Enllaços
Contingut actualitzat
Categories
Contingut antic
(ja no s'actualitza)
Versions anteriors
d'aquesta pàgina
Arxiu
|
|
 |
dilluns, 1 / desembre / 2003 |
SANS Institute organitza pel proper dimecres 3 de desembre un webcast (conferència via web) sobre la suplantació de la identitat al món digital: Ten Ways to Hack Proof your Identity. Per accedir a aquest webcast, de forma gratuïta, cal registrar-se prèviament. Unes dues hores abans del començament, es podrà baixar la presentació en format PDF.
|
22:25 (# Enllaç permanent) ()
|
|
S'han descobert nombroses vulnerabilitats a l'Internet Explorer que, utilitzades de forma combinada, poden ser explotades per a comprometre el sistema d'un usuari.
Continuació...
|
17:52 (# Enllaç permanent) ()
|
|
"The Economist" publica un article, Fighting the worms of mass destruction on analitza el problema que suposen els cucs i virus informàtics i els problemes associats amb l'actitud reactiva de la indústria, que limita el problema a la disponibilitat de pegats:
WHEN Microsoft released its latest monthly batch of software patches on November 11th, it included one designed to repair a previously unknown flaw in Windows 2000. Such an event often acts as a tip-off to the writers of computer worms and viruses, who know that new patches are never applied very widely or very quickly. L'article continua analitzant la situació actual del mercat i la situació de 'mono-cultiu' de Windows (94% dels PC), la possibilitat de que Microsoft (i els altres fabricants de software) tinguin problemes legals per incompliment de la normativa de defensa dels consumidors (indicant el cas de Los Angeles el passat mes d'octubre on un jutge va admetre a tràmit una denúncia contra Microsoft per vendre productes insegurs) i la problemàtica d'identificar qui són els autors dels cucs i els virus i com s'aprofiten de la privadesa.
To preserve freedom further, suggests Mr Lessig, anonymity could be replaced by pseudonymity. It might become legal, for instance, to have credit cards for online transactions under different names, as long as these could still be traced to the individual owner. The challenge is to set the legal hurdles for online search warrants high enough so that governments cannot abuse their power. But at the same time to keep them low enough so that criminals can be found and stopped. In this respect, the online world should be no different from the real one. Sobre aquest últim punt tinc les meves reserves... però l'article es prou interessant com per aconsellar-ne la lectura.
|
15:20 (# Enllaç permanent) ()
|
|
Article d'ONLamp.com sobre les ACL (llistes de control d'accés) de FreeBSD 5.0
Unix permissions are flexible and can solve almost any access control problem, but what about the ones they can't? Do you really want to make a group every time you want to share a file with another user? Perhaps you don't have root, and you can't create a group at will. Sometimes the limitations can cause security problems; it would be nice to be able to make a directory available to a web server or other user without making the files world-readable or world-writable. Root-owned configuration files often need to be edited by those without root privileges; instead of using programs like sudo or calife and risking shell escapes in editors, it would be better just to allow certain non-owners to edit these files.
Access Control Lists (ACLs) solve these problems. They allow more flexibility than the standard Unix user/group/other set of permissions. ACLs have been available in commercial UNIXes such as IRIX and Solaris (and in Windows NT) for years. Now, thanks to the TrustedBSD project's work, ACLs are available in FreeBSD 5.0-RELEASE and beyond. Much of the information below applies, at least in part, to ACL implementations on other platforms; however, you will want to look at specific documentation to avoid being tripped up by differences in syntax. There shouldn't be many, as FreeBSD attempts to conform to the latest POSIX.1e draft. Interessant article!
|
13:06 (# Enllaç permanent) ()
|
|
[ZDNet] Blackouts highlight network vulnerabilities Sobre els efectes de l'apagada general del passat 14 d'agost a la costa est d'Amèrica del Nord. Ja vaig comentar fa uns dies la publicació de l'esborrany de l'informe oficial.
The summer's blackouts weren't caused by a worm or virus, but the failures highlight infrastructure weak spots, a report concluded this week.
(...)
The Internet was far more seriously affected than previously thought by the blackouts that swept Europe and North America this summer, and without more investment in backup power, it is in no shape to supersede the telephone network for primary communications, according to the report, by data analysis company Renesys.
(...)
The networks suffering from abnormal connectivity outages belonged to more than 1,700 organizations, and more than 1,000 groups had outages of all of their networks that lasted more than four hours. Nearly half of those organizations involved in global Internet routing lost connectivity to some or all of their networks in the blackout area.
|
11:51 (# Enllaç permanent) ()
|
|
© Copyright 2004 Xavier Caballe. 
|
|
|
