Source: The Register - Posted by Efren J. Belizario
Professional networking sites are unwittingly providing hackers with the possible means to carry out sophisticated social engineering scams, a UK security consultancy warns.
Computer researchers in Europe are developing a new prototype architecture for halting distributed denial-of-service (DDoS) attacks, where a barrage of traffic is directed at a Web site or server to shut it down.
Visa U.S.A. Inc. and MasterCard International Inc. will release new security rules in the next 30 to 60 days for all organizations that handle credit card data, a Visa official said last week.
The rules will be the first major update to the one-year-old Payment Card Industry data security standard, which analysts said is slowly but surely being adopted.
Source: Georgia Tech Research - Posted by Eric Lubow
After a U.S. intelligence-gathering aircraft was involved in a mid-air collision off the coast of China four years ago, the crew was unable to erase sensitive information from magnetic data storage systems before making an emergency landing in Chinese territory. That event underscored the need for simple techniques to provide fail-safe destruction of sensitive data aboard such aircraft. Working with defense contractor L-3 Communications Corp., scientists at the Georgia Tech Research Institute (GTRI) have developed a series of prototype systems that use special high-strength permanent magnets to quickly erase a wide variety of storage media.
During last month's JavaOne Conference in San Francisco, Fortify Software convened a panel to discuss the role of application developers in software security and the need for appropriate development technology, without which genuine security is impossible to achieve.
This is to announce three things at once: 1) I have started making and maintaining commercial releases of John the Ripper password cracker, known as John the Ripper Pro. 2) A new version of the tiny POP3 server, popa3d 1.0.2, has been released adding a couple of minor optimizations specific to x86-64 to the included MD5 routines. 3) A new version of the password hashing package (for use in C/C++ applications and libraries), crypt_blowfish 1.0.2, has been released adding a minor optimization specific to x86-64.
Source: Networkworld.com - Posted by Efren J. Belizario
The Finnish security vendor said the services are for small to midsize ISPs and their private customers. The services are PC Protection, which includes virus and spyware detection and a firewall, and PC Protection Plus, which adds a parental and spam control features.
A Vulnerability Intelligence program should be a key component of any sound network security strategy. It should dovetail with a Vulnerability Assessment process and a patching/remediation process. While a Vulnerability Assessment process will tell you what needs to be patched, Vulnerability Intelligence should tell you what needs to be patched first and what new patches need to be evaluated.
Source: Openwall-announce -- Alexander Peslyak - Posted by Eric Lubow
John the Ripper 1.7.2 (a "development" version) adds bitslice DES assembly code for x86-64 making use of the 64-bit mode extended SSE2 with 16 XMM registers. You can download it at the usual location: http://www.openwall.com/john/.
Source: Securiteam.com - Posted by Benjamin D. Thomas
his new paper which is about to appear later this month (May, 2006) on the IEEE security and privacy conference describes holes in Linux's random number generator, as well as a clear description of the Linux /dev/random. The Linux random number generator is part of the kernel of all Linux distributions and is based on generating randomness from entropy of operating system events. The output of this generator is used for almost every security protocol, including TLS/SSL key generation, choosing TCP sequence numbers, and file system and email encryption.
Although the generator is part of an open source project, its source code (about $2500$ lines of code) is poorly documented, and patched with hundreds of code patches.
