Archive for December, 2006
2006.12.11 Daily Security Reading
by Rodney Campbell on Dec.11, 2006, under Security
Reports that malformed MIME attachements can, in some cases, be used to bypass email AV filtering.
Accurate Real-time Identification of IP Hijacking (pdf)
In this paper, we present novel and practical techniques to accurately detect IP prefix hijacking attacks in real time to facilitate timely mitigation responses.
Password Management Concerns with IE and Firefox, part one
This two-part paper presents an analysis of the security mechanisms, risks, attacks, and defenses of the two most commonly used password management systems for web browsers, found in Internet Explorer and Firefox. The article specifically addresses IE 6 and 7 and Firefox 1.5 and 2.0.
Social sites’ insecurity increasingly worrisome
Personal Web spaces on MySpace, videos on YouTube, and blogs–community sites hosting user-created content have become increasingly popular.
Malware wars: Are hackers on top?
The money made from malware is eclipsing the revenue of anti-virus vendors, a leading net security vendor claims. Raimund Genes, CTO of anti-malware at Trend Micro, cites FBI figures that IT security problems cost the economy $62bn last year against IDC estimates that the anti-malware market was worth $26bn in 2005.
Criminals ‘target tech students’
The boom in cyber crime is forcing criminals to go to great lengths to recruit skilled hackers.
2006.12.07 Daily Security Reading
by Rodney Campbell on Dec.07, 2006, under Security
Podcast: Defense by Offensive Hacking
Vulnerability researcher Dave Aitel talks about simulated hacking attacks, penetration testing tools and techniques, the resiliency of Vista, and his unique take on the vulnerability disclosure debate.
How Vista Lets Microsoft Lock Users In
Technology called Information Rights Management, combined with copyright law and Windows Vista, give Microsoft the tools to hold users data hostage in Office.
Spam Doubles, Finding New Ways to Deliver Itself
Spam is back — in e-mail in-boxes and on everyone’s minds. In the last six months, the problem has gotten measurably worse. Worldwide spam volumes have doubled from last year, according to Ironport, a spam filtering firm, and unsolicited junk mail now accounts for more than 9 of every 10 e-mail messages sent over the Internet.
2006.12.06 Daily Security Reading
by Rodney Campbell on Dec.06, 2006, under Security
Warning over use of repeat passwords
Computer users who type in the same username and password for multiple sites – such as online banks, travel agencies and booksellers – are at serious risk from identity thieves, a United Nations agency said.
Insecure Magazine: Issue 1.9
As arguments continue to rage about whether an agent-based or agentless patching technique is more effective, see which side you’re on after we dispel five common myths. According to an April 2006 report from the Yankee Group consultancy in Boston, Mass., the various security investments enterprises have made do, indeed, make it more difficult for criminals, spies and miscreants to break into corporate networks.
VoIP Security – Does it exist?
VoIP is becoming one of the hottest services being offered by start up providers and adopted even by large telecommunications corporations in order to lower their operating costs. But how secure is VoIP really? Scanit R&D Labs conducted extensive research on VoIP security and found the truth to be a little startling.
Hack allows anyone to play TiVo files
The utility, tivodecode, allows a TiVoToGo user to convert protected video files stored on a PC into normal MPEG files.
2006.12.04 Daily Security Reading
by Rodney Campbell on Dec.04, 2006, under Security
EveryDNS, OpenDNS Under Botnet DDoS Attack
EveryDNS, a company that offers free domain name management services, has been hit by a massive DDoS (distributed denial-of-service attack) that affected thousands of sites, including OpenDNS (a sibling startup that runs the PhishTank anti-phishing initiative).
Security flaws in the new RFID-powered device from Nike and Apple make it easy for tech-savvy stalkers, thieves and corporations to track your movements.
Top 25 Tips to Secure Your VoIP Network
A VoIP network is susceptible to the usual attacks that plague all data networks: viruses, spam, phishing, hacking attempts, intrusions, Denial of Service (DoS) attacks, data sniffing, eavesdropping, and so on. The only difference is, with other technologies people take basic steps to protect themselves. Here are 25 tips to do so with your VoIP.
2006.12.01 Daily Security Reading
by Rodney Campbell on Dec.01, 2006, under Security
Network headaches to avoid this holiday season
End of the year budgeting decisions, annual network performance reviews, reduced staff-it’s no wonder the holiday season can end up being a great distraction rather than a welcome relief in the eyes of a network administrator.
The Hard Realities of IT Outsourcing (pdf)
Outsourcing is driven by five principal concerns: to lower cost, increase speed of growth, focus on core competency, stay
compliant with government regulations, and compensate for the difficulty of recruiting and maintaining specialized hot skills talent in a world of increasing IT compensation.
Apple Patches 31 Security Holes
Apple Computer today released software updates to fix at least 31 separate security flaws in computers powered by different versions of its Mac OS X operating systems. Users can download the free updates using OS X’s Software Update feature, or directly from Apple Downloads.
Hackers Prepping For New Attacks
Cybercriminals are laying the foundation for another round of attacks, a security researcher warned Tuesday, but they’re keeping their heads down in the meantime.
Microsoft set to push out updated antipiracy tool
Microsoft will soon start pushing out a new version of its controversial Windows Genuine Advantage Notifications antipiracy tool to Windows XP users.