Crypto-World - news

Nov� typ rootkitu, kter� se um� dokonale skr�t

System Management Mode (SMM) rootkit je spou�t�n v chr�n�n� ��sti pam�ti. Auto�i (Shawn Embleton a Sherri Sparks) budou demonstrovat jeho existenci (proof-of-concept SW) na konferenci Black Hat v Las Vegas. Tento rootkit je velice obt�n� detekovateln�, na druhou stranu vzhledem k jeho orientaci na konkr�tn� HW nelze p�edpokl�dat jeho �irokou distribuci, �to�n�k ho m��e v�ak vyu��t k c�len�mu �toku.

SELinux (Security-Enhanced Linux ) - anatomie OS

NSA uvedla verzi Linuxu, kterou ozna�ila SELinux a kter� m� b�t dne�n�m nejbezpe�n�j��m opeara�n�m syst�mem. �l�nek vysv�tluje ideje, kter� s konstrukc� tohoto OS souvis�, jak jsou tyto my�lenky implementov�ny. Na konci �l�nku je pak uvedena cel� �ada dal��ch odkaz� k problematice.

Hacker zve�ejnil ukraden� osobn� data �esti mili�n� Chilan�

Data (obsahuj�c� jm�na, adresy, e-amailov� adresy, telefonn� ��sla a dal�� osobn� informace) byla vyv�ena n�kolik hodin na dvou serverech. Hacker, kter� data zve�ejnil, m�l prohl�sit: \"A� cel� sv�t vid�, jak jsou u n�s chr�n�na osobn� data!\"

K prehistorii syst�m� s ve�ejn�m kl��em

Nejen v tajn�ch slu�b�ch Velk� Brit�nie (James Ellis, Clifford Cocks a Malcom Williamson) ale i v NSA zr�ly obdobn� my�lenky �adu let p�ed vyd�n�m fundament�ln� pr�ce (Diffie a Hellman). P�e�t�te si National Security Action Memorandum 160 .

Nebojte se auditu

Pohled z praxe, v auditu je t�eba hledat pou�en� pro budoucnost (jm�no autora - C.J. Kelly je pseudonym).

P��stup k modelov�n� hrozeb vztahuj�c�ch se k webov�m aplikac�m

Akash Shrivastava v t�in�ctistr�nkov� studii popisuje obsahovou str�nku tohoto typu modelov�n� (c�le a objekty modelov�n�, anal�za aplikace, identifikace hrozeb a zranitelnost�, stanoven� preferenc� a zformov�n� pl�nu odpov�d�).

Budou normy pro podepisov�n� programov�ch k�d�?

Melih Abdulhayoglu (st�l v pozad� CA/Browser Forum a certifik�t� EV SSL) vystoupil s nov�m n�vrhem (podepisov�n� s vyu�it�m nov� t��dy certifik�t�, kontrola na p��tomnost malware).

Vy�lo Ze sv�ta bezpe�nosti IT 19/2008

T�denn� p�ehled informac� vztahuj�c�ch se k problematice bezpe�nost IT. Z novinek tohoto t�dne lze upozornit nap��klad na �l�nky t�kaj�c� se bezpe�n�j��ho PHP, n�kter� informace k �tok�m phisher� a d�le t�eba na �l�nek, kter� informuje o probl�mech s kontrolou p��stupu k nemocni�n�m dat�m.

�esk� banky chystaj� trestn� ozn�men� kv�li �niku osobn�ch dat klient�

"�esk� spo�itelna a �SOB podaly trestn� ozn�men� kv�li citliv�m dat�m sv�ch klient� dostupn�m na internetu. Uvedla to TV Nova. Spo�itelna v� o �niku dat u stovky sv�ch klient�. Banky tvrd�, �e informace neunikly od nich."

FBI se ob�v�, �e ��an� maj� zadn� vr�tka v americk�ch vl�dn�ch a arm�dn�ch s�t�ch

Zdrojem obav jsou routery a switche Cisco vyr�b�n� v ��n�.

Pot�ebujete v�bec antivir?

John Edwards rozeb�r� tuto ot�zku p�i pohledu na r�zn� opera�n� syst�my (Windows Vista, Windows XP, McIntosh, Linux). Pokud nap�. u�ivatel� Windows Vista nestahuj� enormn� mno�stv� soubor� s P2P s�t�, tak autor soud�, �e antivir je nadbyte�n�.

Vy�lo d�le�it� rfc.5280 - pkix Certificate and Certificate Revocation List (CRL) Profile

Abstract:

This memo profiles the X.509 v3 certificate and X.509 v2 certificate revocation list (CRL) for use in the Internet. An overview of this approach and model is provided as an introduction. The X.509 v3 certificate format is described in detail, with additional information regarding the format and semantics of Internet name forms. Standard certificate extensions are described and two Internet-specific extensions are defined. A set of required certificate extensions is specified. The X.509 v2 CRL format is described in detail along with standard and Internet-specific extensions. An algorithm for X.509 certification path validation is described. An ASN.1 module and examples are provided in the appendices.

This specification obsoletes [RFC3280]. Differences from RFC 3280 are summarized below:
* Enhanced support for internationalized names is specified in Section 7, with rules for encoding and comparing Internationalized Domain Names, Internationalized Resource Identifiers (IRIs), and distinguished names. These rules are aligned with comparison rules established in current RFCs, including [RFC3490], [RFC3987], and [RFC4518].
* Sections 4.1.2.4 and 4.1.2.6 incorporate the conditions for continued use of legacy text encoding schemes that were specified in [RFC4630]. Where in use by an established PKI, transition to UTF8String could cause denial of service based on name chaining failures or incorrect processing of name constraints.
* Section 4.2.1.4 in RFC 3280, which specified the privateKeyUsagePeriod certificate extension but deprecated its use, was removed. Use of this ISO standard extension is neither deprecated nor recommended for use in the Internet PKI.
* Section 4.2.1.5 recommends marking the policy mappings extension as critical. RFC 3280 required that the policy mappings extension be marked as non-critical.
* Section 4.2.1.11 requires marking the policy constraints extension as critical. RFC 3280 permitted the policy constraints extension to be marked as critical or non-critical.
* The Authority Information Access (AIA) CRL extension, as specified in [RFC4325], was added as Section 5.2.7.
* Sections 5.2 and 5.3 clarify the rules for handling unrecognized
CRL extensions and CRL entry extensions, respectively.
* Section 5.3.2 in RFC 3280, which specified the holdInstructionCode CRL entry extension, was removed.
* The path validation algorithm specified in Section 6 no longer tracks the criticality of the certificate policies extensions in a chain of certificates. In RFC 3280, this information was returned to a relying party.
* The Security Considerations section addresses the risk of circular dependencies arising from the use of https or similar schemes in the CRL distribution points, authority information access, or subject information access extensions.
* The Security Considerations section addresses risks associated with name ambiguity.
* The Security Considerations section references RFC 4210 for procedures to signal changes in CA operations.
The ASN.1 modules in Appendix A are unchanged from RFC 3280, except that ub-emailaddress-length was changed from 128 to 255 in order to align with PKCS #9 [RFC2985].

Phishingov� podvody - nejnov�j�� Top 10

McAfee zve�ejnil n�sleduj�c� �eb��ek:

PayPal User Confirmation
Comerica Bank SSL Certificate Update. Certificate is due to expire in 5 days
Comerica Web Bank Certificate Renewal
NEWS - Comerica Bank Certificate Renewal. Certificate is due to expire in 5 days
Certificate approved Comerica Bank - ready to Download/Install
Comerica Bank Certificate is due to expire 1st may 2008
DigicertSSL Update ComericaWeb Bank. Certificate is due to expire in 5 days
Comerica TM Connect Web Bank certificate is due to expire in 5 days
Your Renewed Comerica Bank SSL Certificate. Certificate is due to expire in 5 days
Comerica TM Connect Web Bank Certificate is due to expire 1st may 2008

NSA - �l�nky z let 1957-1965

Najdete zde nap�. �l�nky z n�zvy: The Borders of Cryptology, About NSA (1958), Science and Cryptology a dal��ch 18 �l�nk�.

Britsk� ministerstvo obrany chr�n� sv� notebooky �ifrov�n�m

Skoro by se cht�lo ��ci - pro� tomu tak nebylo ji� d��ve?