Vulnerabilities and Risks:

Multiple Vulnerabilities In OpenSSL - OpenSSL is a widely distributed Open Source Implementation of the Secured Socket Layer. It has not one, not two, but four remotely exploitable vulnerabilities. Most occur during the hand shake process even with Kerberos. Read up… phrack - Here is a site that publishes a magazine about vulnerabilities and exploits by anonymous posts. The organization reviews the information and posts it. The magazine has been around since the about the mid 80's. There is a variety of cracks, hacks and phreaks listed in the posting. This is a site for any serious security analyst.Winamp Security Flaw: Infection of PC's is a recent flaw with the way that Winamp loads its graphical themes. This multimedia itself is not actually doing the damage but rather facilitating it for the real culprit, Spyware authors. As of 8/31/04, America Online's representative stated that they are aware of the problem. However, at that time there was no resolution.
Yahoo plugs hole in PNG security - This article discusses the issues in Yahoo's instant messaging service dealing with the PNG library. PNG is an alternative to GIF format files. This hole could allow programmers to crash programmers or execute attack code. There have been no known attacks, but the secure version is available on the Yahoo web site.AOL security hole - This article discusses the AOL security hole with the "Away" function of their instant messenger. An attacker could initiate a buffer overflow through AIM's "Away" feature if a user were to click on a malicious link sent in an instant message. This feature allows AIM users to send automatic messages about their presence status. There have been no known attacks, but the secure version is available for download from AOL.UNIX SendMail - This link reminds me of the vulnerability in the Cuckoo's Egg. This tool has a buffer overflow that will allow a remote attacker to execute code with root privileges. Well…. We all know what that means. The article has solutions and impact information.
Overview of Attack TrendsTop Windows security threats pinpointed by SANS/FBIInformation Technology-Essential But Vulnerable: How Prepared Are We for Attacks?
Blended Threats - A Deadly Duo of Hackers and Mobile CodeVulnerability Management - by Al Berg - Dated February of 2002, this article gives an overview of good management techniques that can be used to shield a network from vulnerabilities. Topics include inventory your systems, manage the flow of information, pay resources, free resources, sharing information, access the information, and plan for response. As networks grow and become more complex, good management can make a huge difference. Security Corporation - The Security Corporation is a good site to use in checking on security issues and vulnerability issues. This site lists the latest vulnerabilities, exploits, and security issues and how they have discovered these issues. The site relies on people reporting any vulnerability that they have discovered. This site also lists some of news articles that dealing with security concerns. The sites missions states that their goal is to help corporations and people who are concern in protecting themselves from security holes and vulnerabilities in the software by publishing the security's advisories.
Eliminate Security Threats: This article various means for how to eliminate the ten most critical Internet security attacks. There is also a very useful Appendix which lists ports that are most commonly prone to malicious attack. Basically, by blocking all unused ports you could still be vulnerable. To consider yourself safest, consistent monitoring is most effective.Computer threats defined (The Computer Doctor) - This site gives good definitions to most types of threats.Threat Matrix - An interesting grouping of computer threat
VULNERABILITIES - The SANS Top Ten Vulnerabilities - This sites list the top ten Vulnerabilities that are being exploited over and over again. This posting also describes these vulnerabilities and what you can do, and what the LBNL Computer Protection Program is doing about them.Internet Storm CenterSymantec Security Response
Hideaway.Net - Vulnerability database that allows you to search based on keywords or provided filtersOpen Web Application Security Project (OWASP) - The Open Web Application Security Project focuses on the top vulnerabilities in web applications.Well-known security flaws go ignored - Robert Jaques (2003); According to the Open Web Application Security Project (OWASP), the greatest threat to computer security is ignoring well documented and understood hacking techniques and tools. They have published a list of the 10 most dangerous internet application security problems, most of which can be exploited by inexperienced hackers using automated cracking tools.
Strangled by security? - Dan Farber (2003); The author discusses the problem of protecting your digital assets but still being able to service customers and allow employees to do their jobs. He doesn't offer any solutions, other than pointing the reader to some companies that provide identity management solution, but he does raise some interesting questions.FBI Releases List of Top 20 Computer Risks - The FBI lists the top 20 computer security vulnerabilities that hackers are likely to exploit. The security holes listed are for the Windows and Unix operating systems. The vulnerabilities include: too many open ports, accounts with weak or no passwords, and default installs of operating systems.Firewall Vulnerabilities - Rik Farrow; This article discusses the many ways that attackers get past firewalls. One example describes how an attacker tricks a user, through e-mail, into installing a backdoor which the attacker later uses to go through the firewall. The article also mentions the tools that are available on the web that will help you sneak through a firewall.
Do you know if you've been hacked? - Laura DiDio July 7, 1998; This article contains intereting information about how vulnerable systems are and how often they are hacked without the network administrators being aware of it.Music files can disguise hack attack - by Bob Sullivan (2002) The article discusses a newly-discovered flaw in Windows XP that puts digital music users at risk. The bug in Windows XP operating system software allows computer attackers to craft MP3 or WMA music files that give them control of listeners’ computers. According to the article, simply browsing to a Web page or folder where such an MP3 file is stored can invoke the malicious code and allow an attacker to create, modify, or delete data on the victim’s computer. Furthermore, users of other operating systems are carriers who can potentially pass an infected file along to a vulnerable Windows XP user.Threats to Computer Security - Threats to Computer Security, is an article written by the National Institute of Standards and Technology. It outlines and discusses some of the major threats that computer systems are vulnerable to. The site breaks these threats into eight major groups: errors and omission, fraud and theft, employee sabotage, loss of physical and infrastructure support, hackers, espionage, malicious code and personal privacy. Each topic is defined and discussed in detail.
Computer security woes come from outside as well as within - by Patrick Thibodeau (1998) A New Jersey case in which an employee, Timothy Loyld was charged in a U.S. District Court with causing $10 million in damage to a company's computer files.Security under the gun: The security skills mirage - by DEBORAH RADCLIFF (2002) Would-be employers say that their security budgets are flat, that risk and threats are rising, and that they're being asked to do more with less because of staffing shortfalls elsewhere within their IT organizations. Because of layoffs and budget cuts, IT managers are being forced to retrain existing staff on security issues.Security experts say voice mail systems vulnerable - by BRIAN SULLIVAN (2002) Because voice-mail systems and phone rooms tend to have less security than other sensitive areas in companies, along with the fact that the four-digit personal information numbers can be easily cracked makes most voice mail systems a security risk.
Testing for Web Site Vulnerabilities by Regina Kwon (2002) - This article by Regina Kwon offers links to simple tests of common (and some uncommon) web site vulnerabilities. The tests are clearly explained, quite simple, and where applicable, links are provided to the revelent white paper. Kwon credits SPI Dynamics for providing the tests.Guarding against threats from within by Grant Buckler (2003) - This article tells about computer threats from within the same organization.New Software Aims To Snare Computer Intruders In Real Time by Ben Dobbin (2003) - This is an interesting article. This all stems from an insider at a software company, who sells other people's credit reports. Researchers are developing a new software that personalizes profiles of users to detect violations as they occur.
Researchers Warn of Serious SSH Flaws - This is a news article summarizing several security holes in SSH. Since this is a news article, its scope is limited and its usefulness will be limited as time passes. In other words, this will be "old news" at some point.Symantec Internet Security Threat Report Volume IIIJanuary 2003 - "Abstract: The February 2003 edition of the Symantec Internet Security Threat Report provides the most comprehensive analysis of evolving Internet threats. Drawing empirical data and expert analysis from several of Symantec's vast security resources, the Report identifies critical trends related to cyber attack activity, new vulnerabilities, and new forms of malicious code. By combining analysis of several different sources of threat data, the February 2003 edition provides the world's most comprehensive analysis of current Internet threats and how they are evolving over time."My Notes on Computer Crime, Security,and Computer Viruses
Viruses, WormsHackers

 

News articles


Back to Information Assurance e-Library Index   Back to Information Assurance e-Library Index


Click here to return to Wayne's World's homepage: return to Wayne's World


written by Wayne Summers summers_wayne@ColumbusState.edu