Browse >
Home / Archive by category 'Archive'
A “serious security flaw” in Gmail turns Google’s e-mail service into a spamming machine, according to a recent security report.
INSERT, the Information Security Research Team, has created a proof of concept that exploits the “trust hierarchy” that exists between mail service providers. By exploiting a flaw in the way Google forwards messages, a spammer can send thousands of bulk e-mails through Google’s SMTP service, bypassing Google’s 500-address bulk e-mail limit and identity fraud protections.
The report notes that with the rising volume of spam, e-mail providers have turned to whitelists and blacklists to help root out IP addresses of known spammers. Because Gmail falls into the trusted-whitelist category, messages are allowed “carte blanche” to bypass spam filtering.
INSERT’s report notes that no extraordinary Internet expertise is necessary to exploit the flaw:
In this regard, this document presents a vulnerability report and a proof-of-concept attack that demonstrate how anyone with no special Internet access privileges other than being able to connect to SMTP (TCP port 25) and HTTP (TCP port 80) servers is able to exploit a single Gmail account in order to be granted nearly unrestricted access to Google’s massive whitelisted SMTP relay infrastructure.
Google has offered no official comment on the report.
Michael Goodwin
Written by admin · Filed Under Archive
The National Institute of Standards and Technology is seeking comments on draft recommendations for derivation of additional keying material from a secret key using pseudorandom functions.
A secret symmetric encryption key shared by multiple parties can be used to generate additional keys that can be used for other purposes, such as message authentication codes. Or a trusted party can create separate keys for other parties from a single master key. An improperly defined key derivation method can crate keys that are vulnerable to attacks. SP 800-108 specifies several families of key derivation functions that use pseudorandom functions.
A pseudorandom function is the basic building block in constructing a key derivation function in this recommendation. The publication contains a formal description of pseudorandom functions, which produce a variable computationally indistinguishable from a genuine random function defined on the same domain.
Comments on Draft Special Publication 800-108, “Recommendation for Key Derivation Using Pseudorandom Functions,” should be e-mailed to draft-SP800-108-comment@nist.gov, with “Comments on SP800-108″ in the subject line. Comments are due by June 28.
IPAA security guidance for comments
NIST also has released a draft revision of Special Publication 800-66, “An Introductory Resource Guide to Implementing the Health Insurance Portability and Accountability Act Security Rule.” This publication is intended to improve understanding of security terms used in the HIPAA Security Rule and of the security standards set out in the rule. It also directs readers to information in other NIST publications on topics addressed by the rule. The publication does not replace the HIPAA Security Rule.
Comments on the draft of SP 800-66 Revision 1 can be made through June 13 to 800-66comments@nist.gov or forwarded to Chief, Computer Security Division, Information Technology Laboratory, Attn: Comments on Draft Special Publication 800-66 Rev. 1, NIST, 100 Bureau Drive, Stop 8930, Gaithersburg, MD 20899-8930.
More news on related topics: IT Security, IT Management
By William Jackson
Written by admin · Filed Under Archive
It appears that CNN has been and will be the target of choice for Chinese hackers to show their displeasure with Western media coverage over “pro-independence protests in Tibet.” It would seem that some people in China have been offended by this coverage and are calling form attacks according to the website The Dark Visitor. They have provided details on several Chinese websites calling for attacks on www.cnn.com starting at 8:00 PM Beijing Time (8:00 AM EDT or 12:00 PM GMT) today April 19, 2008. However, according to another update on The Dark Visitor’s website, these attacks have seen been called off and are to be rescheduled.
According to a recent update on the CNN website, they have already observed several attacks that occurred this past Thursday. They took action to limit access to the site from certain regions and users in Asia may have experienced minor disruptions. These attacks appear to be either coincidental or preemptive in nature as they came two days earlier than called for. Arbor Networks is also monitoring this situation and has reported they have observed at least 36 different attacks thus far.
While the attacks have been “called off” for now, it will be interesting to see if they continue regardless — as scheduled or at a later date. It appears that attacks are expected and are being planned for. We can hope that they are unsuccessful regardless of the level of participation. We will update more if we learn anything new.
Written by admin · Filed Under Archive
