Today Vietnamese security research and Anti virus company BKIS announced a vulnerability in the proprietary facial recognition authentication systems included with most laptops. Le Nhat Minh, Nguyen Minh Duc, Bui Quang Minh, Le Minh Hung found that by using not so special printed photographs of the target users, certain facial systems simply recognized the photographs as the actual user allowing successful authentication.

One could infer that most systems are vulnerable to this vulnerability due to the two dimensional nature of these systems. For more information and video demo see the below link.

Video: http://security.bkis.vn/Proof-of-concept/Face_Recognition/FaceRecognitionBypassing_DemoVideo.wmv

Announcement: http://security.bkis.vn/?p=292

Just an FYI

We've setup a new IRC channel (#topsight) on dalnet. stop by.

www.dal.net

Erik Tews and Martin Beck of TU-Darmstadt, Germany (Both contributors to aircrack-ng)
yesterday released the first published work on cracking WPA encryption in less then 15
minutes without the use of brute-force or dictionary based attacks in a paper titled
Practical attacks against WEP and WPA

From: dl.aircrack-ng.org

In this paper, we describe two attacks on IEEE 802.11 based wireless
LANs[2]. The first attack is an improved key recovery attack on WEP,
which reduces the average number of packets an attacker has to intercept
to recover the secret key. The second attack is (according to our know-
ledge) the first practical attack on WPA secured wireless networks, besides
launching a dictionary attack when a weak pre shared key (PSK) is used.
The attack works if the network is using TKIP to encrypt the traffic. An
attacker, who has about 12-15 minutes access to the network is then able
to decrypt an ARP request or response and send 7 packets with custom
content to network.

See the full paper at dl.aircrack-ng.org

An issue with ESX/ESXi 3.5 Update 2 causes the product license to expire on August 12, 2008. VMware engineering has isolated the root cause of this issue and will reissue the various upgrade media including the ESX 3.5 Update 2 ISO, ESXi 3.5 Update 2 ISO, ESX 3.5 Update 2 upgrade tar and zip files by noon, PST on August 13. These will be available from the page: http://www.vmware.com/download/vi. Until then, VMware advises against upgrading to ESX/ESXi 3.5 Update 2.

For more information see: http://kb2.vmware.com/kb/1006716.html

New user registration is now open to any one interested. By registering with Topsight you'll be able to write and post your own stories. To register simple goto: http://www.topsight.net/users.php?mode=new and complete the required fields.

Zeroday Security Solutions has agreed to sponsor Topsight in furthing its goal of providing security insight to the masses.

For more information on ZeroDay Secure Solution see: http://www.zerodayss.com

YAY! Were two years old still figuratively crawling but speaking and being heard. In the last two years my self and logikal, and various others have worked to write over 300 small articles in our attempt to educate internet users in privacy, security, and the general whets happening on the net. So how can you help? EASY, signup for an account and post news, stories, articles, how-to's, and links to information that matters and is relevant. To sign-up you need a valid email address, or if you don't want to signup you can post anonymously by clicking get published or clicking add a link in our links section

Merry Christmas everybody!

The hacker magazine Phrack has released the newest installment of their zine. #61 downloadable here.