 |
 |
 |
| |
Internet Storm
·Infocon: green
·ISC Feature of the Week: Security Dashboard, (Tue, Feb 7th)
·ISC StormCast for Tuesday, February 7th 2012 http://isc.sans.edu/podcastdetail.html?id=2308, (Tue, Feb 7th)
·Secure E-Mail Access, (Tue, Feb 7th)
·Book Review: Practical Packet Analysis, 2nd ed, (Tue, Feb 7th)
·ISC StormCast for Monday, February 6th 2012 http://isc.sans.edu/podcastdetail.html?id=2305, (Mon, Feb 6th)
·Cybersecurity Legislation Components, (Sun, Feb 5th)
·Apple Security Advisory 2012-001 v1.1, (Sat, Feb 4th)
·Sophos 2012 Security Threat Report, (Fri, Feb 3rd)
read more... |
|
 |
 |
 |
|  |
|
|
|
| |
12 Patches this Tuesday, still black outside. Also Gates leaving Microsoft
Well I have to say Microsoft is at least making an effort. So 8 of the patches are critical but all 12 being note worthy. They range from IE, media player, word, powerpoint, exchange, TCP/IP. Also a ReRelease of MS06-011 making a total of 13 patches this month.
I'm writing this during a quick break from patching my own systems. I urge yawl to get them updates in place.
According to SANS there are exploits out for many of these vulnerabilities and we wouldn't want to get a nasty worm.
http://isc.incidents.org/diary.php?storyid=1415&isc=260dd75198d6c0f8e656f93f20f2242d
Keep those fires burning if you must, and update those
machines.
.....
On a side note: Did you hear Bill Gates is stepping down from Microsoft to spend more time on his global health and education work at the Bill & Melinda Gates Foundation. An interesting twist of fate, if i do say so. Read more on it:
http://www.microsoft.com/presspass/press/2006/jun06/06-15CorpNewsPR.mspx
|
|
 |
|
 |
| |
Posted by dNug on Thursday, June 15 @ 23:17:45 MDT
(Read More... | 1170 bytes more | Score: 5) |
|
 |
 |
 |
|
|
|
| |
Network Neutrality, can we all get along!
Network Neutrality is the idea that all
Internet sites must be treated equally by broadband providers. No
fast lanes to buy into, all content is equal. Was it the Three
Amigos that said “All for one, and one for all,” or was that
someone else?
Many sides to this story and it
continues to evolve as ideas are brought up
and lobbied in the US Government and Internet sector. CNet is
running a section on it labeled Net Neutrality Showdown. “Network
operators want to charge Internet content providers for enhanced IP
services, while Net neutrality proponents say regulations are needed
to prevent abuse by the Net's gatekeepers.”
From what I understand:
-Internet Companies want to be equal in
the eyes of Telcom/Broadband providers they don't
want charged/taxed based on how people access them. Saying that
network owners must not pick favorites among the myriad technologies,
applications and users that travel across their pipes.
-Telcom/Broadband Providers want to be
able to chop up Internet services like
IPTV, VOIP, HTTP, CableTV. They want to control how fast services
are to the end user, based on provider funds.
-US Government, contrary to my
assumptions, seem to be fighting for the average joe's
a least initially they don't want Telephone
companies to “Tax” content providers. But on another note Govt
recently passed a bill in the house “The legislation would replace
the regulatory role of more than 30,000 local franchising authorities
with a national system supervised by the Federal Communications
Commission (FCC).” CNet I don't
like the sound of a national system of regulatory rolls, but this
does what in regards to the Neutrality discussion.
I need to see more information.
“No broadband provider has proposed
to block certain Web sites. But they have said Yahoo, for instance,
could pay a fee to have its search site load faster than Google.
Other possibilities include restricting bandwidth-hogging
file-swapping applications, or delivering their own video content
faster than a similar service provided by rivals.“
What are your thoughts??? Ill will
need a few more articles on this till I'm solid.
Thanks too:
CNet– Net Neutrality Showdown
---specifically
CNet– Playing favorites on the Net?
CNet - House backs telecom bill
favoring phone companies
|
|
|
|
|
| |
Posted by dNug on Friday, June 09 @ 21:54:28 MDT
(Read More... | 2844 bytes more | Score: 5) |
|
|
|
|
|
|
|
| |
Censorship, not a Boat for Two
China has been in the process
of censorship, in the form of Internet site blocking and search result
exclusion.
Great Firewall of China
The system blocks
content by preventing IP
addresses from being routed through and consists of standard
firewall and proxy
servers at the Internet
gateways.
The system also selectively engages in DNS
poisoning when particular sites are requested. The government
does not appear to be systematically examining Internet content, as
this appears to be technically impractical
List of Words - censored by search engines in Mainland China
I particularly like “selling out
one's country”
Censorship
in this manner completely denounces why the internet is what it is
today. The internet is so popular because of its openness,
its freedom, its endless sea of information. When walls are placed
and freedoms taken, then we have no internet, we have big brother at
the country level.
“Goggle, the dominant
Internet company, acknowledged it has compromised its
principles by accommodating Chinese censorship demands.” CNN
Goggle had originally agreed to censorship
demands from china based on the blocking of their site. Sergey Brin
(Goggle co-founder) said the agreement was “ a set of rules that we
weren't comfortable with.” So Goggle looks to be going in other
directions in regards to helping China in the search engine market.
This is a good step for our friend Google, assume
of course this information was provided genuine, and not just some
form of cover up on Goggles part.
I do feel for thoes that live in the China Mainland, thoes that have to deal with outright censorship.
Thanks to:
CNN – Google co-founder: China
censorship a compromise
Wiki - Great Firewall of China
Wiki - List of Words - censored by search engines in Mainland China
|
|
|
|
|
| |
Posted by dNug on Wednesday, June 07 @ 21:45:21 MDT
(Read More... | 2360 bytes more | Score: 4) |
|
|
|
|
|
|
|
| |
Warriors of the future will 'taste' the battlefield
As war is on the top of our military
minds, technology is the method behind their innovation.
A story released by CNN
a few days ago talks about a device called a "Brain Port".
This device is attached to a person tongue and provides heightened
senses to the wearer. Giving the person superhuman senses
making them similar to Owls, snakes, and fish.
"In
testing, blind people found doorways, noticed people walking in front
of them and caught balls. A version of the device, expected to be
commercially marketed soon, has restored balance to those whose
vestibular systems in the inner ear were destroyed by
antibiotics.
It would allow soldiers to work in the dark
without *****bersome night-vision goggles and to "see out the back
of their heads," he said."
Next step are to create
sonar based systems, for underwater usage. Sensory augmentation
seems to be in for front for this Florida Institute for Human and
Machine Cognition.
Interesting Tech
for the military is just around the corner, remind of cyborgs a
little. Maybe too Si-Fi but I would like to see where this takes us
in terminator tech.
Cnn - Warriors of the future will 'taste' battlefield
|
|
|
|
|
| |
Posted by dNug on Thursday, May 04 @ 09:41:22 MDT
(Read More... | 1412 bytes more | Score: 5) |
|
|
|
|
|
|
|
| |
New Hybrid Car- Hydrogen and Gas Powered
Mazda has
started leasing a new RX-8 Hydrogen RE. This vehicle
is the first of it kind to offer the use of the two fuels, Gasoline and
Hydrogen. Hybrids with these fuels will make great comfort for
consumers, looking to purchase a hydrogen powered vehicle.
Because the car can always fall back to gasoline when a hydrogen fuel
station is not available in an area they
travel through. This Mazda is not a Fuel Cell, but rather uses
hydrogen in the same method as gasoline, burning it. The RX-8
is a rotary engine and Mazda says that rotary is ideal for hydrogen
fuels due to its reduction to backfiring. The problem with
burning hydrogen is it not a efficient as a
Fuel Cell scenario. A metric
in the Fox Article it says "It can cruise for a maximum 62 miles
on hydrogen and 549 km (341 miles) on gasoline". Not the
best use Hydrogen based fuels but a step forward none the less.
One
of the largest problems with the adoption of Hydrogen/Fuel Cell based
cars are hydrogen fuel stations, they are not exactly widespread like
our current gasoline stations, and it will be a long time coming.
Even in Japan where the new Mazda was released it only has 13 filling
stations all owned by the state and a few companies own their
own.
Hydrogen based vehicle's is
large step towards a greener economy, I want be apart of it when the
time is right but it is a long road ahead.
Some
hydrogen/fuel cell facts: Hydrogen is the most abundant resource on
earth. Hydrogen can be made by removing oxygen from water, in
science class this can be completed by electricity, but new methods
are being developed that don't require
electricity for this separation
of these molecules. Fuel cells energy
is produced when hydrogen is combined with oxygen, and the byproduct
of that is water.
Fox News - Mazda Plans Duel-Fuel Car in Japan
Mazda News - Mazda starts leasing rotary hydrogen vehicles
|
|
|
|
|
| |
Posted by dNug on Thursday, February 16 @ 11:01:53 MST
(Read More... | 2219 bytes more | Score: 0) |
|
|
|
|
|
|
|
| |
MS06-005 Proof of Concept code in the wild
Per Sans
"The proof of concept exploit for MS06-005 has been released. The
exploit craft a malicious BMP file to perform buffer overflow in Media
Player. Keeping in mind as Microsoft has pointed out that the
exploiting factor can include other graphics file as well (such as
.wmp), it's a good idea to get it patched ASAP."
With every Microsoft Patch release it seems that someone is out their
putting their Reverse engineering skills to work on the patches.
Making the vulnerabilities that much more in your face. Its
important to get your machines updated, cause you never know who is
using the PoC of a version there of.
|
|
|
|
|
| |
Posted by dNug on Thursday, February 16 @ 09:52:09 MST
(Read More... | 731 bytes more | Score: 0) |
|
|
|
|
|
|
|
| |
RFID tags - Security overlooked for mass production
RFID has many different issues that
seem to stand in the way of mass adoption. From size to cost
and security is a concern. But based on one of the latest
articles put out by a cryptographer,
Adi Shamir, it seems that security has been put on the back
burner by the largest manufacture of RFID tags. They
claim you security cant be implemented with out significant
cost in the RFID production line.
Security is an important
piece in RFID, because you only want people to read an RFID tag the
have access to. Let take a real world example. Have you
seen the Mastercard PayPass Commercials
that advertise the ability to swipe a card over a reader and pay for
your goods. Doesn't have to be a card it can be a key
fob, or anything with an RFID tag in it. It is RFID
technology that produces the signal to the
reader. And interesting piece to this
is the credit card company doesn't require and other identification
passed the RFID tag, no pin entry or singing of the receipt.
So all it would take over someone card is reproduction of the RFID
information contained on somebody's card
for fraud to take place. And without security on RFID tag
anyone can read RFID information, a serious problem, IMHO.
I don't want to sacrifice
convenience for security, I will still use
my PIN when making purchases. I want to keep my two factor
authentication, a card and a pin. Something
you have and something you know.
Adi Shamir Article
Mastercard Pay Pass
Visa Contactless
|
|
|
|
|
| |
Posted by dNug on Wednesday, February 15 @ 11:18:23 MST
(Read More... | 1780 bytes more | Score: 0) |
|
|
|
|
|
|
|
| |
Black Tuesday should keep you busy this week.
Anonymous writes "Microsoft has released 7 patches this month 2 being critical. For a the Microsoft Article on the patches please visit the Feb 06 Security Bulletin.
One marked as Important should be applied with the criticals ASAP. Vulnerability in TCP/IP Could Allow Denial of Service (913446)
This is MS06-007 it affects IGMP packets, a vulnerability was
developed that could stop a the destination of the IGMP packet to stop
responding. Certainly a DOS senario.
Sans
has recieved reports that when installing the patch MS06-007 (KB913446)
through Microsoft Update fails. But if you intall the patch
manually it works fine. Something to keep mind this patch
season.
Get those systems updated, proactive will always beat reactive approaches.
"
|
|
|
|
|
| |
Posted by dNug on Tuesday, February 14 @ 14:30:56 MST
(Read More... | 989 bytes more | Score: 0) |
|
|
|
|
|
|
|
| |
Love is in the Air, you thought that was Jack Frost
With that special day buzzing in the
ears of couples. I'm thinking back to grade
school where valentines wasn't about couples so much as the
class you were in. You got to pick out a set of cards to give you
mates, and some special treats to along with. It was so much easier
then.
2 feet er what, well after a long dig out and some snow
angles. My enjoyment of winter is just about over, what, good
mountains if yall checking. BTW grats to
US Boarders over at Torino 2006, mad respect.
A name of a new
exploit caught my eye today mainly the descriptiveness, IE
0-Day Drag-N-Drop-N-PopUnder-N-GrabFocus-N-DoTheHokeyPokey Vuln.
But I 'm sure there is something meaningful
in the article.
Oh ya what was the joke, We haven't
had a vice president shoot someone since
Aaron Burr.
Wow, I need some
structure in my life.
|
|
|
|
|
| |
Posted by dNug on Tuesday, February 14 @ 03:02:29 MST
(Read More... | 921 bytes more | Score: 0) |
|
|
|
|
|
