Networking

Red Hat 7.2 distribution files on popular ftp sites such as
ftp.ibiblio.org and mirrors.hpcf.upr.edu are not signed. It is
unlikely that this is an attack as the number of sites involved makes
it likely someone would have noticed and notified the community.
Either Red Hat did not sign these packages, or someone subverted the
distribution process before the files got to various sites. For Red
Hat 7.1 please note that all files were correctly signed with the Red
Hat GnuPG security key.

Source: Slashdot

CERT has released a paper (PDF) analyzing changes in DOS attack methods. The new twist-- crackers are increasing getting into routers rather then servers and home PCs. The volume of noise a router could generate absolutely dwarfs what a computer could do. And unlike compromised servers, compromised routers could actually screw up the infrastructure of the Internet, not just blast people with packets. Worst of all, router administators appear to be even sloppier than their server counterparts in securing their machines.

Source: News Forge

This fifth article of our series is dedicated to security problems related to multitasking. A race condition occurs when different processes use the same resource (file, device, memory) at the same time and each one "believes" it has exclusive access. This leads to difficult to detect bugs and also to security holes that can compromise a system's global security

Conntinue reading this article over at Linuxfocus.org.

Source: Security News Portal - SNPortal

Users of Microsoft's Hotmail service are vulnerable to a new twist on an old trick for hiding potentially malicious scripts in the HTML code of e-mail messages, a security enthusiast has discovered.

Borrowing a technique published last year, Bart van Arnhem, who uses the hacker nickname "Oblivion," found that Hotmail's filters can be dodged by embedding Javascript code within specially crafted image tags.....

Image Tags Hide New Hotmail Security Attack

Source: Security News Portal - SNPortal

Kevin Poulsen, writing for SecurityFocus.com reports that "Windows users and Internet routing equipment are the latest pawns of malicious intruders intent on launching denial of service attacks online, an expert from Carnegie Mellon's CERT Coordination Center warned network operators here Monday.

Here's another, somewhat fascinating reason to use your RSA keys with SSH: Berkeley researcher Dawn Xiaodong Song has figured out how to guess passwords typed into a shell over SSH by using statistical timing analysis. Here's an article about it. She's able to reduce brute force attacks on 7-8 character password by a factor of 50 with this approach. She points out some interesting tidbits about SSH that will help you out, but you'll have to read her paper to find them.

Source: Security News Portal - SNPortal

L33tdawg: Something tells me this wasn't such a smart move. In the past (what has it been? 2 weeks perhaps?) kill.net and kimble.org have been victims of 2 defacements (one of which coming AFTER Mr. Schmitz claimed to have super secured his box) and a Denial of Service attack. What's next?

Source: CNN.com

A little-known exercise held last year to help federal, state and local officials in Utah prepare for a possible terrorist attack during the 2002 Winter Olympics may hold some of the most important lessons for infrastructure protection in the aftermath of the September 11 terrorist attacks, according to a key official involved in the exercise.

Source: ZDNet UK

Source: Security News Portal - SNPortal

Information sharing and coordination are key elements in developing comprehensive and practical approaches to combating cyber attacks that could threaten national security and disrupt the nation's critical infrastructure, according to a General Accounting Office report released Friday.

Such information sharing is becoming more important as the government and nation become increasingly interconnected, the GAO has determined....