In Through The Out Door

Top 12 Operating Systems Vulnerability Survey:

Have you ever wondered how vulnerable your computer is from the first bit you write to the hard drive all the way until you have a fully patched system? If so, Matthew Vea has posted a concise summary of security strengths and shortcomings for twelve of the major operating systems of 2006/2007. In his summary, Matt tests each OS with widely available tools like nmap and Nessus, and notes responses at install, pre-patch, and post-patch times for each system. After the tedious job is done, he produces results that will make both the Apple and Windows communities cringe with regards to security. From the article: ‘As far as straight-out-of-box conditions go, both Microsoft’s Windows and Apple’s OS X are ripe with remotely accessible vulnerabilities … The UNIX and Linux variants present a much more robust exterior to the outside. Even when the pre-configured server binaries are enabled, each [Linux] system generally maintained its integrity against remote attacks

Forget WEP and WPA; I’m switching over to the EM-SEC Coating System, a recently revealed paint developed by EM-SEC Technologies that acts as an electromagnetic fortress, allowing a wireless network to be contained within painted walls without fear of someone tapping in or hacking wireless networks.

Apple Remote Tricks

Stephen Korecky has posted a bunch of handy Apple remote tricks over at MacInstruct. His post shows you how to pair your remote with a Mac, how to use the remote to send your Mac into sleep mode, and more. Who knew that holding down the remote’s Menu button produced the same disk-switching behavior on an Intel Mac as pressing the option key as you boot? Some of Korecky’s tricks are a bit obvious (flipping through iPhoto slideshows and controlling Keynote presentations) but most of them are gems.

The root cause of security breaches:

Java father James Gosling was asked in a recent interview to identify the biggest security threat to enterprises. 

The number one biggest threat to enterprises is the inherent fallibility and laziness of humans. We can make the software as solid as we can but if someone says the root password of the machine is …

Open IPTV Forum wants to set end-to-end IPTV standards:

A new industry consortium wants to make the various IPTV standards work seamlessly together so that consumers can use a single set-top box to access multiple IPTV providers. Unfortunately, Microsoft is not involved.

Mark Russinovich on Windows Kernel Security:

The final part of his three part series, Mark Russinovich wraps up his look at changes made in the Windows Vista Kernel by exploring advancements in reliability, recovery, and security. “Applications written for Windows Vista can, with very little effort, gain automatic error recovery capabilities by using the new transactional support in NTFS and the registry with the Kernel Transaction Manager. When an application wants to make a number of related changes, it can either create a Distributed Transaction Coordinator (DTC) transaction and a KTM transaction handle, or create a KTM handle directly and associate the modifications of the files and registry keys with the transaction. If all the changes succeed, the application commits the transaction and the changes are applied, but at any time up to that point the application can roll back the transaction and the changes are then discarded.”

Schneier on Vista’s DRM provisions:

Security expert Bruce Schneier has written an interesting essay about Vista. Windows Vista includes an array of features that you do not want. These features will make your computer less reliable and less secure. They willl make your computer less stable and run slower. They will cause technical support problems. They may even require you to upgrade some of your peripheral hardware and existing software. And these features wont do anything useful. In fact, they are working against you

How to hide an entire filesystem

Vint Cerf on Net Security, Hacking, and Acting:

Father of the Internet Vint Cerf talks candidly in an article on Dark Reading about his being a Googler, and the biggest problems with Internet security and what he sees as the most promising solutions. He says that he’s only done a little casual hacking, and that the term ‘hacker’ no longer comes with the honor it once did. Cerf also reveals in this personal look at the Internet icon that his real dream was to be an actor.

sshguard: Protection for OpenSSH:

Are you concerned about brute force dictionary attacks on SSH? Given the popularity of these attacks, you should be. sshguard is a new tool to help protect against such attacks. Although it is still in beta stage, it appears to work well.

A Network Sniffer On Steroids:

Errata has developed a new network sniffer, dubbed ‘Ferret,’ that looks for traffic using 25 protocols, including those for the popular instant message clients as well as DHCP, SNMP, DNS and HTTP. This means the sniffer will capture requests for network addresses, network management tools, Web sites queries, Web traffic and more. ‘You don’t realize how much you’re making public, so I wrote a tool that tells you,’ said Robert Graham, Errata’s chief executive. Errata has released the source code to this version 1.0, ‘feature-poor and buggy’ tool on its site. Anyone with a wireless card will be able to run it, Graham said.

ATT scales back U-Verse expectations:

The road has been a bumpy one for ATT as it slowly rolls out U-Verse. Ars looks at the reasons behind U-Verse’s problems.

The Assassination of Wi-Fi:

John C. Dvorak from PC Magazine has up an article looking at the new strategy of American cell-phone-service companies. From article: ‘There is mounting evidence that the cellular service companies are going to do whatever they can to kill Wi-Fi. After all, it is a huge long-term threat to them. We’ve seen that the route to success in America today is via public gullibility and general ignorance. And these cell-phone-service companies are no dummies.

Homeland Security Offers Details on Real ID:

C|Net is running an article on the DHS’s requirements for the Real ID system. Thursday members of the Bush administration finally unveiled details of the anticipated national identification program. Millions of Americans will have until 2013 to register for the system, which will (some would argue) constitute a national ID. RFID trackers for the cards are under consideration, as is a cohesive nation-wide design for the card. States must submit a proposal for how they’ll adopt the system by early October of this year. If they don’t, come May of next year their residents will see their licenses unable to gain them access to federal buildings and airplanes. The full regulations for the system are available online in PDF format. Likewise, the DHS has a Questions and Answers style FAQ available to explain the program to the curious.

Single Packet Authorization:

Single Packet Authorization fills the gaps in port knocking.

A New Dawn for Nukes:

WASHINGTON (AP) – The Bush administration selected a design for a new generation of atomic warheads, taking a major step toward building the first new nuclear weapon since the end of the Cold War two decades ago. The military and the Energy Department selected a design developed by the Lawrence Livermore National Laboratory in California over a competing design by the Los Alamos National Laboratory in New Mexico, according to government sources who spoke on condition of anonymity in advance of a formal announcement. The decision to move ahead with the warhead, which eventually would replace the existing arsenal of weapons, has been criticized as sending the wrong signal to the world at a time when the United States is assailing attempts at nuclear weapons development in North Korea and Iran and striving to contain it. But military and Energy Department officials have argued that the new U.S. warhead will not add to the nuclear arsenal. They maintain the new design will make the weapons stockpile more secure and reliable without the need for actual underground testing. The warhead has been the focus of an intense competition between Los Alamos and Lawrence Livermore, the government’s two premier nuclear weapons…

Parallels Desktop supports Leopard, Vista:

Parallels today released a free update to Parallels Desktop for Mac to enhance its virtualization software with a new installation assistant tool, shared networking support, and official compatibility for Mac OS X 10.5 Leopard. The latest release of Parallels Desktop for Mac also supports Microsoft’s recently-released Windows Vista operating system, adds several additional features, and repairs numerous bugs. Parallels Desktop for Mac runs ‘guest’ operating systems inside a Mac by allowing that operating system to run alongside Mac OS X, managing system resources as the two systems co-exist side-by-side. The latest revision ensures that Solaris guest operating systems don’t hang after suspending or resuming, and includes an improved Parallels Tools package. Parallels Desktop now offers full support for OpenBSD 3.8 as a guest operating system, and ensures that the G4U hard disk cloning tool works in virtual machines.

The Open Source Hook:

By Scott Ruecker

Measuring TCP Congestion Windows:

By René Pfeiffer