 |
dilluns, 30 / abril / 2007 |
|
|
[Infosec Writers] Five Mistakes of Data Encryption. Anton Chuvakin és un dels experts sobre seguretat informàtica més coneguts, especialment arran la publicació del llibre «Security Warrior» i la seva participació al projecte Honeynet. Aquesta breu nota fa un repàs de les raons per les quals el xifrat no sempre és una bona solució i, sovint, més que ajudar l'únic que fa es complicar l'entorn sense aportar cap valor significatiu, especialment si no es segueixen una sèrie ben bàsica de normes.
If you follow the media today, you might get to a conclusion that data encryption is everywhere. However, is this “good” encryption? A classic saying “Encryption is easy; key management is hard” illustrates one of the pitfalls that await those implementing encryption enterprise-wide or even SMB-wide. This paper covers some of the other mistakes that often occur when organizations try to use encryption to protect data-at-rest and data-in-transit and thus improve their security posture.
(...)
The first mistake is not using encryption when it is easy and accepted.
(...)
The second mistake has been mentioned by most cryptographers out there: inventing your own cryptographic algorithm.
(...)
Every security pro worth his salt will recognize the third mistake: “hard-coding” secrets.
(...)
the fourth mistake is manifested in the form of storing keys with data.
(...)
the fifth mistake turns encryption again the very entity that is supposed to benefit from it - your organization: not handling data recovery.
Malgrat que aquesta nota recull tot allò que sempre s'explica sobre la criptografia i els seus problemes, és un bon resum i de lectura més que recomanada.
|
  | 10:22 (# Enllaç permanent) | Comentaris: | Trackback:
|
|
|
diumenge, 29 / abril / 2007 |
|
|
 [BandaAncha] Ataque masivo a Telefónica de España afecta millones de usuarios. No tinc cap dada per confirmar si realment és això, però sí que aquesta tarda el funcionament de la meva connexió ADSL ha estat força dolent
Desde las 16.00 horas de hoy 29-04-2007, hora peninsular, Telefónica de España está sufriendo lo que parece un ataque masivo en sus servidores que los técnicos, según rumores, no logran restablecer al no haber dado con la causa real. Durante toda la tarde, millones de usuarios están experimentando cortes continuos restablecimientos y nuevos cortes en una interminable sucesión. Telefónica de España no está dando información alguna, si bien, según rumores, fuentes de la Compañía que prefieren mantener el anonimato, han declarado "off-de-record" que se enfrentan al "mayor y más escalofríante" ataque cibernético que hayan tenido que hacer frente jamás. Según rumores, la compañía ha reunido a sus mejores técnicos, los cuales se afanan en entender el motivo por el que sus servidores vuelven a caerse una y otra vez.
Desconec si el motiu de tot això és un atac i sense dades és difícil creure que això publicat a BandaAncha no sigui una invenció.
Com a referència, aquest gràfic mostra les visites que ha rebut el meu servidor (connectat a la xarxa de Telefonica) durant el dia d'avui, entre les 11.00 i les 22.00 hores on es pot notar una significativa davallada en el nombre de peticions entre les 17.00 i les 19 hores.
En canvi, a la màquina de Softcatalà que està a la universitat de Lleida, el comportament de les visites és força diferent: hi ha una baixada pels voltants de les 14.00 hores (normal al tractar-se de l'hora de dinar) i després un ritme continuat de visites durant tota la tarda, arribant al màxim a les 20.00 hores, per començar a baixar després:
És, per tant, un gràfic perfectament normal per una tarda de diumenge en el cas de Softcatalà.
El Mundo: Telefónica reconoce una 'incidencia' que ha afectado a su servicio ADSL
Un portavoz de la operadora ha asegurado que se trata de una "incidencia producida entre las 16.00 horas y las 17.00 horas, y que ha podido producir problemas en algunas conexiones", aunque ha negado que el servicio se haya visto afectado de manera importante.
Menys mal que no ha afectat de forma important... el dia que si ho faci, què passarà?
|
| 22:30 (# Enllaç permanent) | Comentaris: | Trackback:
|
|
 Aquesta és una eina, disponible per a Linux, Solaris, Windows i Mac OS, que no he pogut provar... atès que només està disponible per al personal del govern dels Estats Units (es pot baixar, però per a executar-lo cal un fitxer de llicència que cal demanar expressament).
File Scrub és una eina per eliminar informació sensible dels fitxers:
Minimizes the risk of inadvertent release of information, as occurred in these situations:
Runs on Windows, Linux, Mac OS X, and Solaris, using an identical interface.
Increases confidence that hidden information is accounted for or removed.
Reviews files for metadata, macros, embedded objects, intelligent agents, hidden data streams, links, and keywords.
Provides a secure audit trail by recording all file review and transfer activities in encrypted logs.
|
| 15:02 (# Enllaç permanent) | Comentaris: | Trackback:
|
|
|
dissabte, 28 / abril / 2007 |
|
|
[IBM] Discover the Linux Kernel Virtual Machine. KVM, un component del nucli de Linux 2.6.20, permet la virtualització d'un sistema Linux, de forma que una única màquina de diverses màquines virtuals, cada una d'elles amb un sistema operatiu independent i executant-se de forma aïllada.
Linux and flexibility go hand in hand, and the options for virtualization are no different. But recently, a change in the Linux virtualization landscape has appeared with the introduction of the Kernel virtual Machine, or KVM. KVM is the first virtualization solution to be part of the mainline Linux kernel (V2.6.20). KVM supports the virtualization of Linux guest operating systems -- even Windows with hardware that is virtualization-aware. Learn about the architecture of the Linux KVM as well as why its tight integration with the kernel may change the way you use Linux.
|
| 11:59 (# Enllaç permanent) | Comentaris: | Trackback:
|
|
|
divendres, 27 / abril / 2007 |
|
|
[Linux.com] Put your OpenSSH server in SSHjail. Un pegat per a l'OpenSSH que permet la seva execució dins d'una gàbia chroot.
Jailing is a mechanism to virtually change a system's root directory. By employing this method, administrators can isolate services so that they cannot access the real filesystem structure. You should run unsecured and sensitive network services in a chroot jail, because if a hacker can break into a vulnerable service he could exploit your whole system. If a service is jailed, the intruder will be able to see only what you want him to see -- that is, nothing useful. Some of the most frequent targets of attack, which therefore should be jailed, are BIND, Apache, FTP, and SSH. SSHjail is a patch for the OpenSSH daemon. It modifies two OpenSSH files (session.c and version.h) and allows you to jail your SSH service without any need for SSH reconfiguration.
|
| 12:32 (# Enllaç permanent) | Comentaris: | Trackback:
|
|
|
dijous, 26 / abril / 2007 |
|
|
 L'altre dia en parlava aquí del SecuStick, una memòria USB amb capacitat d'autodestrucció. Bé, ja hi ha qui l'ha provat i les conclusions no són massa positives: Secustick gives false sense of security
Because the stick supposedly self-destructs after several wrong attempts at keying in the password, we decided to put that feature to the test first.
(...)
Opening the Secustick reveals two easily recognizable elements: a flash controller and a piece of NAND memory, which in this case has been manufactured by Hynix. A little research taught us that this type of controller is a very basic type that doesn't have any specific security features, and although we couldn't find a datasheet of the memory module, we did discover one from a similar model on the internet, and learned that it has a special pin that allows or denies writing to the chip, based on its voltage.
(...)
By soldering a wire between the special pin and the earth we could be sure that no data on the chip could be altered
When we re-inserted the stick into the PC and deliberately typed a wrong password, the screen read: 'Wrong password, 6 attempts left'. So we tried again, and the message on the screen read 'Wrong password, 6 attempts left' once again. Goody! The stick left unable to store the number of password attempts, we could now try out passwords indefinitely without having to fear that the stick would self-destruct. Time to take a closer look at the software.
(...)
It should be clear that the stick's security is quite useless: a simple program can be used to fool the Secustick into sending its unlock command without knowing the password.
(...)
Our advice should be clear: anyone with 130 euros to spare for a shiny metal USB stick with a necklace is free to go out and spend it on the Secustick, but those who want to carry their data around safely are better off searching for a more advanced model, or to use a regular stick in combination with a program such as TrueCrypt.
|
| 09:55 (# Enllaç permanent) | Comentaris: | Trackback:
|
|
|
dimecres, 25 / abril / 2007 |
|
|
IBM ofereix una sèrie de consells bàsics de seguretat per als usuaris d'ordinadors portàtils: Laptop Security Basics
- Use the features of your operating system
- Use the BIOS password
- Your laptop's serial numbers
- Use some form of permanent marking on the laptop
- Use the manufacturer's registration scheme
- Use the manufacturer's registration scheme
Segons aquest document, el 40% dels robatoris d'ordinador portàtil es realitzan dins de les oficines... quina por! Jo sempre deixo el meu portàtil a la taula, sense cap mena de protecció física (només bloquejo la sessió d'usuari).
|
| 19:22 (# Enllaç permanent) | Comentaris: | Trackback:
|
|
PKWare ha publicat una versió bàsica del seu producte comercial SecureZIP anomenada SecureZIP Standard version 11, que combina les funcionalitats d'una eina de compressió de fitxers amb la capacitat de xifrar la informació. Addicionalment també permet xifrar els missatges de correu electrònic (en aquest cas, només dóna suport a l'Outlook)
SecureZIP provides data-centric security that ensures information stored on hard drives, laptops, portable storage devices, and as email attachments is protected against theft or unauthorized access. SecureZIP enables users to secure files with strong passphrase or digital certificate-based encryption, as well as digital signature support to ensure data integrity. And SecureZIP is the only data-centric security solution that is genuinely scalable, working as effortlessly on hundreds of thousands of computers as on a single computer.
Features Introduced in SecureZIP Version 11
- Encrypt email body and calendar attachments – Ensure that the information contained in the body of your e-mail, email attachments and calendar attachments is protected through integration with Microsoft Outlook®.
- Re-encryption – Save time by forwarding encrypted e-mails to new recipients automatically from your e-mail without having to download and resave your files
|
| 10:38 (# Enllaç permanent) | Comentaris: | Trackback:
|
|
IT Conversations ha publicat dos interessants podcasts, que us recomano escoltar.
El primer podcast és amb Mikko Hypponen, responsable de recerca sobre antivirus i malware de F-Secure.
F-Secure is one of the leading companies devoted to the study and prevention of computer viruses, spam, and other types of malware. Mikko Hypponen, the company's Director of Anti-Virus Research, joins Phil and Scott in a discussion of the current status of the virus problem. In addition to reviewing his background, Mikko talks about how new viruses are studied and offers suggestions on how to better protect average users, who are still affected, even with constant warnings.
 El segon podcast és amb Caterina Fake, cofundadora de Flickr que parla sobre la història d'un dels serveis que ha ajudat a definir el concepte de web 2.0
Caterina Fake, co-founder of Flickr, tells the story of how "fortuitous ignorance" and great timing helped give birth to the seminal Web 2.0 app, Flickr. As Fake's company Ludicorp was in the throes of watching the failure of its only product, the tiny development team took a stab at creating one last feature for the game: a social photosharing component. Fake tells all, including how integral user input was to Flickr's development, and why social interaction was always Flickr's central goal.
|
| 10:31 (# Enllaç permanent) | Comentaris: | Trackback:
|
|
|
dimarts, 24 / abril / 2007 |
|
|
IBM ha publicat una guia de monitorització de sistemes Linux anomenada «Linux Performance and Tuning Guidelines». Tracta sobre els diversos aspectes del sistema que cal monitoritzar per tal de garantir la disponibilitat dels sistemes així com les modificacions que es poden fer a la configuració per obtenir el màxim rendiment.
With use of Linux in an enterprise-class server comes the need to monitor performance and, when necessary, tune the server to remove bottlenecks that affect users. This IBM Redpaper describes the methods you can use to tune Linux, tools that you can use to monitor and analyze server performance, and key tuning parameters for specific server applications. The purpose of this redpaper is to understand, analyze, and tune the Linux operating system to yield superior performance for any type of application you plan to run on these systems.
Table of Contents
- Understanding the Linux operating system
- Monitoring and benchmark tools
- analyzing performance bottlenecks
- Tuning the operating system
|
| 10:56 (# Enllaç permanent) | Comentaris: | Trackback:
|
|
|
diumenge, 22 / abril / 2007 |
|
|
[The Guardian] Operation Ore flawed by fraud parla d'una gegantina operació realitzada al Regne Unit contra suposats consumidors de pornografia infantil... però pel que sembla la majoria d'incriminats en realitat eren víctimes d'un frau: s'havia utilitzat la seva targeta de crèdit per pagar per la pornografia, però aquestes dades havien estat robades.
Operation Ore has become embedded in public consciousness as the landmark police operation that tracked down people - almost always men - who allegedly paid to access child pornography via computer. In all, 7,272 British residents were on its target lists, more than 2,000 of whom have never been investigated; and 39 men have killed themselves under the pressure of the investigations. Ore has dragged big names into the spotlight - such as the musicians Pete Townshend, the Who guitarist, and Robert del Naja of Massive Attack, both falsely accused of accessing child pornography.
(...)
New evidence I have gathered for my work as an expert witness in defence cases shows that thousands of cases under Operation Ore have been built on the shakiest of foundations - the use of credit card details to sign up for pornography websites. In many cases, the card details were stolen; the sites contained nothing or legal material only; and the people who allegedly signed up to visit the sites never went there.
Un informe més detallat és Sex, lies and the missing tape.
|
| 18:16 (# Enllaç permanent) | Comentaris: | Trackback:
|
|
[Via Slashdot] Un article de New Scientist, Seeing through walls, explica com és possible la visualització remota d'allò que mostra una pantalla tot escoltant les emissions de radiofreqüència. Fins ara es sabia que això es podia fer amb les pantalles de tub (les CRT), però semblava que ambles pantalles LCD no era possible. Però es veu que sí!
Back in 1985, Wim Van Eck proved it was possible to tune into the radio emissions produced by electromagentic coils in a CRT display and then reconstruct the image. The practice became known as Van Eck Phreaking, and NATO spent a fortune making its systems invulnerable to it. It was a major part of Neal Stephenson's novel Cryptonomicon.
CRTs are now well on the way to being history. But Kuhn has shown that eavesdropping is possible on flat panel displays too. It works slightly differently. With a flat panel display the aim is to tune into the radio emissions produced by the cables sending a signal to the monitor. The on-screen image is fed through the cable one pixel at a time. Because they come through in order you just have to stack them up. And Kuhn has worked out how to decode the colour of each pixel from its particular wave form.
If everything is just right, you can pick up signals from some distance. "I was able to eavesdrop certain laptops through three walls," says Kuhn. "At the CEBIT conference, in 2006, I was able to see the Powerpoint presentation from a stand 25 metres away." Here's the image he managed to get:
Això, com indiquen, recorda molt al TEMPEST, una aplicació dels serveis d'intel·ligència nord-americans per veure de forma remota allò que es visualitza a la pantalla d'un ordinador. Hi ha, fins i tot, un TEMPEST de codi obert anomenat EckBox.
|
| 16:12 (# Enllaç permanent) | Comentaris: | Trackback:
|
|
|
dissabte, 21 / abril / 2007 |
|
|
[Slashdot] Typing Patterns for Authentication. Un nou sistema d'autenticació, basat en la contrasenya i la forma en que l'usuari l'escriu.
BioPassword is a new security software based on the idea of keystroke recognition.
(...)
it works by measuring the speed at which you type. So it asks you to enter your password and login details nine times and that enables it to take a sample of your typing speed.
(...)
It measures the length of time for which each key in your password is depressed and it also measures the length of time between strokes. And what you realize is that most of us type in a very consistent and a very idiosyncratic way.
|
| 16:44 (# Enllaç permanent) | Comentaris: | Trackback:
|
|
|
divendres, 20 / abril / 2007 |
|
|
El NIST ofereix la imatge d'un ordinador i planteja una sèrie de qüestions, amb diferent nivell de dificultat: Hacking Case
Scenario
On 09/20/04, a Dell CPi notebook computer, serial # VLQLW, was found abandoned along with a wireless PCMCIA card and an external homemade 802.11b antennae. It is suspected that this computer was used for hacking purposes, although cannot be tied to a hacking suspect, Greg Schardt. Schardt also goes by the online nickname of "Mr. Evil" and some of his associates have said that he would park his vehicle within range of Wireless Access Points (like Starbucks and other T-Mobile Hotspots) where he would then intercept internet traffic, attempting to get credit card numbers, usernames & passwords.
Find any hacking software, evidence of their use, and any data that might have been generated. Attempt to tie the computer to the suspect, Greg Schardt.
D'entrada, això és útil: diverses opcions per muntar les imatges DD.
|
| 08:11 (# Enllaç permanent) | Comentaris: | Trackback:
|
|
|
dijous, 19 / abril / 2007 |
|
|
[Slashdot] Word Vulnerability Compromised US State Dept. Pel que sembla, hi ha una nova vulnerabilitat, no documentada, a Microsoft Word, que es pot utilitzar per comprometre els ordinadors que obren un document especialment preparat. Aquesta vulnerabilitat hauria estat utilitzada per comprometre sistemes del govern nord-americà.
Apparently hackers using an undisclosed (at the time) vulnerability compromised the State Departments network using a Word document sent as an email attachment. Investigators found multiple instances of infection, informed Microsoft, then had to sever internet connectivity to avoid leaking too much data!"
|
| 10:33 (# Enllaç permanent) | Comentaris: | Trackback:
|
|
|
dimecres, 18 / abril / 2007 |
|
|
[SecurityFocus] Notes On Vista Forensics és un article (primera i segona part) tracta sobre els canvis en Windows Vista que cal considerar alhora de fer una anàlisi forense.
This article, the first in a two-part series, takes a high level look at what we know now about those changes in Vista which seem likely to have the most impact on computer forensic investigations, starting with the built-in encryption, backup, and system protection features. Next time, part two will continue the discussion with a concentration on typical user activities such as web browser and e-mail usage.
|
| 16:58 (# Enllaç permanent) | Comentaris: | Trackback:
|
|
|
dimarts, 17 / abril / 2007 |
|
|
|
dilluns, 16 / abril / 2007 |
|
|
El TERMCAT ha publicada una terminologia de comerç electrònic que aplega 284 denominacions catalanes corresponents als conceptes més habituals en comerç electrònic i les seves equivalències en castellà, francès i anglès. Addicionalment s'inclou la definició per a cada terme.
Així, com a tall d'exemple, la definició del correu brossa és:
correu brossa m
es correo basura
fr pourriel
en junk mail
en spam
Conjunt de missatges electrònics importuns, generalment de caràcter publicitari i sense interès per al receptor, que s'envien indiscriminadament a un gran nombre d'internautes.
|
| 12:17 (# Enllaç permanent) | Comentaris: | Trackback:
|
|
[PCWorld] Wi-Fi Bug Found in Linux. Presentat al Black Hat l'existència d'un problema de seguretat al controlador sense fil de Linux per Atheros.
A major Linux Wi-Fi driver contains a bug that can allow an attacker to take control of a laptop--even when it is not on a Wi-Fi network.
A bug has been found in a major Linux Wi-Fi driver that can allow an attacker to take control of a laptop -- even when it is not on a Wi-Fi network.
There have not been many Linux Wi-Fi device drivers, and this is apparently the first remotely executable Wi-Fi bug. It affects the widely used MadWi-Fi Linux kernel device driver for Atheros-based Wi-Fi chipsets, according to Laurent Butti, a researcher from France Telecom Orange, who found the flaw and released the information in a presentation at last month's Black Hat conference in Amsterdam.
Personalment és la primera notícia que veig sobre això. Per tant, no n'estic segur de la seva fiabilitat.
|
| 12:13 (# Enllaç permanent) | Comentaris: | Trackback:
|
|
|
dissabte, 14 / abril / 2007 |
|
|
|
dijous, 12 / abril / 2007 |
|
|
[IBM] The High Stakes of Security: Protecting Your Brand
In recent years, in virtually every industry, organizations of all sizes have paid a heavy price for security breaches or the loss of customer or company data. It is becoming more and more difficult for CIOs and chief information security officers (CISOs) to know where to focus resources to protect confidential information and comply with government regulations.
Although there's no such thing as a sure bet to protect critical information, there are approaches that can help to significantly reduce exposure to risks and meet security compliance obligations. This white paper reviews a security approach that's integrated with your business strategy. Without this, you're risking a lot more than downtime or the simple loss of information assets or capital-you may be betting your organization's brand image.
|
| 22:58 (# Enllaç permanent) | Comentaris: | Trackback:
|
|
[Port 666] No permitas que Europa nos convierta en copycriminales
No permitas que Europa nos convierta en copycriminales
(...)
El 24 de abril, el Parlamento Europeo votará la IPRED2, la Segunda Directiva de Cumplimiento de la Propiedad Intelectual. De un plumazo, pueden convertir a miles de ciudadanos y negocios europeos en copycriminales.
Si la IPRED2 se aprueba en su actual formulación, "ayudar, alentar o incitar" a infracciones de los derechos de autor a una "escala comercial" será un crimen en la UE.
(...)
Si la IPRED2 se convierte en ley, las compañías del entretenimiento podrán ser asistidas por la policía, asumiendo un papel oficial como parte de "equipos de investigación" a nivel transnacional.
EFF Europe, junto con otros grupos activistas europeos, está trabajando duro en Bruselas para cambiar la IPRED2. Envía un mensaje al Parlamento Europeo y recibe información actualizada, visitando nuestro sitio y firmando nuestra petición YA.
More info:
http://www.copycrime.eu/
|
| 17:20 (# Enllaç permanent) | Comentaris: | Trackback:
|
|
|
dimecres, 11 / abril / 2007 |
|
|
[Yahoo News] Over 2,000 sites exploit .ani security flaw. Uns 2.000 llocs web diferents inclouen algun exploit que s'aprofita de la vulnerabilitat .ANI; això implica que tots els usuaris amb un Windows sense el pegat que han visitat aquestes webs estan potencialment afectats.
More than 2,000 unique Web sites have been rigged to exploit the animated cursor security flaw in Microsoft's software, according to security vendor Websense Inc.
Those Web sites are either hosting exploit code or are redirecting Internet users to sites with bad code, Websense's blog reported Monday.
The number of Web sites engineered to exploit the problem has jumped considerably since the vulnerability was publicly disclosed by Microsoft on March 29. It will likely continue to rise until patches are applied across corporate and consumer PCs, said Ross Paul, senior product manager for Websense.
Hackers are hoping to catch some of the millions of unpatched machines.
(...)
As a result, security analysts are generally recommending to apply the patch, even though Microsoft said Friday they were fixing compatibility problems with some applications.
|
| 10:33 (# Enllaç permanent) | Comentaris: | Trackback:
|
|
|
dimarts, 10 / abril / 2007 |
|
|
Tal com mostra el vídeo de demo de la vulnerabilitat .ANI, l'Internet Explorer 7 quan s'executa a Windows Vista incorpora una interessant característica.
Es tracta del mode protegit, una mena de sandbox en la que s'executa l'IE limitant els permisos de l'aplicació sobre el sistema de fitxers. Quan s'executa en aquesta modalitat, l'Internet Explorer només té permisos de lectura sobre el sistema de fitxers, de forma que qualsevol vulnerabilitat existent només podrà ser explotada per accedir als fitxers però sense capacitat de modificar-los ni, tampoc, d'executar programes.
Un dels programadors de l'IE ha publicat un interessant post a l'IEBlog explicant el funcionament del mode protegit:
The Protected Mode feature is available only in Windows Vista. By default, Protected Mode is enabled for Internet, Intranet and Restricted zones while disabled for the Trusted Sites and Local Machine zone.
To enable or disable Protected Mode for a zone go to: Internet Options > Security tab > Select the appropriate zone> Check/uncheck the “Enable Protected Mode” checkbox. The status of Protected Mode can be monitored by looking at the “Protected Mode: On” text in bottom right corner of the IE status bar. However, at times you may notice the text in the status bar says “Protected Mode: Off” even when the Internet Options dialog says Protected Mode is enabled.
El mode protegit es pot desactivar automàticament en determinades circumstàncies, definides en aquest diagrama de flux:
|
| 14:02 (# Enllaç permanent) | Comentaris: | Trackback:
|
|
|
dilluns, 9 / abril / 2007 |
|
|
|
diumenge, 8 / abril / 2007 |
|
|
|
dissabte, 7 / abril / 2007 |
|
|
L'Internet Storm Center informa d'un possible nou 0-day que afecta als sistemes Windows:
We are currently investigating a possible exploit with MS, Active Directory, and DNS. At this point the information looks solid, provided initially by Bill O. for review. Further information has been provided by Bill, who is working on contacting MS, as things have progressed. Looking at the description of the attack method, it looks solid based on my experience with MS. If anybody has any scans from the 61.63.xxx.xxx range, I would be very interested in seeing full captures.
|
| 12:11 (# Enllaç permanent) | Comentaris: | Trackback:
|
|
[ZDNet] Researchers: E-passports pose security risk. La seguretat dels passaports amb xip RFID (teòricament el sistema més segur per evitar la falsificació de passaports) posada en entredit:
At a pair of security conferences here, researchers demonstrated that passports equipped with radio frequency identification (RFID) tags can be cloned with a laptop equipped with a $200 RFID reader and a similarly inexpensive smart card writer. In addition, they suggested that RFID tags embedded in travel documents could identify U.S. passports from a distance, possibly letting terrorists use them as a trigger for explosives.
|
| 12:01 (# Enllaç permanent) | Comentaris: | Trackback:
|
|
|
divendres, 6 / abril / 2007 |
|
|
[News.com] Windows cursor patch causing trouble. Pel que sembla, l'actualització de Microsoft per a la vulnerabilitat .ANI dóna problemes de compatibilitat amb els productes de Realtek.
Microsoft broke with its monthly patch cycle Tuesday to repair a bug in the way Windows handles animated cursors. Cybercrooks had been using the hole since last week to attack Windows PCs. But the fix is not compatible with software that runs audio and networking components from Realtek Semiconductor, some Windows users have found.
(...)
Microsoft is aware of problems with Realtek's audio software. In fact, it knew about them before releasing the fix and published a support article with the security bulletin. An additional update is available from Microsoft to remedy the problem, according to the company's Web site. Microsoft is not aware of networking issues, a representative said.
The audio problem occurs on Windows XP PCs that have the Realtek HD Audio Control Panel installed, Microsoft said. The application may not start after the patch is applied and Windows may display an error message, the company said.
|
| 10:26 (# Enllaç permanent) | Comentaris: | Trackback:
|
|
[ComputerWorld] Hackers now offer subscription services, support for their malware. Un grup de russos ofereix en una web serveis de suport per a malware, amb garantia de resultats! Ofereixen als propietaris de servidors web la possibilitat d'instal·lar-hi un programa espia i pagar-los en funció del tràfic rebut.
Like many just-launched e-commerce sites in the world, this unnamed Web site has a fairly functional, if somewhat rudimentary, home page. A list of options at top of the home page allows visitors to transact business in Russian or in English, offers an FAQ section, spells out the terms and conditions for software use and provides details on payment forms that are supported.
(...)
In return for downloading the malware to their sites, Web site owners are promised at least €50 -- about $66 (U.S.) -- every Monday, with the potential for even more for "clean installs" of the malicious code on end user systems. "If your traffic is good, we will change rates for you and make payout with new rates," the site promises.
|
| 10:23 (# Enllaç permanent) | Comentaris: | Trackback:
|
|
|
dijous, 5 / abril / 2007 |
|
|
Entre 1989 i el 2005, la Internet Engineering Task Force (el braç armat responsable de la definició d'estàndards d'Internet) va aprofitar l'1 d'abril per publicar un RFC (petició de comentaris) amb una innocentada... Ja n'he parlat vàries vegades, però aquesta és la llista de totes les bromes:
RFC 748 — TELNET RANDOMLY-LOSE option. M.R. Crispin. 1 d'abril 1978.
Una paròdia de la documentació de TCP/IP.
RFC 1097 — TELNET SUBLIMINAL-MESSAGE option. B. Miller. 1 d'abril 1989.
RFC 1149 — Standard for the transmission of IP datagrams on Avian Carriers. D. Waitzman. 1 d'abril 1990.
Actualitzat per l'RFC 2549.
La descripció d'un protocol per a la transmissió de tràfic utilitzant coloms missatgers. Això va ser implementat l'any 2001 tal i com explica l'RFC 1149.
RFC 1216 — Gigabit Network Economics and Paradigm Shifts. Poorer Richard, Prof. Kynikos. 1 d'abril 1991.
RFC 1217 — Memo from the Consortium for Slow Commotion Research (CSCR). Vint Cerf. 1 d'abril 1991.
RFC 1313 — Today's Programming for KRFC AM 1313 Internet Talk Radio. C. Partridge. 1 d'abril 1992.
RFC 1437 — The Extension of MIME Content-Types to a New Medium. N. Borenstein, M. Linimon. 1 d'abril 1993.
RFC 1438 — Internet Engineering Task Force Statements Of Boredom (SOBs). A. Lyman Chapin, C. Huitema. 1 d'abril 1993.
RFC 1605 — SONET to Sonnet Translation. William Shakespeare. 1 d'abril 1994.
RFC 1606 — A Historical Perspective On The Usage Of IP Version 9. J. Onions. 1 d'abril 1994.
RFC 1607 — A VIEW FROM THE 21ST CENTURY. Vint Cerf. 1 d'abril 1994.
RFC 1776 — The Address is the Message. Steve Crocker. 1 d'abril 1995.
Si no hi ha contingut, no cal seguretat.
RFC 1924 — A Compact Representation of IPv6 Addresses. R. Elz. 1 d'abril 1996.
RFC 1925 — The Twelve Networking Truths. R. Callon. 1 d'abril 1996.
RFC 1926 — An Experimental Encapsulation of IP Datagrams on Top of ATM. J. Eriksson. 1 d'abril 1996.
RFC 1927 — Suggested Additional MIME Types for Associating Documents. C. Rogers. 1 d'abril 1996.
RFC 2100 — The Naming of Hosts. J. Ashworth. 1 d'abril 1997.
RFC 2321 — RITA -- The Reliable Internetwork Troubleshooting Agent. A. Bressen. 1 d'abril 1998.
RFC 2322 — Management of IP numbers by peg-dhcp. K. van den Hout et al. 1 d'abril 1998.
RFC 2323 — IETF Identification and Security Guidelines. A. Ramos. 1 d'abril 1998.
RFC 2324 — Hyper Text Coffee Pot Control Protocol (HTCPCP/1.0). L. Masinter. 1 d'abril 1998.
RFC 2325 — Definitions of Managed Objects for Drip-Type Heated Beverage Hardware Devices using SMIv2. M. Slavitch. 1 d'abril 1998.
RFC 2549 — IP over Avian Carriers with Quality of Service. D. Waitzman. 1 d'abril 1999.
És una actualització de l'RFC 1149.
RFC 2550 — Y10K and Beyond. S. Glassman, M. Manasse, J. Mogul. 1 d'abril 1999.
RFC 2551 — The Roman Standards Process -- Revision III. S. Bradner. 1 d'abril 1999.
RFC 2795 — The Infinite Monkey Protocol Suite (IMPS). S. Christey. 1 d'abril 2000.
RFC 3091 — Pi Digit Generation Protocol. H. Kennedy. 1 d'abril 2001.
RFC 3092 — Etymology of "Foo". D. Eastlake 3rd, C. Manros, E. Raymond. 1 d'abril 2001.
RFC 3093 — Firewall Enhancement Protocol (FEP). M. Gaynor, S. Bradner. 1 d'abril 2001.
RFC 3251 — Electricity over IP. B. Rajagopalan. 1 d'abril 2002.
RFC 3252 — Binary Lexical Octet Ad-hoc Transport. H. Kennedy. 1 d'abril 2002.
RFC 3514 — The Security Flag in the IPv4 Header (Evil Bit). S. Bellovin. 1 d'abril 2003.
RFC 3751 — Omniscience Protocol Requirements. S. Bradner 1 d'abril 2004.
RFC 4041 — Requirements for Morality Sections in Routing Area Drafts. A. Farrel. 1 d'abril 2005.
RFC 4042 — UTF-9 and UTF-18 Efficient Transformation Formats of Unicode. M. Crispin. 1 d'abril 2005.
Enguany s'ha recuperat la tradició amb aquest RFC:
RFC 4824 — The Transmission of IP Datagrams over the Semaphore Flag Signaling System (SFSS). Jogi Hofmueller, Aaron Bachmann, IOhannes zmoelnig. 1 d'abril 2007.
This document specifies IP-SFS, a method for the encapsulation and transmission of IPv4/IPv6 packets over the Semaphore Flag Signaling System (SFSS). The SFSS is an internationally recognized alphabetic communication system based upon the waving of a pair of hand-held flags [JCroft, Wikipedia]. Under the SFSS, each alphabetic character or control signal is indicated by a particular flag pattern, called a Semaphore Flag Signal (SFS).
|
| 13:26 (# Enllaç permanent) | Comentaris: | Trackback:
|
|
Article en dues parts: DNS Security Basics i DNS Security Basics: Part II sobre la configuració bàsica del DNS des d'un punt de vista de seguretat. Tracta d'aspectes com la utilització de zones per diferenciar la informació de la xarxa privada de la xarxa pública i dels atacs habituals contra el DNS.
All too often network administrators neglect DNS security. Here are some DNS security basics you should put into effect:
- Split Personality
- Selective Transfer
- Don't Get Poisoned
- Remain Anonymous
|
| 09:41 (# Enllaç permanent) | Comentaris: | Trackback:
|
|
[OptimizeMag] How To Come Back From A CyberAttack. Hem patit un atac i algú ha entrat a un ordinador nostre... com actuar?
Are you prepared to deal with a cyber attack? Most companies are not. In this month's computer forensics column, we'll offer a peek at some real-life situations, and as well as a run down on the steps you should follow from the moment you discover you have been the victim of a computer break-in or data theft.
|
| 09:37 (# Enllaç permanent) | Comentaris: | Trackback:
|
|
|
dimecres, 4 / abril / 2007 |
|
|
 Per si hi havia qualsevol mena de dubte ja hi ha la demostració que mancava: el xifrat WEP és totalment inútil per tal d’impedir l’accés a les dades que es transmeten en una xarxa sense fils.
WEP va ser el primer protocol per al xifrat de les comunicacions sense fils i encara avui en dia continua sent un dels mètode més populars de protecció utilitzat per tal d’evitar que algú que intercepta el tràfic entre els punts d’accés i els ordenadores que es connecten amb una connexió sense fils sigui capaç de veure’n el contingut. No tinc dades oficials, però la meva impressió és que 9 de cada 10 xarxes sense fils fan servir WEP com mètode de xifrat.
Des de fa temps, se sap que el sistema de xifrat és força dèbil i que aplicant la força bruta és relativament fàcil de trencar. Només cal disposar d’una mica de temps i un determinat volum de tràfic xifrat.
Uns investigadors alemanys han document un nou mètode per trencar el xifrat WEP que redueix de forma notable el temps necessari i necessita disposar d’un volum de tràfic menor. A efectes pràctics, amb només capturar el tràfic generat per un punt d’accés només entre 15 i 30 minuts es disposa del material suficient per que permetre identificar la clau de xifrat en menys d’un minut utilitzant un ordinador domèstic.
Es tracta d’un avenç respecte als mètodes d’atac que existien fins a la data, que necessitaven més temps per identificar la clau i un volum de tràfic significativament major. Amb la nova tècnica, trencar el xifrat WEP d’una xarxa sense fils és una tasca trivial.
El nou mètode d’atac és específic de WEP malgrat que, en principi, també es pot utilitzar en determinades variants com el WEP dinàmic on cada estació de la xarxa fa servir una clau WEP única. En aquest cas, el concepte d’atac és el mateix encara que al fer servir cada estació la seva clau pròpia segurament caldrà una mica més de temps per a poder trencar el xifrat.
Ens trobem, per tant, amb un avís per a navegants: WEP no ofereix cap seguretat per tal d’impedir l’accés a les dades transmeses en una connexió sense fils. En conseqüència, no s’hauria d’utilitzar sota cap circumstància. Si encara no ho heu fet, us aconsello que configureu el vostre punt d’accés per tal d’utilitzar el xifrat WPA.
|
| 12:22 (# Enllaç permanent) | Comentaris: | Trackback:
|
|
[El Pais] Proveedores de Internet se unen contra el 'correo basura'
Los grandes proveedores de acceso a Internet, que dan servicio al 90% de internautas españoles, se han puesto de acuerdo para usar una tecnología que reducirá el volumen de correo basura generado en España verificando la dirección de los remitentes. El acuerdo, inédito en el mundo, se produce porque el 84% de los mensajes que circulan por las redes españolas son basura, muy por encima de la media europea.
(...)
s la primera vez que los ISP de un país abren un marco permanente de colaboración. De aquí ha surgido otra idea inédita: pactar la implantación conjunta de una tecnología para reducir el correo fraudulento, llamada sender policy framework (SPF, convenio de remitentes), que ya utilizan conocidas empresas como Microsoft, Google, Walt Disney, EBay o Youtube.
Jo vinc utilitzant SPF, de forma activa des de fa uns anys. Al principi era força escèptic de la seva utilitat, però ha demostrat que malgrat la seva senzillesa és força útil... fins que vaig descobrir que GMail permet enviar missatges amb una adreça personalitzada. Aleshores em vaig trobar que enviava missatges des de GMail amb la meva adreça caballe.cat però desconec quin són els SMTP de Google per afegir-los al registre SPF de caballe.cat (i tampoc sóc ningú com per mantenir aquesta llista). Per tant, vaig desactivar el registre SPF de caballe.cat.
Per determinar si un domini té un registre SPF, la forma més simple és utilitzar dig:$ dig -t TXT google.com +short
"v=spf1 ptr ?all"
$ dig -t TXT aol.com +short
"v=spf1 ip4:152.163.225.0/24 ip4:205.188.139.0/24 ip4:205.188.144.0/24
ip4:205.188.156.0/23 ip4:205.188.159.0/24 ip4:64.12.136.0/23 ip4:64.12.138.0/24 ptr:mx.aol.com ?all"
"spf2.0/pra ip4:152.163.225.0/24 ip4:205.188.139.0/24 ip4:205.188.144.0/24 ip4:205.188.156.0/23
ip4:205.188.159.0/24 ip4:64.12.136.0/23 ip4:64.12.138.0/24 ptr:mx.aol.com ?all"
|
| 10:34 (# Enllaç permanent) | Comentaris: | Trackback:
|
|
|
dimarts, 3 / abril / 2007 |
|
|
Tot esperant a que Microsoft publiqui, en teoria avui, el pegat oficial per a la vulnerabilitat .ANI, el Zert ha publicat un segon pegat no oficial (l'altre és el d'eEye) que elimina l'origen del problema.
The newly discovered zero-day vulnerability in the parsing of animated cursors is very similar to the one previously discovered by eEye that was patched by Microsoft in MS05-002. Basically an "anih" chunk in an animated cursor RIFF file is read into a stack buffer of a fixed size (36 bytes) but the actual memory copy operation uses the length field provided inside the "anih" chunk—giving an attacker an easy route to overflow the stack and gain control of the execution of the process
With the MS05-002 patch, Microsoft added a check for the length of the chunk before copying it to the buffer. However, they neglected to audit the rest of the code for any other instances of the vulnerable copy routine. As it turns out, if there are two "anih" chunks in the file, the second chunk will be handled by a separate piece of code which Microsoft did not fix. This is what the authors of the zero-day discovered.
Although eEye has released a third-party patch that will prevent the latest exploit from working, it doesn't fix the flawed copy routine. It simply requires that any cursors loaded must reside within the Windows directory (typically C:⁄WINDOWS⁄ or C:⁄WINNT⁄). This approach should successfully mitigate most "drive-by's," code execution scenarios, but it might also break third-party applications that use animated cursors within their own program directories.
For this reason, ZERT is releasing a patch which addresses the core of the vulnerability, by ensuring that no more than 36 bytes of an "anih" chunk will be copied to the stack buffer, thus eliminating all potential exploit paths while maintaining compatibility with well-formatted animated cursor files.
|
| 11:38 (# Enllaç permanent) | Comentaris: | Trackback:
|
|
|
dilluns, 2 / abril / 2007 |
|
|
 WebScarab NG és una nova versió del WebScarab. Es tracta d'un conjunt d'eines per a l'anàlisi del funcionament de les aplicacions que fan servir els protocols HTTP i HTTPS per a la comunicació. És ideal per a identificar el funcionament de les aplicacions client-servidor, l'aïllament de possibles problemes de configuració i la detecció de vulnerabilitats de seguretat.
WebScarab-NG is a complete rewrite of the old WebScarab application, with a special focus on making the application more user-friendly. To this end, WebScarab-NG makes use of the Spring Rich Client Platform to provide the user interface features. By using the Spring Rich Client Platform, WebScarab-NG automatically gains things like default buttons, keyboard shortcuts, support for internationalisation, etc.
Another new feature is that session information is now written into a database, rather than into hundreds or thousands of individual files. This makes disk space utilisation and things like archiving of sessions a lot easier.
Ultimately, WebScarab-NG will have all the significant functionality that the old WebScarab had, although it will be reorganised quite significantly, in order to make the application more user friendly.
|
| 11:48 (# Enllaç permanent) | Comentaris: | Trackback:
|
|
OSSIM, Open Source Security Information Management és una col·lecció d'eines de seguretat integrades per tal d'oferir una infraestructura de monitorització de la seguretat.
L'objectiu d'OSSIM és oferir un entorn per a la centralització, organització, millora en la detecció i visualització dels esdeveniments de seguretat que es produeixen per les diverses eines de seguretat ja instal·lades.
Per aconseguir això, OSSIM ofereix diverses eines de monitorització:
- Tauler de control per tenir una visió en conjunt.
- Monitors de risc i activitat per tal de tenir una visió de l'estat dels diversos serveis.
- Consola forense i monitorització de la xarxa per tal de tenir una visió concreta.
OSSIM permet la correlació dels esdeveniments de seguretat, la priorització de les alertes i la valoració del risc.
Ossim features the following software components:
- Arpwatch, used for mac anomaly detection.
- P0f, used for passive OS detection and os change analisys.
- Pads, used for service anomaly detection.
- Nessus, used for vulnerability assessment and for cross correlation (IDS vs Security Scanner).
- Snort, the IDS, also used for cross correlation with nessus.
- Spade, the statistical packet anomaly detection engine. Used to gain knowledge about attacks without signature.
- Tcptrack, used for session data information which can grant useful information for attack correlation.
- Ntop, which builds an impressive network information database from which we can get aberrant behaviour anomaly detection.
- Nagios. Being fed from the host asset database it monitors host and service availability information.
- Osiris, a great HIDS.
|
| 11:40 (# Enllaç permanent) | Comentaris: | Trackback:
|
|
[Tech Republic] Determine if SSL connections are truly secure. Quines coses cal revisar per saber si una connexió SSL és realment segura:
An HTTPS Web site may make most users feel relatively secure, but this alone doesn't guarantee secure transactions. That's why it's important to make sure your users understand how to properly evaluate a Web site's security
(...)
A properly implemented SSL Web site raises customers' expectation that you'll handle their information securely. Establishing an SSL Web site and then transmitting sensitive information collected at that site using a nonsecure method is a poor business practice, and it doesn't meet the standard of due diligence.
Employ SSL as the first step to securely collect, transmit, and store sensitive information. Ensure that your company's users know how to evaluate a Web site, and make sure to publicize your own efforts to customers so they know they're dealing with a secure Web site at all points.
|
| 01:22 (# Enllaç permanent) | Comentaris: | Trackback:
|
|
|
diumenge, 1 / abril / 2007 |
|
|
eEye ha publicat un pegat no-oficial per a la vulnerabilitat .ANI de Windows
Description:
An unspecified vulnerability exists within Microsoft Windows which may possibly allow for a remote attacker to execute arbitrary code under the context of the logged in user. This vulnerability requires user interaction by viewing a malicious Windows animated cursor (.ANI) file. .ANI files are commonly used by web developers to display custom cursor animations to enhance web-site experiences.
The most potent attack method is by embedding a malicious .ANI file within an HTML web page. Doing so allows the vulnerability to be exploited with minimal user interaction by simply coaxing a user to follow a hyperlink and visit a malicious web site. Other exploit vectors exist including Microsoft Office applications since they also rely on the same .ANI processing code, making e-mail delivery also a potent threat by using Microsoft Office attachments.
(...)
Mitigation:
eEye Digital Security's Research Team has released a workaround for the zero-day vulnerability as a temporary measure for customers who have not yet installed Blink. Blink generically protects from this and other vulnerabilities without the need for updating and is available for free for personal use on all affected platforms except for Vista. This workaround is not meant to replace the forthcoming Microsoft patch, but rather as a temporary mitigation against this flaw.
The temporary patch mitigates this vulnerability by preventing cursors from being loaded outside of %SystemRoot%. This disallows websites from loading their own, potentially malicious animated icons, while causing little to no business disruption on hosts with the patch installed.
|
| 15:31 (# Enllaç permanent) | Comentaris: | Trackback:
|
|
IPSec vs SSL VPN for Secure Remote Access
IPSec VPNs were once the only option for remote access, even though they are difficult and costly to maintain and support. Today, SSL VPNs are replacing IPSec for secure remote access because they are less costly to manage, eliminate security risks of open-by-default tunnels, and provide users with the easiest access to the network resources they need - any time, anywhere.
This white paper provides a working methodology to help you determine your annual return on investment (ROI) from implementing SSL VPNs as a replacement solution for your existing IPSec VPN. It also demonstrates this ROI in two real-world scenarios that demonstrate how to:
- Increase overall security and ease end-user use
- Easily deploy an SSL VPN for IT departments and end users
- Reduce costs and defend against security risks with SSL VPN
- And much more
Cal registrar-se per accedir a aquest document.
|
| 13:26 (# Enllaç permanent) | Comentaris: | Trackback:
|
|
|
S'ha publicat la 
Publicades les 
Via 
Un redbook que resum la seguretat dels mainframe 
