Comment english version of the heise story (Score 1) 116
is available on thier UK site:
25C3: Serious security vulnerabilities in DECT wireless telephony
Submission + - From the diary of a spy (heise-security.co.uk)
juct writes: "A former agent of the British MI5 secret service, told tales out of school at the 24th Chaos Communication Congress (24C3) in Berlin last Saturday. Apart from revealing details about the agency's computer problems she also gave insight into the thought processes and methods used by spies and called emphatically for more democratic control."
Submission + - The year 2008 in retrospective (heise-security.co.uk)
juct writes: "heise Security has published a funny review of the security relevant events of the upcoming year 2008. But then — maybe this isn't funny at all..."
Submission + - Secure your PHP aps -- now (heise-security.co.uk)
juct writes: "In their yearly top 20 security risks the Internet Storm Center names web applications as top risk for servers: "Every week hundreds of vulnerabilities are reported in commercially available and open source web applications, and are actively exploited." The number one problem they list is "PHP Remote File Include". So why not spend a little time to secure your web server now. heise Security has a writeup on Basic PHP security with practical examples."
Submission + - Antivirus protection worse than a year ago (heise-security.co.uk)
juct writes: "In a test of 17 antivirus products, the german magazine c't concluded, that the effectiveness has fallen off, and more and more pests can now slip past these barriers. Most of the products perform
reasonably well if they can rely on their database of signatures. But if
they have to detect new malware with heuristics, the results were worse
than last year. Besides this c't did the first comprehensive test of behaviour blocking
in antivirus products and found that more than half of them did not react on suspicious behaviour at all. The test itself is available only in the printed magazine, heise Security published a summary."
Submission + - ATM fraud aka skimming on the rise (heise-security.co.uk)
juct writes: "While everybody is talking about phishing and online fraud, the rate of ATM fraud raises silently. With nearly undetectable skimming devives, additional touchpads and cameras, fraudsters copy your card data, catch your PIN and loot your account. Look at the pictures, to see, if you spotted them."
Submission + - Dreamlab cracks wireless keyboard encryption (heise-security.co.uk)
Felix writes: "Wireless keyboards and mice are becoming an increasingly common sight on desks. However, wireless hardware carries large hidden risks. Dreamlab Technologies has shown that it is possible to capture and decrypt keystrokes, meaning that user names, passwords, bank details or confidential correspondence can be very easily eavesdropped.
Checkout http://www.dreamlab.net/ for further information."
Submission + - SecTor conference starts of with DNS(SEC) talks
leto writes: Dan Kaminsky and Paul Wouters both presented DNS security talks at the new Canadian security conference SecTor in Toronto. Kaminsky showed a DNS binding attack using javascript and flash, allowing him to penetrate any firewall and start scanning the internal network of any user that visited his website. Wouters gave a presentation on the Theory and current worldwide operational experiences of DNSSEC that included a fancy google map overlay showing all TLD's deploying or testing DNSSEC. For those not convinced about the need for DNSSEC, he showed "15 ways of using the DNS to capture your clicks". Other speakers included Rohit Sethi and Nish Bhalla demonstrating their new Opensource Exploit-Me series of Firefox plugins to perform automated penetration testing, Johnny Long with a hilarious talk on Hacking Hollywood, and the mandatory presentations about wifi and
bluetooth insecurities. No presentors were denied entry into Canada.
Submission + - Spying on the TOR anonymisation network (heise-security.co.uk)
juct writes: "The long standing suspicion, that the anonymizing network TOR is (ab)used to catch sensitive data by Chinese, Russian and American government agencies as well as hacking groups gets new support.
Members of the Teamfurry community found TOR exit-nodes which only forward unencrypted versions of certain protocols. These peculiar configurations invite speculation as to why they are set up in this way. Another tor exit node has been caught doing MITM attacks using fake SSL certificates."
Submission + - Apple Mail in Leopard vulnerable again (heise-security.co.uk)
juct writes: "In March 2006 Apple defused a security problem in Apple Mail that made it possible to inject disguised malignant code. In Leopard, the patch was apparently forgotten. This means that you can inadvertently start an executable by double-clicking a mail attachment that looks like a JPEG image file.
This works with special attachmnets of the MIME type AppleDouble, that carry information which application should be used to open a file. In Tiger you got a warning about a program being opened, Leopard silently executes a shell script with Terminal.app. heise Security provides a demo, where you can check for yourself."
Submission + - Who will defeat Colossus? (heise-security.co.uk)
juct writes: "Starting this Thursday Radio amateurs and cryptologists are being challenged to decode encrypted radio messages generated by a Lorenz SZ42 cipher machine and sent using the original radio protocol from WWII. Those taking part in the cipher event will compete against a rebuild of the computer used to crack enciphered messages sent by the German high command 63 years ago. See: Who will defeat Colossus?"
Submission + - Leopard firewall functionality and holes (heise-security.co.uk)
jmt(tm) writes: "The uk version of German it news site heise runs a follow up of earlier stories on problems with the firewall in Apple's new version of OS X. They take a look at Apple's own documentation, now available at the Mac OS X 10.5: About the Application Firewall page. Their verdict is clear: "Alltogether this confirms the impression created by the initial functionality test. In its current version, this firewall cannot be recommended for practical use.""
Submission + - Mac OS X Leopard firewall damages Skype and WoW (heise-security.co.uk)
juct writes: "Maybe it wasn't such a bad idea that Apple decided the firewall in Mac OS X Leopard should be deactivated by default. It turns out that it signs programs retrospectively — and can affect program integrity as a result. heise reports about omplaints coming in from users of Skype and World of Warcraft."
Submission + - Holes in the Mac OS X Leopard firewall (heise-security.co.uk)
juct writes: "If you specify "Block all Incoming connections" in a firewall you expect, that it does simply that: deny access to all services. As heise Security reports Leopard's firewall does not. Even when connected to the internet, they were able to access the time server running on a MacBook. In a LAN based scenario the Netbios Naming Service was acessible despite of the Firewall settings. If you choose the more flexible Option to "Set access for specific services and applications" it was possible to start a simple backdoor with netcat that could be accessed from the Internet."
Submission + - OS X Leopard firewall flawed 1
cycoj writes: German IT magazine Heise takes a look at the new OS X Leopard firewall. They find it flawed. When setting access to specific services and programs for example to only allow SSH access, they found that a manually started service was still accessible. From the article:
"So the first step after starting Leopard should be to activate the firewall. The obvious choice to do so is the option to "Set access to specific services and programs", which promises more control over network traffic. Mac OS X automatically enters all shared resources set up by the user, such as "Remote login" for SSH servers, into the list of accessable resources.
However, initial functional testing quickly dispels any feeling of improved security. A service started for testing purposes was able to be addressed from outside without any difficulty. The firewall records this occurrence."
Even with the firewall set to "Block all incoming connections" ports to netbios, ntp and other services were still open.
"Specifically these results mean that users can't rely on the firewall. Even if users select "Block all incoming connections," potential attackers can continue to communicate with system services such as the time server and possibly with the NetBIOS name server."
"So the first step after starting Leopard should be to activate the firewall. The obvious choice to do so is the option to "Set access to specific services and programs", which promises more control over network traffic. Mac OS X automatically enters all shared resources set up by the user, such as "Remote login" for SSH servers, into the list of accessable resources.
However, initial functional testing quickly dispels any feeling of improved security. A service started for testing purposes was able to be addressed from outside without any difficulty. The firewall records this occurrence."
Even with the firewall set to "Block all incoming connections" ports to netbios, ntp and other services were still open.
"Specifically these results mean that users can't rely on the firewall. Even if users select "Block all incoming connections," potential attackers can continue to communicate with system services such as the time server and possibly with the NetBIOS name server."
