|
 |
diumenge, 3 / desembre / 2006 |
|
|
Malgrat que utilitza la legislació nord-americana, que m'imagino força diferent de la utilitzada per aquestes latituds, l'estudi és d'interès: Wi-Fi Liability: Potential Legal Risks in Accessing and Operating Wireless Internet
Suppose you turn on your laptop while sitting at the kitchen table at home and respond OK to a prompt about accessing a nearby wireless Internet access point owned and operated by a neighbor. What potential liability may ensue from accessing someone else's wireless access point? How about intercepting wireless connection signals? What about setting up an open or unsecured wireless access point in your house or business? Attorneys can expect to grapple with these issues and other related questions as the popularity of wireless technology continues to increase.
This paper explores several theories of liability involving both the accessing and operating of wireless Internet, including the Computer Fraud and Abuse Act, wiretap laws, as well as trespass to chattels and other areas of common law. The paper concludes with a brief discussion of key policy considerations.
|
  | 19:17 (# Enllaç permanent) | Comentaris: | Trackback:
|
|
 Cain & Abel 4.2 és una excel·lent eina per a la recuperació de contrasenyes a la plataforma Windows. Permet recuperar les contrasenyes tot capturant el tràfic de la xarxa, aplicant la força bruta amb un diccionari, realitzant criptoanàlisi, enregistrant converses VoIP, analitzant els protocols de routing...
The latest version is faster and contains a lot of new features like APR (Arp Poison Routing) which enables sniffing on switched LANs and Man-in-the-Middle attacks. The sniffer in this version can also analyze encrypted protocols such as SSH-1 and HTTPS, and contains filters to capture credentials from a wide range of authentication mechanisms. The new version also ships routing protocols authentication monitors and routes extractors, dictionary and brute-force crackers for all common hashing algorithms and for several specific authentications, password/hash calculators, cryptanalysis attacks, password decoders and some not so common utilities related to network and system security
New Feauteres:
- Cain's MitM NTLM Challenge Spoofing. (Requires APR to be active and a MitM condition between victim hosts).
You can now spoof server challenges in NTLM authentications; this feature enables the use of RainbowTables for cracking network hashes. WARNING !!! Enabling Challenge Spoofing cause users to fail authentications so use it carefully.
- NTLM Session Security authentications downgrade to LM&NTLMv1. The following protocols are supported: SMB, DCE/RPC, TDS, HTTP, POP3, IMAP, SMTP.
- LM + spoofed challenge Hashes Cryptanalysis via Sorted Rainbow Tables.
- HALFLM + spoofed challenge Hashes Cryptanalysis via Sorted Rainbow Tables.
- NTLM + spoofed challenge Hashes Cryptanalysis via Sorted Rainbow Tables.
- New types of RainbowTables have been added to Winrtgen v2.3. "lmchall" and "ntlmchall" tables can be used against LM and NTLM response hashes for spoofed challenges (default: 0x1122334455667788). "halflmchall" tables can be used against the first 8 bytes LM response hashes for spoofed challenges to recover the first 7 characters of the original password.
|
| 02:54 (# Enllaç permanent) | Comentaris: | Trackback:
|
|
[The Register] PDFs open critical hole in Internet Explorer. Les versions 7.0 a 7.08 de l'Adobe Acrobat Reader tenen una important vulnerabilitat de seguretat que pot ser utilitzada per atacar els ordinadors dels usuaris que fan servir l'Internet Explorer per visualitzar documents PDF
A critical vulnerability has been identified in Adobe's Acrobat and Reader software which affects Internet Explorer users.
As well as causing crashes, the frailty could allow a botnet to take control of the whole computer when a PDF is opened within Explorer.
The hole is present in Acrobat Standard and Professional versions 7.0.0 to 7.0.8, and Adobe Reader 7.0.0 to 7.0.8. Only Microsoft's browser is vulnerable.
Adobe encara no ha publicat cap pegat per eliminar aquesta vulnerabilitat, però sí unes indicacions per impedir-ne la utilització
The following workaround will prevent these vulnerabilities from occurring in Adobe Reader 7.0.X on Windows using Internet Explorer:
- Exit Internet Explorer and Adobe Reader.
- Browse to <volume>:\Program Files\Adobe\Acrobat 7.0\ActiveX.
Note: If you did not install Acrobat to the default location, browse to the location of your Acrobat 7.0 folder.
- Select AcroPDF.dll and delete it.
NOTE: This workaround will prevent PDF documents from opening within an Internet Explorer window. After applying this workaround, clicking on PDF files within Internet Explorer will either open in a separate instance of Adobe Reader or the user will be prompted to download the file, which can then be opened in Adobe Reader. This workaround may disrupt some enterprise workflows and use of PDF forms.
|
| 02:47 (# Enllaç permanent) | Comentaris: | Trackback:
|
|
© Copyright 2000-2007 Xavier Caballe.  . Si no s'indica expressament el contrari, el material publicat en aquest weblog es distribueix d'acord amb la llicència Creative Commons. El contingut és responsabilitat única i exclusivament del seu autor i no té cap relació amb les seves activitats professionals.
|
|
