Bindview released an advisory yesterday warning us that "[a]n integer-overflow problem is present in common code of recent ssh daemons, deattack.c, which was developed by CORE SDI to protect against cryptographic attacks on SSH protocol. This effectively allows an attacker to overwrite arbitrary portions of memory". Practically all common versions of SSH1 are affected, except OpenSSH 2.3.0. A fix is already in the works, so stay tuned for that.
Well I'm surprised I haven't seen anything like this before. Granted I may not have been looking about too hard for it. Security experts are begining to get worried over Gnutella and other file sharing networks. Their reason for concern? Cookies. Apparently a badly configured share with Gnutella or other P2P network connection can leave users open to identity theft. Far too often, people will open up their entire hard drive and allow people to download any files from their system, including cookies, which may contain sensitive bits of data. Personally, I just use these things to leech.
LOL, you have to get a kick out of this article. Here's a teaser:
"An invisible snoop may be virtually peering over your shoulder right now.
Computer crackers can read your e-mail, collect your credit card data, intercept the information you send wirelessly or pry into your private files.
The Internet is riddled with security holes..."
Get the full story here.
Thought it was an interesting read. Check it out here.
from Security Alert at Infoworld.com.
A SCIENTIST AT Bell Labs, the research and development
wing of Lucent Technologies, has discovered a flaw in
the Digital Signature Algorithm (DSA) that could
affect the integrity of secure transactions on the
Internet and adversely impact VPNs (virtual private
networks),
online shopping, and online financial transactions.
Get the full story here.
Software emulation firm VMware announced it has teamed up with researchers at the National Security Agency to create a nearly crack-proof computer that can place sensitive data in virtual vaults inside the PC.
Get the full scoop here.
From Infoworld.com's Security Watch Newsletter
FILE SHARING, BIND, SENDMAIL TAKE TOP SPOTS AS
'ANTI-SECURITY' TECHNOLOGIES OF 2000
Posted at January 26, 2001 01:01 PM Pacific
This might be a little old, but I thought I'd post it anyway. A recently discovered security flaw embedded in the most popular breed of Internet server software (BIND) could expose more than 80 percent of the world's Web sites to hacker attacks if network administrators don¹t move quickly to replace the flawed versions. Anyone exploiting these vulnerabilities could take control of
Saw this over at SNN
Web application security is garnering added attention as more and more people challenge the inaccurate concept that firewalls are the security be all end all. That coupled with the fact that many companies owning an online presence don't consider security to be a priority, increases the chances and opportunities to be an online infiltration victim.
By BRIAN BERGSTEIN, Associated Press
SAN JOSE, Calif. (January 25, 2001 10:29 p.m. EST http://www.nandotimes.com) -
A 21-year-old former Los Alamos National Laboratory employee charged with hacking into eBay and other prominent Web companies also is under investigation for computer crimes dating back to his college days in Wisconsin, a federal prosecutor said Thursday.
Read the full story here.
