Create an Account
username: password:
  MemeStreams Logo

It's always easy to manipulate people's feelings. - Laura Bush


Picture of Decius
Decius's Pics
My Blog
My Profile
My Audience
My Sources
Send Me a Message

sponsored links

Decius's topics
   Sci-Fi/Fantasy Literature
   Sci-Fi/Fantasy Films
   Electronic Music
  Finance & Accounting
  Tech Industry
  Telecom Industry
  Markets & Investing
Health and Wellness
Home and Garden
Current Events
  War on Terrorism
  Cars and Trucks
Local Information
  United States
   SF Bay Area
    SF Bay Area News
  Nano Tech
  Politics and Law
   Civil Liberties
    Internet Civil Liberties
   Intellectual Property
  (Computer Security)
  High Tech Developments

support us

Get MemeStreams Stuff!

Current Topic: Computer Security

The Impact of Emerging Technologies: The Internet Is Broken
Topic: Computer Security 12:04 pm EST, Dec 20, 2005

That's why Clark argues that it's time to rethink the Internet's basic architecture, to potentially start over with a fresh design -- and equally important, with a plausible strategy for proving the design's viability, so that it stands a chance of implementation.

This is an interesting, if odd set of articles. The author argues in favor of IP addresses that don't change when you roam, something that I did a bunch of work on a couple of years ago. That makes sense. What doesn't make sense is how he gets from this to an Internet that doesn't need security patches...

The Impact of Emerging Technologies: The Internet Is Broken

I got 0wned... (sort of) - Patch your browser if you haven't.
Topic: Computer Security 7:52 pm EST, Dec 14, 2005

This document serves as a reclassification advisory for the Microsoft Internet Explorer JavaScript Window() DoS vulnerability, originally reported on 31/05/2005.

Contrary to popular beliefs, the aforementioned security issue is susceptible to remote, arbitrary code execution, yielding full system access with the privileges of the underlying user.

I was stumbling around on the web tonight and got hit with a malicious version of this. Fortunately I was running Firefox at the time, where the issue is merely a denial of service (at least as presently understood). Its a remote code execution problem in IE. The perps were trying to shovel adware onto my machine.

Figured I'd mention this here as a public service. People are definately out there exploiting this. Microsoft released patches yesterday. Patch your machine.

If you go to the linked site from a vulnerable host and click on the proof of concept it will launch a copy of calc.exe on your desktop.

I got 0wned... (sort of) - Patch your browser if you haven't.

Topic: Computer Security 2:51 pm EST, Dec 12, 2005

Looks like a decent blog on Reverse Engineering...

OpenRCE Tools for practicing reverse engineering
Topic: Computer Security 6:25 pm EST, Nov 30, 2005

So you think you're good enough to break the protection?
You want to see how good you are in reversing applications?
And you want to do it the legal way?
Then you're at the right place!

Nice! Tools for practicing reverse engineering

Blue Boxing Wiretapping Systems
Topic: Computer Security 11:00 am EST, Nov 30, 2005

In a research paper appearing in the November/December 2005 issue of IEEE Security and Privacy, we analyzed publicly available information and materials to evaluate the reliability of the telephone wiretapping technologies used by US law enforcement agencies. The analysis found vulnerabilities in widely fielded interception technologies that are used for both "pen register" and "full audio" (Title III / FISA) taps. The vulnerabilities allow a party to a wiretapped call to disable content recording and call monitoring and to manipulate the logs of dialed digits and call activity.

In the most serious countermeasures we discovered, a wiretap subject superimposes a continuous low-amplitude "C-tone" audio signal over normal call audio on the monitored line. The tone is misinterpreted by the wiretap system as an "on-hook" signal, which mutes monitored call audio and suspends audio recording. Most loop extender systems, as well as at least some CALEA systems, appear to be vulnerable to this countermeasure.

John Markoff has a story on this today.

Ha... They were using old school dtmf techniques to detect call status! Thats a bizarre approach. You'd think they'd have some device that spoke SS7 and the network would simply send the digital call traffic to them. U: I just read the paper. Apparently there IS no good reason they are using inband signals. Its a good paper. Read it.

Of course, this kind of vulnerability isn't what I'm really interested in with respect to CALEA equipment. The big question is how does Law Enforcement get access to the CALEA system and is the security/authentication of that access method sufficient to prevent other parties from using the system. I've heard unsubstantiated whisperings that it isn't... U: The paper seems to allude to this suspicion as well...

Blue Boxing Wiretapping Systems

Guardian Unlimited Technology | Technology | Scientists, be on guard ... ET might be a malicious hacker
Topic: Computer Security 2:12 am EST, Nov 26, 2005

He believes scientists searching the heavens for signals from extra-terrestrial civilisations are putting Earth's security at risk, by distributing the jumble of signals they receive to computers all over the world.

Now why didn't I think of that!

Guardian Unlimited Technology | Technology | Scientists, be on guard ... ET might be a malicious hacker

Topic: Computer Security 4:48 pm EST, Nov 21, 2005

The Electronic Frontier Foundation (EFF), along with two leading national class action law firms, today filed a lawsuit against Sony BMG, demanding that the company repair the damage done by the First4Internet XCP and SunnComm MediaMax software it included on over 24 million music CDs.


Welcome to uComics Web Site featuring FoxTrot
Topic: Computer Security 8:51 am EST, Nov 21, 2005

Foxtrot on Sony DRM

Welcome to uComics Web Site featuring FoxTrot

BlackHat sells out.
Topic: Computer Security 8:19 pm EST, Nov 16, 2005

CMP Media, a marketing solutions company serving the technology, healthcare and entertainment markets, announced today that it has acquired Black Hat Inc., a producer of information security conferences and training that includes Black Hat Briefings and Conferences.

One fears the impact of this will be trouble... What is the association between CMP and Defcon?!

BlackHat sells out.

Kaminski Analysis of Sony Rootkit traffic
Topic: Computer Security 5:06 pm EST, Nov 15, 2005


Sony has a rootkit.

The rootkit phones home.

Phoning home requires a DNS query.

DNS queries are cached.

Caches are externally testable (great paper, Luis!), provided you have a list of all the name servers out there.

Nice pictures of worldwide distribution of the rootkit.

Kaminski Analysis of Sony Rootkit traffic

(Last) Newer << 10 - 11 - 12 - 13 - 14 - 15 - 16 - 17 - 18 - 19 ++ 29 >> Older (First)
Powered By Industrial Memetics