SecurityRatty: tag: random

The Random JS Malware Exploitation Kit

2008-01-15 20:49:56 by HASH0x8be7244 in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge

...Random JS infection kit as originally named by Finjan , is perhaps the first publicly announced malicious innovation for 2008, in fact I've managed to obtain a copy of a sample .js and witness the filename change on the next request combined with complete disappearance of any .js on the third visit. Here's some press coverage - " Over 10,000...

Tags: random, malware, random attack approach, cgi, local malware locations, cgi-bincert, cgi-binss, cgi-binoptions, cgi-binpstore

Random Number Bug in Debian Linux

2008-05-19 06:07:59 by schneier in Schneier on Security

...random data for the initial seed, the only "random" value that was used was the current process ID. On the Linux platform, the default maximum process ID is 32,768, resulting in a very small number of seed values being used for all PRNG operations More info, from Debian, here . And from the hacker community here . Seems that the bug was...

Tags: random, openssl, openssl team, random data, process, debian, current process, openssl package, bug

Britain mulling "random" audits to enhance data protection..

2007-11-07 17:41:00 by Manu Namboodiri in Data Protection, Management and Leakage

...random audits of the security measures in place in businesses and other organisations holding personal data Wow. Imagine the uproar that would erupt here in the United States, if anyone introduced legislation suggesting the government could randomly check to see if businesses are keeping their data safe. Granted, most states have laws that...

Tags: data, data protection, apparently treat data, personal data, secure data, businesses responsible, current laws, data safe, businesses

Got Entropy ?

2008-04-02 02:55:47 by Erik T. Heidt in Art of Information Security

...random number generators (RNGs FYI, for the impatient, click here There are two ways to generate random numbers on computers: (1) use a software program called a Pseudorandom Number Generator (PRNG) or (2) use a hardware random number generator. A Pseudorandom Number Generator uses a seed value to generate a sequence of numbers that appear...

Tags: entropy, random, 32-byte random, byte, hardware random, entropy sources, sequence, random sequence, pull entropy

Information flow tracing and software testing

2007-09-17 09:32:00 by Niels Provos in Google Online Security Blog

...random data, ignorant of specific threats and known dangerous input. Today, this approach is often overlooked in favor of more complicated techniques. Early sanity checks in applications looking for something as a simple as a version number may render testing with completely random input ineffective. However, the newer, more complicated fuzz...

Tags: input, flayer marks, initial input samples, flayer, fuzz, fuzz testers require, checks, dynamic analysis framework, sanity checks

More On The Debian OpenSSL Blunder

2008-05-18 13:17:44 by Editor in Cheap Hack

...random number generator, was using uninitialized data Of course, this was part of the seed for the generator, and the fact that the data was uninitialized was part of its randomness. In fact, OpenSSL developers had dealt with this issue years before and decided that uninitialized data in this case was a virtue, not a vice. So when they...

Tags: debian, openssl, debian openssl bug, bug, code, code based, microsoft, microsoft crypto api, random factor

True Randomness

2008-05-21 16:36:10 by Editor in Cheap Hack

...randomness of the PHP rand() function. He compared it to the results from random.org , which uses atmospheric noise as a random seed. The result is a visually clear example of randomness and not-so-randomness. Read the blog, you'll see what I mean. Allen's test makes me think that someone (no, I don't have the time) should do the same with...

Tags: random, random seed, randomness, programmatic random, debian openssl bug, time, atmospheric noise, web developer, php rand

The Neosploit Malware Kit Updated with Snapshot ActiveX Exploit

2008-07-15 17:18:32 by Dancho Danchev in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge

...random) copy of a popular web malware exploitation kit? Now that's interesting given that there are other modified versions of the publicly available malware kit empowered with exploits as they get released, the single most logical move a administrator of such kit would do is diversity the exploits set as often as possible, keeping it up to...

Tags: neosploit malware kit, malware kit, nuclear malware kit, kit, metaphisher malware kit, icepack malware kit, nuclear grabber kit, apophis kit, neosploit exploit kit

Supporting Complex Passwords

2007-12-04 08:56:00 by Keith Brown in Security Briefs

...randomly generated, strong passwords created by a tool. Or long pass phrases. But this is especially egregious since it encourages people to reduce the strength of the password that controls access to many different Microsoft properties I didn't have time to try to figure out exactly what this dialog is choking on, but when it chokes it...

Tags: passwords, complex passwords, complex, passwords hit, password temporarily, temporarily, password, strong passwords, password minder

Your name:
Your email:
Describe a problem:
AntiSPAM Validation:

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo