| |
Current Topic: Computer Security |
|
CNET | Interview, Andrew 'Bunnie' Huang - DMCA, XBox Hacking, Silenced Researchers |
|
|
Topic: Computer Security |
4:33 am EDT, Apr 16, 2003 |
] Taking a break from working on his doctoral thesis, ] Massachusetts Institute of Technology (MIT) graduate ] student Andrew "Bunnie" Huang decided that it might ] be fun to poke around the security systems protecting ] Microsoft's Xbox game console. ] I want to put a stake in the ground and say, "Hey, I ] strongly believe what I'm doing is legal and it's ] beneficial for people to know about this stuff." If we ] don't know about it, then the bad guys are going to ] figure it out and they're going to take our lunch. Maybe ] I'm being a fool by saying this, but if someone wants to ] challenge me on this, I think it's something we need to ] talk about in a court of law. I don't know where I'd find ] the resources to defend myself. If I am taken to court, ] then I'll figure it out. ] There are things that they can try. But there's a dozen ] attacks that I've kept in my back pocket and that other ] hackers have kept in their back pockets that nobody's ] even talked about. Those will come out if Microsoft ] tries to secure the hardware again. He also talks about his book on XBox technology, which he is having trouble publishing due to book publishers being scared to death about the DMCA. Many good quotes within.. CNET | Interview, Andrew 'Bunnie' Huang - DMCA, XBox Hacking, Silenced Researchers |
|
CampusWide Information Mirror (Socialfreedom) |
|
|
Topic: Computer Security |
12:52 am EDT, Apr 15, 2003 |
From Read_Me.txt in dir: ] These files mirror, brought to you courtesy of V1ru5, ] TheVoidAKABoB, and SystemFailure, seem to go well ] with the presentation that Acidus was to give at ] Interz0ne. Lots of information on the Blackboard CampusWide system. CampusWide Information Mirror (Socialfreedom) |
|
Ex-Officials Urge U.S. To Boost Cybersecurity (TechNews.com) |
|
|
Topic: Computer Security |
3:48 am EDT, Apr 9, 2003 |
] The new Department of Homeland Security lacks the ] resources and expertise to execute the core elements of ] the Bush administration's cybersecurity plan, the ] president's former cybersecurity adviser told Congress ] yesterday. ] ] In his first appearance on Capitol Hill since leaving the ] White House in February, Richard A. Clarke warned ] lawmakers against the "dangerous" tendency to dismiss the ] consequences of an attack on the nation's computer ] networks. Ex-Officials Urge U.S. To Boost Cybersecurity (TechNews.com) |
|
Chinese Hackers plan attacks to protest war |
|
|
Topic: Computer Security |
3:00 pm EST, Apr 3, 2003 |
] Chinese hacker groups are planning attacks on U.S.- and ] U.K.-based Web sites to protest the war in Iraq, the ] Department of Homeland Security warned in an alert that ] it unintentionally posted on a government Web site ] yesterday. "Load up your scripts boys, we got an excuse!" Chinese Hackers plan attacks to protest war |
|
On the Economics of Anonymity [PDF] |
|
|
Topic: Computer Security |
2:30 pm EST, Apr 3, 2003 |
Decentralized anonymity infrastructures are still not in wide use today. While there are technical barriers to a secure robust design, our lack of understanding of the incentives to participate in such systems remains a major roadblock. Here we present new insights about how to align incentives to create an economically workable system for both users and infrastructure operators. We explore some reasons why anonymity systems are particularly hard to deploy, enumerate the incentives to participate either as senders or also as nodes, and build a general model to describe the effects of these incentives. We then describe and justify some simplifying assumptions to make the model manageable, and compare optimal strategies for participants based on a variety of scenarios. This paper was presented at Financial Cryptography 2003. Authors are from UCB, MIT, and NRL. On the Economics of Anonymity [PDF] |
|
Who knows the evil that lurks in the buffers of men? The Stack knows! |
|
|
Topic: Computer Security |
5:59 am EST, Apr 1, 2003 |
] Firewalls, packet filters, intrusion detection systems, ] and the like often have difficulty distinguishing between ] packets that have malicious intent and those that are ] merely unusual. We define a security flag in the IPv4 ] header as a means of distinguishing the two cases. :) Who knows the evil that lurks in the buffers of men? The Stack knows! |
|
Microsoft patch freezes some systems | CNET News.com |
|
|
Topic: Computer Security |
5:27 pm EST, Mar 20, 2003 |
] A patch for a security flaw that affects Microsoft's Web ] server software running on Windows 2000 has caused system ] freezes for some customers, the company said Thursday. Typical.. Microsoft patch freezes some systems | CNET News.com |
|
Apache Status - www.nbc.com |
|
|
Topic: Computer Security |
8:59 pm EST, Mar 14, 2003 |
] Apache Server Status for www.nbc.com ] Server Version: Apache/1.3.27 (Unix) ] Server Built: Feb 3 2003 13:53:06 ] Current Time: Friday, 14-Mar-2003 17:33:41 PST ] Restart Time: Friday, 14-Mar-2003 00:00:04 PST ] Parent Server Generation: 6 ] Server uptime: 17 hours 33 minutes 37 seconds ] Total accesses: 12672600 - Total Traffic: 40.5 GB ] CPU Usage: u1474.56 s373.32 cu15.51 cs6.74 - 2.96% CPU ] load ] 200 requests/sec - 0.7 MB/second - 3434 B/request ] 497 requests currently being processed, 967 idle servers Admins take note.. Leaving your server-status open is lame. Leaving your server-status open when you have extended status on, is really lame. Want to see who is browsing www.nbc.com? No problem! Just a little information leakage.. I hit reload a bunch of times watching for the Restart Time and PSG to change, as that would indicate a different server in a SLB rotation. I only saw two machines. I also noticed that the Server Build time changed, which indicates that they do not compile their binaries on a seperate machine and use some package management scheme to manage the software on the boxes. Sloppy.. Sort of like leaving your server-status open for the world to see. As a side note, you can go to Google and search for "Apache Server Status for" and find many of these.. Although at this one, you will actually see some serious traffic taking place. Wonder how long before this gets closed.. FYI NBC, in httpd.conf: < Location /server-status> SetHandler server-status Order deny,allow Deny from all # Or you could just use Allow from all # these to limit by network AuthType Basic AuthName "Some AuthName" AuthUserFile /some/place/where/you/have/a/htpasswd Require valid-user </Location> Apache Status - www.nbc.com |
|
F-Secure Computer Virus Information Pages: Deloder |
|
|
Topic: Computer Security |
8:19 am EST, Mar 11, 2003 |
] Deloder is a network worm infecting Windows machines ] which have set a weak password to the "Administrator" ] account. It also installs remote access tool VNC, opening ] the computer to the world. ] ] The worm scans random IP addresses, trying to locate ] Windows machines which have port 445 accessible. Port 445 ] (Microsoft SMB over TCP/IP) allows outsiders to access ] Windows file shares. It exploits user stupidity! Its unstoppable! :P F-Secure Computer Virus Information Pages: Deloder |
|
Unleashing the dogs of cyber-war on Iraq! |
|
|
Topic: Computer Security |
5:41 pm EST, Mar 6, 2003 |
But there are few means around the government's blockades of "objectionable" Web content, which, besides porn, includes domain registration sites, according to Heider Sati, an Al-Mansour graduate now running his own London-based IT consulting firm. The restriction, perhaps designed to muzzle protest speech, means Iraqis are unable to register and create their own Web sites. (Sati says he registered and hosts alMansourCollege.net, on behalf of his alma mater, for free.) Despite these limitations, some of Iraq's geeks say they would suffer if the country lost its Internet connection, whether due to conventional bombs or cyber-attacks. "[It's] just like having drugs," said Al-Shalchi of his dependence on e-mail and Web access. Despite not even getting access to the internet until 2000, their geeks are just as addicted to a "net fix" as we are. Interesting article on the current state of connectivity in Iraq and the seemingly ludicrous idea that they could wage a cyber-war against us. Unleashing the dogs of cyber-war on Iraq! |
|