| Author |
Message |
CypherJF
I gargle nitroglycerin
Gender:
Joined: Aug 14 2003
Posts: 2582
Location: USA
Offline
|
 Posted: Wed Sep 15, 2004 10:14 am Post maybe stupid Post subject: Headlines (including JPEG vulnerability) |
 |
 |
|
|
| Quote: | | KDan writes "As reported by numerous sources, a new vulnerability has been disclosed (and patched) by Microsoft. This one concerns the parsing of JPEGs in XP Microsoft applications. A buffer overflow can be used to execute arbitrary code. So all those times you told your parents/friends that looking at images was safe - well, not anymore." |
http://www.vnunet.com/news/1158095
Lexar JumpDrive, "Secure". Not anymore.
| Quote: | | Saint Aardvark writes "Lexar describes the JumpDrive Secure as "loaded with software that lets you password-protect your data. If lost or stolen, you can rest assured that what you've saved there remains there with 256-bit AES encryption." @stake has a different take: The password can be observed in memory or read directly from the device, without evidence of tampering." And best of all, the punch line: "[The password] is stored in an XOR encrypted form and can be read directly from the device without any authentication." That's why I use ROT-13 for my encryption needs." |
http://www.atstake.com/research/advisories/2004/a091304-1.txt
new's retreived from slashdot.org
_________________
Performance is often the art of cheating carefully. - James Gosling
Last edited by CypherJF on Thu Sep 16, 2004 9:53 am, edited 1 time in total |
|
| Back to top |
|
 |
Cyan~Fire
I'll count you!
Age:37
Gender:
Joined: Jul 14 2003
Posts: 4608
Location: A Dream
Offline
|
| Posted: Wed Sep 15, 2004 4:21 pm Post maybe stupid Post subject: |
|
|
|
|
Secure, a Qndre product.
_________________
This help is informational only. No representation is made or warranty given as to its content. User assumes all risk of use. Cyan~Fire assumes no responsibility for any loss or delay resulting from such use.
Wise men STILL seek Him. |
|
| Back to top |
|
|
Dr Brain
Flip-flopping like a wind surfer
Age:39
Gender:
Joined: Dec 01 2002
Posts: 3502
Location: Hyperspace
Offline
|
| Posted: Wed Sep 15, 2004 5:08 pm Post maybe stupid Post subject: |
|
|
|
|
C'mon now, Cyan, be nice.
At least they shipped a product.
_________________
Hyperspace Owner
Smong> so long as 99% deaths feel lame it will always be hyperspace to me |
|
| Back to top |
|
|
Solo Ace
Yeah, I'm in touch with reality...we correspond from time to time.
Age:38
Gender:
Joined: Feb 06 2004
Posts: 2583
Location: The Netherlands
Offline
|
| Posted: Wed Sep 15, 2004 5:13 pm Post maybe stupid Post subject: |
|
|
|
|
What's wrong with Qndre products?
We all know everything Qndre *ahem* "created" *ahem* was great. |
|
| Back to top |
|
|
CypherJF
I gargle nitroglycerin
Gender:
Joined: Aug 14 2003
Posts: 2582
Location: USA
Offline
|
| Posted: Wed Sep 15, 2004 6:17 pm Post maybe stupid Post subject: |
|
|
|
|
Btw, Dr Brain: I like your avatar  |
|
| Back to top |
|
|
Cyan~Fire
I'll count you!
Age:37
Gender:
Joined: Jul 14 2003
Posts: 4608
Location: A Dream
Offline
|
| Posted: Wed Sep 15, 2004 7:01 pm Post maybe stupid Post subject: |
|
|
|
|
Actually, I am going to be a bit nicer.
| @stake wrote: | The Safe Guard
software takes care of the decryption and the password can be seen in plain text within memory when the software does a compare between the stored password and the supplied password. |
Well the password does have to be plain-text in memory at some point. The measure of security is how long it stays there, and it doesn't state that in this report. |
|
| Back to top |
|
|
Bak
?ls -s
0 in
Age:26
Gender:
Joined: Jun 11 2004
Posts: 1826
Location: USA
Offline
|
| Posted: Wed Sep 15, 2004 9:06 pm Post maybe stupid Post subject: |
|
|
|
|
| it doesn't have to compare it in plain text though... like comparing hashes would be better |
|
| Back to top |
|
|
Cyan~Fire
I'll count you!
Age:37
Gender:
Joined: Jul 14 2003
Posts: 4608
Location: A Dream
Offline
|
| Posted: Thu Sep 16, 2004 12:44 am Post maybe stupid Post subject: |
|
|
|
|
That is true, but then you can always generate a matching hash.  |
|
| Back to top |
|
|
Mine GO BOOM
Hunch Hunch
What What
Age:42
Gender:
Joined: Aug 01 2002
Posts: 3615
Location: Las Vegas
Offline
|
| Posted: Thu Sep 16, 2004 1:49 am Post maybe stupid Post subject: |
|
|
|
|
| Cyan~Fire wrote: | | That is true, but then you can always generate a matching hash. :-) |
In the case of reversing SS passwords if they are even, or reversing just a word in which will hash the same, reversing to plaintext is always worse. Lost of people use the same password for everything, so getting one of their passwords in plain text is very bad. Just finding a possible word in which will hash to the same for just that one application isn't bad, as you won't be able to guess their bank/ebay passwords with that. Of course, if they are securing their USB stick, their passwords are probably already on that thing encrypted, which you'll now be able to decrypt. |
|
| Back to top |
|
|
Bak
?ls -s
0 in
Age:26
Gender:
Joined: Jun 11 2004
Posts: 1826
Location: USA
Offline
|
| Posted: Thu Sep 16, 2004 1:49 am Post maybe stupid Post subject: |
|
|
|
|
| Quote: | | That is true, but then you can always generate a matching hash. |
not for any good hashing function. That's the whole big deal when they found a way to find collisions in MD5's hash a few weeks ago in less than an hour on a regular machine.
If you're writing software that's primary purpose is security and you're hashing stuff a strong hash function is a must. |
|
| Back to top |
|
|
SuSE
Me measures good
Joined: Dec 02 2002
Posts: 2307
Offline
|
| Posted: Thu Sep 16, 2004 2:42 am Post maybe stupid Post subject: |
|
|
|
|
| jpeg, not jpg |
|
| Back to top |
|
|
CypherJF
I gargle nitroglycerin
Gender:
Joined: Aug 14 2003
Posts: 2582
Location: USA
Offline
|
| Posted: Thu Sep 16, 2004 9:53 am Post maybe stupid Post subject: |
|
|
|
|
| Sorry - edited. |
|
| Back to top |
|
|
SuSE
Me measures good
Joined: Dec 02 2002
Posts: 2307
Offline
|
| Posted: Thu Sep 16, 2004 10:00 am Post maybe stupid Post subject: |
|
|
|
|
| YOU'RE DAMN RIGHT EDITED |
|
| Back to top |
|
|
CypherJF
I gargle nitroglycerin
Gender:
Joined: Aug 14 2003
Posts: 2582
Location: USA
Offline
|
| Posted: Thu Sep 16, 2004 10:01 am Post maybe stupid Post subject: |
|
|
|
|
| rotfl |
|
| Back to top |
|
|
Smong
Server Help Squatter
Joined: 1043048991
Posts: 0x91E
Offline
|
| Posted: Sat Sep 18, 2004 1:43 pm Post maybe stupid Post subject: |
|
|
|
|
| Scaremongers. |
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Statistics
Register
Profile
Login to check your private messages
Login
Tornadoes.. Blah! 
