Archive for the ‘Security’ Category
Since a secret emergency meeting of computer security experts at Microsoft’s headquarters in March, Dan Kaminsky has been urging companies around the world to fix a potentially dangerous flaw in the basic plumbing of the Internet.
Dan Kaminsky, a Web security specialist, showing a list of servers and whether they are patched.
While Internet service providers are racing to fix the problem, which makes it possible for criminals to divert users to fake Web sites where personal and financial information can be stolen, Mr. Kaminsky worries that they have not moved quickly enough.
By his estimate, roughly 41 percent of the Internet is still vulnerable. Now Mr. Kaminsky, a technical consultant who first discovered the problem, has been ramping up the pressure on companies and organizations to make the necessary software changes before criminal hackers take advantage of the flaw.
Next week, he will take another step by publicly laying out the details of the flaw at a security conference in Las Vegas. That should force computer network administrators to fix millions of affected systems.
But his explanation of the flaw will also make it easier for criminals to exploit it, and steal passwords and other personal information.
Mr. Kaminsky walks a fine line between protecting millions of computer users and eroding consumer confidence in Internet banking and shopping. But he is among those experts who think that full disclosure of security threats can push network administrators to take action. “We need to have disaster planning, and we need to worry,” he said.
The flaw that Mr. Kaminsky discovered is in the Domain Name System, a kind of automated phone book that converts human-friendly addresses like google.com into machine-friendly numeric counterparts.
The potential consequences of the flaw are significant. It could allow a criminal to redirect Web traffic secretly, so that a person typing a bank’s actual Web address would be sent to an impostor site set up to steal the user’s name and password. The user might have no clue about the misdirection, and unconfirmed reports in the Web community indicate that attempted attacks are already under way.
The problem is analogous to the risk of phoning directory assistance at, for example, AT&T, asking for the number for Bank of America and being given an illicit number at which an operator masquerading as a bank employee asks for your account number and password.
- In: 'Matrix' | - | Cyberwar | DARPA | InformationWeek | plans | Security
- Leave a Comment
The agency’s National Cyber Range for cyberwar simulation would be similar to Star Trek‘s holodeck or a Snow Crash-style Metaverse.
Police officers practice their firearm skills on a shooting range, so why shouldn’t government computer security experts have the same kind of training ground?
The Defense Advanced Research Projects Agency, or Darpa, on Monday issued a call for research proposals to develop the National Cyber Range, or NCR (NYSE: NCR), a virtual network environment for cyberwar simulation.
In other words, Darpa wants to build something along the lines of The Matrix, Star Trek‘s holodeck, or a Snow Crash-style Metaverse to test cyberwar strategies and drill cyberwarriors. That’s not to say Darpa is aiming for a visually immersive world to entertain people; rather, it wants a place to pit hackers against simulated machines.
Darpa’s interest in such matters reflects a growing U.S. government and military commitment to develop more sophisticated cyberwar capabilities. A major reason for this is that other countries, such as China, are pursuing similar goals.
“The NCR will become a National resource for testing unclassified and classified cyber programs,” Darpa’s announcement explains. “Government and Government-sponsored Test Organizations (TO) authorized to conduct cyber testing will coordinate with the NCR performer for range time and resources. …The NCR will support multiple, simultaneous, segmented tests and testbeds. At the completion of the test the NCR will sanitize and de-allocate the testbed resources, thus absorbing them back into the range.”
The NCR aims to provide the ability to replicate military, government, and commercial IT systems and infrastructure; to monitor and manage events; and to analyze, collect, and present test data.
The Associated Press: Yahoo teams with McAfee to offer search results security
Posted on: May 6, 2008
This April 30, 2008 file photo shows an exterior view of Yahoo headquarters in Sunnyvale, Calif. Microsoft Corp. has withdrawn its $42.3 billion bid to buy Yahoo Inc., scrapping an attempt to snap up the tarnished Internet icon in hopes of toppling online search and advertising leader Google Inc. The decision to walk away from the deal came Saturday May 3, 2008 after last-ditch efforts to negotiate a mutually acceptable sale price proved unsuccessful. (AP Photo/Paul Sakuma, File)
Yahoo Inc. and McAfee Inc. are joining to offer alerts about potentially dangerous Web sites alongside search results generated at Yahoo.com.
With the new security feature — slated to take effect Tuesday — people who search the Internet using Yahoo will see a red exclamation point and a warning next to links McAfee has identified as serving dangerous downloads or using visitors’ e-mail addresses to send out spam.
Dangerous downloads can include “adware,” which shows unwanted advertisements; “spyware,” which secretly tracks users’ keystrokes and other actions; and other malicious programs that can give criminals control over users’ computers.
Yahoo and McAfee hope the move will quell users’ anxiety about accidentally clicking on malicious links.
“Yahoo users have clearly told us that among the most important concerns for them are all these lurking threats on the Internet,” said Priyank Garg, director of product management for Yahoo’s search division. “They know the damage they can do but they don’t know how to protect themselves.”
Yahoo has decided to simply nuke the worst offenders — sites that attempt “drive-by downloads,” or trying to automatically install malicious code on visitors’ computers by exploiting coding flaws in their Web browsers.
If McAfee has identified a site as having employed such tactics, Yahoo users won’t see the link at all.
“When a user gets a set of search results, there’s really no indication of who’s a good guy and who’s a bad guy,” said Tim Dowling, vice president of McAfee’s Web Security Group. “You’re really leaping off a platform of faith that you’re clicking on a site that’s safe and not one that’s bad. And the bad guys really try hard to look good.”
The companies declined to reveal the financial terms of the partnership.
The deal represents the latest attempt by Sunnyvale-based Yahoo to lure more search requests, snap out of its recent financial funk and steal advertising dollars from search leader Google Inc. as it tries to justify its rebuff of Microsoft Corp.’s $47.5 billion takeover bid.
- In: IEEE | LAN | Microsoft | Security | Technologies | Windows Vista | Wireless
- Leave a Comment
Benefits of Wireless LANs
Institute of Electrical and Electronic Engineers (IEEE) 802.11 wireless LAN networking provides the following benefits:
•
Wireless connections can extend or replace a wired infrastructure in situations where it is costly, inconvenient, or impossible to lay cables. This benefit includes the following:
•
To connect the networks in two buildings separated by a physical, legal, or financial obstacle, you can either use a link provided by a telecommunications vendor (for a fixed installation cost and ongoing recurring costs) or you can create a point-to-point wireless link using wireless LAN technology (for a fixed installation cost, but no recurring costs). Eliminating recurring telecommunications charges can provide significant cost savings to organizations.
•
Wireless LAN technologies can be used to create a temporary network, which is in place for only a specific amount of time. For example, the network needed at a convention or trade show can be a wireless network, rather than deploying the physical cabling required for a traditional Ethernet network.
•
Some types of buildings, such as historical buildings, might be governed by building codes that prohibit the use of wiring, making wireless networking an important alternative.
•
The wiring-free aspect of wireless LAN networking is also very attractive to homeowners who want to connect the various computers in their home together without having to drill holes and pull network cables through walls and ceilings.
•
Increased productivity for the mobile employee. This benefit includes the following:
•
The mobile user whose primary computer is a laptop or notebook computer can change location and always remain connected to the network. This enables the mobile user to travel to various places—meeting rooms, hallways, lobbies, cafeterias, classrooms, and so forth—and still have access to networked data. Without wireless access, the user has to carry cabling and is restricted to working near a network jack.
•
Wireless LAN networking is a perfect technology for environments where movement is required. For example, retail environments can benefit when employees use a wireless laptop or palmtop computer to enter inventory information directly into the store database from the sales floor.
•
Even if no wireless infrastructure is present, wireless laptop computers can still form their own ad hoc networks to communicate and share data with each other.
•
Easy access to the Internet in public places.
Benefits of Wireless LANs
Support for IEEE 802.11 Standards
Support for IEEE 802.11 Security Standards
Checklists and Resources
Valleywag - valleywag.wordpress.com 
Recent Comments