|
 |
dilluns, 7 / novembre / 2005 |
A una tenda de productes de defensa de Barcelona (Carrer Balmes amb Gran Via, crec) tenen a l'aparador un projectil/bomba de mig metre de llargària... No sé si només es per fer «bonic» (encara que jo no el trobo gens bonic) o si realment el tenen a la venda... però trobo que aquesta mena d'artefactes no haurien d'estar sota cap circumstància a un aparador. Això no és un estri de defensa, sinó una arma amb intencions clarament ofensives.
Foto feta amb el Treo 600
La foto no es cap meravella (el Treo té les seves limitacions i he hagut de fer ombra amb el meu cos)... però us podeu fer una idea.
Actualització: Ahir, 28 de novembre, aquest míssil ja no hi era a l'aparador de la tenda.
|
21:50 (# Enllaç permanent) | Comentaris: | Trackback:
|
|
[Infosec Writers] Cookie Dethroning, article (en dues parts) sobre les consideracions de seguretat de les cookies. Es tracta d'un seriós i complet estudi que va més enllà de la simple paraonia i analitza en profunditat quins riscos de seguretat hi ha associat a l'ús de les cookies.
|
07:37 (# Enllaç permanent) | Comentaris: | Trackback:
|
|
Exchange Server Best Practices Analyzer Tool és una utilitat per als administradors de Microsoft Exchange que recull tota la informació sobre la configuració d'Exchange (a l'Active Directory, al registre, la metabase, el monitor de rendiment...). Amb tota aquesta informació, la compara amb les que es consideren millors pràctiques i genera un llistat suggerint els possibles canvis a realitzar a l'entorn per tal de millorar el rendiment, les possibilitats de creixement i la seguretat.
|
07:31 (# Enllaç permanent) | Comentaris: | Trackback:
|
|
VoIP Security and Privacy Trheat Taxonomy. Estudi sobre els problemes de seguretat i privadesa de VoIP (comunicacions telefòniques que aprofiten la infraestructura IP)
This Taxonomy defines the many potential security threats to VoIP deployments, services, and end users.
The overall goal is to help drive VoIP security awareness with the press, industry and public. In particular this Taxonomy provides a detailed structure for technical vulnerabilities that informs the following constitutencies:
- Press and public
- All vendors across the value chain including:
- carriers,
- service providers,
- equipment vendors
- software developers, and
- system integrators
- The technical community of designers and experts
- Media and entertainment content developers and publishers
- The policy and regulatory community
- The law enforcement community
|
07:27 (# Enllaç permanent) | Comentaris: | Trackback:
|
|
[SecurityFocus] Malware now doing the DNS switcheroo. Atacs phishing que s'aprofiten d'un troià que canvia la configuració dels servidors de noms... per tal de redireccionar de forma totalment transparent i difícil de detectar
The attack, triggered when a victim runs a Trojan horse, changes the victim's domain-name servers to point to attacker-controlled servers and then deletes itself, stated an analysis of the code by security firm Websense. The malicious code is sent to potential victims under the guise that it is a security update for Paypal. Instead, the program replaces the PCs domain servers with attacker-controlled ones that redirect requests for Paypal to a phishing site that steals the user's sensitive information.
|
07:24 (# Enllaç permanent) | Comentaris: | Trackback:
|
|
 WifiScanner és un detector i analitzador de xarxes sense fils per a Linux
WifiScanner is an analyzer and detector of 802.11b stations and access points. It can listen alternatively on all the 14 channels, write packet information in real time, can search access points and associated client stations, and can generate a graphic of the architecture using GraphViz. All network traffic can be saved in the libpcap format for post analysis.
|
07:21 (# Enllaç permanent) | Comentaris: | Trackback:
|
|
[WNN Wi-Fi Net News] EarthLink Will Require Strong Authentication for Municipal Networks. Les xarxes d'accés local que s'estan instal·lant actualment als Estats Units no oferiran un accés anònim sinó que caldrà autenticar-s'hi.
EarthLink will require what’s known as IEEE 802.1X with EAP-TTLS. The 802.1X standard allows for an unknown network device (a laptop with a PC Card, a Wi-Fi bridge, or another adapter) to connect to a Wi-Fi network and then negotiate for access by providing credentials—most likely a user name and password. EAP-TTLS is one method of ensuring that the negotiation is encrypted, and then of providing a legitimate user with a unique encryption key. EAP-TTLS and the similar PEAP standard are widely used for corporate security and both standards are required for WPA and WPA2 certification.
By mandating strong security, EarthLink ups the technical support issues for their retail partners because an 802.1X client (known as a supplicant) will be required to access their network. However, such clients are widely available at low or no cost. There’s an open-source project and Mac OS X 10.3 and later includes EAP-TTLS support out of the box. Windows XP users will have to install a simple client package available from at least two or three companies.
|
07:17 (# Enllaç permanent) | Comentaris: | Trackback:
|
|
[Wetchester.com] New Law Proposal to Counter Risks of Wireless Networks. El comtat de Westchester (Nova York, Estats Units) proposa una llei per obligar l'ús de mesures de seguretat a les connexions sesne fils
Westchester County proposes a local law that requires "security" on all private businesses that employ wireless network and store personal information about customers. This could include a "firewall," which seems like an awfully generic term in this context. Public networks would also be covered and have to post a notice of compliance.
Firewalls don't solve Wi-Fi security and privacy issues for private or public networks. I suspect that this uninformed law is superceded by federal protections and authority, too.
The only sensible requirement--if I supported legislated information technology behavior--would be to require businesses to use 802.1X authentication with WPA (WPA Enterprise) and hotspots to use WPA Personal (WPA with a shared key).
There are already federal requirements for how banking, medical, and other information are handled by businesses that would be inclusive of the protections necessary.
|
07:11 (# Enllaç permanent) | Comentaris: | Trackback:
|
|
© Copyright 2003-2005 Xavier Caballe.  . Si no s'indica expressament el contrari, el material publicat en aquest weblog es distribueix d'acord amb la llicència Creative Commons. El contingut és responsabilitat única i exclusivament del seu autor i no té cap relació amb les seves activitats professionals.
|
 |
 |
 |
 |
Contingut actualitzat
Categories
Darrers comentaris
Arxiu
Contingut antic
(ja no s'actualitza)
Versions anteriors
d'aquesta pàgina
|
 |
 |
 |
 |
|
