 |
ON COMPUTER AND NETWORK SECURITY |
| Interim Selections - October 21, 1998 |
While a new issue of Netsurfer Focus on Computer and Network
Security is in preparation, here are links to some related news
stories that have appeared in our flagship publication,
Netsurfer Digest.
- Big Hack Attacks
- Soft-Sided Software
- Spy vs Spy
- Lighter Elements
BIG HACK ATTACKS
Profits, protests, and pranks
Financial gain, or 15 minutes of fame, many are the motivations and techniques to get into someone else's cyberknickers.
- A general review:
- Network Attack Trend Analysis: Who Hacks What How
Moustaches and graffitti on billboards, and then
twiddling the neon signs (remember the "First National Bank of Co _ _ erce"?)
The web offers some great new opportunities for personal expression.
- New York Times
- A Look at the New York Times Web Site Hack
- NYT Hack Source
- Yahoo
- The Yahoo Hack Page
Of course the US Department of Defence is a nice, juicy target for
any hacker who wants to earn primo bragging rights. But is getting
into India's Bhabha Atomic Research Centre really political protest?
- The Pentagon
- The Pentagon and the Hackers
- Bhabha Atomic Research Centre
- Atomic Hacking
And don't think that it's just the government's problem. Beauty is in the eye of the beholder, and your personal identity and information
is just as yummy to another set.
- Your credit card number
- Credit Card Data Compromised at Online Auction Sites
- Your email access
- Hacking Hotmail
- Your online identity at AOL
- Social Engineering is Alive and Well
-
-
SOFT-SIDED SOFTWARE
Bare flanks
Microsoft is arguing to the DoJ that the browser is an integral part of a
PC's operating system, and if our activities at Netsurfer are anything to
go by, we certainly can't disagree with that. Still, the pace of
innovations leaves a trail of security holes that keeps us patching.
- Netscape Communicator
- Netscape 4.06 Supports Web Ratings, Hack Disables Same
- Microsoft Internet Explorer
- Another New Internet Explorer Security Bug Involving JScript
- Want to Pirate Some Fonts? Fire Up IE 4.0
- Security Bug in Internet Explorer 4.0: Description and Fix
- Serious Security Flaws in Microsoft's Explorer and Web Server
- Both
- CERT Issues Serious Browser Security Advisory
Push disappeared with nary a whimper and the goldrush is on for e-mail. But popularity
breeds exposure and the killer app becomes the killer trap as a slew of problems is discovered
in everyone's email programs.
- Netscape
- Shockwave Security Bug Exposes E-Mail
- Microsoft
- Serious Windows E-Mail Security Problem: Fixes, More Fixes, and Workarounds
- Eudora
- Eudora Pro Hit with Security Bug, Patch Available
- And the standard itself
- S/MIME E-Mail Encryption Not Really Cracked, Just Weak
And exposure it is with a vengeance. As Microsoft's offerings become widespread
its pecadilloes, like those of Bill and Monica, find an audience on the Internet.
NT servers run into the run-o'-the-mill sorts of challenges all systems have, but
Active X seems to be in a class of its own in inspiring creativity.
- NT
- CERT Advisory on Windows NT Denial of Service Attacks
- Meanwhile, Another NT Security Flaw Surfaces
- Another Microsoft Networking Bug Exposes Passwords
- Microsoft NT Password Cracking Software Makes the News
- Out of Bandwidth Attack Patches for Windows 95/NT
- Active X
- Sun Dramatically Demos ActiveX Security Flaws
- German Hackers Use ActiveX to Snag Cash
Convergence, ahoy! Just to prove that challenging security schemes is an equal opportunity
opportunity, cracking of the phone network's diverse infrastructure continues:
- Phone card boo-boo
- The Failure of Security through Obscurity
- And don't trust those new handsets either
- Digital Cell Phone Keypad Code Cracked, Voice Next?
SPY vs SPY
The adventure continues
As the French say, "Plus ca change...". In the security game,
most of us are lucky rather than really good, and the evidence continues.
-
- A Small, Troubling Security Survey
There is always another password cracker, another hole in the firewall.
However, there are always those among us pushing the envelop, ignoring previous boundaries, and
here are some breakthroughs.
- Hiding attacks
- New Hacker Tactic: Slow, Coordinated Attacks from Multiple Locations
- A leak in the secure sandbox?
- Strange Brew, the First Java "Virus"
- Chipping at the pillars of e-commerce
- A Bug in Web Crypto SSL Algorithm, and a Fix
And the white hats insomniacs too, continue to contribute to the Internet stew.
- MCI Releases Free Denial of Service Tracker Security Tool
- RSA Donates Domain Name Security Software to the Net
LIGHTER ELEMENTS
Crackers great and small
Bright but not always beautiful to the beholder, here is an assortment of other
antics scampering across the headlines.
- A bright young wag
- Domain Name Hijacker Sprinkles Microsoft with Dirt
- Greedy and maybe not so bright
- Netscape Security Bug: Doing Business with the Big Boys
- Failed
- Net Hacks Can't Crack Mac
- Faked
- Fake "PGP Cracked" Message Lures Users into Trap
- Fratricidal
- RSA Crypto Cracking Contest, NML, Hacking Attacks, and Hotwired
NETSURFER FOCUS (c) S. M. Lieu. This document may be distributed freely
in electronic form in its entirety and without
modification. All other rights reserved.
NETSURFER DIGEST is a trademark of Netsurfer Communications,
Inc. Other publication, product, and company names may be trademarks
of their companies.
|