http://www.secuobs.com Observatoire de la securite Internet fr webmaster@secuobs.com 2008-07-06 02:19:02 - Hack a Day : Filed under: HackIt, dailyWith each passing day the rate we acquire digital media increases wedon't even bother unpacking our CDs when we move anymore Largepublishers have started moving away from DRM, which means we'll bebuying even more digital media in the future Acquiring all of thisnonphysical property puts importance on not just making it easilyaccessible, but also protecting it from destruction Slashdot askedfor reader suggestions of what NAS to buy; we've compiled some of theoptions below and want to know what you useFor those willing to build machines themselves, there are several NASfocused distributions available FreeNAS is based on FreeBSD and takesup less than 32MB even though it has a full featured web interfaceOpenfiler can be used for building full fledged NAS/SAN appliances Itcan be deployed on bare metal or as a virtual machine and 23 has newfeatures like bonding multiple NICs CryptoNAS is a liveCD that helpsyou build a user friendly NAS device with full hard disk encryptionMany consumer NAS devices have chosen to run Linux This makes themgood hacking targets for adding new functionality and we've coveredmany of them in the past The Linksys NSLU2 "slug" has been verypopular Buffalo has sold many different devices: the Kurobox,Linkstation, and Terastation have a dedicated modification communityWe've got a LaCie Ethernet Disk mini unopened in our office that wasinitially purchased because we knew they could be hacked NAS-Centralhas a list of many of the other online communities dedicated to NASdevicesNot that excited about administrating one more Linux box When Applereleased the Time Capsule earlier in the year it introduced the worldto high capacity storage that "just works" Although not exactlyserver grade, it brought the idea of regular backups to the home user1TB is nice, but it's not upgradeable or easily replaceable; look tothe Drobo for that Drobo has built a fan base by making storagemanagement easy for anyone Just throw your commodity drives into thebox and you're ready to go Unfortunately, turning it into a NAS is a$200 addition They've published an SDK, so you should see newapplications coming for it soonAll of these options are just for in house serving, but none of themare true backup solutions since your data still goes away when yourhouse burns down A couple years ago, Jeremy Zawodny looked intomoving his backup servers to Amazon's S3 and compiled a list of toolsthat work with the service Jungle Disk is probably the most userfriendly It's multiplatform and mounts as a local disk There's anadd-in for Windows Home Server too If you're looking to set up asimple personal backup system, we highly recommend jwz's advice forregular backupsThat's a fairly thorough rundown of hacker friendly backup options,but we want to know what you use How do you store, serve, and protectyour data What custom features have you added to commercial NASdevicesPermalink | Email this | Linking Blogs | Commentshttp://www.secuobs.com/revue/news/36282.shtmlhttp://www.secuobs.com/revue/news/36282.shtml 2008-07-05 05:18:56 - Hack In The Box : The new version 101 of the Wireshark network analysis tool and itscommand line variant TShark, remedy a number of security problemsBugs in previous versions in the analysis modules for GSM messages,PANA, KISMET, and RTMPT packets as well as syslog messages, made itpossible for attackers to crash the program According to thedeveloper advisory, the RMI module would even reveal some contents ofthe RAM to attackers The advisory states that the vulnerabilities arealso present in Ethereal Up to version 099, Ethereal was theoriginal name of the Wireshark project For users that cannot updateto the newest version, the developers recommend deactivating theaffected modulehttp://www.secuobs.com/revue/news/36206.shtmlhttp://www.secuobs.com/revue/news/36206.shtml 2008-07-04 22:34:26 - Rootsecure.net : Heise Security: Several bugs fixed in the Wireshark and TShark networktoolshttp://www.secuobs.com/revue/news/36161.shtmlhttp://www.secuobs.com/revue/news/36161.shtml 2008-07-04 04:34:23 - Hack In The Box : Cyber-Ark, the digital data security specialist, says that a 63-monthprison sentence handed down to a former network engineer for hacking aCalifornian health clinic's computer system is fair "The sentence isone of the longest given for hacking in the United States, but sinceJon Paul Oson, an IT professional, had deliberately deleted patientand allied data from his former employer's computer systems, I thinkit reflects the seriousness of his offences," said Adam Bosnian,Cyber-Ark's VP Marketing Bosnian's comments came after the38-year-old former network engineer with the Californian healthservices clinic was ordered to pay more than 144,000 Dollar to theCouncil of Community Health Clinics CCC and more than 264,000 Dollarto the clinic whose computer system he hackedhttp://www.secuobs.com/revue/news/35985.shtmlhttp://www.secuobs.com/revue/news/35985.shtml 2008-07-03 22:32:24 - SearchSecurity Threat Monitor : Organizations have many safeguards in place for network-enabled deviceslike PCs and servers, but few realize the threat posed bynon-traditional devices like printers, physical access devices andeven vending machines Endpoint security expert Mark Kadrich offers upsome worst-case scenarios and explains how these and other endpointscan be protectedIMAGEIMAGEhttp://www.secuobs.com/revue/news/35925.shtmlhttp://www.secuobs.com/revue/news/35925.shtml 2008-07-02 21:05:16 - SecuMania.org Headlines News : Sony intends to have 90 per cent of its products networked up by 2010,though how many of them will be using the company's proprietaryTransferJet technology remains to be seen Stan Glasgow, president ofconsumer sales at Sony, mentionedhttp://www.secuobs.com/revue/news/35630.shtmlhttp://www.secuobs.com/revue/news/35630.shtml 2008-07-02 06:01:55 - Network Security Podcast : Ever have one of those days where just about nothing seems to go rightThat just about describes today Rich had to bail tonight due tofamily obligations, though it sounds like it’s the fun type ofobligation, not like having dinner with Aunt Ethel or something Wehad a guest lined http://www.secuobs.com/revue/news/35413.shtmlhttp://www.secuobs.com/revue/news/35413.shtml 2008-07-02 04:34:51 - SecuMania.org Headlines News : Google has bagged one affiliate network in favor of another At the endof August, the world's largest ad broker will discontinue its AdSenseReferrals program, the affiliate network it launched back in March2007 Now that Larry and Serghttp://www.secuobs.com/revue/news/35404.shtmlhttp://www.secuobs.com/revue/news/35404.shtml 2008-07-01 20:19:21 - Latest from Computerworld : Two large e-prescribing networks said they would merge in a bid to pushforward the use of e-prescriptions in the USIMAGEIMAGEhttp://www.secuobs.com/revue/news/35294.shtmlhttp://www.secuobs.com/revue/news/35294.shtml 2008-07-01 19:34:40 - Dark Reading : Network-based authentication strengthens online security for half theprice of current technologyhttp://www.secuobs.com/revue/news/35286.shtmlhttp://www.secuobs.com/revue/news/35286.shtml