Integrity of hardware-based computer security is challenged Withdrawn Black Hat paper hints at flaws in TPM security architecture
A presentation scheduled for Black Hat USA 2007 that promised to undermine chip-based desktop and laptop security has been suddenly withdrawn without explanation.
Find the obfuscated abstract here:
TPMkit: Breaking the Legend of Trusted Computing(TC [TPM]) and Vista(BitLocker)
After four drafts and extensive public review, the long-awaited revision of the GPL has finally been released. Version 3 of the GPL clarifies aspects of the previous version, aims to block patent covenants that could limit unencumbered redistribution, and protects users’ rights to modify GPL-licensed software on embedded systems.
Military Running a Parallel Earth Simulator:
The US Department of Defense (DOD) may already be creating a copy of you in an alternate reality. Putting supercomputers to an innovative use, the military is simulating our planet in an effort to predict the outcome of different scenarios. They might run tests to see how long ‘you’ can go without food or water, or how ‘you’ will respond to televised propaganda. Billions of nodes are created in the system, intended to reflect every man, woman, and child. ‘Called the Sentient World Simulation (SWS), it will be a “synthetic mirror of the real world with automated continuous calibration with respect to current real-world information”, according to a concept paper for the project. Simulex is the company developing these systems, and they list pharmaceutical giant Eli Lilly and defense contractor Lockheed Martin among their private sector clients. The U.S. military is their biggest customer, apparently now running the most complex version of the system. JFCOM-9 is now capable of running real-time simulations for up to 62 nations, including Iraq, Afghanistan, and China. The simulations gobble up breaking news, census data, economic indicators, and climactic events in the real world, along with proprietary information such as military intelligence.
An unofficial Google Maps blog tracking the websites, mashups and tools being influenced by Google Maps.
Teredo is a platform-independent protocol developed by Microsoft, which is enabled by default in Windows Vista. Teredo provides a way for nodes located behind an IPv4 NAT to connect to IPv6 nodes on the Internet. However, by tunneling IPv6 traffic over IPv4 UDP through the NAT and directly to the end node, Teredo raises some security concerns.
Navy Bids Farewell to Minneapolis-St. Paul: After more than 23 years of service, the Los Angeles-class nuclear-powered fast-attack submarine USS Minneapolis-St. Paul (SSN 708) inactivated in a ceremony June 22 at Pier 3 at Naval Station Norfolk. Concerns remain that our shrinking fleet is going to leave us with our pants down at some point, and that our anti-sub warfare capabilities (or, rather, our lack thereof) could leave serious gaps waiting to be exploited. Two world wars showed that submarine fleets were able to have a drastic effect on the wider military and economic efforts of the combatants.
Yesterday it was attack subs, so why not missile boats today? Of the 18 Ohio-class nuclear ballistic missile submarines built from 1976-1997, all are still in service. Four of them have been removed from strategic service and have been converted to SSGN cruise missile subs. USS Ohio (SSGN 726) and USS Florida (SSGN 728) rejoined the fleet last year, USS Michigan (SSGN 727) just rejoined the fleet a couple of weeks ago, and USS Georgia (SSGN 729) should rejoin this fall. The remaining 14 Ohios continue to serve as strategic nuclear deterrents much as they did during the Cold War. Unlike the attack sub force, which has been nearly halved since 1990 with more cuts to come, the missile sub force has not been cut back nearly so much.
National ID May Have Killed Immigration Bill:
News.com reports that the immigration reform bill bouncing around in the Senate for the last few weeks has finally been defeated. The site speculates that, perhaps, one of the reasons it was finally defeated was a measure intended to expand the use of Real ID cards. If passed, the bill would have effectively turned the Real ID system into a National ID card. “The American Civil Liberties Union, another longtime foe of Real ID, said the Real ID requirements were a ‘poison pill that derailed this bill, and any future legislation should be written knowing the American people won’t swallow it.’ Another section of the immigration bill would have given $1.5 billion to state officials to pay for Real ID compliance. Even if the immigration bill is goes nowhere, however, the Real ID Act is still in effect. It says, starting on May 11, 2008, Americans will need a federally-approved ID card to travel on an airplane, open a bank account, collect Social Security payments or take advantage of nearly any government service.” As we’ve discussed before, several states have rebelled against the implementation of Real ID.
News: Lawmakers worry over gov’t network breaches:
Lawmakers worry over gov’t network breaches
Brief: Experts challenge claim of undetectable rootkits:
Experts challenge claim of undetectable rootkits
News: Group: Anti-hacking laws can hobble Net security:
Group: Anti-hacking laws can hobble Net security
Cisco IOS Exploitation Techniques Paper:
It has been more than a year since Michael Lynn first demonstrated a reliable code execution exploit on Cisco IOS at Black Hat 2005. Although his presentation received a lot of media coverage in the security community, very little is known about the attack and the technical details surrounding the IOS check_heaps() vulnerability. This paper is a result of research carried out by IRM to analyse and understand the check_heaps() attack and its impact on similar embedded devices. Furthermore, it also helps developers understand security-specific issues in embedded environments and developing mitigation strategies for similar vulnerabilities. The paper primarily focuses on the techniques developed for bypassing the check_heaps() process, which has traditionally prevented reliable exploitation of memory-based overflows on the IOS platform. Using inbuilt IOS commands, memory dumps and open source tools IRM was able to recreate the vulnerability in a lab environment. The paper is divided in three sections, which cover the ICMPv6 source-link attack vector, IOS Operating System internals, and finally the analysis of the attack itself.
The New York Times is reporting on preparations in the works by the US government to prep for a ‘cyberwar’. Precautionary measures are being taken to guard against concerted attacks by politically-minded (or well-paid) hackers looking to cause havoc. Though they outline scenarios where mass damage is the desired outcome (such as remotely opening a dam’s gates to flood cities), most expect such conflicts to be more subtle. Parts of the internet, for example, may be unreachable or unreliable for certain countries.
Hewlett-Packard released version 4 of its Linux Common Operating Environment (LinuxCOE) software this month. LinuxCOE is a front end to a set of Perl scripts that helps administrators by building customized install images for various Linux distributions.
DHS acknowledges own computer break-ins
Repeat after me: Clueless and Incompetent….Anyone really surprised by this? Reminds me of another completely incompetent gov agency I had to work with a while back…
RED HERRING | ATT to Block Pirated Content
And what about those of us that use BT to download legally obtainably ISOs? How will these fools differentiate between legal and illegal? Big Brother reporting to MPAA, RIAA and other 3 letter agencies.
ips-evasion.txt
Various commercial IPS products fail to decode HTTP requests that contain 0x0c, 0x0b, and 0x0d instead of normal 0×20/0×09 separators.
From: H. D. Moore
Bad Behavior has blocked 172 access attempts in the last 7 days.
