Weekly Brief - June 1 2009

Tools

The L0pht collective has issued its long-awaited upgrade to the L0phtcrack password cracking and auditing tool. It is available in three versions ranging from $295 to $1195.

Sourcefire has announced a new release candidate for Snort, the IPS/IDS technology that underpins many intrusion prevention products. Version 2.8.5 includes the ability to set policies according to VLAN functions. Expect a virtual console based on VMware's ESX Server in the future.

Techniques

Researchers have figured out how to embed traffic in TCP-layer traffic by exploiting a weakness in the protocol.

Microsoft has published a guide for administrators to help them understand what should be excluded from an anti-virus scanner

Law

The Obama administration is digging in its heels by refusing to reveal state secrets that would be instrumental in a lawsuit to decide whether George W Bush acted legally in wiretapping US citizens.

NIST wants the US Government to amend the 1974 Privacy Act to be more appropriate for today's privacy threats, according to a letter sent by the Institute's Information Security and Privacy Advisory Board.

The Massachusetts Supreme Court quashed a search warrant that law enforcers had used to seize the computing equipment of Boston College student Riccardo Calixte. Police had claimed that Calixte was a hacker, but the Electronic Frontier Foundation, acting on behalf of Calixte, said that there was no probable cause.

The State of Oregon passed legislation rejecting the federal Government's Real ID program.

Attacks

A malicious Javascript attack that mimics the Gumblar attack but is unrelated has spread to around 30 000 websites, say experts.

Anti-US hackers operating in Turkey have penetrated US army websites.

Health insurer Aetna is offering credit protection to 65 000 people after social security numbers of employees and successful job applicants were copied from its web site.

Defenses

Finland is founding a cyberwarfare unit.

The Jericho Forum and the Cloud Security Alliance have joined forces to promote best practices for secure cloud computing.

What’s Hot on Infosecurity Magazine?