Networking

LAS VEGAS--A new way to attack wireless networks underscores the lack of security for PC owners using the airwaves to connect their computers, said security experts speaking at the Black Hat Briefings conference. On Thursday, Tim Newsham, a researcher for security firm @Stake, presented the details of weaknesses in the password system of wireless networks that could lead to a break in security in less than 30 seconds. The flaw is the third to be uncovered in the so-called Wired Equivalent Privacy, or WEP, protocol that supposedly secures wireless networks.

Telnet and ftp send passwords over the network in clear text that can be easily sniffed. You should replace them with more modern tools such as ssh and scp. SSLtelnet/SSLftp are also available but do not seem to be in such wide use. Telnet and ftp send passwords over the network in clear text that can be easily sniffed. You should replace them with more modern tools such as ssh and scp. SSLtelnet/SSLftp are also available but do not seem to be in such wide use.

The KIS system, Released by Optyx at Defcon 9 today is a Sub-7 like Linux trojan for Linux 2.2 and 2.4 systems that operates at the linux kernel. It makes it impossible to detect and remove from userspace, allowing remote crontrol via undetectable random network traffic. The Saint Michael Linux Kernel Module, Released on July 12th of this month on packetstormsecurity.org is able to detect, and partially remove the KIS system when configured with its 'Cloaking' features to hide and detect hidden kernel modules.

The NIST Computer Security Division's ICAT project team is now giving away copies of the ICAT vulnerability database for public use (http://icat.nist.gov). The database currently contains 2628 vulnerabilities. This means that ICAT can now be used as a royalty free vulnerability database for commercial and free products.

Twice in one day the folks over at Cryptome.org have stumbled across another government request for proposals that should interest security professionals ( and anyone else who thinks they can sell their goods, ideas or services to the government ).

The Request for Proposals states that the Navy is interested in soliciting innovative and creative proposals and ideas to focus its R&D program in ways that will substantially enhance the security posture of Navy networks and information systems in near-term, tangible, and measurable ways.

The home page for one of the nation?s most respected computer security training institutes was defaced Friday morning and the site remains offline. A group identifying itself as ?Fluffi Bunni? managed to break into the Web site for the Networking and Security Institute, which is known as SANS. The institute?s director of research, Alan Paller, said the site would remain offline until forensic work was finished and ?until we figured out how it happened.?

Legislation urges businesses to collaborate on security issues. WASHINGTON, D.C. -- Two congressmembers have introduced a bill that aims to beef up the nation's cybersecurity efforts by carving out protections for businesses that share confidential information with government.

You can be a cracker - no experience needed, all tools
supplied. If you don't take security seriously malicious
outsiders could use your systems to launch an attack,
writes Mike Barwise

Claims that anti-virus and content
filtering packages may be vulnerable to a
denial of service attacks through
maliciously constructed compressed
archives have generated a heated debate in
the security industry. A discussion thread
on BugTraq on the subject has prompted
security consultants MIS Corporate Defence
to issue an alert warning its customers of

To aid in designing a secure information
system, NIST compiled a set of engineering
principles for system security and
released those Guidelines in a .pdf file.
These principles provide a foundation upon
which a more consistent and structured
approach to the design, development, and
implementation of IT security capabilities
can be constructed. While the primary