Month: August 2008
-
Debian SSH keys
The Debian SSH key fiasco from earlier this year is starting to bear bad fruit. The original issue ( listed earlier in this blog ) is that the Debian project took out some code from the SSH source as part of a code cleansing exercise – this code unfortunately was responsible for inserting randomness into…
-
More global internet issues – BGP
Some security researchers have found a vulnerability in the BGP ( Border Gateway Protocol ) routing protocol that could allow one to intercept internet traffic on a scale not possible before, except by a group such as the NSA with their Echelon project. The attack exploits a man-in-the-middle type vulnerability in BGP to monitor and…
-
DNS security saved by Nominum?
Besides SPR ( source port randomisation ), Nominum have a number of other security options built into their Vantio DNS product: SPR defense: strange queries result in a direct connection to the server resistance: tries not to give out ip’s for name servers ( glue records ) warns ISP of attack So, interesting options from…
-
VMWare forgets about BETA code
VMWare developers recently left beta debug code in an update provided for ESX 3.5, with an expiry date built in. The result would be that users would lose access to their VM’s after applying the update and a ‘general system error’ would be indicated. While the updated update is now working and available, those who…
-
MSNBC.com is spammers’ latest victim
You may have noticed a lot of email purporting to come from MSNBC.com in the last few weeks and this is a result of a new spam campaign doing the rounds. Problem is that some of these headlines could actually be valid; even if people are intelligently looking at their email for spam, they might…
-
MotoGP BRNO
The pressure was on Casey Stoner to produce in this past weekend’s race as Rossi was leading the championship; pressure or not, Stoner went down after a few laps from the leading position of the race. Rossi went on to win easily from an 11s cushion over the rest of the field. The rest of…
-
Open Source software protected under copyright law
A recent US federal appeals court ruling ( which overrules a previous lower court ruling ), has indicated that open source software now has the same protection under copyright law as other content. It’s quite interesting that the Business Software Alliance ( BSA ), which in the past has been the watchdog for such commercial…
-
Software design strategies
Open Source and its community-based development model is starting to give some in the commercial world a bit of a headache. You’ll remember that I’ve blogged about the fact that I think all software development will go the OS-type way in future and it seems this is happening already. We’ve already seen behemoths like Microsoft…
-
BOSD’s rule
Lenovo, IT providers to the Chinese Olympic Games, decided on XP as their choice of computing platform due to the apparent instability of Vista. It appears they forgot about XP’s instabilities as well – here is a nice BlueScreenOfDeath courtesy of Gizmodo.
-
Microsoft, Intel, Negroponte and the OLPC – we’re all one big happy family
Bryan Appleyard from the Times Online recently wrote a brilliant piece on the trials of Nicolas Negroponte’s philanthropic venture, the OLPC. Briefly, Negroponte started out with the vision of having a cheap/low cost laptop-type device that could be used in countries where it was not possible to afford the IT industry’s normal costs. These costs…
-
OpenID and SSL/DNS poisoning
Ben Laurie of Google’s Applied Security team, while working with an external researcher, Dr. Richard Clayton of the Computer Laboratory, Cambridge University, found that various OpenID Providers (OPs) had TLS Server Certificates that used weak keys, as a result of the Debian Predictable Random Number Generator (CVE-2008-0166). In combination with the DNS Cache Poisoning issue…
-
DNS – Source Port Randomisation
Dan Kaminsky gave a very interesting talk on the recent DNS issues as part of the Black Hat USA 2008 conference currently on the go in Las Vegas. Originally DJ Bernstein had advocated ( and put into DJBDNS ) source port randomisation as part of the DNS request but no one else had as they…
-
Windows Vista insecurity?
The following article comes courtesy of SDV: Some researchers at the recent BlackHat conference have been doing work in the area of Window Vista security and have ( apparently ) found a major hole whereby they can use .Net or similar scripting languages to effectively bypass the memory security functions built into Vista ( DEP…
-
SA WSBK Riders perform well
Hudson Kennaugh finished in 10th position in the WSS600 race on Sunday as a wildcard rider. Riding the Yamaha R6 in changeable conditions, he kept his position well until spotting rain caused the front 3 riders to raise the hands as indication of unsafe conditions. However it was only when Smrz slid off the track…
