Security and the Net

News and opinions about security, the internet and more

Black Hat Europe update: Trust issues?

Apr.16, 2009 in Security, Short newslinks Leave a Comment

The “Kaminsky 2.0″ at Black Hat today turned out to be  the talk from Daniel Mende and Enno Rey, dealing with vulnerabilities in the BGP and MPLS protocols. From what I can tell, there was no real news; most of the information they presented has been available for a while.

The fact that BGP has “trust issues” is old news; once you’ve established a peering session with another router, most providers will happily accept any routes you send them. This is already being dealt with on several levels: [Read the rest of this entry...]

“Kaminsky 2.0″ at Black Hat Europe tomorrow?

Apr.15, 2009 in News, Security Leave a Comment

I’ve heard several reports, including one from a large Dutch news site, mention that a new security issue will be revealed at Black Hat Europe tomorrow. It is said to have the same impact as the DNS bug found by Dan Kaminsky last year. No further details have been provided, but since the full speaker list is already available we can have a look at potential candidates.

blackhat

[Read the rest of this entry...]

Amazon: technical glitch, censorship gone wrong, or was it a hacker?

Apr.15, 2009 in News, Security 1 Comment

This weekend, lots of writers saw their books disappear from Amazon’s bestseller lists. Somehow, the sales ranking for their books was removed. Since this ranking is an important way for potential buyers to select the contents of their shopping cart, this prompted several angry responses by authors.

amazon_logo_3

[Read the rest of this entry...]

Fiber cuts: does physical security matter?

Apr.11, 2009 in Security 1 Comment

Although fiber cuts happen daily all over the world, last weeks cuts in the Bay Area suddenly became interesting news. Why? Not because of the massive outages (seriously, there have been incidents with underseas cables that have left entire countries offline for days or weeks. The reason this became newsworthy was the fact that these were deliberate cuts:

As you may have heard on the news, some time during the early morning hours today an AT&T employee accessed a manhole between Redwood City and San Carlos CA. and cut all fiber links. This has affected Telekenex and all major carriers (AT&T, Verizon MCI/Sprint, Level 3, Abovenet Communications and others). Services throughout the Bay Area have been affected, as well as links that were serviced from this location (Seattle being one of them) [Read the rest of this entry...]

Passwords and the iPhone

Apr.11, 2009 in Apple, General 1 Comment

Ever since I started using an iPhone, entering passwords has been a major annoyance. Since the built-in browser has no option for remembering passwords, I have to re-enter every single password for every website I use way too often.

pwd_iphone_large [Read the rest of this entry...]

Can Twitter provide added value for Google?

Apr.06, 2009 in General Leave a Comment

There have been a number of rumors lately that suggest Google might be interested in buying Twitter. While these were downplayed by both Twitter and sources at Google, there is obviously some truth to this. Twitter is becoming so popular that all major players in the industry are following them closely; they would be stupid not to. The real question is: what added value can Twitter bring for companies such as Google and Microsoft?

gwitter [Read the rest of this entry...]

Dutch Electronic Patient Records delayed over privacy, hacking fears

Apr.01, 2009 in News, Security Leave a Comment

The Dutch Ministry of Health announced yesterday that the rollout of the national Electronic Healt Records system EPD has been delayed until later this year. One of the reasons is that experts found a vulnerability in the chipcard used to access patient records. The implementation of the encryption algorithm on the cards enabled an attacker to clone the card including the private key once they knew the PIN used.

1100954_41021887 [Read the rest of this entry...]

Chrome the only browser to survive Pwn2Own

Mar.21, 2009 in Security Leave a Comment

Of the four browsers that were targeted in this year’s Pwn2Own contest at CanSecWest, only Google Chrome wasn’t successfully hacked despite the $5000 reward offered:

The contest uncovered 4 new and unique critical vulnerabilities affecting the latest and greatest versions of IE, Safari and FireFox. The Chrome browser gets a small nod for being impacted by one of the flaws, although exploit is not possible using any current known techniques. I’m sure they’ll get it fixed up just the same.

logos

[Read the rest of this entry...]

Adobe finally patches flaw in Reader, needs to update blog platform

Mar.20, 2009 in Security, Short newslinks Leave a Comment

Almost a month after admitting there was an easily exploitable buffer overflow in its Reader product, Adobe has finally managed to produce patches for Adobe Reader versions 7 and 8. [Read the rest of this entry...]

Microsoft’s Silverlight used on YouTube

Mar.20, 2009 in Short newslinks Leave a Comment

If the rumors about IBM buying Sun weren’t enough, this news should prove once and for we live in interesting times: Silverlight has made its way to YouTube. It’s used on the CBS March Madness channel, and the feeds themselves are not served by Google, but it is an interesting development nonetheless.

silverlight

[Read the rest of this entry...]

Welcome!

Use the links below to navigate this site.
If you have any suggestions for improving this site, feel free to let me know at mar...@securityandthe.net, or leave a comment on the site.