Security and the Net

Along with the release of Microsoft’s Internet Explorer 8, a report by research firm NSS was presented that shows the new version of Internet Explorer is better at protecting users from malware. The (Microsoft-sponsored) study looked at the blacklist features of all modern browsers, using real malware URL’s, over a period of several days. The most important conclusion was that the SmartScreen filter in IE8 appears to offer the best protection, blocking over half the malware URL’s within a day.

[Read the rest of this entry...]

… when it doesn’t patch! That was an easy question, but Microsoft has a different opinion on this. In this blog post at 360 Security, Tyler Reguly explains why he thinks MS09-08 is not really a patch; it doesn’t actually fix the vulnerability that it is supposed to fix. [Read the rest of this entry...]

As most of you know the dsbl.org blacklist shut down almost a year ago. While they have officially been down for almost a year, many people were still had this RBL configured in their mailservers or anti-spam software, causing lots of queries on their nameservers. As of today, they have prevented this by changing their nameservers to a fake IP address that is not responding to any queries.

Since the DNS servers don’t respond, any machines still doing lookups in the dsbl.org zone will suffer from slower response times while waiting for replies. This is bad, but still a much better way to handle this than the methods some other RBL’s have used in the past. One notable example of how NOT to shut down your blacklist was ORDB; last year, it began listing every single machine on the internet in the relays.ordb.org zone.

[Read the rest of this entry...]

Last week, Matthew Dempsky posted an attack against Dan Bernstein’s djbdns software. Djbdns is one of several alternatives for the popular BIND nameserver, and is backed by a unique security guarantee that offers $1000 to the first person to publicly report a verifiable security hole in djbdns. The problem found by Dempsky allows an attacker to poison DNS records:

The security hole here is that an administrator that uses djbdns 1.05 to serve DNS content does not expect that configuring his name server as above will cause it to send records for names outside of burlap.dempsky.org. I.e., an attacker can trick the administrator’s name servers to include arbitrary DNS records in response to queries for names within domains he controls. [Read the rest of this entry...]

Following the large Gmail outage earlier this week, Google has launched a status page for their most important hosted services called Google Apps Status Dashboard. [Read the rest of this entry...]

Eurojost, the European Union’s Judicial Cooperaion Unit, has just issued a press release that was meant to clarify reports about the EU looking into methods to intercept Skype calls. Instead, it has only increased speculation about alleged backdoors built into the Skype software:

[Read the rest of this entry...]

Today marks the first time somebody sent me a link to a “simple” Wikipedia article. Up until now this was completely unknown territory for me, so I couldn’t resist the urge to browse through it. It’s currently quite small compared to the normal English version of Wikipedia; there are 55000 articles and 129000 “pages”.

[Read the rest of this entry...]

Next week, the first real public review of the contenders for the SHA-3 algorithm will take place in Belgium at Leuven University. The competition is run by the National Institute of Standards and Technology (NIST); the winner of the competition will likely become the default hash algorithm for US agencies by 2012, replacing the current SHA and SHA-2 algorithms.

Iteration of the SHA-2 compression function

[Read the rest of this entry...]

The popular leaks website wikileaks.org has become the victim of it’s own success: last week, private information about Wikileaks was posted on wikileaks.org! [Read the rest of this entry...]

A zero-day exploit for Adobe Reader has been making the rounds since yesterday. From Adobe’s advisory:

A critical vulnerability has been identified in Adobe Reader 9 and Acrobat 9 and earlier versions. This vulnerability would cause the application to crash and could potentially allow an attacker to take control of the affected system. There are reports that this issue is being exploited.

[Read the rest of this entry...]