YAWiTR - Yet another what is the risk -- Virus Scanning Engine Flaw + RainbowCrack Online

[James H Moore <jhmfa () RIT EDU>]

YACC is yet another compiler compiler.  YASSP is yet another solaris
security package.  People here want to know if other universities are
preparing contingency plans.  



http://security.ithub.com/article/Virus+Scanners+Made+Moot+by+New+Exploi
t/164278_1.aspx

 

Describes a flaw in the design of most virus scanning engines.   Most
virus scanning engines assume that worms or viruses will play fair in
writing the file.  The technique shows how to not play fair in terms of
the file headers and offsets.

 

Is anyone else addressing this?  How?

 

- - -

 

And between the time that I started writing this, and now, I also found
out about RainbowCrack Online.  How do you think that it will affect
password standards, or increased use of 2-factor authentication?

 

RainbowCracking Online opened for "business" on Nov 1.

 

The article about cashing in on password cracking is at
http://www.securityfocus.com/news/11355
<http://www.securityfocus.com/news/11355>  

 

For $24.95, you can submit 100 password hashes and have returned to you
the passwords that will hash to the same value. - Or you can have
unlimited password hashes reversed for a year for about $3000.  They
have a 500Gb database of alphanumeric passwords hashed with different
algorithms for Windows, Linux, and Cisco equipment.

 

The actual site is http://www.rainbowcrack-online.com/?x=home
<http://www.rainbowcrack-online.com/?x=home>  

 

 

 

Jim





________________________________

From: James H Moore [mailto:jhmfa () ritvax isc rit edu] 
Sent: Friday, November 04, 2005 12:43 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Telecommuting risks and guides

 

Again, I don't want to reinvent the wheel, and I like to benchmark when
possible. 

 

> From some of the potential impacts of everything from gas prices to bird
flu and quarantines, there seems to be more reasons to better at
telecommuting soon.

 

We have VPNs.  We have site licensed anti-virus with home use
provisions.   And telecommuting is good for university laptops.  But
when you get to home computers, what is best.  We have problems with
mapping drives to home computers, and for people who don't run
anti-virus effectively, or don't know how to do the VPN through their
home firewalls.  But with mapping drives to home computers, then we have
risks of viruses and worms that spread through shares. Some people, are
leaving their work desktops on, and using VPN and doing RDP to their
desktop.  This is like a lightweight, distributed terminal services.  

 

I am looking for awareness/tutorial information.  I am also looking at
alternatives, and some risks involved.

 

VMWare ACE has been suggested as a possibility to provide a secure, and
pre-configured virtual environment.  Anyone have any experience? 

 

Jim

- - - -
Jim Moore, CISSP, IAM
Information Security Officer
Rochester Institute of Technology
13 Lomb Memorial Drive
Rochester, NY 14623-5603
(585) 475-5406 (office)
(585) 475-4122 (lab)
(585) 475-7950 (fax)

"We will have a chance, when we are as efficient at communicating
information security best practices, as the hackers and criminals are at
sharing attack information"  - Peter Presidio