Privacy, Security Archive

Assess System Security Using a Linux LiveCD

Submitted by anonymous 2005-08-01 Privacy, Security 8 Comments

Want to assess security vulnerabilities on your Linux system without lengthy installation and configuration efforts? We introduce four packages -- Auditor, Whoppix, Knoppix-STD, and PHLAK -- that bring you that ability through the magic of LiveCD.

Cisco Losing Battle to Censor Blackhat Researcher

Submitted by george 2005-08-01 Privacy, Security 12 Comments

It looks as if Cisco's cease and desist letters to Web sites hosting Michael Lynn's banned Blackhat presentation detailing a critical flaw in the company's IOS operating system are not having the effect the company desires. An increasing number of other Web sites are now making available Lynn's presentation to whomever cares to read or download it.

Cisco Curbs Security Researcher

Submitted by phaceton 2005-07-30 Privacy, Security 38 Comments

A security expert has agreed never to repeat what he knows about various flaws in Software from networking giant Cisco.

USB Devices Can Crack Operating Systems

Thom Holwerda 2005-07-23 Privacy, Security 47 Comments

Vulnerabilities in USB drivers for Windows could allow an attacker to take control of locked workstations using a specially programmed Universal Serial Bus device, according to an executive from SPI Dynamics, which discovered the security hole. However, SPI tested attacks on Windows systems, but any operating system that is USB-compliant is probably vulnerable.

Review: GFI LANguard Network Security Scanner 6

Submitted by LogError 2005-07-21 Privacy, Security 4 Comments

LANguard Network Security Scanner will scan computers for known vulnerabilities and common misconfigurations and other potential security issues. It produces reports that can be used to assist in the tracking and mitigation of security issues that have been identified.

Dan Kaminsky on Microsoft’s Security

Submitted by anonymous 2005-07-21 Privacy, Security 30 Comments

SecurityFocus published an interview with BlackHat/Defcon speaker Dan Kaminsky. He was guest-hacker at the Microsoft BlueHat event, and met Redmond's engineers and management. His conclusion: "My sense is that a combination of respect for SP2 and growing fear of Google (which has an entirely different, and arguably more managable security posture than Microsoft can achieve) has really pushed people towards seeing security in 2005 as stability was in 2000/2001."

Securing Wireless Technology: Wireless Devices, Part I

Submitted by DTY 2005-07-18 Privacy, Security 17 Comments

Wireless networking frees mobile workers from wires and cables, allowing them to collect and view data whenever, wherever they choose. The popularity of wireless networking is broad and continues to grow. The Gartner Group stated in an April 2005 study that by 2015, the average urban citizen in the United States and Europe will use at least six wireless networking technologies per day. read more.

Microsoft Investigates New XP SP2 Flaw

Submitted by Peter Deckers 2005-07-16 Privacy, Security 15 Comments

Microsoft has acknowledged that it is working on a patch for a potentially serious security hole in fully patched versions of Windows XP Service Pack 2.

Windows RDP Exploit Discovered

Submitted by GeekGod 2005-07-16 Privacy, Security 21 Comments

A denial of service vulnerability reportedly affects the Windows Remote Desktop Protocol. Either disable RDP or make sure you have a firewall enabled for port 3389 until a fix is available.

Desktop Port Proliferation a Security Risk?

Submitted by Ben Deckers 2005-07-15 Privacy, Security 12 Comments

Opera's announcement of in-browser support for Bittorent highlights the trend for common desktop applications requesting an ever-larger number of TCP ports to be opened up for them, essentially poking holes into firewalls. File transfer apps, VoIP, games, and other programs routinely request open ports, and that's a security risk, say some security experts.

Zlib Security Flaw Exposes Swath Of Programs

Andrew Youll 2005-07-07 Privacy, Security 73 Comments

A serious security flaw has been identified in Zlib, a widely used data compression library. Fixes have begun to appear, but a large number of programs could be affected.

Microsoft Baseline Security Analyzer v2.0

Thom Holwerda 2005-07-05 Privacy, Security 11 Comments

Version 2.0 of MBSA includes a graphical and command line interface that can perform local or remote scans of Windows systems. MBSA runs on Windows Server 2003, Windows 2000, and Windows XP systems and will scan for common security misconfigurations.

Laptop Theft: An Insider’s Guide To Prevention

Submitted by LogError 2005-07-04 Privacy, Security 8 Comments

Protecting against laptop and data theft would appear to be relatively easy, but, in a business sense, is rarely so. This article provides some basic steps for employees to follow in order to protect laptops.

Comparing Security On Windows And Linux

Submitted by Mark Brunelli 2005-07-01 Privacy, Security 17 Comments

Is Linux really more secure than Windows? Linux book author Peter Harrison believes the answer is largely a matter of perspective. Click here to read the complete column at SearchEnterpriseLinux.com. In addition, here is a writeup of p0f, a passive fingerprinting tool.

Study Shows Windows Beats Linux on Security

David Adams 2005-06-28 Privacy, Security 64 Comments

Linuxlookup.com is reporting Wipro surveyed 90 companies in the U.S. and Western Europe with 2,500 to 113,000 employees where both the Windows and open source operating systems were simultaneously being run. The outcome: Windows beats Linux in Security. "We already know how to secure a Windows-based solution and keep it running smoothly,” says Stephen Shaffer, the airline’s director of software systems. “With Linux, we had to rely on consultants to tell us if our system was secure. With Windows, we can depend on Microsoft to inform us of and provide any necessary updates."

Outlook Express Vulnerability Affects Windows

Submitted by jayson knight 2005-06-25 Privacy, Security 15 Comments

Versions of Outlook Express in Windows 2000, XP, and Server 2003 contain a flaw that would allow malicous code to take control of their machines. Launching Outlook Express is not necessary, apparently. Luckily, only users who visit particular malicious newsgroups are vulunerable. A patch is available.

Microsoft’s Anti-piracy Program Cracked

Submitted by JCooper 2005-06-23 Privacy, Security 45 Comments

A Bangalore programmer has managed to break Microsoft’s anti-counterfeiting system called Windows Genuine Advantage.

Sun’s Federated ID Management

David Adams 2005-06-20 Privacy, Security No Comments

Sun Microsystems unwrapped two new identity management products this week, designed to ease the process of federating identity across multiple partners and customers.

Security Risks Associated With Portable Storage Devices

Submitted by LogError 2005-06-20 Privacy, Security 7 Comments

There is no question that USB Flash Drives and their electronic counterparts are a valuable addition to the road warrior's toolbox. They have also created a nightmare for data security managers and have spawned an entire sub industry that is aimed squarely at portable data storage security.

Case of a wireless hack

Eugenia Loli 2005-06-16 Privacy, Security 19 Comments

This is a short story about using a couple of computers, some interesting tools, an operating system and a bit of thinking to solve a not-entirely-artificial problem of getting wireless internet access where measures are in place to stop it. Both the technical side as well as some of the reasoning behind the actions are explained.