Berkeley CSUA MOTD:Entry 27299
Berkeley CSUA MOTD
 
WIKI | FAQ | Tech FAQ
http://csua.com/feed/
2025/04/03 [General] UID:1000 Activity:popular
4/3     

2003/2/4 [Computer/SW/Security] UID:27299 Activity:nil
2/3     Soda's very own Nick Weaver makes news again.
        http://news.com.com/2100-1001-983197.html?tag=fd_top
        \_ So he's a "security expert" now?
           \_ Yes he is.
2025/04/03 [General] UID:1000 Activity:popular
4/3     

You may also be interested in these entries...
2012/8/26-11/7 [Computer/SW/Security] UID:54465 Activity:nil
8/26    Poll: how many of you pub/priv key users: 1) use private keys that
        are not password protected 2) password protect your private keys
        but don't use ssh-agent 3) use ssh-agent:
        1) .
        2) ..
        3) ...
	...
2012/8/7-10/17 [Computer/SW/Security] UID:54455 Activity:nil
8/6     Amazon and Apple have lame security policies:
        http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/all
        "First you call Amazon and tell them you are the account holder, and
         want to add a credit card number to the account. All you need is the
         name on the account, an associated e-mail address, and the billing
         address. "
	...
2012/7/18-8/19 [Health/Men, Computer/SW/Security] UID:54438 Activity:nil
7/18    "Largest penis record holder arouses security suspicions at airport"
        http://www.csua.org/u/x2f (in.news.yahoo.com)
        \_ I often have that same problem.
        \_ I think the headline writer had some fun with that one.
           \_ One time when I glanced over a Yahoo News headline "U.S. busts
              largest-ever identity theft ring" all I saw was "U.S. busts
	...
2012/4/23-6/1 [Computer/SW/WWW/Browsers] UID:54360 Activity:nil
4/19    My Firefox 3.6.28 pops up a Software Update box that reads "Your
        version of Firefox will soon be vulnerable to online attacks."  Are
        they planning to turn off some security feature in my version of
        Firefox?
        \_ Not as such, no, but they're no longer developing this version,
           so if a 3.6.x-targeted hack shows up, you're not going to get
	...
2011/11/8-30 [Computer/SW/Security, Computer/SW/OS/Windows] UID:54218 Activity:nil
11/8    ObM$Sucks
        http://technet.microsoft.com/en-us/security/bulletin/ms11-083
        \_ How is this different from the hundreds of other M$ security
           vulnerabilities that people have been finding?
           \_ "The vulnerability could allow remote code execution if an
               attacker sends a continuous flow of specially crafted UDP
	...
2011/11/11-30 [Computer/SW/Security] UID:54224 Activity:nil
11/11   MacOSX's Sandbox security hole:
        http://preview.tinyurl.com/7ph2wtg [arstechnica]
	...
2011/2/10-19 [Computer/SW/Security] UID:54034 Activity:nil
2/9     http://www.net-security.org/secworld.php?id=10570
        Summary: iPhone passwd storage is unsafe after all
	...
Cache (2250 bytes)
news.com.com/2100-1001-983197.html?tag=fd_top
This puts Slammer into the realm of what some researchers call a "Warhol" worm because it could infect the entire Internet within 15 minutes. Researchers have theorized about such worms for some time, and a paper presented at last year's Usenix Security Symposium by security experts Vern Paxson, Stuart Staniford and Nicholas Weaver also predicted the emergence of such worms. Until now, however, no examples have been released into the wild. The authors of the CAIDA report--David Moore, Vern Paxson, Stefan Savage, Colleen Shannon, Stuart Staniford and Nicholas Weaver--noted that the worm paves the way for future versions that could spread even more quickly and create more chaos. Slammer's spread was two orders of magnitude faster than 28 Code Red, which infected 359,000 computers in the summer of 2001, and doubled in size only about every 37 minutes, according to CAIDA. Slammer infected fewer computers than Code Red, but was significantly limited by flaws in its design. For example, a faulty random-number generator meant that the worm was not able to scan all possible Internet addresses. Also, said CAIDA researchers, its method of random scanning was so aggressive that it quickly bogged down networks and was unable to continue operating at full throttle. The researchers noted that although the nature of the SQL bug exploited by Slammer helped it to spread quickly--the bug was exploitable by sending a single packet to a particular UDP ((user datagram protocol) port--other types of worms could spread just as quickly. Traditional virus-blocking methods are now practically useless for stopping the new breed of worm, the report's authors noted. On Friday, Stuart Okin, Microsoft UK's chief security officer, warned that morphed forms of Slammer could cause more problems than the original. This is because Slammer had no payload, so it did not do any direct damage aside from the effects of its denial-of-service nature, and systems could be cleaned by being switched off and on again. Get Up to Speed 34 Enterprise Security 35 Open source 36 Utility Computing 37 VoIP 38 Web services 39 Wi-fi 40 Spam: Report Card 2004 ZDNet's Dan Farber and NetsEdge Research Group's Peter Christy look at the latest weapons used to fight spam.