Networking

Saw this over at SNN

In the wake of a recent security breach of several UK government web servers, some speculate that the attackers could be charged under the new Terrorist Act. While it is certainly possible for individuals or organizations to commit acts of terrorism over the Internet, few would agree that gluing a poster to the front of a government office building is an act of terrorism. Lets hope officials in the UK don't get too excited about their new legislation on this one.

This is taken directly from the link below.

Saw this over at SNN

AOL filters blocked a large amount of mail from EarthLink users. AOL estimates the lost message count to be "in the hundreds of thousands but probably less than 1 million. The mail that was lost is lost." No error message was returned to the sender when the message was blocked. To make matters worse, neither company was aware of the problem until some of its customers brought the problem to EarthLink's attention. Time to adjust the spam detection engine.

While looking searching for security testing tools on Sourceforge I found the Open-Source Security Testing Methodology Manual. It looks like ideahamster.org is putting the methodology of hacking to an open standard. I liked their reasons for doing it too-- I´m also sick of reading bland testing methodology descriptions everytime I read a whitepaper submitted by some Penetration testing company looking for a little PR.

This program simply revisits the idea that one can bypass Anti-Intrusion software by simulating multiple spoofed attacks at once while you sneak in the back door. This is nothing new, but ZDNet, as usual, over glorifies the tool. The FBI has even jumped in on the bandwagon. There are reports that the program can disable IDS systems, by overwhelming them.

Read a Completely Useless Article Here

A Paper By 8thPort Here

Saw this over at SNN

I know a few of our readers use SSH on a regular basis, so I'm throwing it up incase they haven't seen it yet.
SSH Secure Shell for Windows Servers is vulnerable to a flaw that can allow a remote attacker to cause a denial of service condition. The problem is due to how the program handles an excessive amount of connections. An attacker can make a certain amount of simultaneous connections and cause the SSH server to fail.

E-Security Online

According to this story on CNN, the U.S. General Accounting Office wrote that "the IRS did not implement adequate computer controls to ensure the security of its electronic filing systems" during last year's tax filing season.

Saw this at GCN:

They don’t all garner headlines, but successful hacks of government Web sites are startlingly common. A successful hack, said Alan Paller, director of the SANS Institute of Bethesda, Md., is one in which the intruder manages to change a page.

Saw this over at SNN