QODS ec

Tuesday, May 18, 2004

Today's news and good articles:

First thing is first, the new Crypto-Gram is out read it here

Linux news:

In the Linux world we are always hearing about SCO's crap, today however an article has been published that might give some of us a chin up to what reality is, may be the SCO marketing capaign has back fired. Read more here

Linux Exposed from the Hacking Exposed family have an exstensive article on how Proxies to work. I do not have much time to read it but I will read it when time surfices. The article How Proxies Work and is available here.


In the security field who could keep the bad guys a sleep:


A significant rise have been noticed on the port 5000 and this is due of the bobax worm which uses port 5000 to fingerprint the machines. The worm still, like sasser, use the MS04-011 vulnerabilities. It also helps spammer by opening proxies. The image bellow is from F-Secure and it shows the rise of port 5000 traffic.





An analisis of the worm has been relised here.

Anther worm that has contributed to the rise of port 5000 is one called the Kibuv.B worm. The worm will start an FTP server on port 7955 with username/password set as blank. This is what SANS had to say on the impact of these worms:

None of the vulnerabilities used by these two worms is new. Unpatched systems are likely infected with other worms and do as such not provide a significant new threat. So far, we only count about 500,000 infected systems with either worm, which is just about on the same level as Sasser and Blaster.


Here is when the fun begins, and worm authors think that I need to patch my system. There is a worm spreding that will kill your sasser worm and would install the nessesary patches ( KB835732. The worm is called SdBot.MD and acording to F-Secure (and it quote):
It is quite a surprise to see that the latest SDBot.MD backdoor we received kills 3 Sasser variants and installs KB835732 security patches for Windows 2000 and XP. However it still remains a backdoor because it allows remote access to an infected computer.

A full discription is availble from F-Secure here.

The worm of the worm as it was labeled in a post to the full disclosure mailing list(here. The worm is called Dabber and it spreads by exploiting a vulnerability in the sasser worm a similar exploit was published at k-otik not too long ago which is available here. PC World has an article on the worm which is available here and LURHQ has a more techincal discription as well as how to remove it here

The Honeywall bootable CD has been released, here is what it is if you did not know already:
The Honeywall CDROM combines all the tools and requirements of a GenII honeynet gateway on a (hopefully) easy to use, secure, bootable CDROM. The intent is to make honeynets easier to deploy and customize. You simply boot off the CDROM, configure it based on your environment, and you should have a Honeywall gateway ready to go. The CDROM supports several configuration methods, including an interactive menu and .iso customization scripts. The CDROM is an appliance, based on a minimized and secured Linux OS. Please report all bugs, issues, or vulnerabilities at our Bug Server.

More discription is available here and mirrors are available from that page as well. The documentation start with this paper: Know Your Enemy: Honeywall CDROM. This CD might be very helpfull since i have been thinking about starting a honeynet for some time, the only thing that is holding me back is the lack or resources and time.

Cheap Wi-Fi DoS Attack Described by AusCERT
The 802.11b DoS Attack and Portable Viruses
Incident Handling (INCH) IETF Working Group
DefCon 12 WarDriving Contest Registration Now Open
Advisories: Fedora
TCP/IP Skills Required for Security Analysts
Mac OS X hit with another serious security issue
Wi-Fi jamming is easier than expected
Student uncovers US military secrets


In the Google's world:

The inquirer today ran a story about how Google might be sued after it has filed it's IPO.
He used the term in the 1940s in his book, Mathematics and the Imagination. For the record a googol is 10 raised to the 100th power - or the number 1 followed by a hundred zeros. Read it

Google has raisn the bar for e-mail. In fact as of today my Gmail is 10% full (yes 100MB). But google was not the first to offer 1 GB email Spymac.com offered it about 2 weeks before google and today News.com has a story that Lycos was the first. Read more here

Today i was playing with the templates offered with blogger and was kind of disapointed that the blog*spot ads do not go inside my big heading. Then i stumbled upon a way to remove the ads completly, I did that but quickly removed it. I was surprised at how easy it was. It seems that google will substitute your first body tag with the blog*spot ads, a simple way to remove the ads however is to insert !-- body -- with no spaces and put the tags your self blogger won't let me in posts. Do not however do such a thing since it does go against the terms of services of blogger.com hosting.

Google's Ethics Committee revealed.

Other reads of interest:

Mozilla - Back to Basics: Part 1 Firefox

Breaking News: Linus Torvalds Isn't the "Father of Linux," Claims Headline-Seeking Study

Why Today's Programming is Still Similar to what it was Decades Ago

Cisco investigates source code leak

And the idiotic:

"Evil" Linux Must Be Stopped From Compromising U.S. Defense, Says O'Dowd

The article from above is available here. Read it because it is the worst paper i have ever read. It has no argument just that Linux is bad and not secure and you should buy GreenHill's product.

Sasser suspect has fans. The funny this is that sum are acutally donating must be his friends or the Anti-virus vendors.

AOL: One billion viruses blocked I still do not belive it is upto the ISP to decide what is a virus and what is not the users must be educated and the developers must develop secure software.


Xploit fever:

Symantec Multiple Firewall DNS Response Denial-of-Service. A new exploit has been published by the guys at k-otik it deals with a buy discovered by eeye described here. The exploit has been made public here. I still wonder however how they are able to do such a thing after the frensh law that prohibity the use, development, or publishment of exploits guess they are just playing by the law, barely.


Misc:


How to bluetooth-enable your remote controlled car
The Top 10 Elements of Good Software Design


----------------------------------

Well now back to my reading, on the schedule is a 185 pages to read today.

0 Comments:

Post a Comment

<< Home


Get Firefox!