The recent release of I2P 2.5.0, an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew of improvements and new features that will certainly intrigue security practitioners. This release aim...
The threats listed in the document are just the "tip on the iceberg," Nowland said, warning network administrators not to feel safe simply because they address the 10 concerns outlined by SANS. NETSEC intends next week to release its . . .
"... With a bit of ingenuity, anyone can skirt basic password authentication and go straight to the goodies on those sites where administrators are foolish enough to post them. If the desired information is contained in a Web page, anyone . . .
"In the race to get online, network security has been something of an afterthought. But even the most obscure agency can be a target for Internet intruders. .. According to records on Web site defacements kept by attrition.org, a hacking . . .
The SANS threat list has become the focus this week. "The majority of successful attacks on computer systems via the Internet can be traced to exploitation of one of a small number of security flaws, SANS said. Most . . .
More on the recent SANS report. ""Many of the vulnerabilities on that list are well-known vulnerabilities that everyone knows about," said Sean Hernan, team leader for vulnerability handling at the Computer Emergency Response Team (CERT) Coordination Center at Carnegie . . .
Here is a pretty serious DoS advisory released on Bugtraq. I am not aware of any fixes, yet. We'll keep you posted! "Allegro-Software-RomPager is an http server which is used in network hardware like switches to provide a . . .
TACACS+ is a protocol used to provide access control for routers and network devices created by Cisco. Solar found a buffer overflow and reported it and supplied a patch in the report below. Cisco later responded to . . .
The latest version of nmap, a utility for port scanning networks, has been released. This tool should be in everyone's security arsenal. "The main addition is IP Protocol scan mode (-sO) which tells you what protocols the host . . .
This article explains the need and rationale for Secure SHell, an encrypted communications channel which functions as a telnet replacement, and also guides you through the process of installing and using SSH on your own system. . . .
When it emerged less than a decade ago, the World Wide Web was quickly embraced as a bright new medium that could help reinvent government and revitalize democracy. But gradually government policy-makers have also seen that the Web has a . . .
If your agency deals in classified or sensitive information, you probably wage an ongoing war against Internet hackers. The danger isn’t so much from hackers’ creativity as much as it’s due to managers’ failures to seal security holes, establish policies . . .
Dug Song has contributed Kerberos v4 (KPOP) and APOP authentication patches for popa3d v0.4. I've mirrored them into popa3d/contrib on the FTP and added links to the popa3d page at the usual location: . . .
"... The proposal, which paves the way to make IPv6 the standard protocol in third-generation mobile multimedia networks, was accepted this week in a plenary session of the system architecture group of the 3GPP (Third-Generation Partnership Project), Nokia said in . . .
Reto Haeni has written this paper that gives a brief overview of the features of IPv6 and discuss its security specifications. In the later sections of the paper, he compares the security specifications of IPv6 to one of today's available . . .
Accessing the Web using WAP (Wireless Application Protocol)-enabled mobile phones may be all the rage, but what about the security issues? While it is possible to encrypt selected sections of the Web using a desktop PC with conventional browser and . . .
The spectrum used by the LANs' signals is expected to become crowded so quickly that companies could find themselves replacing all of their wireless equipment in just two to three years, as wireless technology is forced to move to less . . .
The two best things about those fast Internet connections you get from cable, DSL, and ISDN are that you don't have to dial a number to connect to the Internet, and they are also easy to share over a network. . . .
This article focuses on several host-based intrusion detection systems that are available on Linux. In particular, I will cover some of the basics of installing setting up these packages, how they are useful, and in what circumstances they can be . . .
Slashdot.org, the "news for nerds" Web site popular among Linux fans, fell victim to a series of hacker attacks for three days last week. The site was taken down intermittently by a series of distributed denial-of-service (DDoS) attacks Thursday, . . .
The implications of Microsoft's propreitary "extensions" to Kerberos could be pretty far-reaching. "As a legal wrangle develops over whether the Linux/open-source news Web site Slashdot.org can post messages containing what Microsoft calls a "trade secret," key members of the . . .