metastasis: A Network Attack Methodology by Andrew Stewart
NIST 800-42 Guideline on Security Testing
GoogleHacking @ Johnny.Ihackstuff.com

You Posted What?!?!? Open Sources of Information and Public Domain "Hacking"
QuickFacts Census Data
Criminal Background Checks at USSearch
Satellite Maps at TerraServer
Internet Archive: The Wayback Machine
ARIN Whois Query
SamSpade Tools
Defult Wireless Configuration Database
IEEE OUI Assignments
CyberAlert Clipping Service
Surveillance Hardware at Search Systems

posted by GeeWhiz Thursday, August 26, 2004

Blue Sniper? More

posted by GeeWhiz Thursday, August 26, 2004

The Induce Act Could Ban I-Pods and Other Noninfringing Devices: Watch out: The PC may be next. I recommend expressing your opinions to your representatives in congress.

On another note: Duke University is Going to Give Apple iPods to First-Year Students for Educational Use (link from Keith).

posted by GeeWhiz Thursday, August 26, 2004

Remember Randall Schwartz? He was convicted of three felonies for doing what he thought was his job. Be careful. Always get authorization in writing for doing any security testing or assessment. In the authorization document, define exactly what it is that you will do and have two officers or managers of the company sign and date te declaration. Make no assumptions.

posted by GeeWhiz Thursday, August 26, 2004

Chaos Computer COnference 21C3: The Usual Suspects

posted by GeeWhiz Thursday, August 26, 2004

Multiple Vulnerabilities in Cisco Secure Access Control Server

posted by GeeWhiz Thursday, August 26, 2004

8.25.2004

US DoJ Announces Major Cybercrime Crackdown is Funded by the Direct Marketing Association

posted by GeeWhiz Wednesday, August 25, 2004

DNA Analysis Spots SPAM

posted by GeeWhiz Wednesday, August 25, 2004

Don't fall prey to such hysteria as "Electronic Jihad Live, Thursday, August 26th!!! The sky is falling... b-caawwk!!!"

posted by GeeWhiz Wednesday, August 25, 2004

The Rbot-GR Worm Can Enable Webcams to Spy on People

posted by GeeWhiz Wednesday, August 25, 2004

8.24.2004

Defacements Archive at Zone.H

posted by Anonymous Tuesday, August 24, 2004

Institute for the Advanced Study of Information Warfare

posted by Anonymous Tuesday, August 24, 2004

The Art of War

posted by Anonymous Tuesday, August 24, 2004

TCP/IP Illustrated in HTML Format

posted by Anonymous Tuesday, August 24, 2004

Astaro Linux is a Feature Rich Firewall Product Based on Linux. It now has support for FreeS/WAN VPN's and Snort in an IPS Configuration. It is free for personal use and starts at $400 for commercial applications. Link from Nick

posted by GeeWhiz Tuesday, August 24, 2004