Liudvikas Bukys

Simon Byers: ATAC: Abusable Technologies Awareness Center: Hidden data roundup (Microsoft Word in particular).

Take a look at Dana Epp’s succinct exhortation on
The Eight Rules of Security: least privilege, change management, trust, weakest link, separation, three-fold process, preventative action, and immediate and proper response.

Insights into Information Security: VLAN Insecurity & The Principle of Compartmentalization: pointers to recent SANS and GIAC publications on the topic

IBM: Build a grid application with Python (tutorials):

• Introduction

• Communication

• Security

News @ Cisco: Cisco, Anti-Virus Vendors Discuss Milestone Initiative for Network Security:

The Cisco Self-Defending Network Initiative aims to dramatically improve the ability of networks to identify, defend against, and adapt to growing security threats. As part of this strategic initiative, Cisco is working in conjunction with Network Associates, Symantec and Trend Micro to launch the Cisco Network Admission Control (NAC) program.

…

NAC is an automated identity and security assessment mechanism that leverages partnerships with the anti-virus vendors. When a device connects to a network, it is checked to see if it is compliant with corporate security policy. NAC prevents non-compliant end points from joining the larger network and possibly infecting other machines.

Network Associates, Symantec and Trend Micro will license the Cisco Trust Agent, which communicates the current policy state of an end point to a policy server. Non-compliant machines can then be quickly brought into compliance with automated downloads of anti-virus software. NAC may also be implemented with the Cisco Security Agent, a new behavioral-based intrusion prevention technology that prevents malicious activity while permitting activity compliant with established security policies.

All chapters available for free download, courtesy of CRC Press: Alfred J. Menezes, Paul C. van Oorschot and Scott A. Vanstone: Handbook of Applied Cryptography

[via Dana Epp’s Weblog]

Robert Moskowitz (ICSA Labs) on WiFi SSID hiding (PDF):

Contrary to a common belief that the SSID is a WLAN security feature and its exposure a security risk, the SSID is nothing more than a wireless-space group label. It cannot be successfully hidden. Attempts to hide it will not only fail, but will negatively impact WLAN performance, and may result in additional exposure of the SSID to passive scanning. The performance impact of this misguided effort will be felt in multiple WLAN scenarios, including simple operations like joining a WLAN, and in significantly longer roaming times.

Trying to hide the SSID does not strengthen security in WLANs. The scarce resources of today s WLAN administrator are better spent tuning WLAN performance and operations with full SSID usage, and enhancing WLAN security by deploying modern security technology, such as link-layer encryption, and IEEE 802.1X authentication.

CDT Report: “Ghosts in Our Machines: Background and Policy Proposals on the ‘Spyware’ Problem”, and

their invitation to join their campaign against “Spyware”.

RIT launches computer security program:

In response to this emerging technological area, the B. Thomas Golisano College of Computing and Information Sciences is preparing a new master’s degree program in computing security and information assurance. The program will consist of a half dozen core courses dealing with technical, business, ethical and administrative aspects of security. Additionally, areas such as risk management and the cost of security will be analyzed.

While similar programs in computer security already exist at a handful of universities, the GCCIS program will differ by focusing on the complete spectrum of computing.

“Our program is unique in that it will be offered at the college level and utilize faculty from the computer science, software engineering and information technology departments,” explains Jorge Díaz-Herrera, GCCIS dean. “The cross-disciplinary nature of the program will qualify graduates for a wide range of computer security related careers in both the private and public sectors.”

To better hone the curriculum, three members of the GCCIS faculty recently took part in a month-long training session. Hans-Peter Bischof, associate professor of computer science; Stephanie Ludi, assistant professor of software engineering; and Luther Troell, associate professor of information technology, traveled to Carnegie Mellon University to present the college’s plan to a diverse group of experts. The resulting exchange of ideas offered some useful feedback.

[Full-Disclosure] GnuPG’s ElGamal signing keys compromised:

In January 2000, as part of version 1.0.2, the GnuPG code was changed
to create ElGamal keys which work more efficiently for encryption
(selecting a smaller x secret exponent and using a smaller k for
encryption). While making this change the problem with signing keys
was accidentally introduced: the same small k for encryption was also
used for signing. This can be used for a cryptographic attack to
reveal the private key (i.e. the secret exponent x) if a signature
made using that key is available. Such a signature is always
available for primary ElGamal keys because signatures created with
that key are used to bind the user ID and other material to the
primary key (self-signatures). Even if the key was never used for
signing documents it should be considered compromised.