JArchibald
Fully automated WEP hacking. MIT researchers craft defense against wireless man-in-middle attacks. News By John Cox August 24, 2011 06:29 PM ET Network World - MIT researchers have devised a protocol to flummox man-in-the-middle attacks against wireless networks. The all-software solution lets wireless radios automatically pair without the use of passwords and without relying on out-of-band techniques such as infrared or video channels. Dubbed Tamper-evident pairing, or TEP, the technique is based on understanding how man-in-the-middle attacks tamper with wireless messages, and then detects and in some cases blocks the tampering. The researchers suggest that TEP could have detected the reported but still unconfirmed cellular man-in-the-middle attack that unfolded at the Defcon conference earlier this month in Las Vegas. MORE RESEARCH: With SSL, who can you really trust? TEP was devised by a quartet of MIT researchers: Shyamnath Gollakota, Nabeel Ahmed, Nickolaik Zeldovich and Dina Katabi, all with the Department of Electrical Engineering and Computer Science.
Anonymous says it will take down Facebook on Nov. 5 - Faster Forward. Posted at 08:45 AM ET, 08/10/2011 Aug 10, 2011 12:45 PM EDT TheWashingtonPost Anonymous members have said they’ll take down Facebook on Nov. 5 over its privacy policies. (AP) Hacktivist group Anonymous said that it will target Facebook for a takedown on Nov. 5, aka Guy Fawkes Day. Those claiming to be members of the group uploaded a video to YouTube in mid-July announcing the operation, which was spotted by Rosie Gray of The Village Voice on Tuesday. Why is the group targeting Facebook? “If you are a willing hacktivist or a guy who just wants to protect the freedom of information then join the cause and kill facebook for the sake of your own privacy,” the group said in a statement. “We do not and never will sell any of your information to anyone,” Facebook co-founder and CEO Mark Zuckerberg wrote in The Washington Post last year.
(Washington Post Co. chairman and chief executive Donald E. Related stories: More technology coverage from The Post. Anonymous strikes again, takes over Syrian Defense Ministry Web site - Faster Forward. Posted at 09:02 AM ET, 08/08/2011 Aug 08, 2011 01:02 PM EDT TheWashingtonPost Anonymous hackers posted a message on the Syrian Defense Ministry’s Web site.
(AP) Anonymous has struck again, this time accessing the Web site of the Syrian Ministry of Defense and posting a statement Monday decrying the regime of regime of Bashar al-Assad. The AnonymousIRC Twitter account called attention to the message, which came as violence escalates in the country and the government cracks down on protestors. The logo of the group appeared on the Web site with a message in Arabic and the following message in English, : To the Syrian people: The world stands with you against the brutal regime of Bashar Al-Assad. To the Syrian military: You are responsible for protecting the Syrian people, and anyone who orders you to kill women, children, and the elderly deserves to be tried for treason. The hacktivist group has previously said it would target Syria.
Related stories: More technology coverage from The Post. U.S. warns that Anonymous, LulzSec could up their game. News By Jeremy Kirk August 3, 2011 11:29 AM ET IDG News Service - Hacker groups such as Anonymous and Lulz Security may need to be monitored more closely in the event they are assisted by other hackers with higher skill levels and decide to strike critical infrastructure. The warning comes from the National Cybersecurity and Communications Integration Center (NCCIC), which is part of the U.S. Department of Homeland Security. "Some members of LulzSec have demonstrated moderately higher levels of skill and creativity that include using combinations of methods and techniques to target multiple networks," according to the six-page advisory. Anonymous and a splinter group known as LulzSec have wreaked havoc against government and business websites and servers, from low-level defacement of websites up to more sophisticated actions such as stealing sensitive data.
Anonymous and LulzSec have targeted defense contractors such as HBGary and ManTech as well as the U.S. How insecure is your mobile device really? Opinion By Kenneth van Wyk June 30, 2011 01:38 PM ET Computerworld - With all the reports of mobile malware, vulnerabilities and attacks, things must seem pretty confusing to the consumer. Is the sky really falling? Let's explore some of the practical aspects of mobile security a bit from the consumer's point of view. First off, it's always important to put these reports into perspective. Yes, there's been a bunch of malware found in the Android Market. So, rather than focus on the bad, let's take a look at the sorts of actionable things a consumer can do to use these fabulous devices more securely. Let's start by understanding the risks a bit, in practical consumer terms.
Your second-biggest risk might be having your network communications intercepted by someone on the public Wi-Fi you're using. Now, let's address these two most prominent risks. To avoid exposing sensitive data on your device: * Avoid storing anything truly sensitive on the device. Web site helps people profit from information collected about them. Personal’s impressive lineup of investors is what got my attention. Former AOL chairman Steve Case’s Revolution LLC. Local sports mogul Ted Leonsis. Carlyle managing director Ed Mathias. Former ambassador Morton Abramowitz.
Virginia venture capitalist Don Rainey. Former AOL chief executive Jonathan Miller. Even New York-based investment house Allen & Co. has money in the start-up. Who put together this collection of heavy hitters? The answer is a 1992 University of Michigan political science graduate and foreign policy wonk named Shane Green. His deep-pocketed group has put up $7.6 million, ensuring that he can nurture Personal (personal.com) well beyond its launch, planned for this summer. Personal has about 30 employees split between Georgetown and Sarajevo, home to two of its co-founders.
Green, 40, said Personal enables individuals to own, control access to and benefit from their personal information now bouncing around the digital world. It could be. Microsoft clarifies MBR rootkit removal advice. News June 30, 2011 02:07 PM ET Computerworld - Microsoft yesterday clarified the advice it gave users whose Windows PCs are infected with a new, sophisticated rootkit that buries itself on the hard drive's boot sector. Several security researchers agreed with Microsoft's revisions, but a noted botnet expert doubted that the advice guaranteed a clean PC.
Last week, the Microsoft Malware Protection Center (MMPC) highlighted a new Trojan, dubbed "Popureb," and said that the only way to eradicate the malware was to use a recovery disc. Because a recovery disc returns Windows to its factory settings, Microsoft was essentially telling users that they needed to reinstall Windows to completely clean an infected PC.
That recommendation was similar to what Microsoft had offered more than a year ago, when another Trojan buried rootkit code into the master boot record (MBR) of the PC's hard drive. On Wednesday, MMPC engineer Chun Feng clarified Microsoft's advice. Massive botnet 'indestructible,' say researchers. News June 29, 2011 04:19 PM ET Computerworld - A new and improved botnet that has infected more than four million PCs is "practically indestructible," security researchers say. "TDL-4," the name for both the bot Trojan that infects machines and the ensuing collection of compromised computers, is "the most sophisticated threat today," said Kaspersky Labs researcher Sergey Golovanov in a detailed analysis Monday. "[TDL-4] is practically indestructible," Golovanov said. Others agree. "I wouldn't say it's perfectly indestructible, but it is pretty much indestructible," said Joe Stewart, director of malware research at Dell SecureWorks and an internationally-known botnet expert, in an interview today.
"It does a very good job of maintaining itself. " Golovanov and Stewart based their judgments on a variety of TDL-4's traits, all which make it an extremely tough character to detect, delete, suppress or eradicate. But that's not TDL-4's secret weapon. Google, Facebook promise new IPv6 services after trial. Network World - One day after completing a successful 24-hour trial of IPv6, Facebook, Google and Yahoo said at a joint press conference that they would begin permanently supporting this upgrade to the Internet's main communications protocol on some of their key websites. Joined by two content delivery networks -- Akamai and Limelight, which also pledged their commitment to IPv6 deployment -- these popular websites proclaimed the World IPv6 Day trial to be a resounding success. All three companies said they had handled a significant increase in IPv6 traffic on June 8 without suffering serious technical glitches.
IPv6 features an expanded addressing scheme, so it can handle vastly more devices connected directly to the Internet than its predecessor called IPv4. However, IPv6 is not backward compatible with IPv4, which means website operators have to upgrade their network equipment and software to support IPv6 traffic. DETAILS: No news is good news on World IPv6 Day. IPv6 transition framework for the enterprise. Network World - If all the excitement about IPv6 has finally convinced you to take a serious look at what's involved in the transition, you'll want to start with this framework.
After all, transitioning to IPv6 can be daunting given it will affect every networked device on the planet and it is more than just a transition of technology, it's also a transition of people and culture and the way we think. When you do a Google search trying to find guidance on transitioning to IPv6, you come across all sorts of down-in-the-weeds technical information on IPv6 transition techniques -- think tunnel broker, ISATAP, NAT64, CGN, dual-stack, DS-Lite, ALG, NAT-PT, IPv4-mapped addressing, SLAAC, etc. These are all important topics, and there is a time and place to consider the technologies, but when you are just beginning to plan your transition, you need a bigger-picture perspective.
ANALYSIS: World IPv6 Day: Tech industry's most-watched event since Y2K The strategy * Phase 1. AnonOps Communications. One account. All of Google. Sign in to continue to Blogger Find my account Forgot password? Sign in with a different account Create account One Google Account for everything Google. V for Spain. The Network Layer: Understanding layer 3 of the OSI Model. The third layer of the OSI Model, the network layer, is where most network engineers focus their time and expertise. As Darragh commented in my post on the data link layer, Layer 2 is cool but Layer 3 is the one that can take you places. Layer 3, the network layer, is most commonly known as the layer where routing takes place.
A router's main job is to get packets from one network to another. Layer 3 protocols and technologies allow for network-to-network communications. A Layer 3 switch is simply a Layer 2 device that also does routing (a Layer 3 function). So much of what we do as network administrators -- dealing with IP addresses and subnetting, routing protocols, firewall rules and Access Control Lists (ACLs), and many types of Quality of Service (QoS) -- is enabled by Layer 3 technologies.
When troubleshooting network issues it's helpful to understand if the issue is occurring at Layer 2 or Layer 3 of the OSI model. Why the bad guys are winning. There was a show on CNBC recently about cyber threats. The show was pretty much what you would expect when an organization ventures away from its core competence. Imagine if Computerworld did a story on derivatives or CDOs. As is typical of the mainstream media covering computer topics, most of those interviewed were self-serving. People and companies that make a living defending computer systems, saying how bad things are and thus implying how necessary their services are. We've seen this before. Sadly, the show did nothing to educate viewers about Defensive Computing. Still, it got me thinking. So why are the bad guys winning? No doubt there are many reasons that computer systems and networks get broken into. The game is rigged in favor of the bad guys: To avoid breaches, the good guys have to succeed 100% of the time.
Depressing, isn't it, just how long this list is? Update: Added Google about an hour after first publication. SEO: Beware of the Dark Side CIO.com. Computerworld - Being at the top of a search engine results page can mean the difference between business success and failure. So, what would you do to ensure a listing there? Absolutely anything? If so, you could be walking into a minefield.
Search engine optimization (known as SEO) involves actions intended to get your page listed higher on a search engine results page. In the past 15 years, SEO has evolved into a complex art, one that is now the foundation of many businesses. The problem is that there are ways of trying to improve your standing that are considered legitimate by the search engine companies like Google, but there are also methods that can get you into trouble.
Google (which receives 90% of the world's search engine traffic, according to StatCounter, and 65.4% of the U.S. market, according to comScore) does not appreciate being gamed -- and will retaliate. Just ask $17 billion retailer J.C. But first, let's take a quick look at how Google ranks sites. Google's secret sauce.
Everything you need to know about Mac scareware. Computerworld - You'd think it was the end of the world. The fact that Mac users have fallen victim to "scareware" scams -- the kind that have long plagued Windows users -- shouldn't come as a surprise. After all, fake antivirus software schemes like MacDefender don't have to rely on exploitable vulnerabilities, but instead typically depend on tricking users into visiting malicious sites and duping them into installing the software.
And Mac users, for all their pretensions otherwise, are as fallible as the next person. But from the news accounts this month about MacDefender, and the posts not only on Mac-specific blogs but also on ones usually devoted to Windows, you could be forgiven for thinking that Macs are suddenly the victims of choice. They're not. Windows machines remain the most common target because, well, globally Windows PCs outnumber Mac OS by more than 16-to-1. What is true is that Mac users now face the same scareware scams that Windows owners have had to deal with for years. Is your sensitive company info being leaked on LinkedIn?
Kenneth van Wyk: Mobile security isn't going to just happen. Mac malware threat getting serious - Computerworld. Microsoft: One in 14 downloads is malicious. Interview: Slick social engineers to test their schmooze power at Defcon 19. Six rising threats from cybercriminals. Six Rising Threats From Cybercriminals CIO.com. Microsoft deepens Bing's use of Facebook data. Sony Breach Shows Amazon Cloud’s Hacker Appeal. 4 Hadoop Helpers Promise Speedy Big-Data Analysis -- InformationWeek. The Rising Use of SSL Raises New Risks CIO.com. Elgan: How to pop your Internet 'filter bubble' Secrets of the best enterprise Wi-Fi networks revealed. Wi-Fi access for retail: Tips on how to address key challenges. Nokia lays out serious risks in Microsoft WP7 deal. Convert, Edit, and Compose Images. Wi-Fi Vulnerabilities: Advances and Incidents in 2010 CIO.com.
Battle for developers to heat up at Mobile World Congress. Verizon launches IPv6 transition services. Pro-WikiLeaks cyber army gains strength; thousands join DDoS attacks. What's the point of Google Chrome OS? PieSpy - Inferring and Visualizing Social Network on IRC. Job Search Secrets: How to Build a Network in 12 Days (before Christmas) CIO. New protection against Firesheep attacks. Add-on Search Results for HTTPS Everywhere.
Password Cracking in the Cloud CIO.com. Project Management Professional. MeeGo. Networking. Gartner's Top 10 Technologies for 2011. Intrusion detection honeypots simplify network security. Data analytics requirements push database tech to limits. Making money with mobile apps. Healthcare IT Spotlight's Most Recent Posts. Google releases data cleanser. Pearltrees videos. Help.