Virus poses as antivirus utility
Virus poses as antivirus utility. More social engineering tricks [The Register]
Airsnort: Open Source WEP cracker goes public
Airsnort: Open Source WEP cracker goes public.
AirSnort is a wireless LAN (WLAN) tool which recovers encryption keys. AirSnort operates by passively monitoring transmissions, computing the encryption key when enough packets have been gathered.
802.11b, using the Wired Equivalent Protocol (WEP), is crippled with numerous security flaws. Most damning of these is the weakness described in “Weaknesses in the Key Scheduling Algorithm of RC4 ” by Scott Fluhrer, Itsik Mantin and Adi Shamir. Adam Stubblefield was the first to implement this attack, but he has not made his software public. To the best of the authors’ knowledge, AirSnort is the first publicly available implementation of this attack.
AirSnort requires approximately 100M-1GB of data to be gathered. Once enough packets have been gathered, AirSnort can guess the encryption password in under a second.
[via kuro5hin.org]
Flash Worms: Thirty Seconds to Infect the Internet
- Flash Worms: Thirty Seconds to Infect the Internet
Stuart Staniford, Gary Grim, Roelof Jonkman,
Silicon Defense, 8/16/2001
In a recent very ingenious analysis, Nick Weaver at UC Berkeley proposed the possibility of a Warhol Worm that could spread across the Internet and infect all vulnerable servers in less than 15 minutes (much faster than the hours or days seen in Worm infections to date, such as Code Red).
In this note, we observe that there is a variant of the Warhol strategy that could plausibly be used and that could result in all vulnerable servers on the Internet being infected in less than thirty seconds (possibly significantly less). We refer to this as a Flash Worm, or flash infection.
We have run out of hyberbolic adjectives to describe how seriously vulnerable the Internet is to security disruptions, so we won’t comment further on the social implications of this. - Warhol Worms: The Potential for Very Fast Internet Plagues
by
Nicholas C Weaver
(nweaver@cs.berkeley.edu)
“In the future, everybody will have 15 minutes of fame”
-Andy Warhol
We won’t tell you what this patch does, but apply it NOW
The Register: We won’t tell you what this patch does, but apply it NOW
There’s an extremely serious security problem with GroupWise that requires an immediate patch, but the problem is apparently so bad that Novell can’t even bring itself to tell its users what it is.
The Utah-based software firm has issued an email to its GroupWise 5.5 Enhancement Pack or GroupWise 6 users asking them that to apply the “Padlock Fix” to their servers immediately but isn’t telling anybody why it’s needed, lest hackers exploit the problem on unpatched systems.
New IIS server fixes do more than catch-up on patches
New IIS server fixes do more than catch-up on patches
In a message to the NTBugtaq security mailing list he edits, Russ Cooper advised Windows 2000 and Windows NT server administrators not to overlook the new patch just because it seems to repeat repairs they’ve already made.
“I’m loath to ask you to now go back to all of these machines and apply yet another patch,” he wrote. “However… there are several circumstances that may apply to your systems that might make it necessary for you to get this new Security Bulletin patch applied quickly.”
[via Security Focus]
Beware MPLS VPN Tech Challenges
Beware MPLS VPN Tech Challenges. ZDNet Aug 20 2001 9:18AM ET [Computer security news]
Guardent, SafeNet respond to WLAN security hole
Guardent, SafeNet respond to WLAN security hole. IDG Aug 20 2001 3:55AM ET
Guardent will announce this week its 802.11 Wireless Security Assessment service, a testing system that involves mimicking attacks on the access points in customers’ WLANs to find potential cracks and make recommendations, said Jamie Fullerton, senior research scientist at Waltham, Mass.-based Guardent.
Rick Geritz, president of Baltimore-based SafeNet, said customers can shore up WEP holes by implementing the IPsec standard for VPN clients in a WLAN environment. This creates a VPN for transmitting wireless encrypted packets. SafeNet has tested its current SoftRemote offering and will announce this week that SoftRemote can perform this function.
[via Computer security news]
