Since the announce of the major DNS vulnerability (multi-vendors), it’s patching time for all admins around the world. Did you already perform your homework? The people at OARC have crafted a special DNS name and server that you can query to check whether or not your resolver is using random
Category: Security
eBay Will Track Your IP Addresses
Like many of us, I’m an eBay user. Regularly, I buy or sell unused or deprecated stuffs. eBay (as Paypal, same group) should be one of the most targeted attacks (phising, fraud, …). Today, I received the following alert in my eBay mailbox: Like Google did recently, eBay will start
Four Minutes!
Four Minutes! This is the actual survival time on the Internet for an unpatched system (sources: ISC and the Survival Time Graph). Good practice: Always perform a full patch before connecting a new server on the Internet (even under pressure). A good deployment procedure must be in place.
The Pirate Bay Proposes “IPETEE”
The Pirate Bay wants to encrypt the whole Internet! As you probably read recently, more and more countries and Europe via the Intellectual Property Rights Enforcement Directive (IPRED2). In the ISO model, encryption is usually performed at the presentation or application levels. The Pirate Bay would like to encrypt all
TrueCrypt 6.0 is out!
A new release of TrueCrypt is available. What’s new? This feature sounds really interesting: Provides two levels of plausible deniability, in case an adversary forces you to reveal the password: 1) Hidden volume (steganography) and hidden operating system. 2) No TrueCrypt volume can be identified (volumes cannot be distinguished from
Metasploit on an iPhone
An other good reason to get an iPhone (still not announced in Belgium, btw): Metasploit is available on the iPhone. See Muts’ Blog.
Let’s Play in Sandboxes!
Children like to play in a sandbox. Computer users should also play in sandboxes… to increase their security! A sandbox is a mechanism (a software) used to execute untrusted applications. A sandbox can be seen as a light-virtualization system. True virtualization (performed with products like VMware, VirtualBox or Virtual PC)
Spoofed User-Agent by AVG
I just read an interesting story on The Register: It seems that the latest AVG antivirus is generating a lot of web traffic with spoofed user-agents (IE6). Read the story here: http://www.theregister.co.uk/2008/06/26/avg_disguises_fake_traffic_as_ie6/.
PktAnon : Packet Trace Anonymization Tool
A few weeks ago, I wrote a post about packet capture anonymization. When you have to share traces with other parties, anonymization can be a requirement. A new tool is available: PktAnon.
Security Screensavers
Everybody use screensavers! Initially, the purpose of those little applications was to preserve the phosphor used in CRT displays. There are thousands of screensavers available (well known are floating texts, slideshows, fireworks, etc). But screensavers can also be used to display useful information to the user and why not security