Hiyas! This is my new homepage for daily (as near as possible) updates on Computer and Network Security and Vulnerability Information. This site is planned to be a robust source of current (and past) information, designed to be both informative and easy to read. Now, on to the good stuff (comments in italics mine, by the way, and not "officially" part of the published articles).
Send me feedback ([email protected])! Do you want something more out of this? Something less?
**UPDATE**: New fixes for Windows 98/98SE and Windows Me are available. Microsoft has released a patch for Windows 98/98SE and Windows Me.
Not necessarily a major issue, but a DoS at any time can
be annoying. Microsoft has a patch out now for all reportedly
affected versions, so have at it!
ICANN is wanting to undertake a revamp of the DNS system in use today. It cites the 13 root servers as being too vulnerable to attack, both by DDoS or by simple vulnerability exploit of the BIND software upon which all of them are based.
DNS systems have always been an open invitation to be
hacked. BIND has had more than its share of exploits and
vulnerabilities, with some interesting and devastating
worms thrown in recently to add fun to the mix. Yes,
something needs to be done to shore up this not critical,
but very convenient and time-saving system.
This article details the work of a Robin Keir, who has developed a tool he has distributed called "FireHole" which modifies a DLL in Internet Explorer, that will allow any trojan (or other malicious code) on your system to bypass your firewall, assuming it is application-based, similiar to Zone Alarm.
According to the title, this makes having a personal firewall of this sort "futile". Eh? Relying on *any* one security perimeter device is a study in futility perhaps, but to say these firewalls are futile in and of themselves is simply poppycock. Application-based firewalls, especially host-based versions (like the aforementioned Zone Alarm) make a great secondary system to a good strict IP filtering firewall and NAT device in front of your network. And *any* step towards a more secure system is a good step. No one would call their baby's first step "futile", even if they only took one step and fell down.
Bottom line: Strong language is used to push some
personal agenda, so I shall have to push mine back.
Any security is better than none. A thorough
LAYERED security approach is obviously the best
choice. Any steps in that direction are "Good
Things" and surely not "futile".
I did not hit all my usual sites for information, nor troll through all of my usual newsgroups, nor pour through all of my e-mail, so today has a somewhat limited scope. As I said, it will be a bit of a growing process. It'll get there though.
Link to the archive of past issues