Archive for the ‘security’ Category.
VeriSign opens up Web services roadmap
VeriSign opens up Web services roadmap. CW360.com Feb 21 2002 12:30PM ET [Moreover – Computer security news]
Mass ICQ ‘hack’ baffles world+dog
Mass ICQ ‘hack’ baffles world+dog. Accounts sent to deathrow.com [The Register]
Ephraim Schwartz details the man-in-the-middle attack that’s possible in the current iteration of 802.1x authentication
Ephraim Schwartz details the man-in-the-middle attack that’s possible in the current iteration of 802.1x authentication: because of the way in which 802.1x pieces elements of security together, a man-in-the-middle attack is possible in which a hacker poses as an access point to a client and a client to an access point. William Arbaugh and his graduate student Arunesh Mishra at the University of Maryland have made their report available in PDF form. (If you don’t have PDF, use Adobe’s online PDF-to-HTML converter.)
Apache XML Security 1.0.0 released
Apache XML Security 1.0.0 released. The Apache XML Project have released the first stable version of their XML Security project, implementing Canonical XML and XML Signature. [xmlhack]
Schneier worried about SOAP security
Schneier worried about SOAP security. Bruce Schneier has written,
in the latest issue of CRYPTO-GRAM,
an analysis of the security of Microsoft’s products, touching on .NET and SOAP. [xmlhack]
Network security in 2002
Gartner: Network security in 2002. ZDNet Feb 11 2002 11:21AM ET [Moreover – Computer security news]
New Guide For Windows 2000 PRO
Via SANS Institute:
New Guide For Windows 2000 PRO
The US National Institute for Standards and Technology released
a security guide for Windows 2000 Professional desktop systems in
configurations used by office workers, at home users, or road-warriors.
NIST is inviting comments and suggestions on the guide.–31 January 2002 Lawrence Livermore Bans Wireless LANs
Lawrence Livermore National Laboratory, a national defense technology
research lab in California, has banned the use of wireless local area
networks (LANs) due to security concerns. A lab spokesman said that
Los Alamos National Laboratory might introduce a wireless network
ban as well.
[Editor’s (Murray) Note: Yesterday I received an ad for a wireless
access point for $130-, down 50% from a year ago. Connectivity
trumps security every time. A ban cannot succeed. The only way
to successfully exclude wireless is to close the network. Get used
to it.]–4 February 2002 Improving 802.11b Security
Wireless networking standards 802.11a and 802.11b are both popular and
vulnerable. A new security algorithm, called Temporal Key Integrity
Protocol is being tested. It generates a new encryption key for every
ten kilobytes of data transmitted.
E-business edgy after hackers shutter firm
E-business edgy after hackers shutter firm. CNN Feb 3 2002 11:16AM ET [Moreover – Computer security news]
Interactive Week Feb 1 2002 2:10PM ET
Interactive Week Feb 1 2002 2:10PM ET
A new service from McAfee will soon let you discover whether anyone is hacking into your system, and if so, let you submit that information to the malicious user’s ISP or local law enforcement officials.
The project, known as HackerWatch.org, is an ambitious attempt by McAfee, a division of Network Associates best known for its antivirus products, to create an interactive anti-hacker community online. But will it make a difference?
Sam Curry, who has overseen firewall development at McAfee for some time, said HackerWatch is intended “not to start any witch hunts, but to get good quality information” from its users. To help it reach that goal, McAfee recently merged with NeoWorx, a company best known for NeoTrace, a product used by law enforcement to trace malicious users.
