Network and Computer Security

Just as Microsoft released on August 8th an IE 6 update to fix multiple vulnerabilities (See Microsoft Security Bulletin MS06-042), the NSFocus security team has found this update does introduce a new vulnerability.

This vulnerability can be exploited remotely by sending an overly-long URL to the browser.

This issue has been assigned the name: CVE-2006-3869

See here for the full details: NSFOCUS Security Advisory (SA2006-08)

See here for the advisory from microsoft and the updated patch: Microsoft Security Bulletin MS06-042.

The August 15th issue of Bruce Schneier’s Crypto-Gram newsletter is out (ans has been for a few days now, but your favorite webmaster has been on vacation):

What really matters as far is computer security is concerned!

For an exclusive and alternative take on the current world news, just make sure you read the “Last Week’s Terrorism Arrestsâ€? article, as it’s the best I’ve read on this subject so far!

Last Week’s Terrorism Arrests
Remote-Control Airplane Software
Crypto-Gram Reprints
Doping in Professional Sports
iPod Thefts
News
Security Certifications
The Doghouse: Sniper Flash Cards
A Month of Browser Bugs
HSBC Insecurity Hype
Counterpane News
Updating the Traditional Security Model
Bot Networks
Comments from Readers

The problem with viruses, worms and other malicious codes or hacking attempts is that it’s not always easy to detect them. In most of the cases, it’s actually quite hard to spot them.

There are many different techniques and tools to do so, but none of them is really fully efficient, so a good network and security administrator will have to learn to combine several tricks to try to detect what’s wrong on his network.

Yiming Gong wrote a very interesting article about the usage of NetFlow to detect Worms; definately a must-read for network administrators (Note: For Open-Source people who don’t have/want NetFlow, some alternatives are suggested in the second article).
Detecting Worms and Abnormal Activities with NetFlow, Part 1

Detecting Worms and Abnormal Activities with NetFlow, Part 2

We often see articles and sews about denial of service and distributed denial of service attacks (”DoS” and “DDoS”), but besides the fact they render a service useless by trying to overloading it, few details are usually given.

As it turns out, the mechanism is a bit more complicated and it’s not exactly an ‘Overloading’ of the service is the sence we usually mean it, but most of the time it’s actually a flood of the networking layer of the target machine(s).

Abhishek Singh wrote a very good acticle that explains this technique very well. It’s a very good read and a very well illustrated article. Definately worth the read!