dijous, 5 / juliol / 2007

Impressores: cada vegada més perilloses per a la seguretat de la xarxa local Interessant article de l'InfoWorld: Printers get smarter but less secure. Les impressores es poden convertir en un autèntic maldecap per a la seguretat de les xarxes locals. A typical multifunction networked printer today isn't just a printer with an Ethernet port. It's also a fax machine with a phone port — often still POTS, regardless of whether the rest of the office is on VoIP. It also has a full operating system with access controls (often open by default and containing open backdoors so that support people can do off-site maintenance); a Telnet server; an FTP server; a pretty big hard disk; and usually SNMP turned on by default, too. All those smarts enable some cool print features, especially along the lines of remote printing, but they also make your printer a serious security risk (...)< It's great for IT staffers in one sense, since they don't need to do much to enable printing, provided the printer isn't made by some company in the hinterlands. But it's not so great for security, because it engenders a feeling of neglect toward the printers themselves. It was the same with wireless access points a while back. Just plug them in and fiddle until you got the green link light. Who wants to deal with advanced security protocols on both AP and client side when you can just be lazy and have your clients find them automatically? Vista is going to push the same kind of feeling with printers. Why deal with real security on your print side when it might mean you have to toddle over to the client side and do actual work?

| 16:17 (# Enllaç permanent)

Vulnerabilitat focus() a Firefox Vulnerabilitat a la funció focus() de Firefox (totes les versions fins a la 2.0.0.4). Pot ser utilitzada per una web malèvol per, de forma transparent i inadvertida per l'usuari, canviar el focus de l'esdeveniment onKeyDown (bàsicament vol dir que es pot capturar allò que accedir a qualsevol fitxer de la màquina de l'usuari). Prova de concepte.
| 16:09 (# Enllaç permanent)

Saltar-se FileVault Presentació al 23è Chaos Communication Congress: Unlocking FileVault. FileVault és el sistema de fitxers xifrat del Mac OS X. We present an analysis of Apple's proprietary disk encryption technology, FileVault. Besides the vendor's claim of 128-bit security through the use of AES, not much was previously known about its inner workings. This talk will fill in the many missing details in the puzzle and analyse the design decisions. Besides the cryptographic details, this talk will of show how the relevant parts of the DiskImages framework were reverse-engineered for this project   La presentació en format PDF

| 16:04 (# Enllaç permanent)