11-04-07

The most popular Film bittorrents

This is their RSS feed

 

Ranking(last week)Movie
1(new)Deja Vu
2(4)The Good Shepherd
3(1)Casino Royale
4(new)Smokin’ Aces
5(3)Night at the Museum
6(2)Blood Diamond
7(back)The departed
8(new)Curse of the Golden Flower
9(new)Hannibal Rising
10(10)Turistas

13:51 Gepost door technology changes fast not a lot in Algemeen | Permalink | Commentaren (0) |  Facebook |

The NAC border has some backdoors

At one side you have the dangereous environnement of the internet and the numereous new ways to attack machines for which there is no protection yet. At the other side you have the pressure from management and the workers to be able to work on your network outside the office and after or before office hours. In the meantime you will have to guarantee that there will still be a network and that it will stay more or less secure and that only authorized personnell has access.

 

Cisco has developed for this a server based upton the Network Access Control. The principle is that even if you have the credentials, you can only access the network if your pc has an antivirus, all the patches installed and a firewall. But CISCO made some mistakes while designing the process. This gave the opportunity to create code with which you could pass this networkguard without much difficulty.

 

The most important part of the attack is that it is possible to spoof the information the Trust Client sends to the server about the configuration of the machine. It seems it is possible for all clients to send only the spoofed information they received to their servers and not the real information.  After that they were able to bypass the system because no other authentification was asked. It is also impossible for the moment to integrate the Cisco architecture with other standard authentification systems.

 

NAC is just a start, but for CISCO it was a false one.

12:15 Gepost door technology changes fast not a lot in Algemeen | Permalink | Commentaren (0) |  Facebook |

Return the easter bunny

comic2_001

11:15 Gepost door technology changes fast not a lot in Algemeen | Permalink | Commentaren (0) |  Facebook |

Hardware hacking coming to your phone

Small embedded microprocessors are included in everything that needs to the things we expect from them. 90% of these microprocessors have a program called JTAG (Joint Test Action Group) enabled to let engineers debug a problem in the future. A security expert has used this tool to find a way to let these processors execute unknown code through other means than the normal buffer-overflow attack. These programs could be used to send confidential information to other phones or systems (and why not in combination with bluetooth). And this is just the beginning of it.

 

So who said your phone was much safer than your computer ? Malware follows the money.

09:00 Gepost door technology changes fast not a lot in Algemeen | Permalink | Commentaren (0) |  Facebook |

Na een lange werkdag even TV kijken (comic)

comic_009

08:15 Gepost door technology changes fast not a lot in Algemeen | Permalink | Commentaren (0) |  Facebook |

10-04-07

Microsoft patches to do

We had a month without patches and now we have a month of which all the patches are critical to urgent of which two have been used in exploits around the web. This means that they are really critical and that you should plan to implement them before the weekend (surely for the two critical ones) or next week. What isn't exploited today, can be next week and we'll never know which vulnerability will be exploited first and when.

 

Even Apple has security patches now and Solaris 10 and Oracle and....

 

So as a simple user you can go to http://update.microsoft.com

22:30 Gepost door technology changes fast not a lot in Algemeen | Permalink | Commentaren (0) |  Facebook |

The problem with online javascript

Javascript is a very powerful scripting language that with some 'hacking' you can ask to do anything you (and the hacker) dreams about. Many of the XSS attacks against popular websites are based on this premise. You can install code on a machine, redirect the machine to another website, disable programs etc....  It is for this reason very questionable to let your users use anything other than real text when they make pages or comments on your website.

 

Ebay had another XSS attack based upon this javascript trick. The hole is closed by now and Ebay says it is monitoring the situation and that is has blocked now the redirect function in javascript, but the real question is : why should people be allowed to play with javascript on your website ? Especially if money is involved ?

15:12 Gepost door technology changes fast not a lot in Algemeen | Permalink | Commentaren (0) |  Facebook |