Difference between revisions of "Episode51"

From Security Weekly Wiki
Jump to navigationJump to search
Line 9: Line 9:
 
[http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1229172,00.html?track=sy160 SPAM at an all time high] - [Larry] - I've seen the increase.  It seems that the SPAM filer guys are having a hard time keeping up, as are the AV vendors, White hat security researchers and vendors with patches.  Is this a war we cannot win?
 
[http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1229172,00.html?track=sy160 SPAM at an all time high] - [Larry] - I've seen the increase.  It seems that the SPAM filer guys are having a hard time keeping up, as are the AV vendors, White hat security researchers and vendors with patches.  Is this a war we cannot win?
  
[http://news.com.com/2061-10789_3-6133838.html?part=rss&tag=2063-10789_3-0&subj=news M$ teaching OEMs about Security Development Lifecycle] - [Larry] - Otherwised titled, how we created secure hardware that was hacked in only a few weeks.  Can you say XBOX (and 360) hacking?  I'm a bit skeptical on this one.
+
[http://news.com.com/2061-10789_3-6133838.html?part=rss&tag=2063-10789_3-0&subj=news M$ teaching OEMs about Security Development Lifecycle] - [Larry] - Otherwised titled, "How we Created Secure Hardware that was Hacked in Only a Few Weeks".  Can you say XBOX (and 360) hacking?  I'm a bit skeptical on this one.
 +
 
 +
[http://news.com.com/Check+Point+debuts+wireless-security+router+for+the+home/2100-1029_3-6133217.html?part=rss&tag=6133217&subj=news Check Point releases "Secure Wirless Router" for Home market] - [Larry] - I say "bullshit".  The device looks like it has come great features: VPN Endpoint, good firewall (CheckPoint of course), IDS/IPS, gateway AV, and WPA2.  Now, what home user will pay $200 for that when the $30 on sale Dlink works (without all of the security features of course).  Ont eh "secure wirelss" part, there is no mention of how they secure WPA2.  I can bet that it does not involve Radius, 3rd part supplicants, or any apropriate EAP type.  Would anyone form ZoneLabs/CheckPoint like to send us some eval units?
 +
 
 +
[no link yet - Larry's GAWN Gold Paper] - [Larry, Paul] - Yum.
 +
 
 +
[http://www.cs.rice.edu/~arudys/papers/wise2003.pdf WLAN Location Sensing] - [Larry] - A great follow on to my GAWN Gold paper - signifigant more detail on why locating Rogue APs are very difficult to locate accuratley.  Lots of hard math!
 +
 
  
  

Revision as of 16:43, 9 November 2006

Stories for Discussion

Wikipedia Hijacked to Spread Malware - [Joe] - "The German Wikipedia has recently been used to launch a virus attack. Hackers posted a link to an all alleged fix for a new version of the blaster worm. Instead, it was a link to download malicious software. They then sent e-mails advising people to update their computers and directed them to the Wikipedia article. Since Wikipedia has been gaining more trust & credibility, I can see how this would work in some cases. The page has, of course, been fixed but this is nevertheless a valuable lesson for Wikipedia users."

The End of Net Anonymity In Brazil - [Joe] - "The Brazilian senate is considering a bill that will make it a crime to join a chat, blog, or download from the Internet without fully identifying oneself first. If approved, it will be a crime, punishable with up to 4 years of jail time, to disseminate virus or trojans, unauthorizedly access data banks or networks and send e-mail, join chat, write a blog or download content anonymously."

WVE = CVE for Wireless Vulnerabilities - [Larry] - With all of the hububb about wireless vulnerabilityes, where is a good source to get schooled? The WVE of course!

SPAM at an all time high - [Larry] - I've seen the increase. It seems that the SPAM filer guys are having a hard time keeping up, as are the AV vendors, White hat security researchers and vendors with patches. Is this a war we cannot win?

M$ teaching OEMs about Security Development Lifecycle - [Larry] - Otherwised titled, "How we Created Secure Hardware that was Hacked in Only a Few Weeks". Can you say XBOX (and 360) hacking? I'm a bit skeptical on this one.

Check Point releases "Secure Wirless Router" for Home market - [Larry] - I say "bullshit". The device looks like it has come great features: VPN Endpoint, good firewall (CheckPoint of course), IDS/IPS, gateway AV, and WPA2. Now, what home user will pay $200 for that when the $30 on sale Dlink works (without all of the security features of course). Ont eh "secure wirelss" part, there is no mention of how they secure WPA2. I can bet that it does not involve Radius, 3rd part supplicants, or any apropriate EAP type. Would anyone form ZoneLabs/CheckPoint like to send us some eval units?

[no link yet - Larry's GAWN Gold Paper] - [Larry, Paul] - Yum.

WLAN Location Sensing - [Larry] - A great follow on to my GAWN Gold paper - signifigant more detail on why locating Rogue APs are very difficult to locate accuratley. Lots of hard math!



Other Stories of Interest

Rainbowcrack, Rainbow Tables, Cain & Abel - [Larry] - From Ethicalhacker and Chris Gates. What a fantastic tutorial and backgtound on rainbow table password cracking.