Enllaços
Contingut actualitzat
Categories
Contingut antic
(ja no s'actualitza)
Versions anteriors
d'aquesta pàgina
Arxiu
|
|
 |
dissabte, 26 / juny / 2004 |
[Infoworld] Windows Server 2003 vanishes from vulnerability list
Lately, though, I've noticed that one version doesn't show up: Microsoft Windows Server 2003 is notable in its absence. Because I tend to save the Deep Sight reports (at least for a while) I went back and did some checking. I was startled to discover that Windows Server 2003 is almost never on this list. Has Microsoft finally turned the corner on security?
So I called up Microsoft to ask the question; their public relations agency eventually tracked down Michael Howard, senior program manager of Microsoft's security business and technology unit. I asked him if the company has finally managed to get security right.
"Yeah," said Howard.
Fortunately, he elaborated, helping to keep this from being a really short column. "The only way over time to reduce vulnerability," Howard explained, "is to admit you have a problem."
|
23:36 (# Enllaç permanent) ()
|
|
[SecurityFocus] Wi-fi hopper guilty of cyber-extortion explica com el FBI va detenir a un criminal de coll blanc que realitzava extorsions utilitzant les connexions sense fils com un sistema per cobrir la seva identitat
Maryland man with a grudge against a Connecticut-based patent firm used unsecured wireless networks at homes and businesses in the Washington D.C. area to penetrate the company's computers and deliver untraceable threats and extortion demands, until an FBI surveillance team caught him in the act.
(...)
Though he went to some lengths to make himself untraceable technically, past altercations between Tereshchuk and the company made him the prime suspect from the start, according to court records. The clearest sign came when he issued the seventeen million dollar extortion demand, and instructed the company to "make the check payable to Myron Tereshchuk".
The FBI began following Tereshchuk, and in March a surveillance team watched as he drove to a computer lab at the University of Maryland, where he used a purloined student account to send more threatening e-mail. "During this drive he was observed driving erratically and was paying a lot of attention to something in the front passenger side seat," an FBI affidavit notes. Bé... que es pot esperar d'una persona que, realitzant una extorsió, demana els diners en un xec al seu nom? L'extorsionador podia tenir coneixements tècnics... però, demanar el xec al seu nom?
|
23:22 (# Enllaç permanent) ()
|
|
[IT Manager's Journal] How to use cryptography in computer security
While a Ph.D. in cryptography is hardly a requirement for keeping one's systems secure, an understanding of the basics helps in decision making about security, both for system administrators and IT managers. In this article, I present a non-technical overview of a few key concepts in cryptography that are relevant to consumers of security solutions. I then look at some widespread myths about cryptography, and give some advice on practical matters relating to cryptography.
|
23:06 (# Enllaç permanent) ()
|
|
Ja sé que molta gent es riurà... però per primera vegada he superat la barrera d'un milió de hits mensuals. No està malment si tinc en compte que ara fa un any no arribava als tres cent mil hits mensuals i fa dos anys ni als cent mil. 
L'ADSL està que treu fum...
|
19:13 (# Enllaç permanent) ()
|
|
[News.com] Wi-Fi security standard sealed and delivered. La IEEE ha aprovat l'especificació 802.11i, amb la intenció de millorar la qualitat de la seguretat a les connexions sense fil. 802.11i fa servir AES (Advanced Encryption Standard) per al xifrat de les comunicacions, amb claus de 128, 192 i 256 bits.
|
12:42 (# Enllaç permanent) ()
|
|
[The Register] Watch out! Incoming mass hack attack, sobre els efectes que pot tenir l'atac contra servidors web (Microsoft IIS 5.0) per tal d'infectar automàticament als usuaris.
This is what everyone has been really frightened about for a while now," said Conor Flynn, technical director with Rits Information Security in Dublin. The fear is rooted in the fact that there is no patch from Microsoft for the flaws, nor is there any indication that a patch is on the verge of being released. Though the virus-like infection rate remains low, experts like Flynn say the matter could become a more serious problem unless a fix is released soon. "There is no question that this one could be devastating," he said.
|
12:38 (# Enllaç permanent) ()
|
|
Berbew/Webber/Padodor Trojan Analysis, detallat estudi del troià que s'instal·la automàticament amb l'Internet Explorer al visitar un servidor web IIS 5.0 infectat. Captura les contrasenyes utilitzades per accedir a determinats llocs web.
També inclou indicacions de com esborrar-lo:
Search the registry for the key
HKLM\Software\Microsoft\Windows\
CurrentVersion\
ShellServiceObjectDelayLoad
and remove the entry:
"Web Event Logger" = "{79FB9088-19CE-715E-D900-216290C5B738}"
Also remove in
HKCR\CLSID\{79FB9088-19CE-715E-D900-216290C5B738}\
InProcServer32:
"(Default)" = "%sysdir%/xxxxxx32.dll"
"ThreadingModel" = "Apartment"
where xxxxxx is a random string of lowercase characters. Reboot the machine and remove the dll file from the system directory. The trojan exe file also has a random name, but can be spotted by looking for files with the same timestamp as the dll. Remove surf.dat from the system directory - this file contains captured logins and passwords.
|
10:10 (# Enllaç permanent) ()
|
|
Una vulnerabilitat crítica de l'Internet Explorer publicada fa més de dues setmanes, i per a la qual Microsoft encara no ha subministrat solució, està provocant que gran quantitat d'usuaris s'infectin per un troià de forma automàtica al visitar determinats servidors web compromesos. Nou i dura garrotada a la credibilitat de Microsoft en relació a la seguretat, que posa en evidència la seva política de distribuir macropegats de forma mensual.
Continuació... -
Recomanacions per a detectar servidors afectats i per prevenir la infecció del troià.
|
01:30 (# Enllaç permanent) ()
|
|
© Copyright 2003-2004 Xavier Caballe.  . El contingut d'aquest weblog és responsabilitat única i exclusivament del seu autor i no té cap relació amb les seves activitats professionals.
|
|
|
