The notorious, mysterious Source Code Club (SCC) has re-emerged, this time selling source code for a Cisco application in another blatant violation of copyright regulations. Believed to be an anonymous collection of hackers, the SCC this week announced in a posting on a group Web site that it is offering the complete Cisco Pix 6.3.1 source code for US$24,000. Cisco Pix is a firewall application providing security, intrusion protection, network monitoring and other services for business and carrier networks.
Nota obtenida en [URL=http://slashdot.org/article.pl?sid=04/11/04/2321200]SlashDot[/URL]
Leo en SlashDot lo diguiente:
This could possibly be the worst viruses yet! Earlier this month Microsoft announced a problem in their GDI driver that processes the way JPEG images are displayed. Someone has finally posted an exploit to Usenet. Easynews, a premium Usenet provider, found the virus Sunday afternoon. Up-to-date information about how we found it and what it does is located at www.easynews.com/virus.txt. When this picture is viewed it installs remote management software (winvnc and radmin) and will connect to irc.
Se ha descubierto una grave vulnerabilidad que podrÃa causar un bloqueo de la PC afectado utilizando el 100% del CPU.
http://usuarios.lycos.es/sectorcero/modules/news/article.php?storyid=109
La IEEE ha aprobado una nueva especificación de la familia 802.11 para ethernet inalámbrico.
Paso la noticia de InfoSync.
Adding to the alphabet soup that is the Wi-Fi family of protocols, the IEEE has approved a new wireless security protocol dubbed 802.11i, intended to finally provide sufficient security for wireless connections that users don”t need to rely on alternate security layers.
Wi-Fi technology, including 802.11b, 802.11a, and 802.11g transmission standards, has long been criticized for its lack of decent security and privacy. The first attempt at a security system for Wi-Fi was Wired Equivalent Privacy (WEP), which was based on a very simple private key system that served as little more than a speed bump for malicious users. Subsequent systems have tried to tighten security, but so far none have faced widespread adoption. 802.11i is expected to be certified as Wi-Fi Protected Access 2 (WPA2) compliant.
Although the specification is now approved, software to make it usable won”t be available to customers until September, when the Wi-Fi Alliance will begin compatibility testing for new devices.
The new specification works by using AES encryption in the transceiver itself, encrypting data directly at the level just above the actual radio pulses themselves. That makes it transparent for applications sending data through the radio, so legacy programs running on new 802.11i-compliant hardware will automatically get the benefits of the new protocol without the need for modification. That, it is hoped, will allow corporate users to do away with complex Virtual Private Network (VPN) setups within the company without worrying about users inadvertently broadcasting sensitive information in the clear.
AES encryption is non-trivial, however, so there is a performance penalty to encode and decode the data. Most of that encryption will be handled by the CPU, so while bandwidth should not be affected the strain on the processor may be. That will also keep a laptop running in a higher-power mode longer, which may or may not affect battery life. Definitive studies on the matter are as yet unavailable.
Posible robo del código IOS de Cisco
Un Possible Cisco Source Code Theft, que una web de seguridad rusa afirma haber conseguido parte del código fuente (unos 800 MB) del sistema operativo IOS utilizado por Cisco para sus dispositivos de red.
Y no solo lo dicen si no que publican las primeras lÃneas de código de dos programas en c.
ipv6_discovery_test.c — Neighbor Discovery unit tests.
ipv6_tcp.c — IP version 6 support functions for TCP