Friday, November 30, 2007

Fasthosts customers blindsided by emergency password reset

Fasthosts has announced that "a number" of its customers'* FTP spaces were raided as a result of the major hack that triggered a police investigation last month. It has applied a system-wide reset of thousands of passwords as a result.

The Gloucester-based webhosting firm yesterday performed the emergency reset of control panel, PCP, FTP and SQL passwords that were not changed by customers when the intrusion was revealed.

Fasthosts customers blindsided by emergency password reset | The Register

Thursday, November 29, 2007

New Software Detects Web Interference

Increasingly worried over Internet providers' behavior, a nonprofit has released software that helps determine whether online glitches are innocent hiccups or evidence of deliberate traffic tampering.

The San Francisco-based digital rights group Electronic Frontier Foundation hopes the program, released Wednesday, will help uncover "data discrimination" _ efforts by Internet providers to disrupt some uses of their services _ in addition to the cases reported separately by EFF, The Associated Press and other sources.

"People have all sorts of problems, and they don't know whether to attribute that to some sort of misconfiguration, or deliberate behavior by the ISP," said Seth Schoen, a staff technologist with EFF.

The new software compares lists of data packets sent and received by two different computers and looks for discrepancies between what one sent and the other actually received. Previously, the process had to be done manually.

Schoen compared the software to a spelling checker.

New Software Detects Web Interference | - Houston Chronicle

Friday, November 23, 2007

United Airlines exploits tragedy in Brazil

I'm sure you've all heard the tragic story of Tony Harris by now...the son/son-in-law of a loving wife, a soon to be born child, a devoted step-father and his wife... Tony Harris goes to Brazil to play basketball and life takes a tragic turn... United Air Lines hospitable? Sympathetic? NO! instead of giving the grieving step-father...

Digg - United Airlines exploits tragedy in Brazil

Wednesday, November 21, 2007

16 year-old 'hacker' designs Internet policy

A TEENAGE hacker who managed to get around the Aussie government's $84 million internet filter scheme has been recruited by the opposition Labor party to design its cyber safety policy.

Tom Wood has now become the subject of a slanging match between the Labor and Liberal parties.

Liberal Communications Minister, Helen Coonan, denies that Wood "hacked" the software filters, saying he bypassed them by gaining access to the administrator account on his computer.

16 year-old 'hacker' designs Internet policy - The INQUIRER

Thursday, November 15, 2007

Did NSA Put a Secret Backdoor in New Encryption Standard?

Random numbers are critical for cryptography: for encryption keys, random authentication challenges, initialization vectors, nonces, key-agreement schemes, generating prime numbers and so on. Break the random-number generator, and most of the time you break the entire security system. Which is why you should worry about a new random-number standard that includes an algorithm that is slow, badly designed and just might contain a backdoor for the National Security Agency.

But one of those generators -- the one based on elliptic curves -- is not like the others. Called Dual_EC_DRBG, not only is it a mouthful to say, it's also three orders of magnitude slower than its peers. It's in the standard only because it's been championed by the NSA, which first proposed it years ago in a related standardization project at the American National Standards Institute.

If this story leaves you confused, join the club. I don't understand why the NSA was so insistent about including Dual_EC_DRBG in the standard. It makes no sense as a trap door: It's public, and rather obvious. It makes no sense from an engineering perspective: It's too slow for anyone to willingly use it. And it makes no sense from a backwards-compatibility perspective: Swapping one random-number generator for another is easy.

TAZ Forum :: A Computer, Gaming, and Social Network Community of Friends :: TAZForum :: View topic - Did NSA Put a Secret Backdoor in New Encryption Standard?

Saturday, November 10, 2007

Computer scientist fights threat of ‘botnets’

Most network-intrusion systems today are comparing traffic against a database, collected by hand, of previously recognized attack signatures. The innovation with Nemean is a method to automatically generate intrusion signatures, making the detection process faster and more precise.

In a test comparing Nemean against a current technology on the market, both had a high detection rate of malicious signatures — 99.9 percent for Nemean and 99.7 for the comparison technology. However, Nemean had zero false positives, compared to 88,000 generated by the other technology.

“The technology we’re developing here really has the potential to transform the face of network security,” says Barford, whose research is supported by the National Science Foundation, the Army Research Office and the Department of Homeland Security. “Our objective is to build this company into a world leader in network securty solutions.”

Computer scientist fights threat of ‘botnets’ (Oct. 31, 2007)

Wednesday, November 7, 2007

The Opposite of Backup

In the early 1980s, George C. was IT support on a team overseeing a large installation of workstations. At the time, this was a pretty novel concept. Several Unix site managers applied to help out but wanted "too much money," according to management. Instead, the IT manager rounded up a bunch of recent college graduates (who were much cheaper). Problem solved.

There were roughly 80 workstations that were being installed, each with two 70MB drives. One drive kept the operating system files (which the users couldn't modify), the other was the user drive for work files. Each system was backed up and updated nightly with a three step process:

  1. Back up all files that have changed on each client's user drive.
  2. Replace old files on each client's system drive.
  3. Delete files that are no longer needed from each client's system drive. For this step it'd just remove any files from the system drive on the client's machine that didn't exist on the server so everyone had a consistent system drive.
The tech writers on...

The Opposite of Backup - Worse Than Failure

Saturday, November 3, 2007

Cross-Selling Online Scams and Security Issues

Remember that the code the cross-sell company added doesn’t link in the normal sense but just continues with the session in an attempt to sell you some useless crap. By continuing the session, the application running (the cross-sell application, not the original on-line store) has access to the card data in the cookie. Most legitimate companies don’t think this through — the money is too good.

Slashdot | Cross-Selling Online Scams and Security Issues

Caveat Emptor - Use of Credit Cards On-Line « The 12 Angry Men Blog