Security ViewpointsSecurity ViewpointsComments, observations and tips on security, operating systems and the IT industry
Articles:
1, 2
Articles
High assurance SSL certificates ineffective?
2007-01-31 19:50:05 A quick follow-up to a previous post about the new "high assurance" SSL certificates that SSL vendors are selling at a premium and are now supported in some web browsers like MS Internet Explorer 7. Researchers are Stanford University have published the results of a study (PDF) showing that use of these high assurance certificates did not help users identify phishing attempts. From the abstract: "…we found that picture-in-picture attacks showing a fake browser window were as effective as the best other phishing technique, the homograph attack. Extended validation did not help users identify either attack. Additionally, reading the help file made users more likely to classify both real and fake websites as legitimate when the phishing warning did not appear." What the study observed was not the new certificates themselves but the effectiveness of the visual indicators displayed by MSIE 7. When that browser access an SSL web site using an HA certificate the b... More About: Cat , Effect , High , Certificates , Effective
Linux high availability clustering
2007-01-31 19:50:05 One of the few remaining advantages of commercial Unix over Linux or BSD are the "enterprise" features like high availability (HA) clustering. Sun offers tools like Solaris Cluster that handle the hard parts of setting up high availability for you. In the Linux world it’s more common to see home-grown solutions like using a script or software load balancer to cut over to a hot standby box, and using rsync to mirror the primary server’s data files. Rolling your own solution is fun, but tricky to get right and a nightmare for the next system admin to figure out. They don’t get much press, but there are many better high availability options available for Linux. Here are a few: High -Availability Linux Project: The grand-daddy of open source HA which provides the heartbeat failure detection daemon, the poetically named "shoot the other node in the head" fencing daemon and documentation needed to build your own an automatic-failover cluster. Linux Vi... More About: Ring , Bili
Exploiting Vista voice recognition
2007-01-31 19:50:05 Windows Vista includes voice recognition as an alternative to the mouse and keyboard for controlling the computer. Yesterday on the Daily Dave mailing list someone asked if a web page could exploit this by playing an audio file with voice commands. Well, ZDNet blogger George Ou has tried it and yes, Vista will obey speech audio embedded in a web page! So, it’s possible for a malicious web site (or any malware) to play voice commands to control a Windows Vista computer. This exploit is more cute than it is dangerous… voice recognition barely works even when it’s been trained to understand a specific voice, speakers would have to be turned to a high enough volume for the sound to be picked up by the microphone, etc. The obvious fix would be for the speech system to screen out audio that the computer itself is playing, but that might be difficult to code. Of course, now that Vista has been released to the general public it’s too late for a large chang... More About: Voice , Exploit , Recognition , VOIC
Attacks on Virtual Machines
More articles from this author:2007-01-31 19:50:05 More reading on the security of virtual machines like VMware: a researcher at Symantec has released a great little paper Attacks on Virtual Mac hine Emulators (hat tip to Computer Defense for point it out). The paper covers a few of the recent VM-specific malware like the SubVirt rootkit (PDF) but mostly concentrates on methods of detecting the presence of virtual machines, including proof of concept code for detecting VMWare, MS Virtual PC, Hydra, QEMU, and even good ol’ BOCHS. An interesting paragraph: "A more serious vulnerability potentially exists in hardware-bound virtual machine emulators, if the guest can interact with third-party devices on the system. For example, if a buffer-overflow vulnerability exists in a network driver in the host environment, it might be possible for an application within the guest environment to send a specially crafted network packet that reaches the host network driver intact, and thus exploit that vulnerability." I think ... More About: Machine , Machines , Chine 1, 2 |
 |
|
 |
