Re: Security

Could you get any more vague?

realize that better cannot be easier, and easier cannot be more secure... :) That is paradigmatic...

In the gist of all things this is what the world really needs:

Given: Misconfigurations and Buffer Overflows account for most usages for exploits on vulnerabilities.

1. Teaching end users how to RTFM
2. Teaching admins how to RTFM.
3. Teaching programmers/SE's how to write/design secure code.
.
.
.
... and equally important ...
x. Applying 1, 2, 3, ... x.

Re: Security

I'm sorry I should be a little more careful how I word things.

I'm interested in what thoughts the participants of this forum have for new security ideas.

Anyone??

transparency would be the key, the users aren't supposed to know or really care that they are using a crypto system... they just know that the "bad people will have a hard time getting their stuff"... If this is mixed with something like Single Sign On (SSO), then it would be a nice system... it would be all the underlying mechanisms of either the application, or the OS that would be handling any signatures and exchanges that were to take place... ideally it would be best to have the entire OS crypto'd... and transparent at the same time... chances are though that this would be implemented on an embedded system before anything.

Moenapper didn't mention what type of involvement they were looking at... :) I would imagine they are thinking of something a lot simpler to research, generate, create, and standardize...

Re: Re: Security

since we're writing your article, are you going to tell your publisher to put us on the payroll?


or does your boss expect a network admin to be able to say more than "the bliknking hard drive light is good,.....i think....."

Everyone do the RTFMFM

This is how I tell everyone to RTFMFM!

Hardware keyloggers such as the keykatcher:
http://keystroke-loggers.staticusers...re-keykatcher/
are pretty difficult to detect since they rely entirely on hardware... and looks like some type of adapter (while other models are complete keyboard replacements)... there are only a few techniques that involve testing nanoseconds of time and impedance... but 99.9% of the keylogger detection out there relies on checking for standard and undocumented software hooks for software keyloggers...

to be slightly more on-topic... I think there will be an increase in wifi security news.. shit hitting the fan so to speak. not necessarily the warnings that wardrivers have given, but the reason why the warnings were made last year. I think the time for awareness has passed for the most part, although I'm sure a lot of the new kids stocking up on fuckin pringles will be jumpy to hit any media coverage they can

my mind keeps thinking towards some major sec issues around PS/XBox type game systems... the mixture of growing broadband and the huge push for online gaming will come to a head with the highlighting of poor coding, imo.

this sounds a lot like the sssca/wtfataun (whatever the fuck acronym they are using now). Everything encrypted with their keys... or like MS palladium almost everything encrypted and you must get permission from them to run anything on your computer

ok maybe not quite the same

--simple3

Relax Kelvin.....

Just looking to post a topic that would stimulate interesting dialog.
Don't worry you are not doing someone else's work!

Back to the topic at hand, I agree with C0nv3r9 I think security is going to converge in the WiFi sector.
Specifically, perhaps a WiFi protected Access standard?

resistance is futile

the reasons wifi is insecure:

• there are no visual boundaries (not out of the box)
  most people do not rtfm.
  most people do not apply if they did rtfm.
  it is most difficult to control what you can't see what you are sending and who you are sending it to.

... on top of the already underlying security that WLANS, WAPS use such as Remote Access Dialin User Service (RADIUS) and implementations of RADIUS, in store for 802.11i is the temporal key integrity protocol (TKIP), and the Advanced Encryption Standard (AES) protocol.

... you can throw all the crypto you want at it, someone will be able to punch a hole due to some vulnerability in who it was written, what had been forgotten, what had been undocumented, etc... it isn't the crypto that people need to worry about, it is the application of the crypto that will fuck the most perfect transaction.

Without following my initial comments there can be nothing created that will not be broken almost as soon as it is out in the wild. This is why tranparency must exist, and this puts most of the work on the hardware and the design and engineering of the security widget... which puts pressure on those who end up writing the code, and making sure that it is checking for buffer overflows, throwing the correct exceptions, avoiding undocumented features, etc.

you can think up of a few hundred things to make in a good brainstorming session but without thinking them all the way through they would all be worthless by the time they left the door.

There is no such thing as a neutral corporation. It is there job to separate people and their money. There may be a few who are actually interested in benefiting humankind, but the majority just want your $$.

--simple3

cDc


just clarifying...:)

The cDc? Are you serious? With the exception of getting up on stage, parading around like idiots, and throwing meat into the crowd, they haven't done a damn thing since the release of BO2K. That 'group' has pretty much devolved into a half-dozen competent people and 900,000 hangers-on. These are not people that I want representing either myself or this community in the capacity that you're suggesting.

@stake... At least they make *some* effort. I do miss the l0pht, though. A lot of good stuff came out of them.