Coderant의 보안과 전략

1. D.N.S.
Pronounced just like Robb Van Dam says his name. Good ole Dan Kaminsky discovered a major league set of vulns in DNS that had folks scrambling to patch servers all over the place. It gets even better then the CNAME record attack, now I can send a querying name server fake info that can then be used to query other name servers. Now I am not limited to a single cache entry, ALL queries may be forwarded to the attackers name server! Ouch!

2. Apple quietly recommends antivirus software for Macs.
Hey, consider it a compliment! Your devices are getting so popular, hackers are taking notice and see the value in Mac-based computing.

3. Drive-by attacks with Java.
JavaScript has been used to infect thousands of legitimate web pages to insert a trojan to visitors! Sound like a National Enquirer headline? No way! This attack method has been very successful and nearly transparent to users. This launches a new age in hacking.

4. WPA cracked
Elcomsoft has improved it Distributed Password Recovery tool so much that WPAv1-v2 password are cracked tons faster. Many wireless security folks are moving to WPA but wrapping it in a VPN encrypted package. Small story, HUGE news!

5. Mac users get a dose of Windows hacks
In January, I got a notice for free-trial antispyware. No surprise except that it was on my Mac! I did a little sandboxing on MacSweeper and sure enough, it was crapware. Of course it found problems that could only be solved by purchasing the full version. PayPal or credit card? And I thought all I had to worry about was OSX.RSPlug.A on my Mac!

6. Laptop Lojack!
Laptops are being ripped off at an alarming rate. Two companies plus an open source alternative have introduced tracking packages to track down your hardware and hopeful return it to you or zero out the data. Read about it in this blog post.

7. Private Investigator, your next career cert?
An increase in hackers has dramatically lead to an increase in computer forensic analysts. Are you ready for a career change? Not so fast! You may need to be a Private Investigator first. Read about it here.

8. Don't like your current security software? Write your own and get Cisco to pay you for it!
The Cisco AXP contest is a chance to show off your coding skills and the chance to win 50K, 30K or 20K USD for your efforts. The best part is Cisco is giving away ISO so you can practice on with out purchasing an actual AXP module. Read more here.

9. NMAP 4.75 adds graphic mapping feature!
Not only did NMAP update tons of OS signatures, BUT it added a Zenmap GUI feature. Maps are laid out based upon distance from (hops) the scanning node, different map markers for nodes, network devices, grouping rules. Fyodor must have had an interesting Summer vacation...

10. The Last HOPE
For my fellow 2600's out there, I thought this was the last HOPE conference. Come to find out that was just the title. Whatever. 2600 must have got a marketing department. Last one for me, OK most likely not because they are mega cool and I always have a blast!

Have a great New Year Y'all! Thank you so much for reading this blog. I am very grateful for y'all.

Trivia File Transfer Protocol
A very large percentage of the movie budget for Monty Python and the Holy Grail actually came from donations by members of Pink Floyd and Led Zeppelin.

Jimmy Ray Purser