The Global Syndicator - security

A Good Reason To Go Full-Time SSL For Gmail

Tue, 19 Aug 2008 15:26:43 +0000

Ashik Ratnani writes with this snippet from Hungry Hackers: "A tool that automatically steals IDs of non-encrypted sessions and breaks into Google Mail accounts has been presented at the Defcon hackers' conference in Las Vegas. Last week, Google introduced a new feature in Gmail that allows users to permanently switch on SSL and use it for every action involving Gmail, not just authentication. Users who did not turn it on now have a serious reason to do so, as Mike Perry, the reverse engineer from San Francisco who developed the tool, is planning to release it in two weeks."

Why One-time Passwords Suck For MITM Attacks

Mon, 18 Aug 2008 21:11:09 +0000

whitehartstag writes "Black Hat 08 disclosed several SSL VPN and DNS vulnerabilities that caused several people to sit up and take notice. Some of these new exploits performed a brilliant Man-In-The-Middle attack on SSL VPN tunnels. This article walks you through how using certificates, instead of OTP tokens for second-factor authentication can increase the security of your SSL VPN against these new types of attacks."

All that you need to know about worms… And the deadliest one is….??

Tue, 12 Aug 2008 12:54:00 +0000

Basically malware is considered to be software that is malicious and there are three common kinds of malwares that can attack your computer: worms, viruses, and Trojans. You better know about these before you suffer from their attacks!… A virus needs to have a host program in order to spread while worms can propagate on their [...]

Citizens Spy On Big Brother

Thu, 31 Jul 2008 15:27:03 +0000

An anonymous reader writes "Citizens of the world are striking back at 24/7 state surveillance by pulling out their cameraphones and filming inept officials, deadly healthcare lapses and thuggish cops. So-called Sous-veillance is seeing more and more people posting damning footage of official misdemenours to sites such as YouTube to shame them into action." I wonder what happens if you inform a cop that you are recording him when he pulls you over.

Virtual Honeypots

Wed, 30 Jul 2008 18:04:59 +0000

rsiles writes "Honeynet solutions were seen just as a research technology a couple of years ago. It is not the case anymore. Due to the inherent constraints and limitations of the current and widely deployed intrusion detection solutions, like IDS/IPS and antivirus, it is time to extended our detection arsenal and capabilities with new tools: virtual honeypots. Do not get confused about the book title, specially about the "virtual" term. The main reason to mention virtual honeypots, although the book covers all kind of honeynet/honeypot technologies, is because during the last few years virtualization has been a key element in the deployment of honeynets. It has offered us a significant cost reduction, more flexibility, reusability and multiple benefits. The main drawback of this solution is the detection of virtual environments by some malware specimens." Read below for the rest of Raul's review.

DNS Attack Writer a Victim of His Own Creation

Wed, 30 Jul 2008 14:21:51 +0000

BobB writes "HD Moore has been owned. Moore, the creator of the popular Metasploit hacking toolkit, has become the victim of a computer attack. It happened on Tuesday morning, when Moore's company, BreakingPoint, had some of its Internet traffic redirected to a fake Google page that was being run by a scammer. According to Moore, the hacker was able to do this by launching what's known as a cache poisoning attack on a DNS server on AT&T's network that was serving the Austin, Texas, area. One of BreakingPoint's servers was forwarding DNS (Domain Name System) traffic to the AT&T server, so when it was compromised, so was HD Moore's company."

Time Warner and AT&T DNS at Risk Plus Many Others!

Fri, 25 Jul 2008 18:39:05 +0000

Time Warner and AT&T among others have yet to upgrade their DNS servers. Now that there is some rouge code on the loose that is designed to target these DNS servers it is a VERY DANGEROUS time to be surfing the Internet using the default DNS services from one of these companies.

Most Bank Websites Are Insecure

Thu, 24 Jul 2008 12:46:07 +0000

Anonymous writes "More than three-quarters of bank Web sites have design flaws that could expose bank customers to financial loss or identity theft, according to a University of Michigan study that will be presented this week at the Symposium on Usable Security and Privacy. The study, 'Analyzing Web Sites For User-Visible Security Design Flaws,' examined 214 bank Web sites in 2006. It was conducted by University of Michigan computer science professor Atul Prakash and doctoral students Laura Falk and Kevin Borders."

Road Runner Hawaii Vulnerable to DNS Threat

Wed, 23 Jul 2008 08:55:17 +0000

A Significant DNS threat that is now on the loose on the Internet is set to really cause mayhem in a really bad way. So tonight I did a quick check of Road Runner Hawaii and the Time Warner system here and found that the system administrators here have not patched their DNS servers yet.

Major DNS Patches Being Applied to fix Security Holes

Wed, 09 Jul 2008 05:25:20 +0000

You might not be sure of what DNS is and I could explain it to you (don't worry, I will), but let's just get to the meat and potatoes here. Some Major DNS servers will be getting patches applied to them that will fix some very important vulnerabilities.

Citibank hacked, Security Hole Reveals PIN Numbers

Wed, 02 Jul 2008 05:26:19 +0000

Apparently if you use the Citibank ATMs at the local 7-Elevens in New York, you may want to change your Personal Identification Number. A security hole was exploited by 3 individuals who took over 2 Million dollars in a 5 month period.They are now facing federal charges for the crime.

Fingerprints Recoverable From Cleaned Metal

Sun, 22 Jun 2008 13:19:22 +0000

dstates points out a recent article from guardian.co.uk which discusses a new method by which to recover fingerprints from metal. The method relies on corrosion caused by sweat and other biological residues on the metal's surface. Quoting: "The patterns of corrosion remain even after the surface has been cleaned, heated to 600C or even painted over. This means that traces of fingerprints stay on the metal long after the residue from a person's finger has gone. The chemical basis of the change is not yet clear, but [Dr. John Bond] believes it is corrosion by chloride ions from the salt in sweat. These produce lines of corrosion along the ridges of the fingerprint residue. When the metal is heated, for example in a bomb blast or when a gun is fired, the chemical reaction actually speeds up and makes the corrosion more pronounced."

Would you fly in a plane with a "kill switch"

Thu, 12 Jun 2008 05:17:22 +0000

Wired reports that the Pentagon is asking for submissions on a "non-lethal" method to stop a plane on the ground or divert it from a particular location. This does not sound like a good idea to me.

DARPA Cyber Range Project Doomed to Failure

Fri, 06 Jun 2008 22:21:12 +0000

carusoj writes "Former black-hat hacker Noah Schiffman details why DARPA's National Cyber Range project is bound to fail. The NCR is proposed as a simulation of the Internet, including replicating 'human behavior and frailties.' Schiffman argues that if the Defense Department is really building something of this scope, it might as well use the actual Internet."

Mozilla Experiments With Site Security Policy

Fri, 06 Jun 2008 19:13:06 +0000

An anonymous reader writes "Mozilla has opened comments for an new experimental browser security policy, dubbed Site Security Policy (SSP), designed to protect against XSS, CSRF, and malware-laced IFRAME attacks which infected over 1.5 million pages Web earlier this year. Security experts and developers are excited because SSP extends control over Web 2.0 applications that allow users to upload/include potentially harmful HTML/JavaScript such as on iGoogle, eBay Auction Listings, Roxer Pages, Windows Live, MySpace / Facebook Widgets, and so on. Banner ads from CDNs have had similar problems with JavaScript malware on social networks. The prototype Firefox SSP add-on aims to provide website owners with granular control over what the third-party content they include is allowed to do and where its supposed to originate. No word if Internet Explorer or Opera will support the initiative."