Changes

From Security Weekly Wiki
Jump to navigationJump to search
821 bytes added ,  19:06, 11 September 2008
[http://www.heise-online.co.uk/security/USB-stick-with-hardware-AES-encryption-has-been-cracked--/features/111194 Encryption is great!] - [Larry] - but bad implementations, and those that retrieve encrypted passwords are bad. We say all the time to use tried and try encryption algorithms, an this USB key manufacturer did just that. However, they added the ability for the password that is also used to access the device to be checked against a history of passwords. This function resides in memory, and brute force of the passwords can be conducted.
 
[http://www.f-secure.com/weblog/archives/00001487.html A Note About Mobile (in)security] - [PaulDotCom] - So, make a long story short, while an F-Secure researcher was giving a presentation about mobile security, a bluetooth worm outbreak happened and people's phones in the room were infected. There is also this [http://www.f-secure.com/weblog/archives/00001483.html scary Java vulnerability] that could effect mobile phones, over 100 million of them in fact. So, how do you control this in your environment? Do you just give people phones, or do you have a managed system like Blackberry? But what happens if a bluetooth phone worms creeps into your building? "Hi, this is security, before you can enter the building you must disable bluetooth on your phone". Is there even such a thing as a bluetooth IDS/IPS?
[http://www.heise-online.co.uk/security/USB-stick-with-hardware-AES-encryption-has-been-cracked--/features/111194 SCADA Attack released] - [Larry] - No offense to Kevin, but this is a re-implementation of the attack released by CORE a month or so back. So why does this one seem to get more press? This implementation is a Metasploit module. Yep, you can attack the latest in SCADA vulnerabilities for free.
2,337

edits

Navigation menu