Networking

Saw this over at SNN

The one-time head of KGB overseas
code-scrambling and an ex-director of the CIA (news - web sites)
rolled out Monday what they called a revolutionary way of hiding
Internet communications from prying eyes and would-be intruders.

The Defense Department is taking additional steps to shield
its computer networks against hackers and terrorists but it also must defend itself from insiders, lawmakers
were told Thursday.

The Department is increasingly dependent on a "global information environment" over which it has little
control, said Linton Wells, an acting assistant defense secretary. That dependence increases U.S.
vulnerability to threats externally - and internally.

The UK Conservative Party has been slammed for Internet naivety after it emerged that it hadn't taken even the most basic precautions to secure its Web server.

The site, Conservatives.com, surely a top target for crackers in the run-up to the UK general election on June 7, was left insecure to the extent that any file on its NT server was browsable.

Failure to apply security patches dating back well over a year, and covering flaws in Microsoft's IIS 4 server, meant the site has been left as a potential playground for s'kiddies.

MasterCard International stepped up efforts
yesterday to fight online fraud and protect online
merchants from hackers.

The provider of payment products unveiled its
Secure Payment Application for securing credit and
debit payments between credit cardholders and
online merchants.

The FBI released a warning to websites using shopping cart software named "PDG,"
which was utilized by roughly 4,000 websites, after a devistating bug was found that reveals all the
company's customer information. One website, SawyerDesign.com, had purchased the software
from a reseller leaving them out of touch from the notifications sent to direct customers. Once the

Your thumb can get you a ride, and your finger can get you in trouble, but who'd ever think that they could grant you access to your notebook, or hold the key to your favourite password protected websites? The Ethentica MS3000 Mobile Ethenticator is a finger print recognition device housed in a PCMCIA card for your notebook. Not only does it allow you access to your passwords with just a touch of your finger, but it also keeps Looky Lou's from peeking at your private stuff. Here's a clip:

System administrators worldwide reported signs Wednesday that another self-spreading
program--or worm--had started to infect Linux systems.

This worm appears to be different, however: Dubbed the Cheese worm, the program is basically a self-spreading patch. It enters servers that have already have been compromised by a previous bit of malicious code--the 3-month-old 1i0n worm--and closes the back door behind it, adding security to the system.

ZDNet

Early this morning a chinese firm named nsfocus announced a new IIS exploit. The exploit is caused by IIS decoding the URL twice, once accidentally decoding the path to the file you are accessing. A default installed IIS 4 or IIS 5 box will usually be vulnerable to this example:

http://TARGET/scripts/..%255c..%255cwinnt/system32/cmd.exe?/c+dir+c:

Do hackers control sin city? Adult entertainment operators, private eyes, a bail bondsman and his bounty hunter all say they've felt the pinch from a shady cyberpunk syndicate. Now the state has launched an investigation, and there could be millions on the line.

SecurityFocus