haxorthematrix

I use Ethereal almost every day, and infact I used it to replace another commercial sniffer product that was rather expensive. You can count that I'll be upgrading!

I'm impressed by two things:

1. The speed in which the Ethereal folks released an update.

2. I still get FrSIRT advisory notifications.

- L

Time to upgrade Ethereal..., (Tue, Apr 25th)

Yes, if you use Ethereal, it is time to upgrade. According an advisory posted by Frsirt, 28 vulnera ...(more)...

Posted by Larry at 11:15 AM | Permalink | Comments (1)

- L

Hacker-con videos: "150 hours of hardcode nerd education."

Cory Doctorow:Videos from the Chaos Communication Congress, a hacker con, are online -- Tim Pritlove calls this "150 hours of hardcode nerd education."

The 22nd Chaos Communication Congress (22C3) is a four-day conference ontechnology, society and utopia. The Congress offers lectures andworkshops on a multitude of topics including (but not limited to)information technology, IT-security, internet, cryptography andgenerally a critical-creative attitude towards technology and thediscussion about the effects of technological advances on society.

The Chaos Communication Congress is the annual congress of the ChaosComputer Club e.V. (CCC). The Congress has established itself as the"European Hacker Conference" bringing in people from all over Europe andeven further away.

Posted by Larry at 12:36 PM | Permalink | Comments (0)

They also updated a tool to search for default account/password pairs that could be used for nefarious purposes. Now that being said, the tool could be used for nefarious purposes too!

Get patchin'

- L

Oracle fixes 36 more vulnerabilities

Reducing its load from the previous quarter, Oracle has released 36 patches for vulnerabilities in its various products.

Posted by Larry at 04:07 PM | Permalink | Comments (0)

I am truly sorry for all of you cintinuing to suffer with support on Windows 98, and even worse Windows ME.

Now, go upgrade! :-)

- L

Microsoft to close security updates on old Windows

As of mid-July, Microsoft will no longer provide security updates for Windows 98 and Windows Me. Experts say the decision is likely long overdue.

Posted by Larry at 04:04 PM | Permalink | Comments (2)

- L

Microsoft Banned from Insecure.Org for Web abuse

MS proceeded to make 3738 requests for security-basics articles inabout 20 minutes. That is more than three requests each second. So Ihad no choice but to ban them. This was obviously an intentional DoSattack orchestrated from the highest levels in MS to take downInsecure.Org.

Posted by Larry at 03:59 PM | Permalink | Comments (1)

1. Make it personal. Equate the corporate security to things they'd understand. Dont share your passwords, just like you wouldn't share your ATM pin.

2. Make it fun. I use goofy props, silly music and even movies. Good clean humor always wins.

3. Make it dynamic. The same static poster on the wall doesn't do much. Try the stalls in the staff restrooms, and change the messages frequently. Use audio - internal corporate podcasts! Film internal movies. Don't forget, see items 1 and 2.

- L

Beyond Posters

Employees need more than a tip sheet to hang on their cubicle walls. Here are some new ways companies are training their employees to take security seriously.

Posted by Larry at 01:55 PM | Permalink | Comments (1)

However what I think McAfee fails to realize, that they also encourage ways to defend against the rootkits that they have released, and to foster discussion...

- L

McAfee: Open source encourages rootkits

Rootkits are becoming more prevalent and difficult to detect, and one security vendor claims the blame falls squarely on the open source community. Other experts, however, call sites such as rootkit.com "a laboratory of computer science."

Posted by Larry at 01:50 PM | Permalink | Comments (0)

Two vulnerabilities in the Cisco WLSE (Wirless Lan Solution Engine), that can allow for remote code execution and total compromise of the box. So, the Cisco WLSE is intended to be a management and configuration platform for Cisco APs, to secure, configure, manage, detect and mitigate rogues and configure encryption.

Now, it would do any of those things if a deterimed attacker owns this box. An attacker can place thier own rogues, and misconfigure encryprion - On all of the APs managed by this system. Patces are available from Cisco in the advisory litesd below. Get patching!

- L

Multiple Vulnerabilities in the WLSE Appliance

Two vulnerabilities exist in the WLSE appliance that may allow an attacker to gain complete control of the device or to obtain access to the underlying operating system.

Posted by Larry at 01:40 PM | Permalink | Comments (1)

The kids mean to type disney.com and the mistype didney.com, and they get porn. Not a good deal.

So, microsoft is doing something to help out; they have released Strider URL Tracer with Typo Patrol. As a result of the Honeymonkey project, they found that hundreds of thousands of "typosquatters" do bad things to your computer: hijacking, exploits, porn, and popus. Lots and lots of popups. This tool interacts with the browser to aviod going to those typo sites, and ultimatley helping to protect your computer.

I'd say that Firefox is a good step to help protecting your computer while out exploring the interweb, but I think that I'm preaching to the choir. I do realize that there are a lot of people out ther stuck using IE, or they just don't know any better.

Looks like a great concept for putting on the kids computer. I know, what if your kids use Firefox or Opera? Go check out SiteAdvisor. They only support IE and Firefox at this date, but they promise support for other browsers in the future.

- L

Brief: Microsoft tool aims to stymie typosquatters

Microsoft tool aims to stymie typosquatters

Posted by Larry at 10:05 AM | Permalink | Comments (1)

Once you have seen the demo and want to buy, go listen to Pauldotcom Security Weekly and get a discount code for 10% off the purchase price!

- L

Posted by Larry at 10:00 AM | Permalink | Comments (0)

Pretty damned cool. Apparently the use of this CSS fuzzer revealed a number of vulnerabilities in several browsers - with an automated tool. Long live Automation!

- L

News: Browsers feel the fuzz

Browsers feel the fuzz

Posted by Larry at 09:52 AM | Permalink | Comments (0)

1. Who is policing the police?

2. It is important for children to be safe on the internet

I'd Like to think that I have an answer to #1, but I don't. I do have some answers to #2 though, and Paul, Twitchy and I will be discussing them on episode 22 of Pauldotcom Security Weekly. Tune in and check it out.

Brief: DHS officer charged in online child sex case

DHS officer charged in online child sex case

Posted by Larry at 10:34 AM | Permalink | Comments (0)

Wait, yes I can. The documents got distrubuted by a P2P app. Ok, even better, and AV company that allows employees to install P2P apps on thier corporate computers...now I'm speechless.

On the P2P note, what ever happened to the seewhatyoushare.com project? It was an individual that would scour various P2P networks for sensitive documents (be it millitary, govnerment, corporate or individual) on P2P networks and sanitize them and post on the site. It was quiite intersting as to what he would find...

- L

Trend Micro data revealed due to virus

A Trend Micro employee's failure to install his company's own antivirus software on his home computer led to the uploading of company reports to a popular Japanese file-sharing network.

Posted by Larry at 03:47 PM | Permalink | Comments (0)

Ummm...so is 802.11a/b/g with WEP/WPA, etc. and that doesn't seem to keep a detertmined attacker out. Sounds like an interesting concept of wireless fasteners, but I doubt that the appropriate security can be built in with a size that makes it practical.

- L

Computer-Controlled Fasteners

It's a really clever idea: bolts and latches that fasten and unfasten in response to remote computer commands.

What Rudduck developed are fasteners analogous to locks in doors, only in this case messages are sent electronically to engage the parts to lock or unlock. A quick electrical charge triggered remotely by a device or computer may move the part to lock, while another jolt disengages the unit.

Instead of nuts and bolts to hold two things together, these fasteners use hooks, latches and so-called smart materials that can change shape on command.The first commercial applications are intended for aircraft, allowing crews to quickly reshape interiors to maximize payload space. For long flights, the plane may need more high-cost business-class seats, while shorter hauls prefer a more abundant supply of coach seats.

Pretty clever, actually. The whole article is interesting.

But this part scares me:

A potential security breach threat apparently doesn't exist.

"I wondered what's to prevent some nut using a garage door opener from pushing the right buttons to make your airplane fall apart," said Harrison. "But everything is locked down with codes, and the radio signals are scrambled, so this is fully secured against hackers."

Clearly this Harrison guy knows nothing about computer security.

Posted by Larry at 03:41 PM | Permalink | Comments (0)