The Security Specific Search Engine
Welcome to searchSecurity.com's archive of Previous Events. Here, you can find Host to previous Q&A talks with Security professionals and experts.
Friday, November 16, 2001
Wednesday, November 14, 2001
News: Bug secrecy vs. full disclosure
By Bruce Schneider.
Last month Scott Culp, manager of the security response center at Microsoft, published an essay describing the current practice of publishing security vulnerabilities to be "information anarchy." He claimed that we'd all be a lot safer if researchers would keep details about vulnerabilities to themselves, and stop arming hackers with offensive tools. Last week, at Microsoft's Trusted Computing Forum, Culp announced a new coalition to put these ideas into practice.
This is the classic "bug secrecy vs. full disclosure" debate. I've written about it previously in Crypto-Gram; others have written about it as well. It's a complicated issue with subtle implications all over computer security, and it's one worth discussing again.
By Bruce Schneider.
Last month Scott Culp, manager of the security response center at Microsoft, published an essay describing the current practice of publishing security vulnerabilities to be "information anarchy." He claimed that we'd all be a lot safer if researchers would keep details about vulnerabilities to themselves, and stop arming hackers with offensive tools. Last week, at Microsoft's Trusted Computing Forum, Culp announced a new coalition to put these ideas into practice.
This is the classic "bug secrecy vs. full disclosure" debate. I've written about it previously in Crypto-Gram; others have written about it as well. It's a complicated issue with subtle implications all over computer security, and it's one worth discussing again.
ICANN eyes DNS security, solutions
MARINA DEL REY, Calif. - Of all the Internet's security concerns, one of the least troublesome may be the physical security of its root name servers, the top servers in the Internet's traffic directing system. There are only 13 of them, a redundant system located in scattered locations around the world, any one of which could probably be reconfigured in a pinch on a "beefy laptop."
MARINA DEL REY, Calif. - Of all the Internet's security concerns, one of the least troublesome may be the physical security of its root name servers, the top servers in the Internet's traffic directing system. There are only 13 of them, a redundant system located in scattered locations around the world, any one of which could probably be reconfigured in a pinch on a "beefy laptop."
Monday, November 12, 2001
Private Idaho 3.52t
Private Idaho is a PGP, anonymous remailer, and nym server front-end for Windows. It was initially made by Joel McNamara and, when he released the source code, I (Ian Lynagh) picked it up "just to look at it". Within a few days I had released PI3.0tb1 and haven't looked back since.
Private Idaho is a PGP, anonymous remailer, and nym server front-end for Windows. It was initially made by Joel McNamara and, when he released the source code, I (Ian Lynagh) picked it up "just to look at it". Within a few days I had released PI3.0tb1 and haven't looked back since.
Cryptography and Network Security
Like the author says "This page is unmaintained and full of many old, rotted links. Sorry. " Anyway, some links do work!
Like the author says "This page is unmaintained and full of many old, rotted links. Sorry. " Anyway, some links do work!
ESL400 scanner: Hardware like this makes it possible to eavesdrop the contents of your monitor (e.g. from a van in front of your office or from the neighboring flat)
Zero Emission Pad Freeware
Since decades international secret services use the fact that all electronic devices emit compromising rays. These rays can be used to recover a picture displayed by a monitor. Even if these rays passed walls and the receiver is many meters away. Together with our partner, the University of Cambridge (Great Britain), we offer to you the possibility to defuse these compromising rays via software (patent-pending "Soft-Tempest"). The text editor Steganos II Zero Emission Pad is the world's first Windows editor that supports the emission defusing display.
Zero Emission Pad Freeware
Since decades international secret services use the fact that all electronic devices emit compromising rays. These rays can be used to recover a picture displayed by a monitor. Even if these rays passed walls and the receiver is many meters away. Together with our partner, the University of Cambridge (Great Britain), we offer to you the possibility to defuse these compromising rays via software (patent-pending "Soft-Tempest"). The text editor Steganos II Zero Emission Pad is the world's first Windows editor that supports the emission defusing display.
Stego Online by Romana Machado
This privacy utility demonstrates a new way of communicating securely. Want to communicate securely, but don't want to send large files of strange-looking numbers? Want to use strong crypto, but know that your email is not secure enough? Stego works like invisible ink for Internet communication. Stego can hide an encrypted text file in a GIF format image file - which is the most commonly used image format on the World Wide Web. The resulting GIF can be attached to an email message or posted on a web page.
This privacy utility demonstrates a new way of communicating securely. Want to communicate securely, but don't want to send large files of strange-looking numbers? Want to use strong crypto, but know that your email is not secure enough? Stego works like invisible ink for Internet communication. Stego can hide an encrypted text file in a GIF format image file - which is the most commonly used image format on the World Wide Web. The resulting GIF can be attached to an email message or posted on a web page.
Steganography Information, Software, and News to Enhance Your Privacy.
In an ideal world we would all be able to openly send encrypted email or files to each other with no fear of reprisals. However there are often cases when this is not possible, either because you are working for a company that does not allow encrypted email or perhaps the local government does not approve of encrypted communication (a reality in some parts of the world). This is where steganography can come into play.
Steganography simply takes one piece of information and hides it within another. Computer files (images, sounds recordings, even disks) contain unused or insignificant areas of data. Steganography takes advantage of these areas, replacing them with information (encrypted mail, for instance). The files can then be exchanged without anyone knowing what really lies inside of them. An image of the space shuttle landing might contain a private letter to a friend. A recording of a short sentence might contain your company's plans for a secret new product. Steganography can also be used to place a hidden "trademark" in images, music, and software, a technique referred to as watermarking.
In an ideal world we would all be able to openly send encrypted email or files to each other with no fear of reprisals. However there are often cases when this is not possible, either because you are working for a company that does not allow encrypted email or perhaps the local government does not approve of encrypted communication (a reality in some parts of the world). This is where steganography can come into play.
Steganography simply takes one piece of information and hides it within another. Computer files (images, sounds recordings, even disks) contain unused or insignificant areas of data. Steganography takes advantage of these areas, replacing them with information (encrypted mail, for instance). The files can then be exchanged without anyone knowing what really lies inside of them. An image of the space shuttle landing might contain a private letter to a friend. A recording of a short sentence might contain your company's plans for a secret new product. Steganography can also be used to place a hidden "trademark" in images, music, and software, a technique referred to as watermarking.
When Osama Bin Ladin Was Tim Osman
Conspiracy Theory: The other man, dressed in Docker's clothing, was not a native Afghan any more than Olberg was. He was a 27-year-old Saudi. Tim Osman (Ossman) has recently become better known as Osama Bin Ladin. "Tim Osman" was the name assigned to him by the CIA for his tour of the U.S. and U.S. military bases, in search of political support and armaments.
Conspiracy Theory: The other man, dressed in Docker's clothing, was not a native Afghan any more than Olberg was. He was a 27-year-old Saudi. Tim Osman (Ossman) has recently become better known as Osama Bin Ladin. "Tim Osman" was the name assigned to him by the CIA for his tour of the U.S. and U.S. military bases, in search of political support and armaments.
David Shayler on MI6 Gaddafi Assassination Plot
This is the first ever police investigation into an allegation made against MI6. It directly contradicts former Foreign Secretary Robin Cook's claim that the Gaddafi Plot has "no basis in fact" and is "pure fantasy".
There are no charges against David Shayler for perjury or wasting police time, confirming that his detailed sworn statement was honest, reliable and true.
The Crown Prosecution Service has claimed there is not enough evidence likely to secure a conviction of the two MI6 officers responsible for the Plot, three and a half years after David made the initial disclosure and a year after he gave evidence. However, the police did gather 'relevant material'.
Shayler calls for statement from Prime Minister and Foreign Secretary about MI6 funding of groups with connections to Bin Laden who were involved in the attack.
This is the first ever police investigation into an allegation made against MI6. It directly contradicts former Foreign Secretary Robin Cook's claim that the Gaddafi Plot has "no basis in fact" and is "pure fantasy".
There are no charges against David Shayler for perjury or wasting police time, confirming that his detailed sworn statement was honest, reliable and true.
The Crown Prosecution Service has claimed there is not enough evidence likely to secure a conviction of the two MI6 officers responsible for the Plot, three and a half years after David made the initial disclosure and a year after he gave evidence. However, the police did gather 'relevant material'.
Shayler calls for statement from Prime Minister and Foreign Secretary about MI6 funding of groups with connections to Bin Laden who were involved in the attack.
OpenSSH 3.0 released
OpenSSH is a FREE version of the SSH protocol suite of network connectivity tools that increasing numbers of people on the Internet are coming to rely on. Many users of telnet, rlogin, ftp, and other such programs might not realize that their password is transmitted across the Internet unencrypted, but it is. OpenSSH encrypts all traffic (including passwords) to effectively eliminate eavesdropping, connection hijacking, and other network-level attacks. Additionally, OpenSSH provides a myriad of secure tunneling capabilities, as well as a variety of authentication methods.
OpenSSH is a FREE version of the SSH protocol suite of network connectivity tools that increasing numbers of people on the Internet are coming to rely on. Many users of telnet, rlogin, ftp, and other such programs might not realize that their password is transmitted across the Internet unencrypted, but it is. OpenSSH encrypts all traffic (including passwords) to effectively eliminate eavesdropping, connection hijacking, and other network-level attacks. Additionally, OpenSSH provides a myriad of secure tunneling capabilities, as well as a variety of authentication methods.
Hacker Watchdog Group Shows Enlightened View About Security
On 9 November 2001, Microsoft and security companies @Stake, BindView, Foundstone, Guardent and Internet Security Systems announced the formation of a hacker watchdog group called the Responsible Disclosure Forum. The group aims to establish guidelines and codes of conduct for releasing information about software vulnerabilities.
On 9 November 2001, Microsoft and security companies @Stake, BindView, Foundstone, Guardent and Internet Security Systems announced the formation of a hacker watchdog group called the Responsible Disclosure Forum. The group aims to establish guidelines and codes of conduct for releasing information about software vulnerabilities.
US government fails hacker testa
DESPITE dramatically tighter security at US buildings since the terrorist attacks, a House panel is giving the US Government failing marks for lax protection of federal computer networks.
The "F" grade dropped from the "D-" that the government earned in September 2000. Fully two-thirds of federal agencies — including the departments of Defence, Commerce, Energy, Justice and Treasury — flunked the latest "computer security report card".
DESPITE dramatically tighter security at US buildings since the terrorist attacks, a House panel is giving the US Government failing marks for lax protection of federal computer networks.
The "F" grade dropped from the "D-" that the government earned in September 2000. Fully two-thirds of federal agencies — including the departments of Defence, Commerce, Energy, Justice and Treasury — flunked the latest "computer security report card".
Subscribe to:
Posts (Atom)