| |
| Current Topic: Computer Security |
|
MD5 collision method published |
|
|
|---|
| Topic: Computer Security |
11:05 pm EST, Mar 14, 2005 |
] At last, the secret of how to make MD5 collisions is out! MD5 collision method published |
|
Checklists / Implementation Guides |
|
|
|---|
| Topic: Computer Security |
12:41 am EST, Mar 14, 2005 |
3rd interesting thing learned at Interz0ne. This is a nice collection of federal security hardenning checklists for various commercial systems, including Cisco & Juniper routers, UNIX, and windows varients. The Rainbow series is also linked from this site. Checklists / Implementation Guides |
|
HOWTO Anonymity with Tor and Privoxy - Gentoo Linux Wiki |
|
|
|---|
| Topic: Computer Security |
7:49 pm EST, Mar 13, 2005 |
] This HOWTO explains how to browse the web anonymously by
] using Tor (http://tor.eff.org/) (TheOnionRouter) and
] Privoxy (http://www.privoxy.org/) This howto explains how to use Tor and privoxy together to get fairly strong anonymity protection. Combined with switchproxy in firefox this could be quite useful. Thing is you'd think that a lot of the features of privoxy could be implemented as firefox plugins rather then running this dual proxy setup, but thats just the engineer in me bitching about efficiency. I think that this setup would likely work reasonably well, given the performance impact of onion routing. HOWTO Anonymity with Tor and Privoxy - Gentoo Linux Wiki |
|
proxyjudge.org - anonymity and security |
|
|
|---|
| Topic: Computer Security |
7:43 pm EST, Mar 13, 2005 |
What I found this evening in playing around with switchproxy is that there are a lot of really bad free proxies out there. I really don't understand why if someone was going to go to the time and trouble of running an open http proxy why they would use software that doesn't cull out user agent information, or worse, inserts the IP address of the originating host in the http headers! (Upon further consideration I think what is going on here is that people are using proxies to bypass network layer net-nanny type services that filter by IP. As long as you update your proxy list faster then they update their block list, you can access any website.) A lot of the services that provide proxy lists provide proxies of dubious value. Many that seem to rank proxies don't offer a nice text based output that can be fed into switchproxy. If anyone knows of a solid, filtered list of proxies please let me know. This service will give you some decent information about how good your proxy really is. proxyjudge.org - anonymity and security |
|
Demo: Differences between JPEG Images and their EXIF Thumbnails |
|
|
|---|
| Topic: Computer Security |
6:41 pm EST, Mar 13, 2005 |
] We wrote some software to retrieve images from the Web
] and check if their thumbnails differ from the original
] images. In some cases we found interesting stuff,
] sometimes we even found hidden port but most of the stuff
] was boring.
]
] To give others the opportunity to see what images turn up
] without having to spider the web and help us to weed out
] the interesting images we wrote this simple
] Web-Application which resembles Hot or NOT. Just rate the
] image with the buttons at the top to see the next image. 1st interesting thing learned at interz0ne: EXIF thumbnails are often left unmodified by photoshop manipulations. Demo: Differences between JPEG Images and their EXIF Thumbnails |
|
Tracking PCs anywhere on the Net | CNET News.com |
|
|
|---|
| Topic: Computer Security |
11:08 am EST, Mar 9, 2005 |
] In practice, Kohno's paper says, his techniques "exploit
] the fact that most modern TCP stacks implement the TCP
] timestamps option from RFC 1323 whereby, for performance
] purposes, each party in a TCP flow includes information
] about its perception of time in each outgoing packet. A
] fingerprinter can use the information contained within
] the TCP headers to estimate a device's clock skew and
] thereby fingerprint a physical device." Your TCP packets all contain a cookie. Tracking PCs anywhere on the Net | CNET News.com |
|
|
|---|
| Topic: Computer Security |
2:27 pm EST, Feb 18, 2005 |
] The Texas Instruments DST tag is a cryptographically
] enabled RFID transponder used in several wide-scale
] systems including vehicle immobilizers and the ExxonMobil
] SpeedPass system. This page serves as an overview of our
] successful attacks on DST enabled systems. A preliminary
] version of the full academic paper describing our attacks
] in detail is also available below. RFIDAnalysis.org |
|
|
|---|
| Topic: Computer Security |
1:57 pm EST, Feb 7, 2005 |
Essentially the issue is that you can register domain names using international character sets that look exactly like English, and obtain SSL certificates for them, and it is extremely difficult for the end user to be able to tell that he/she isnt dealing with the English website. Working example of https://www.paypal.com/ demonstrated. Shmoo DNS attack |
|
Handbook of Applied Cryptography |
|
|
|---|
| Topic: Computer Security |
3:25 pm EST, Dec 9, 2004 |
] The Handbook was reprinted (5th printing) in August 2001.
] The publisher made all the various minor changes and
] updates we submitted. While this reference is a bit more academic then Schneier's book, it is quite useful, and now its available for free online. Enjoy! Handbook of Applied Cryptography |
|
