NetSec

11.06.2004

SSH User Identities

posted by GeeWhiz Saturday, November 06, 2004

Bank accounts in online security scare

Ex-Austin student indicted for data theft

posted by arkng Saturday, November 06, 2004

WPA Cracker Added to tinyPEAP - Read the White Paper

posted by GeeWhiz Saturday, November 06, 2004

11.05.2004

Microsoft Set to Announce ISA Server (Firewall (Cough)) Flaw on Tuesday

posted by GeeWhiz Friday, November 05, 2004

Writing Trojans that Bypass Windows XP Service Pack 2 Firewall

posted by GeeWhiz Friday, November 05, 2004

North Carolina man sentenced to 9 years for spam

posted by arkng Friday, November 05, 2004

11.04.2004

Microsoft Loses Browser Market Share to Firefox

posted by GeeWhiz Thursday, November 04, 2004

Source Code Club Strikes Again - PIX OS 6.3.1 Source Code for Sale

posted by GeeWhiz Thursday, November 04, 2004

SING - Send Nasty ICMP Garbage - A Packet Crafting Tool from Tim

posted by GeeWhiz Thursday, November 04, 2004

Duhhh...

Microsoft: Security requires teamwork

posted by arkng Thursday, November 04, 2004

Internet Exploiter IFRAME Exploit

posted by GeeWhiz Thursday, November 04, 2004

11.02.2004

Is it too late to say vote EARLY and vote OFTEN?

posted by Brenda Tuesday, November 02, 2004

Microsoft debates spoofing as security flaw

posted by arkng Tuesday, November 02, 2004

Cisco Security Advisory: Vulnerability in Cisco Secure Access Control Server EAP-TLS Authentication

A Cisco Secure Access Control Server (ACS) that is configured to use Extensible Authentication Protocol-Transport Layer Security (EAP-TLS) to authenticate users to the network will allow access to any user that uses a cryptographically correct certificate as long as the user name is valid. Cryptographically correct means that the certificate is in the appropriate format and contains valid fields. The certificate can be expired, or come from an untrusted Certificate Authority (CA) and still be cryptographically correct.

User authentication is not impacted if EAP-TLS is configured in the Cisco Secure ACS with binary comparison of user certificates as the only comparison method and if the user entry in Lightweight Directory Access Protocol/Active Directory (LDAP/AD) contains only valid certificates.

Cisco Secure ACS for Unix and versions of Cisco Secure ACS for Windows and Cisco Secure ACS Solution Engine prior to, and later than, 3.3.1 are not affected by this vulnerability.

posted by Brenda Tuesday, November 02, 2004

Diebold Election System Video (WMV) or Quicktime

posted by GeeWhiz Tuesday, November 02, 2004

Crypto Basics - Netware 4 Client Authentication Process

posted by GeeWhiz Tuesday, November 02, 2004

11.01.2004

SANS Wednesday Webcast: How to Starve Internet Worms and Viruses Wednesday, November 03 at 1:00 PM EST (1800 UTC)

posted by GeeWhiz Monday, November 01, 2004

Second Order Code Injection Attacks White Paper from Gunter Ollmann at NGS Software

posted by GeeWhiz Monday, November 01, 2004

Honeynet Scan of the Month 32 Winners Announced

posted by GeeWhiz Monday, November 01, 2004

Tomahawk is a command line tool for testing network-based intrusion prevention systems. Here is a white paper on the techniques used by tomahawk.

posted by GeeWhiz Monday, November 01, 2004

Firewire/IEEE 1394 Considered Harmful to Physical Security

Google plugs hole exposing Gmail mail-boxes

posted by arkng Monday, November 01, 2004

E-Voting Flaws Could Give IT Black Eye

posted by GeeWhiz Monday, November 01, 2004

Hardened-PHP adds security hardening features to PHP to protect your servers on the one hand against a number of well known problems in hastily written PHP scripts and on the other hand against potential unknown vulnerabilities within the engine itself.

posted by GeeWhiz Monday, November 01, 2004

Linux Administrator's Security Guide

Firewall Piercing HOWTO

posted by GeeWhiz Monday, November 01, 2004