Linux server attacked more than all version of windows combined

Posted on March 15, 2008 by duschang

Zone-H(http://www.zone-h.org/content/view/14928/30/) has recently released a statistical breakdown of all the attacks from last three years. Surprisingly, Linux servers are the most attacked servers, even more than all version of windows combined. They suspect the reason for this is due to the fact that most server migrated to Linux, thus the attacks migrate too. I think this statistics is very interesting, because it really shows how “assets” comes into the play. It is not really the vulnerability or security weak spots within the operation system that draws most of the attack, but the assets guarded by them.

Posted in Current Events, Miscellaneous | Comments Off on Linux server attacked more than all version of windows combined

Security Review: Michael’s Toyota Service Center

Posted on March 14, 2008 by jessicaf

My check engine light came on last week, so I called up Michael’s Toyota Dealership and Service Center in Bellevue, WA.  I made an appointment and had my husband bring the car into the shop and take a shuttle to work.  Later in the afternoon, the car is finished and I start walking over to the dealership to pick up my car.  With my mind on a hundred other things, I had left my purse at home!  With no time to go back home before the dealership would close, I decided just to try to get the car and hope it wasn’t going to cost me anything and that I wouldn’t need any ID to pick it up.  I told the Service Center attendant I was there for my car and what my last name was.  She typed it into the computer, found the service number, and called for the car to be brought up to the front.  Everything was covered under warranty, so I climbed into my car and went on my merry way.  So why do I tell you all this?  Because it seems to me that I could have picked up any old car with just a last name. Continue reading

Posted in Physical Security, Security Reviews | 2 Comments

The House on Amending FISA Act

Posted on March 14, 2008 by Kris Plunkett

Today the House of Representatives voted on a bill that would amend the FISA Act of 1978, which deals with government wiretapping. The amendments would deny amnesty to telecommunication industries for complying with illegal warrant less wiretaps by the Bush administration but allow those companies to use government classified information in their defense to prove that they did comply with the law (if they indeed did). Continue reading

Posted in Current Events, Policy, Privacy | Comments Off on The House on Amending FISA Act

Time to test our security mindset

Posted on March 13, 2008 by felixctc

Hey everyone. I found a website where you can try to use various ways to hack through levels of password. I think this is a fun way to get in touch with our security mindsets and see how far you can go. I wish everyone good luck 🙂

http://hackerskills.com/

Posted in Announcements, Miscellaneous | Tagged , , | 4 Comments

Feature or Flaw?

Posted on March 13, 2008 by davidjsh

According to an article found at Dark Reading, Adam Boileau from Immunity Inc, has decided after two years to make publicly available his tool Winlockpwn that “lets an attacker take over a ‘locked’ Windows machine without even stealing its password” via the Firewire port. This exploit is not exactly new news since similar tactics have been demonstrated in the past against both Linux and OS X, but it now adds Windows to the list of operating systems vulnerable via a Firewire feature that allows devices connected to the Firewire port to read and write memory. According to SEC Consult, even Vista is not immune to an attack via Firewire. Unfortunately, there is not really an easy fix for this as it is a security flaw in the way Firewire was designed and not a bug in the implementation. However, hopefully this flaw will serve as a constant reminder to developers that security must be an integral part of the design process and not tacked on at the end as an afterthought.

Posted in Current Events, Miscellaneous | Tagged | Comments Off on Feature or Flaw?

Wireless Keyboards

Posted on March 9, 2008 by dschen

With everything going wireless now, many people are cutting the cord and getting wireless keyboards and mice. However, not many people stop and think what might happen if these wireless peripherals are compromised. If say someone could spoof the identity of your keyboard and mouse then they could potentially take control of your computer. However, the manufacturers anticipated that so some minimal amount of encryption is put in place. It was recently found here that older Microsoft devices working on the 27Mhz band could be easily compromised. The encryption scheme used in these products XORs the keyboard status with a random byte, resulting in only 256 possible keys… It is easy to see that this could be exploited fairly easily.

Newer products utilizing Bluetooth are more secure but still have vulnerabilities. The frequency hopping used in Bluetooth in conjunction with the packet encryption using the E0 stream cipher provide a sense of security. Attacking the PIN used in pairing has shown to be an effective way of compromising the encryption used in Bluetooth…
Continue reading

Posted in Security Reviews | Tagged , , | 3 Comments

Security Review: Apple iPhone 3rd party application support

Posted on March 9, 2008 by jimg

On Thursday, Apple happily unveiled its plan for third party support of native iPhone applications. The plan involves an application development and distribution pipeline including an iPhone SDK, a suite of IDE tools, and a sales and distribution plan through the new iPhone “App Store”. Apple is restricting the distribution of 3rd party applications through their app store by requiring an iPhone developer account. There will be no other supported way to get 3rd party iPhone applications onto the iPhone. Apple has also made the claim that no malicious, pornographic, or software with security vulnerabilities will be distributed through their store.
Continue reading

Posted in Announcements, Current Events, Ethics, Security Reviews | 2 Comments

The Goolag Scanner and Google Hacking

Posted on March 9, 2008 by Kris Plunkett

Bruce Schneier posted on his blog earlier in the week about a new, free, open source application by the “Cult of the Dead Cow” (cDc) called Goolag Scanner. It essentially automates a technique called Google Hacking, which was pioneered by a hacker going by the handle “Johnny I Hack Stuff”. Google Hacking entails using the massive Google search engine to discover vulnerabilities on a given server or domain by using targeted searches. These searches are aimed at finding back doors, sensitive information accidentally made publicly available, vulnerabilities in server software, and more. The software, along with a friendly voice that guides you through the installation process, comes with 1,500 built-in searches to use out of the box.

Continue reading

Posted in Current Events, Ethics, Policy | 4 Comments

Security Review: Car Alarms

Posted on March 9, 2008 by sky

Summary

Most people have probably heard a car alarm go off sometime in their life, and the chances are that it was a false positive are also pretty good. Usually cars that have an alarm have some sort of alarm in place will try to advertise this fact, such as having a small blinking red light to indicate that there is some sort of security in place. Car alarms can trigger on a variety of events. Some of these triggers are vibrations, rotations, contact, pulling of a handle, changes in battery voltage, and sound. When triggered, the car will emit some sort of loud, repetitive, obnoxious sound for many minutes, or until it is turned off using some sort of authentication, usually the clicker of the car. The general idea is that sound attracts attention, so if some set of illegitimate events are happening to someone’s car, other might notice and come to the rescue. One of the most likely people to react to the sound of a car alarm is the owner. However if someone breaks a car’s window, the alarm goes off, and then they run away, the owner still loses. So the alarm really is more of a deterrent than a real physical barrier. Continue reading

Posted in Miscellaneous | Comments Off on Security Review: Car Alarms

Current Event: Physicists Successfully Store and Retrieve Nothing

Posted on March 9, 2008 by diademed

Despite the satirical title, teams of Physicists from the U. of Calgary and the Tokyo Institute of Technology recently published papers (and here) detailing their feat of storing a ‘squeezed vacuum’ by apparently reducing the amplitude of a quantum-mechanically interpreted EM wave to zero. ScienceNow has a more clear detailing (with pictures) than I seem to be able to give, and the /. article may provide further illumination.

The researchers suggest that this technique may be able to be used to facilitate a more secure transmission of secret keys between end hosts in the years to come.

Posted in Current Events | Tagged , | 1 Comment