software development, security, opinion
Archive for the ‘arch’ Category.
Gartner, quoted in News.Com: “With the emergence of the Nimda worm — the latest in a long series to attack Microsoft’s Internet Information Server (IIS) and other software — Gartner believes it’s time for businesses with Web applications to start investigating less vulnerable Web server products.” 
[Scripting News]
BlueSocket WG-1000 wireless gateway:
Put it between your access points and your enterprise network.
Authenticated access with LDAP, RADIUS, NT domain or Active Directory as a back end.
VPN/encryption via PPTP, L2TP, or IPsec.
Supports role-based QoS.
Bluetooth or 802.11B.
Hot failover.
Gartner tech perspective:
Microsoft looks to improve Active Directory in Windows 2002
“These LDAP-related changes represent progress, but they do not propel Active Directory to the head of the pack of all platform and LDAP directories. Microsoft cannot obtain market leadership based on technology alone. It must continue to recruit application partners to support and advance Active Directory, and it must come to grips with a programming community that is averse to proprietary interfaces (i.e., ADSI). As a result, Active Directory will not be widely deployed as a general-purpose LDAP application directory (as opposed to a platform directory) through the first half of 2003 (0.7 probability).”
“Windows 2000 was simply a jumping-off point for Active Directory. Microsoft continues to revise Active Directory to better address platform directory needs and general-purpose LDAP directory needs. However, enterprises should avoid a mixed Windows 2000/2002 Active Directory domain controller environment and should choose one release as the basis for their domain controllers. The operating-system releases for other types of systems (e.g., desktops, laptops, member servers) can be safely mixed.”
Gartner originally published this report on May 14, 2001.
ExtremeTech – Exploiting and Protecting 802.11b Wireless Networks.
How many network administrators do you think would allow a complete stranger to walk into their wiring closet and plug in their notebook to their company’s network? Not too many, I suspect. But that’s what’s happening to companies coast-to-coast. Well, not exactly. Strangers aren’t plugging into networks, but they are attaching to networks using 802.11b wireless network cards, and that’s essentially the same thing.
The SOAP Opera Progresses – Helping XML to Rule the World
-by Michael F. Reed
An important emerging standard in the web arena, known as SOAP (Simple
Object Access Protocol), originally developed by Microsoft, has achieved
a new milestone. Since IBM joined in support for the SOAP standard with
increased security, SOAP may replace DCOM, and possibly even CORBA
eventually. The W3C consortium has just released a new version, 1.2,
which will be widely accepted and adopted by vendors.
Aaron Sullivan, Security Focus:
An Audit of Active Directory Security:
Part One: An Overview of Active Directory and Security [August 1, 2001]
Part Two: Understanding the Security Implications of Active Directory Default Settings [August 29, 2001]
Airsnort: Open Source WEP cracker goes public.
AirSnort is a wireless LAN (WLAN) tool which recovers encryption keys. AirSnort operates by passively monitoring transmissions, computing the encryption key when enough packets have been gathered.
802.11b, using the Wired Equivalent Protocol (WEP), is crippled with numerous security flaws. Most damning of these is the weakness described in “Weaknesses in the Key Scheduling Algorithm of RC4 ” by Scott Fluhrer, Itsik Mantin and Adi Shamir. Adam Stubblefield was the first to implement this attack, but he has not made his software public. To the best of the authors’ knowledge, AirSnort is the first publicly available implementation of this attack.
AirSnort requires approximately 100M-1GB of data to be gathered. Once enough packets have been gathered, AirSnort can guess the encryption password in under a second.
[via kuro5hin.org]
You are currently browsing the archives for the arch category.
