Microsoft has released its MS09 series by patching a highly critical SMB vulnerability affecting Win2k, Win2k3, Winxp and even Vista and Win2k8.
Microsoft ratings are as mentioned below:
Read more »
Recently researches were able to find a loop hole in SSL certificate implementation which could could make any secure website (relying on md5 hashing of CA certificates) vulnerable to nearly undetectable phishing attack.
To brief the attack:
Read more »
Cryptography, Cybercrime, Information Security, Network Security, Phishing | w0lf | January 1, 2009 | 
Comments (2)
Cryptography, Encryption, netbanking, phishing, PKI, spoofing, SSL certificates
Airport security has been in question many a times. This time Rhona Mahony managed to carry gunpowder safely bypassing airport security.
I also brought along a boarding pass for United flight 720 to Denver that I had created at home, in an computer art program. TSA agents accepted the boarding pass. They also took no notice at all of the gunpowder. Accepting the boarding pass was reasonable. Boarding passes that we design and print at home look just like ones designed by the airlines that we print at home. I had thought, though, that I might elicit a short conversation about the gunpowder. Mind you, I had packed the stuff safely. It was in three separate jars: one of charcoal, one of sulphur, and one of saltpetre (potassium nitrate). Each jar was labeled: Charcoal, Sulphur, Saltpetre. I had also thoroughly wet down each powder with tap water. No ignition was possible. As a good citizen, I had packed the resulting pastes into a quart-sized “3-1-1″ plastic bag, along with my shampoo and hand cream. This bag I took out of my messenger bag and put on top of my bin of belongings, turned so that the labels were easy for the TSA inspector to read.
Read more »
Best known 10 security breaches for year 2008 has been quoted here. Linda McGlasson, the author has also nicely put down the lessons learnt from those breaches.
To brief :
Read more »
After the recent out-of-band release of patch MS08-67 by Microsoft, the software giant has again released it MS08-78 out-of-band patch.
The patch is tagged as critical and affects Internet Explorer from 5.1 to 7 version. There are a few mitigating factors but I strongly feel that atleast desktop users or systems which is used to surf internet should apply the released patch. Work-around either wouldn’t work in few cases or attackers would come up with a way to bypass this work-around. Read more »
Wow!! Jumbo patch released by Microsoft after a long time (5 years). Out of these 28 patches, 23 of them have been rated Critical, 3 have been rated important and two as moderate. The patches were issued in eight updates for Windows, Internet Explorer, Office, SharePoint, Windows Media, and popular development tools, Visual Basic and Visual Studio.
So these has to be in top to-do lists of security consultants. So one more reason to work or say drive the clients to work to patch.
Read more »
Well a small post goes in here decribing the triggerfish tecnlogy and why it has created a buzz this summer.
Triggerfish, also known as cell-site simulators or digital analyzers, are nothing new: the technology was used in the 1990s to hunt down renowned hacker Kevin Mitnick. By posing as a cell tower, triggerfish trick nearby cell phones into transmitting their serial numbers, phone numbers, and other data to law enforcement. Most previous descriptions of the technology, however, suggested that because of range limitations, triggerfish were only useful for zeroing in on a phone’s precise location once cooperative cell providers had given a general location.
Read more »
It is now a common thing that researchers report to websites about the flaw in their product or web-site. These researchers are termed as “Gray Hats”. However care should be taken that while informing vendor about the flaw can lead to legal consequences which the hacker may have to pay for the good. An article gives a brief guideliness what the researcher can follow while reporting any bug to the vendor.
A resercher may have violet the law in the course of finding the flaw. Hence he may face legal actions (mostly from vendors who panic a lot). In such cases he should take proper care before contacting the vendor. He must note the following things : Read more »
I came across this neat cheat sheet at SANS site. It provides a neat need-to-do list of what steps need to be taken if you are hacked. It has two cheat sheets seperatly prepared for
Read more »
