juct - Slashdot User

Submission + - Mozilla to protect Adobe Flash users (h-online.com) 1

Submitted by

juct

on Friday September 04, 2009 @06:10AM

juct writes: "Firefox is going to check the version of installed Adobes Flash plug-ins and warn users if it discovers an outdated version with potential security holes. Mozilla confirmed this new security feature and said that the Flash version check was part of a wider commitment to "protect users from emerging threats online". Only recently a study confirmed, that 80 per cent of users surf with a vulnerable version of Adobe's plug-in."

Comment english version of the heise story (Score 1) 116

by juct on Tuesday December 30, 2008 @01:42PM (#26269335) Attached to: CCC Hackers Break DECT Telephones' Security

is available on thier UK site: 25C3: Serious security vulnerabilities in DECT wireless telephony

Submission + - Secure USB sticks cracked (heise-online.co.uk) 1

Submitted by

juct

on Wednesday March 12, 2008 @12:26PM

juct writes: "Manufacturers of USB sticks and cards with fingerprint readers promise us that their data safes can only be opened with the right fingerprint. In their tests, heise Security found that it is easy to bypass the authentication and get access to the protected data. This works by sending a single USB command — Command Descriptor Block — that changed the accessible partition. They found the vulnerability in the MyFlash FP1 from A-Data (USB-ID 1307:1169) and the 1GB Secure Card (USB-ID 7009:1765) sold by 9pay. The JetFlash 210 and 220 fingerprint sticks from Transcend use the chips in question and also provide access to the protected partition after transmission of a single USB command. The UT176 made by CySecure could also suffer from the same flaw, though they have not tested it yet."

Comment Re:Bad link (Score 1) 4

by juct on Monday February 18, 2008 @07:01PM (#22468720) Attached to: Cracking a crypto hard drive case

Ok -- I resubmitted with working links. I hope the editors don't mind. thanks, ju

Submission + - Cracking a crypto hard drive case (heise-online.co.uk)

Submitted by

juct

on Monday February 18, 2008 @06:53PM

juct writes: "An AES label alone does not ensure that your data are protected. heise examined a hard drive enclosure with an RFID key that is quite typical for lots of similar products. They found that the 128-bit AES hardware encryption claimed in adverts, was in fact a simple XOR encryption that they were able to break easily with a known plaintext attack. (Editors: resubmitted with correct links this time — sorry for the one I screwed up)"

Submission + - Antivirus protection worse than a year ago (heise-security.co.uk)

Submitted by

juct

on Thursday December 20, 2007 @11:35AM

juct writes: "In a test of 17 antivirus products, the german magazine c't concluded, that the effectiveness has fallen off, and more and more pests can now slip past these barriers. Most of the products perform reasonably well if they can rely on their database of signatures. But if they have to detect new malware with heuristics, the results were worse than last year. Besides this c't did the first comprehensive test of behaviour blocking in antivirus products and found that more than half of them did not react on suspicious behaviour at all. The test itself is available only in the printed magazine, heise Security published a summary."

Submission + - Spying on the TOR anonymisation network (heise-security.co.uk)

Submitted by

juct

on Wednesday November 21, 2007 @11:41AM

juct writes: "The long standing suspicion, that the anonymizing network TOR is (ab)used to catch sensitive data by Chinese, Russian and American government agencies as well as hacking groups gets new support. Members of the Teamfurry community found TOR exit-nodes which only forward unencrypted versions of certain protocols. These peculiar configurations invite speculation as to why they are set up in this way. Another tor exit node has been caught doing MITM attacks using fake SSL certificates."

Submission + - OS X Leopard firewall flawed 1

Submitted by cycoj on Monday October 29, 2007 @05:29PM

cycoj writes: German IT magazine Heise takes a look at the new OS X Leopard firewall. They find it flawed. When setting access to specific services and programs for example to only allow SSH access, they found that a manually started service was still accessible. From the article:

"So the first step after starting Leopard should be to activate the firewall. The obvious choice to do so is the option to "Set access to specific services and programs", which promises more control over network traffic. Mac OS X automatically enters all shared resources set up by the user, such as "Remote login" for SSH servers, into the list of accessable resources.

However, initial functional testing quickly dispels any feeling of improved security. A service started for testing purposes was able to be addressed from outside without any difficulty. The firewall records this occurrence."

Even with the firewall set to "Block all incoming connections" ports to netbios, ntp and other services were still open.

"Specifically these results mean that users can't rely on the firewall. Even if users select "Block all incoming connections," potential attackers can continue to communicate with system services such as the time server and possibly with the NetBIOS name server."

Submission + - GeForcing passwords (heise-security.co.uk)

Submitted by

juct

on Thursday October 25, 2007 @08:07AM

juct writes: "Using the GPU GeForce-8 cards Windows NTLM passwords can be cracked up to 25 times faster than previously thought possible. The Russian company Elcomsoft has implemented this in version 2.0 of its Distributed Password Recovery product."

Submission + - Unofficial URI-patch for Windows (heise-security.co.uk)

Submitted by dg2fer on Thursday October 18, 2007 @05:12AM

dg2fer writes: For more than two month, the vulnerability of parsing URIs is known for several Windows programms, including Outlook, Adobe Reader, IRC clients and many more.

The latest Microsoft patches published for October did not include a solution for the URI problem, so according to an article on heise security hackers started to solve the problem theirselfes and published an unofficial patch which cleans up the critical parameters of URI system calls before calling the vulnerable Windows system function.

Bookmark Update Vista and Office offline (heise-security.co.uk)

by juct on Monday October 15, 2007 @06:21AM

Bookmark Microsoft Outlook also caught in the URI trap (heise-security.co.uk)

by juct on Tuesday October 09, 2007 @05:42PM

Bookmark URI problem also affects Acrobat Reader and Netscape (heise-security.co.uk)

by juct on Friday October 05, 2007 @03:58PM

Bookmark Could cats put text captchas in the doghouse? (heise-security.co.uk)

by juct on Friday September 14, 2007 @09:13AM

Submission + - The Morality of Web Advertisement Blocking (cnet.com) 1

Submitted by Anonymous Coward on Tuesday September 11, 2007 @10:44AM

An anonymous reader writes: There has been some recent coverage of the over-hyped boycott of Firefox, in response to the rising popularity of the Adblock Plus Firefox extension. A recent editorial on CNET looks into the issue, and explores the moral and legal issues involved in client-side web advertisement blocking. Whereas TiVo users freeload on the relatively fixed broadcasting costs paid by TV networks, users of web ad-blocking technology are actively denying website owners revenue that would otherwise go to pay for the bandwidth costs of serving up those web pages. If the website designer has to pay for bits each time you view their website without viewing their banner ads, are you engaged in theft? Is this right? CNET has more on the subject....

Slashdot Top Deals