Educause Security Discussion mailing list archives
YAWiTR - Yet another what is the risk -- Virus Scanning Engine Flaw + RainbowCrack Online
From: James H Moore <jhmfa () RIT EDU>
Date: Thu, 10 Nov 2005 13:58:08 -0500
YACC is yet another compiler compiler. YASSP is yet another solaris security package. People here want to know if other universities are preparing contingency plans. http://security.ithub.com/article/Virus+Scanners+Made+Moot+by+New+Exploi t/164278_1.aspx Describes a flaw in the design of most virus scanning engines. Most virus scanning engines assume that worms or viruses will play fair in writing the file. The technique shows how to not play fair in terms of the file headers and offsets. Is anyone else addressing this? How? - - - And between the time that I started writing this, and now, I also found out about RainbowCrack Online. How do you think that it will affect password standards, or increased use of 2-factor authentication? RainbowCracking Online opened for "business" on Nov 1. The article about cashing in on password cracking is at http://www.securityfocus.com/news/11355 <http://www.securityfocus.com/news/11355> For $24.95, you can submit 100 password hashes and have returned to you the passwords that will hash to the same value. - Or you can have unlimited password hashes reversed for a year for about $3000. They have a 500Gb database of alphanumeric passwords hashed with different algorithms for Windows, Linux, and Cisco equipment. The actual site is http://www.rainbowcrack-online.com/?x=home <http://www.rainbowcrack-online.com/?x=home> Jim ________________________________ From: James H Moore [mailto:jhmfa () ritvax isc rit edu] Sent: Friday, November 04, 2005 12:43 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Telecommuting risks and guides Again, I don't want to reinvent the wheel, and I like to benchmark when possible.
From some of the potential impacts of everything from gas prices to bird
flu and quarantines, there seems to be more reasons to better at telecommuting soon. We have VPNs. We have site licensed anti-virus with home use provisions. And telecommuting is good for university laptops. But when you get to home computers, what is best. We have problems with mapping drives to home computers, and for people who don't run anti-virus effectively, or don't know how to do the VPN through their home firewalls. But with mapping drives to home computers, then we have risks of viruses and worms that spread through shares. Some people, are leaving their work desktops on, and using VPN and doing RDP to their desktop. This is like a lightweight, distributed terminal services. I am looking for awareness/tutorial information. I am also looking at alternatives, and some risks involved. VMWare ACE has been suggested as a possibility to provide a secure, and pre-configured virtual environment. Anyone have any experience? Jim - - - - Jim Moore, CISSP, IAM Information Security Officer Rochester Institute of Technology 13 Lomb Memorial Drive Rochester, NY 14623-5603 (585) 475-5406 (office) (585) 475-4122 (lab) (585) 475-7950 (fax) "We will have a chance, when we are as efficient at communicating information security best practices, as the hackers and criminals are at sharing attack information" - Peter Presidio
Current thread:
- YAWiTR - Yet another what is the risk -- Virus Scanning Engine Flaw + RainbowCrack Online James H Moore (Nov 10)