28-01-06

VOIP traffic to be used by botnets and hackers ?

attacks because VoIP runs continuous media over IP packets. The ability to dial in and out of VoIP overlays allows for control of an application via a voice network, making it almost impossible to trace the source of an attack. In addition, proprietary protocols - intended to protect a company's technology edge and prevent ISPs from blocking the VoIP application - inhibit the ability of ISPs to track DoS activity. Encryption for user privacy, peer2peer and a superpeer system to assist with call routing and NAT/Firewall traversal further obscure the command traffic http://www.communicationsresearch.net/news/news26jan06.html

 

well they are only beginning to talk and study security and unsecurity of VOIP (after selling thousands of installations to people who don't care that much about security) so what will be next ?

 

00:36 Gepost door technology changes fast not a lot | Permalink | Commentaren (0) |  Facebook |

viva vista

The new firewall will filter both incoming and outgoing network traffic, meaning that it can be used to block machines that are trying to connect to the Windows PC as well as applications on the PC that are trying to connect to other systems on the network. Microsoft is dubbing it a "two-way" firewall.

The ability to block outgoing traffic does not exist in Windows XP, but will give powerful options to Vista admins, Wilson said. They could, for example, ensure that their PCs only use a preferred instant messaging application. "If you tried a different instant messaging application, it would be blocked," he said. "It's really something that we're targeting toward enterprise administrators in corporations."

http://www.techworld.com/security/news/index.cfm?NewsID=5...

 

so that wasn't that hard

and the difference it can make if it is well configured..... no more rogue open attacks into networks, every pc in the network is an island

00:21 Gepost door technology changes fast not a lot | Permalink | Commentaren (0) |  Facebook |

27-01-06

what do you know about the basic security of your pc

test it here with 5 stupid questions and if you can't answer them, buy a book

http://www.microsoft.com/athome/security/quiz/pypcbasics1...

23:40 Gepost door technology changes fast not a lot | Permalink | Commentaren (0) |  Facebook |

Telenet website owners had their info published

http://www.security.nl/article/12802/1/Belgische_ISP_Tele...

 

first it happened during 15 minutes, but that was enough for 3 people to download 600 MB of logs about the users and files of that webserver

 

These files were NOT encrypted.

 

Following the publication of some details it is clear that some users used hidden directories to place songs and other files that weren't supposed to be public. They are now in the 'public arena'.

 

Telenet did not really say sorry and did not announce a more thorough securityplan nor the encrypting of this kind of data.

 

Telenet itself did not describe the data that were lost and only reacted to publications of parts of it by one of the downloaders, so how sure can you be what is in the files ?

 

 

23:37 Gepost door technology changes fast not a lot | Permalink | Commentaren (0) |  Facebook |

26-01-06

blogging community livejournal massively hacked

LiveJournal, an online community that boasts nearly 2 million active members, on Thursday announced sitewide changes for users logging into their accounts -- changes prompted by a hacker group's successful hijacking of potentially hundreds of thousands of user accounts

 

and all it takes was  members said they created hundreds of dummy member accounts featuring Web links that used the Javascript flaws to steal "cookies" (small text files on a Web-browsing computer that can be used to identify the user) from people who clicked on the links. Armed with those cookies, the hackers were then able to either log in as the victim, or arbitrarily post or delete entries on the victim's personal page

 

It is unclear whether LiveJournal has managed to close the security holes that the hackers claim to have used. The company says it has, but the hackers insist there are still at least 16 other similar Javascript flaws on the LiveJournal site that could be used conduct the same attack.

 

http://blogs.washingtonpost.com/securityfix/2006/01/accou...

 

they say others will follow

their philosophy is here

http://lists.grok.org.uk/pipermail/full-disclosure/2005-D...

(it is all your own fault if you become infected)

 

so if javascript has no many mistakes, how many other sites and webservices are based solely on javascript ?

00:12 Gepost door technology changes fast not a lot | Permalink | Commentaren (0) |  Facebook |

25-01-06

desinfect the Nymex worm or lose your data the third of february

Nymex or blackworm is a very dangereous worm because it will destroy the third friday of the month all documents in normal formats as .doc, etc.... 

 

so it is important to coordinate the cleaning up operation before the THIRD of February

 

the Internet storm center called upon us

Blackworm infected machines reported to a 'counter' site the fact that they got infected. The TISF BlackWorm task force obtained the logs from this counter, and is notifying networks represented in the logs. These notifications will use a from address of "handlers@sans.org" or "Randy_Vaughn@Baylor.edu". Please e-mail jullrichat/sans.org if you would like to obtain a list for your network, and have not received an automated e-mail.

Please include information to support that your e-mail address is associated with administering the respective networks, or a phone number to validate the information.

http://isc.sans.org/diary.php?storyid=1073&rss

 

technical cleanup information is here

http://isc.sans.org/diary.php?storyid=1067&rss

 

any connection in your logs to this site with the counter

webstats.web.rcn.net  can be interpreted as connection to the virus counter

 

the total data package is something like that

alert tcp any any -> any 80
(msg:”webstats.web.rcn.net count.cgi request
without referrer (possible BlackWorm infection)”;
content:”GET /cgi-bin/Count.cgi|3f|”; depth:23; content:”df|3d|”;
content:”Host|3a 20|webstats.web.rcn.net”; content:!”Referer|3a|”;
classtype:misc-activity; sid:1000376; rev:1;)

 

http://blogs.securiteam.com/index.php/archives/229  more technical info

http://www.lurhq.com/blackworm.html a deep analysis

 

 

23:25 Gepost door technology changes fast not a lot | Permalink | Commentaren (0) |  Facebook |

22-01-06

Israeli private economic espionage with trojans and rootkits

The Tel Aviv District Court is still hearing the case against some of Israel’s largest private investigator agencies, including Modiin Ezrachi Ltd., Zvi Krochmal Investigations, Pelosoff-Balali, and Target - Detective Work, Information & Investigations. However, prosecutors are struggling to indict the companies that ordered the business information, due to the legal difficulties in proving that they knew that the information was obtained by illegal means

http://new.globes.co.il/serveen/globes/docview.asp?did=10...

and you can find more links on this page

quite amazing and alarming in fact

all economic info is critical

01:15 Gepost door technology changes fast not a lot | Permalink | Commentaren (0) |  Facebook |