Integrity of hardware-based computer security is challenged Withdrawn Black Hat paper hints at flaws in TPM security architectureA presentation scheduled for Black Hat USA 2007 that promised to undermine chip-based desktop and laptop security has been suddenly withdrawn without explanation.
GPL 3 officially released:After four drafts and extensive public review, the long-awaited revision of the GPL has finally been released. Version 3 of the GPL clarifies aspects of the previous version, aims to block patent covenants that could limit unencumbered redistribution, and protects users’ rights to modify GPL-licensed software on embedded systems.Read More…
Military Running a Parallel Earth Simulator:”The US Department of Defense (DOD) may already be creating a copy of you in an alternate reality…. They might run tests to see how long ‘you’ can go without food or water, or how ‘you’ will respond to televised propaganda…. ‘Called the Sentient World Simulation (SWS), it will be a “synthetic mirror of the real world with automated continuous calibration with respect to current real-world information”, according to a concept paper for the project. Simulex is the company developing these systems, and they list pharmaceutical giant Eli Lilly and defense contractor Lockheed Martin among their private sector clients…. The simulations gobble up breaking news, census data, economic indicators, and climactic events in the real world, along with proprietary information such as military intelligence.”
Google Maps ManiaAn unofficial Google Maps blog tracking the websites, mashups and tools being influenced by Google Maps.
Teredo is a platform-independent protocol developed by Microsoft, which is enabled by default in Windows Vista. Teredo provides a way for nodes located behind an IPv4 NAT to connect to IPv6 nodes on the Internet. However, by tunneling IPv6 traffic over IPv4 UDP through the NAT and directly to the end node, Teredo raises some security concerns.
Paul: After more than 23 years of service, the Los Angeles-class nuclear-powered fast-attack submarine USS Minneapolis-St…. Concerns remain that our shrinking fleet is going to leave us with our pants down at some point, and that our anti-sub warfare capabilities (or, rather, our lack thereof) could leave serious gaps waiting to be exploited. Two world wars showed that submarine fleets were able to have a drastic effect on the wider military and economic efforts of the combatants. While no one is going to challenge our supremacy in the realm of carrier-centered naval power, even just the threat of submarines could potentially keep those carriers from operating when and where we need them to…. The attack sub fleet is part of the ASW effort, and when you couple the shrinking hunter fleet with the retirement of the S-3 Vikings, the delays in the P-3 Orion’s follow-on (the P-8A Poseidon MMA), and questions about the Littoral Combat Ship (LCS) program, I suspect that we’ve got…
Four of them have been removed from strategic service and have been converted to SSGN cruise missile subs. USS Ohio (SSGN 726) and USS Florida (SSGN 728) rejoined the fleet last year, USS Michigan (SSGN 727) just rejoined the fleet a couple of weeks ago, and USS Georgia (SSGN 729) should rejoin this fall…. Unlike the attack sub force, which has been nearly halved since 1990 with more cuts to come, the missile sub force has not been cut back nearly so much. Though Northrop Grumman’s Newport News recently said it was ready and willing to start designing the next class of boomer, no current plans call for new boats. If the attack sub fleet finds itself scrambling to justify its existence in an age of asymmetric land warfare, the missile subs have an even tougher task in convincing budgeters of the need for a massive nuclear deterrent in a post-Mutually Assured Destruction world….
National ID May Have Killed Immigration Bill:News.com reports that the immigration reform bill bouncing around in the Senate for the last few weeks has finally been defeated. The site speculates that, perhaps, one of the reasons it was finally defeated was a measure intended to expand the use of Real ID cards…. “The American Civil Liberties Union, another longtime foe of Real ID, said the Real ID requirements were a ‘poison pill that derailed this bill, and any future legislation should be written knowing the American people won’t swallow it.’ Another section of the immigration bill would have given $1.5 billion to state officials to pay for Real ID compliance…. It says, starting on May 11, 2008, Americans will need a federally-approved ID card to travel on an airplane, open a bank account, collect Social Security payments or take advantage of nearly any government service.”
News: Lawmakers worry over gov’t network breaches:
Lawmakers worry over gov’t network breaches
Brief: Experts challenge claim of undetectable rootkits:
Experts challenge claim of undetectable rootkits
News: Group: Anti-hacking laws can hobble Net security:Group: Anti-hacking laws can hobble Net security>> Advertisement <<ALERT: “How A Hacker Launches A Blind SQL Injection Attack Step-by-Step”!” - White Paper Blind SQL Injection can deliver total control of your server to a hacker giving them the ability to read, write and manipulate all data stored in your backend systems!
‘Wave Of Trojans’ Goes On The Rampage:
Cisco IOS Exploitation Techniques Paper:It has been more than a year since Michael Lynn first demonstrated a reliable code execution exploit on Cisco IOS at Black Hat 2005. Although his presentation received a lot of media coverage in the security community, very little is known about the attack and the technical details surrounding the IOS check_heaps() vulnerability. This paper is a result of research carried out by IRM to analyse and understand the check_heaps() attack and its impact on similar embedded devices…. The paper primarily focuses on the techniques developed for bypassing the check_heaps() process, which has traditionally prevented reliable exploitation of memory-based overflows on the IOS platform…. The paper is divided in three sections, which cover the ICMPv6 source-link attack vector, IOS Operating System internals, and finally the analysis of the attack itself.
China’s Space Threat
The Worst Jobs in Science 2007
The New York Times is reporting on preparations in the works by the US government to prep for a ‘cyberwar’. Precautionary measures are being taken to guard against concerted attacks by politically-minded (or well-paid) hackers looking to cause havoc. Though they outline scenarios where mass damage is the desired outcome (such as remotely opening a dam’s gates to flood cities), most expect such conflicts to be more subtle. Parts of the internet, for example, may be unreachable or unreliable for certain countries.
Hewlett-Packard released version 4 of its Linux Common Operating Environment (LinuxCOE) software this month. LinuxCOE is a front end to a set of Perl scripts that helps administrators by building customized install images for various Linux distributions.
DHS acknowledges own computer break-ins Repeat after me: Clueless & Incompetent….Anyone really surprised by this? Reminds me of another completely incompetent gov agency I had to work with a while back…
RED HERRING | AT&T to Block Pirated ContentAnd what about those of us that use BT to download legally obtainably ISOs?
ips-evasion.txtVarious commercial IPS products fail to decode HTTP requests that contain 0×0c, 0×0b, and 0×0d instead of normal 0×20/0×09 separators.From: H. D.
Bad Behavior has blocked 990 access attempts in the last 7 days.