Security and the Net

News and opinions about security, the internet and more

Entries for October, 2008

Is the government monitoring your car?

This is slightly old news, but since last year, all cars sold in the US are required to have a tire pressure monitoring system (TPMS). These systems work through a sensor in each tire that monitors the tire pressure; the on-board computer in your car can read the output via a wireless connection. To the […]

Comments (2)

ORSN Alternative DNS root servers shutting down

The operators of the Open Root Server Network (ORSN) announced last week that they will be shutting down their project. The ORSN was started by a number of mainly european operators to reduce the amount of control that the U.S.A. has over the internet: The network coordinated by the ICANN, consisting of 13 Root-servers distributed among almost the […]

Leave a Comment

MS08-67 updates: NT4 support, FAQ, reverse engineering

A quick update for those looking for more information about Microsoft’s latest RPC vulnerability (MS08-067): over the weekend, more information has become available. First, there is good news for those of you that are still running NT4. Patches for Windows NT are said to be available: Microsoft has created patches for NT4 Workstation, NT4 Server, […]

Leave a Comment

Google Navy training fighter pilots?

As reported at the Register, Google founders Sergey Brin and Larry Page now own a 1982 Dornier Alpha Jet. While it certainly looks impressive, it’s nowhere near as exciting as it sounds: the Register calls it a “fighter jet”, but as you can see in this picture it’s a relatively small aircraft.     The primary use of […]

Leave a Comment

Belgian ISP scores first victory in P2P case

Belgian ISP Scarlet has scored its first victory in an important case that has been dragging on for years. This case is the first real test of how European copyright law can be applied to peer-to-peer networks. To give you a quick recap: The Belgian Society of Authors, Composers and Publishers (Sabam, the Belgian version […]

Comments (4)

Gimmiv.A worm first to exploit MS08-67 vulnerability

Just hours after the release of the MS08-067 security bulletin, the Gimmiv.A worm is the first real malware taking advantage of the RPC vulnerability. There’s a good writeup of what the worm does here, so I won’t repeat it. The dropsite used by the worm to post logins and passwords it captured has been closed, […]

Leave a Comment

Google notifying webmasters of security vulnerabilities

I somehow missed this news last week: Google is starting to actively alert people using the Webmaster Tools when one of their sites is running outdated software that might have know vulnerabilities. Right now the checks are limited to WordPress 2.1.1, which has some serious security issues, but if this is a success the service […]

Leave a Comment

About Microsoft’s MS08-67 security bulletin

As you might have noticed, Microsoft released this security bulletin, MS08-067, about an hour ago. It’s rated as Critical on all Windows-versions except Vista and 2008, and you should install this ASAP, at the very least on any machine that isn’t protected by a firewall. While the vulnerability itself isn’t particularly interesting (it’s in the […]

Leave a Comment

Updates about Sockstress TCP/IP attack

I just realized almost a week has passed since the T2 conference where more details about the elusive attack against the TCP/IP protocol were supposed to be presented, and we have yet to see any information we didn’t have before. Here is a quick summary of the information that is available now: Robert Graham says that […]

Leave a Comment

Wireless wiretapping for wired keyboards

Swiss researchers have demonstrated a way to read anything you type on your keyboard from up to 20 meters away by recording the electromagnetic radiation generated when you press a key.  We found 4 different ways (including the Kuhn attack) to fully or partially recover keystrokes from wired keyboards at a distance up to 20 […]

Leave a Comment