Networking

India's Centre for Atomic Research got hacked by GForce Pakistan you can view attrition for its mirror. Here's the link to the mirror. The link was submitted by someone calling him/herself RSnake - BTW, next time register for an account and please provide the link to the mirror.

I've been meaning to post this a few days back, but I couldn't get an online link to the story till today.

Eitherways, for those of you that haven't heard about this - the Malaysian Parliament website (http://www.parlimen.gov.my) got hacked into a few days back by a cracker calling himself "topeira". Check out the full story on this here.

Kurt Seifried, who started out this End of SSL and SSH string, with Silverman
responding, has now issued his follow-up.

Richard Silverman, co-author of O'Reilly's SSH, The Secure
Shell: The Definitive Guide, has written a response to Kurt Seifried's article
entitled 'The End of SSL and SSH?' at at Security Portal written after the release
of dsniff 2.3. You can read the original article here, the original

SecurityFocus is carrying an excellent article on securing Solaris. Here's an excerpt from the article:

Saw this over at HNN

SecurityPortal has a very interesting article by Kurt Seifried in
which he writes "dsniff 2.3 allows you to exploit several fundamental flaws in two
extremely popular encryption protocols, SSL and SSH." He makes many very
strong arguments about key validity and the problem with not having a trusted

Wired is carrying an article about Schwab confirming that last week its market-leading Web brokerage was vulnerable to a common security flaw that allowed a hacker to hijack subscribers' stock trading accounts, but said the risk was small and no user accounts had been accessed. Everyone's "favourite" security consultant John Vranesevich (of antionline fame) is quoted in the write up. Go check out the whole story here.

This little snippet of news was first spotted over at HNN:
A group of web site defacers calling themselves Insanity Zine Corp. vandalized two of Network Associates' Brazilian based web pages. Pages were covered in graffiti including the slogan, "god save the script kiddies." As of yet, no word from the Network Associates camp has been released.

vnunet.com

Checkpoint has posted an interim work around for the IP Fragment-driven denial of service attack announced yesterday. The work around involves a command line instruction that will disable console logging.

Checkpoint FW-1 Fix
BugTraq - original advisory