|
Internet
6.0
By Simson Garfinkel
The
Net Effect
The next version of
the Internet Protocol, IPv6, will supply the world with addresses
by the trillions. Too bad it will also make the Net slower and
less secure.
It will be the biggest, the most
drastic, and the most comprehensive change to the underlying
structure of the Internet in more than 20 years. The deployment of
IPv6—the sixth version of the Internet Protocol—will be a
massive undertaking that will require the reconfiguration of more
than 100 million computers. Not since the adoption of the Internet
Protocol itself in January 1983 has there been such a fundamental
shift. But when the IPv6 rollout is finally done, not all the
effects will be positive: the new Version 6 Internet will be
slower, more friendly to peer-to-peer-based copyright violation
systems, and the computers on it will almost certainly be less
secure. More....
The Enemy
Within: Firewalls and Backdoors
by Bob
Rudis, CISSP, and Phil
Kostenbader, CISSP
Can your security infrastructure protect you
when you've left the key under the mat?
As a modern IT professional you've done all the
right things to keep the "bad guys" out: you protected
your network with firewalls and/or proxies, deployed anti-virus
software across all platforms, and secured your mobile
workstations with personal firewalls. You may even be in the
process of designing and deploying an enterprise-wide network and
host intrusion detection framework to help keep an even closer eye
on what's going on. Even with all this, are you really
safe? Can your multiple-lines of defense truly protect your
network from modern methods of intrusion?
This article presents an overview of modern
backdoor techniques, discusses how they can be used to bypass the
security infrastructure that exists in most network deployments
and issues a wake-up call for those relying on current
technologies to safeguard their systems/networks. More....
Kazaa Delivers More Than Tunes
By Kim
Zetter
Story location: Wired
07:00 AM Jan. 09, 2004 PT
Forty-five percent of the executable files downloaded through
Kazaa, the most popular file-sharing program, contain malicious
code like viruses and Trojan horses, according to a new study.
Out of 4,778 files downloaded in one month, Bruce Hughes,
director of malicious code research at security firm TruSecure,
found that nearly half of them contained various types of
nefarious code. More....
Designing
Network Security- Book Review
Slashdot
Weighing in at a hefty 745 pages, Designing Network
Security is a concise and authoritative guide to the
sometimes daunting task of designing secure networks - with a
special emphasis placed on Cisco solutions, of course. The book is
divided into three major sections:basic theory and essentials;
policy design and best practices; and implementation with Cisco
hardware. In my opinion this book is best suited as a reference
book for those who already have a firm foundation in security and
networking, but could also be of value to beginner level techs
with a bit of patience. While the topics that are covered have all
pertinent information discussed, some might wish that there were a
bit more explanation of the Hows and Whys. More....
New
Trojan masquerades as Windows XP update
Intruder is considered low-risk
By
Paul Roberts, IDG News
ServiceJanuary
09, 2004
Security
companies are warning Internet users about a new Trojan horse
program spreading via spam e-mail and masquerading as a Windows XP
software update from Microsoft.
The program, known as "Xombe"
or "Dloader-L," arrives as an executable attachment in
spam e-mail messages purporting to come from windowsupdate@microsoft.com
and installs itself on victim's computers when users open the
attachment. More....
IT security critical for SMEs
BY ZEA
SILVA,
SECURITY BUSINESS UNIT MANAGER, FIRST TECHNOLOGY
[Johannesburg,
9 January 2004] - Possibly the
most critical aspect of any small to medium enterprise's (SME's)
information technology infrastructure is the security of that
system.
That's according to Zea
Silva, security business unit manager at independent IT
solutions company,
First
Technology
. More....
Fix for URL Spoofing Security Vulnerability
Checked in to Mozilla Trunk and 1.6 Branch
Wednesday January 7th, 2004
The latest nightly builds of Mozilla feature a fix for the URL
spoofing security vulnerability discovered in several browsers
last month. A patch was checked in to the trunk and 1.6 branch
yesterday, meaning that both the forthcoming Mozilla 1.6 and
Mozilla Firebird 0.8 will be immune to the flaw.
In vulnerable versions of Mozilla, the address displayed in the
Status Bar while hovering over a link is truncated if the
characters %00 are present in the URL of the destination page. An
attacker could exploit this to make a link that goes to
http://www.microsoft.com%01%00@evilscam.net (real location
evilscam.net) but appears in the Status Bar as simply
http://www.microsoft.com. By fooling a user into believing that he
or she is visiting a trusted site, an attacker could trick him or
her into revealing sensitive information such as credit card
details. More....
Word's password feature 'not a
security tool'
Munir Kotadia
ZDNet UK
January 07, 2004, 17:40 GMT
Microsoft has hit back at critics
of Word's password-protect feature, which the company has
admitted is not safe from hackers.
The tool is intended to make collaboration
easier, Microsoft told ZDNet UK, explaining that users should
invest in digital signatures or an Adobe Acrobat-type application
if they want security.
A set of relatively simple instructions on
how to bypass the security of a password-protected Word document
was published on the Internet on Friday. Thorsten Delbrouck,
chief information officer of German security company Guardeonic
Solutions, informed Microsoft about the vulnerability in November
2003. A week later, Microsoft updated its Knowledge Base to warn
users that the feature should not be used for security purposes. More....
Vulnerabilities
|
08 January 2004
|
|
07 January 2004
|
|
06 January 2004
|
|
05 January 2004
|
Advisories
|
12 January 2004
|
|
09 January 2004
|
|
08 January 2004
|
|
07 January 2004
|
|
06 January 2004
|
|
05 January 2004
|
|
04 January 2004
|
|
29 December 2003
|
|
