Reformed black-hat hacker Michael Calce, better known as the 15-year-old "mafiaboy" who, in 2000, took down Websites CNN, Yahoo, E*Trade, Dell, Amazon, and eBay, says widespread adoption of cloud computing is going to make the Internet only more of a hacker haven.
"It will be the fall of the Internet as we know it," Calce said today during a Lumension Security-sponsored Webcast event. "You're basically putting everything in one little sandbox...it's going to be a lot more easy to access," he added, noting that cloud computing will be "extremely dangerous."
Network security researcher Dan Kaminsky has had a year to reflect on the impact of the cache poisoning vulnerability he discovered in the Domain Name System (DNS). Kaminsky revealed during last year's Black Hat Briefings a technique that made it relatively easy to exploit the bug and enable an attacker to redirect website requests to malicious sites. In the time since, Kaminsky has become an advocate for improving security in DNS, and ultimately, trust on the Internet. One way to do this is with the widespread use of DNSSEC (DNS Security Extensions), which essentially brings PKI to website requests. In this interview, Kaminsky talks about how the implementation of DNSSEC would enable greater security and trust on the Net and provide a platform for the development of new security products and services.
The Domain Name System (DNS) security protocol is finally making inroads on the Internet infrastructure front, but big hurdles remain for widespread, smooth adoption. It has been more than 15 years in the making, but DNSSEC is finally gaining some traction: The .gov and .org top-level domains have begun to adopt the Domain Name Service (DNS) security protocol, and during the past few days, some commercial activity was associated with it.
Wireshark is the world's foremost network protocol analyzer, and is the de facto (and often de jure) standard across many industries and educational institutions.
Wireshark development thrives thanks to the contributions of networking experts across the globe. It is the continuation of a project that started in 1998.
Wireshark 1.2.0 has been released. This is the new stable release branch of
Wireshark and many new and exciting features have been added since 1.0 was
released.
Forget spam, viruses, worms, malware and phishing. These threats are apparently old school when compared to a new class of denial-of-service (DOS) attacks that threaten wireless data networks.
The latest wireless network threats were outlined in a talk here Thursday by Krishan Sabnani, vice president of networking research at Bell Labs, at the Cyber Infrastructure Protection Conference at City College of New York.
Read on for info on this new security vulnerability, and learn exactly how it works. Lots of people seem to have an opinion on this article at CNET. Do you see this vulnerability as being a big problem for you?
"Most exploits (like worms and attacks that take advantage of holes in software) can be patched, but clickjacking is a design flaw in the way the Web is supposed to work," Grossman said. "The bad guy is superimposing an invisible button over something the user wants to click on...It can be any button on any Web page on any Web site."
The technique was used in a series of prank attacks launched on Twitter in February. In that case, users clicked on links next to tweets that said "Don't Click" and then clicked on a button that said "Don't Click" on a separate Web page. That second click distributed the original tweet to all of the Twitter user's followers, thus propagating itself rather quickly.
Nice article from a press release at Interop. What kind of virtualization security does Linux have, and how does it compare? What steps do people take to secure their virtual servers?
Ultrasecure operating system maker Green Hills Software is quietly providing some major network equipment manufacturers with an extra layer of security for its devices.
Green Hills, which last fall released a commercial version of its hardened Integrity-178B operating system used in military fighter planes, is now leveraging that technology for the network, as well. Company officials here revealed they have built a secure virtualization platform for networking equipment based on a combination of the company's secure OS virtualization and networking technologies.
Source: Peter_Losher@isc.org - Posted by Dave Wreski
Internet Systems Consortium (ISC),
with the support of industry leading sponsors, today reveals plans for
BIND 10, the next leap forward in DNS server software. BIND 10 is being designed to serve the needs of today’s dynamic and
growing Internet-dependent businesses. The design goals are simple: a
secure, flexible, resilient DNS server that integrates easily into the
workflow and maintenance of the complex networks organizations demand.
Firstly, allow me to recap. A couple of days ago, I reported a presentation at the Chaos Computer Club conference in Berlin which outlined a major problem with the way Certificate Authorities handle message hashing, essentially this attack relied on well-known problems with the MD5 hash algorithm.
Problems based on hash collisions, which were previously considered to be theoretical having been discovered in 2004, were now well-lodged within the domain of reality.
Have you heard about the news about the reported problem with how Certificate Authorities are handling message hashing? Read on for more information on some security issues with the current Certificate Authorities.
The bottom line is this - while this cookie option flag does absolutely nothing to prevent XSS attacks, it does significanly help to prevent the #1 XSS attack goal which is stealing SessionIDs. While HTTPOnly is not a "silver bullet" by any means, the potential ROI of implement it is quite large. Notice I said "potential" as in order to provide the intended protections, two key players have to work together.
This article looks at one way you can make your Web cookies more secure by using the Apache's extension called modsecurity. If you are interested in this please read on for more information and how you set this up on your own Apache web server.
