From Bugtraq about Cisco LEAP for 802.1x
Cisco released a security notice [1] in August about possible dictionary attacks against their proprietary LEAP (Lightweight Extensible Authentication Protocol, used with 802.1x). But according to Computerworld [2] it seems that this information has not been spread well enough.

In addition, Unstrung yesterday reported [3] about the demonstration of a tool that seems to be able to retrieve valid passwords for LEAP protected WLANs within "minutes, even seconds". The tool is not available yet, but its author (Joshua Wright from Johnson & Wales University) announced "that the tool will be generally available in a couple of months".

Those of you who are using LEAP to protect their Wireless LAN should take care of a proper password policy and change passwords regularly. Cisco provides further information on password selection in their advisory ("Available Documentation", last paragraph).

[1]
http://www.cisco.com/en/US/tech/tk722/tk809/technologies_tech_note09186a00801aa80f.shtml
[2]
http://www.computerworld.com/mobiletopics/mobile/story/0,10801,85637,00.html?f=x68
[3] http://www.unstrung.com/document.asp?doc_id=41185

posted by tommEE  # 10/03/2003 01:47:00 PM 0 comments

 

From the Bugtraq list: Class Action Law Suit against MS

Class-action suit points to Microsoft security flaws
http://news.com.com/2100-1009-5085730.html

Microsoft faces a proposed class-action lawsuit in California based on the claim that its software's market dominance and

vulnerability to viruses could lead to "massive, cascading failures" in global computer networks.

The lawsuit, filed Tuesday in Los Angeles Superior Court, also claims that Microsoft's security warnings are too complex to be

understood by the general public and serve instead to tip off "fast-moving" hackers on how to exploit flaws in its operating system.

The suit claims unfair competition and the violation of two California consumer rights laws, one of which is intended to protect the

privacy of personal information in computer databases. It asks for unspecified damages and legal costs, as well as an injunction

against Microsoft barring it from unfair business practices.

Many of the arguments in the lawsuit and some of its language echoed a report issued by computer security experts in late September,

which warned that the all-but-total reach of Microsoft's software on desktops worldwide had made computer networks a national

security risk.
...
"Microsoft's eclipsing dominance in desktop software has created a global security risk," the lawsuit said. "As a result of

Microsoft's concerted effort to strengthen and expand its monopolies by tightly integrating applications with its operating

system.the world's computer networks are now susceptible to massive, cascading failure."

With some $49 billion in cash and more than 90 percent of the market in PC operating systems, Microsoft has long been seen as a

potential target for massive liability lawsuits.
...

posted by tommEE  # 10/03/2003 01:15:00 PM 0 comments

 

Google buys personalized search start-up
Found on: Cnet News.com by Reuters

Web search company Google on Tuesday said it bought Kaltix, a start-up that builds the personalized and context-sensitive search tools the industry sees as part of its next wave of product offerings.

Financial terms of the deal were not disclosed.

Kaltix, of Palo Alto, Calif., was formed in June this year and its technology aims to make it easier and faster for people to find information on the Web, Google said in a statement.

A Google representative declined to make any additional comment.

In general, Web search personalization works to tailor search results to an individual's interests and needs. This allows Google and other search providers to deliver the targeted advertising they rely on for revenue.

As previously reported by CNET News.com, Kaltix was founded by three members of a Stanford University research group that focuses on Web search. The university recently granted Kaltix a nonexclusive license for personalized Web search technology, according to a Web site operated by Stanford's Office of Technology Licensing.

A representative for Stanford's Office of Technology Licensing did not immediately return calls seeking comment.

Mountain View, Calif.-based Google, launched in 1998 by former Stanford University graduate students Larry Page and Sergey Brin, operates the most popular Web search destination in the United States.

But Google faces increasing competition from Yahoo and Microsoft, which are both making significant investments in Web search.

posted by tommEE  # 9/30/2003 04:13:00 PM 0 comments

archives


This page is powered by Blogger. Isn't yours?