Security Linux News for Aug 08, 2008
Black Hat USA 2008: A report from Day 1 (Aug 08, 2008, 16:30)
InfoWorld: "The number one presentation of the
conference was IOActive's Dan Kaminsky's talk on his recent DNS
exploit find. There was some question if there would still be any
interest in the topic since the details of Dan's exploit leaked out
two weeks ago. The question was answered by a standing room-only
crowd of thousands that filled the largest conference room long
before the scheduled start time."
Where Are All the Dangerous DNS Exploits? Nowhere and Everywhere (Aug 08, 2008, 14:30)
LinuxInsider: "f security researcher Dan
Kaminsky is right about the dangers threatening DNS security, how
come nobody's drawn attention to any specific, massively mobilized
exploits of the vulnerability? It's because of the nature of DNS --
servers are indeed being continuously poisoned, according to
admins, but it's hard to tell exactly who's being exploited and
Researchers: Online Geegaws Can Open Door to Flimflammery (Aug 08, 2008, 13:30)
LinuxInsider: "One of the biggest problems with
the so-called Web 2.0 movement has been its encouragement of
oversharing -- which often means underestimating security risks.
Adding doodads of varying quality to a home page can add a lot of
pizazz, but can also be fraught with danger, since they can open a
door for hackers."
TrueCrypt - Free Opensource on the Fly Disk Encryption Tool (Aug 08, 2008, 08:00)
SUSE & OpenSUSE: "TrueCrypt is a free
opensource software system for establishing and maintaining an
on-the-fly-encrypted volume http://newsadmin.linuxtoday.com/(data
storage device). On-the-fly encryption means that data are
automatically encrypted or decrypted right before they are loaded
or saved, without any user intervention. No data stored on an
encrypted volume can be read (decrypted) without using the correct
password/keyfile(s) or correct encryption keys."