Understanding IDS Active Response Mechanisms
SecurityFocus:
Understanding IDS Active Response Mechanisms
by Jason Larsen, and Jed Haile
Archive for the ‘security’ Category.
Morpheus application is ‘safe’
Morpheus application is ‘safe’. But watch out for those downloads [The Register]
Results, Not Resolutions
Results, Not Resolutions
A guide to judging Microsoft’s security progress.
By Bruce Schneier and Adam Shostack
Jan 24 2002 3:50AM PT
Microsoft Network Security Hotfix Checker (HFNetChk) version 3.3
Microsoft Network Security Hotfix Checker (HFNetChk) version 3.3
HFNetChk is a command-line tool that enables an administrator to check the patch status of Windows NT 4.0, Windows 2000, and Windows XP machines.
HFNetChk can be run from Windows NT 4.0, Windows 2000, or Windows XP systems, and will scan either the local system or remote ones for patches available for the following products: Windows NT 4.0, Windows 2000, Windows XP, Internet Information Server 4.0 and 5.0, SQL Server 7.0 and 2000 (including Microsoft Data Engine), and Internet Explorer 5.01 and later.
NOTE: Version 3.31 (Nshc331.exe) is an updated version of 3.3 that will properly identify SQL Server 7.0 systems.
Weakened encryption lays bare al-Qaeda files
Weakened encryption lays bare al-Qaeda files
Relatively weak encryption appears to have been used to protect files recovered from two computers believed to have belonged to al-Qaeda operatives in Afghanistan.
The files were found on a laptop and desktop computer bought by Wall Street Journal reporters from looters in Kabul a few days after it was captured by Northern Alliance forces on 13 November. The files provide information about reconnaissance missions to Europe and the Middle East.
A report in the UK’s Independent newspaper indicates that the encryption used to protect these files had been significantly weakened by US export restrictions that existed until last year.
The files were reportedly stored using Microsoft’s Windows 2000 operating system and protected from unauthorised access using the Encrypting File System (EFS), which comes as standard on this platform. They were protected with a 40-bit Data Encryption Standard (DES), according to the Independent report. This was the maximum strength encryption allowed for export by US law until March 2001. All systems are now sold with the standard 128-bit key encryption, exponentially stronger than 40-bit.
Wall Street Journal reporters say that they decrypted a number of files using “an array of high-powered computers” to try every possible combination, or “key” in succession, a process that took five days.
Find the Cost of (Virus) Freedom
Find the Cost of (Virus) Freedom. Nimda, Sir Cam, Code Red and friends caused more than 50,000 security incidents last year. But experts say the estimates of billions in clean-up costs are pure guesswork. By Michelle Delio. [Wired News]
New Shockwave Virus Uncovered
New Shockwave Virus Uncovered. Cosmiverse.com Jan 10 2002 4:09PM ET [Tech latest]
Rare Linux virus on the loose
vnunet: Rare Linux virus on the loose
It has emerged in the last week that another of those rare Linux viruses may be on the loose. And this one has strong similarities to October’s Remote Shell Trojan (RST) that was largely dismissed by the Linux community.
In a posting to a security mailing list at the end of December, SecurityFocus brought ‘RST.b’ to the internet community’s attention.
Users lose confidence in antivirus software
vnunet: Users lose confidence in AV software
“The problem is that most of the software available today is reactive and not proactive. They are signature based and are linked to a database. If a new virus comes along that it does not recognise it will get through,” he added.
