software development, security, opinion
Archive for the ‘LINKS’ Category.
New MS Tool: Good and Bad. Microsoft’s newest ‘user-friendly’ security tool is a grand gesture by the company, experts say. But many users are alarmed at the results, and some say the friendliness of it is far too technical. By Michelle Delio. [Wired News]
[DIDS – Distributed IDS Systems] -Creating the Ultimate Security Tools (paper)
(A simple and not too bad taxonomy. Not exhaustive.)
[Security Focus]
Serious Outlook 2002 hole patched
Microsoft has patched a serious vulnerability in Outlook 2002 by which an attacker could take over one’s machine. At issue is an ActiveX feature, the Outlook View Control, which enables mail folders to be viewed via Web pages. In Outlook 2K the flaw doesn’t give up control, but could allow for minor mischief.
MS suggested a workaround last month while it worked on a patch. The job is finished now, and the crucial 2002 patch is available here, while the more or less optional 2K patch is available here.
[via Security Focus and The Register]
Networld World: From May 28, 2001; Effort afoot to provide wireless LAN roaming
My commentary:
Do these people know what they’re doing?
Are they making sure their access points don’t touch actual passwords?
If not, we’ll soon see the first “false front” (and man-in-the-middle) wireless access points which will be sucking down your passwords when you walk by them.
[via Tomalak’s Realm]
Armoring Solaris: II (paper)
Firewalls are one of the fastest growing technical tools in the field
of information security. However, a firewall is only as secure as the operating
system it resides upon. This article is a continuation of the original
Armoring Solaris article,
focusing on building a minimized Solaris 8 64-bit for CheckPoint FW-1 NG firewall.
This article does not include an updated script for the automated securing
of the new installation, as there was in Armoring Solaris. Instead,
we will be using Solaris Security
Toolkit (JASS). This is a new tool developed and released
by Sun for the secure deployment of the Solaris platform. In otherwords, I’m not
going to develop a tool to automate the secure build since that tool is already
out there.
[Security Focus]
See also here for other papers on Armoring Solaris, Linux, NT, firewalls, intrustion detection, etc.
Venator Realizes Its Name Is Stupid. The decision to rename the company Foot Locker Inc. calls into question the trend toward stupid corporate names. [The Motley Fool]
Virus poses as antivirus utility. More social engineering tricks [The Register]
Airsnort: Open Source WEP cracker goes public.
AirSnort is a wireless LAN (WLAN) tool which recovers encryption keys. AirSnort operates by passively monitoring transmissions, computing the encryption key when enough packets have been gathered.
802.11b, using the Wired Equivalent Protocol (WEP), is crippled with numerous security flaws. Most damning of these is the weakness described in “Weaknesses in the Key Scheduling Algorithm of RC4 ” by Scott Fluhrer, Itsik Mantin and Adi Shamir. Adam Stubblefield was the first to implement this attack, but he has not made his software public. To the best of the authors’ knowledge, AirSnort is the first publicly available implementation of this attack.
AirSnort requires approximately 100M-1GB of data to be gathered. Once enough packets have been gathered, AirSnort can guess the encryption password in under a second.
[via kuro5hin.org]
You are currently browsing the archives for the LINKS category.
