From Security Weekly Wiki
Revision as of 16:43, 9 November 2006 by Larry (talk | contribs)
Jump to navigationJump to search

Stories for Discussion

Wikipedia Hijacked to Spread Malware - [Joe] - "The German Wikipedia has recently been used to launch a virus attack. Hackers posted a link to an all alleged fix for a new version of the blaster worm. Instead, it was a link to download malicious software. They then sent e-mails advising people to update their computers and directed them to the Wikipedia article. Since Wikipedia has been gaining more trust & credibility, I can see how this would work in some cases. The page has, of course, been fixed but this is nevertheless a valuable lesson for Wikipedia users."

The End of Net Anonymity In Brazil - [Joe] - "The Brazilian senate is considering a bill that will make it a crime to join a chat, blog, or download from the Internet without fully identifying oneself first. If approved, it will be a crime, punishable with up to 4 years of jail time, to disseminate virus or trojans, unauthorizedly access data banks or networks and send e-mail, join chat, write a blog or download content anonymously."

WVE = CVE for Wireless Vulnerabilities - [Larry] - With all of the hububb about wireless vulnerabilityes, where is a good source to get schooled? The WVE of course!

SPAM at an all time high - [Larry] - I've seen the increase. It seems that the SPAM filer guys are having a hard time keeping up, as are the AV vendors, White hat security researchers and vendors with patches. Is this a war we cannot win?

M$ teaching OEMs about Security Development Lifecycle - [Larry] - Otherwised titled, "How we Created Secure Hardware that was Hacked in Only a Few Weeks". Can you say XBOX (and 360) hacking? I'm a bit skeptical on this one.

Check Point releases "Secure Wirless Router" for Home market - [Larry] - I say "bullshit". The device looks like it has come great features: VPN Endpoint, good firewall (CheckPoint of course), IDS/IPS, gateway AV, and WPA2. Now, what home user will pay $200 for that when the $30 on sale Dlink works (without all of the security features of course). Ont eh "secure wirelss" part, there is no mention of how they secure WPA2. I can bet that it does not involve Radius, 3rd part supplicants, or any apropriate EAP type. Would anyone form ZoneLabs/CheckPoint like to send us some eval units?

[no link yet - Larry's GAWN Gold Paper] - [Larry, Paul] - Yum.

WLAN Location Sensing - [Larry] - A great follow on to my GAWN Gold paper - signifigant more detail on why locating Rogue APs are very difficult to locate accuratley. Lots of hard math!

Other Stories of Interest

Rainbowcrack, Rainbow Tables, Cain & Abel - [Larry] - From Ethicalhacker and Chris Gates. What a fantastic tutorial and backgtound on rainbow table password cracking.