Networking
Malaysian Parliament Website Hacked
I've been meaning to post this a few days back, but I couldn't get an online link to the story till today.
Eitherways, for those of you that haven't heard about this - the Malaysian Parliament website (http://www.parlimen.gov.my) got hacked into a few days back by a cracker calling himself "topeira". Check out the full story on this here.
The Continuing End of SSH/SSL
Kurt Seifried, who started out this End of SSL and SSH string, with Silverman
responding, has now issued his follow-up.
Silverman Responds To 'End of SSL And SSH'
Richard Silverman, co-author of O'Reilly's SSH, The Secure
Shell: The Definitive Guide, has written a response to Kurt Seifried's article
entitled 'The End of SSL and SSH?' at at Security Portal written after the release
of dsniff 2.3. You can read the original article here, the original
Solaris Kernel Tuning for Security
SecurityFocus is carrying an excellent article on securing Solaris. Here's an excerpt from the article:
Electric Company Hijacked
Saw this over at HNN
Attacks Against SSH and SSL
SecurityPortal has a very interesting article by Kurt Seifried in
which he writes "dsniff 2.3 allows you to exploit several fundamental flaws in two
extremely popular encryption protocols, SSL and SSH." He makes many very
strong arguments about key validity and the problem with not having a trusted
Charles Schwab Corp. admits security hole
Wired is carrying an article about Schwab confirming that last week its market-leading Web brokerage was vulnerable to a common security flaw that allowed a hacker to hijack subscribers' stock trading accounts, but said the risk was small and no user accounts had been accessed. Everyone's "favourite" security consultant John Vranesevich (of antionline fame) is quoted in the write up. Go check out the whole story here.
Two Network Associates Sites Defaced
This little snippet of news was first spotted over at HNN:
A group of web site defacers calling themselves Insanity Zine Corp. vandalized two of Network Associates' Brazilian based web pages. Pages were covered in graffiti including the slogan, "god save the script kiddies." As of yet, no word from the Network Associates camp has been released.
vnunet.com
CheckPoint Posts Temp Fix for FW-1 Vulnerability
Checkpoint has posted an interim work around for the IP Fragment-driven denial of service attack announced yesterday. The work around involves a command line instruction that will disable console logging.
Checkpoint FW-1 Fix
BugTraq - original advisory