Serious TCP Weakness Identified (26-Apr-2004; 10.4K)

Grok Headline matches for Serious TCP Weakness Identified (26-Apr-2004; 10.4K)

War May Require More Money Soon---The
military already has identified unmet
funding needs, including initiatives
aimed at providing equipment and weapons
for troops in Iraq. The Army has
publicly identified nearly $6 billion in
funding requests that did

War May Require More Money Soon---The
military already has identified unmet
funding needs, including initiatives
aimed at providing equipment and weapons
for troops in Iraq. The Army has
publicly identified nearly $6 billion in
funding requests that did 04/22/2004 05:17 AM

washingtonpost.com/wp-dyn/articles/A28903-2004Apr20.html
track this site | 3 links

Big Machine Identified

Big Machine Identified 06/22/2005 01:56 AM

A few months ago, I asked people what the machine was in a picture I found on the Net. Many people commented and identified it as an earth-mover of some kind.

However, I got an email from Ian recently that included a somewhat cheesy Power Point Show which included the pictures at right (click for 600-pixel versions) and this text:

This is the largest earth mover in the world built by the German company, Krupp, and seen here crossing a federal highway in Germany en route to its destination (an open-pit coal mine). It is cheaper to move the thing like this, than to construct or reassemble onsite.

• The mover stands 311 feet tall and 705 feet long.

• It weighs over 45,500 tons

• Cost $100 million to build

• Took 5 years to design and manufacture

• 5 years to assemble

• Requires 5 people to operate it

• The Bucket Wheel is over 70 feet in diameter with 20 buckets, each of which can hold over 530 cubic feet of material.

• A 6-foot man can stand up inside one of the buckets.

• It moves on 12 crawlers (each is 12 feet wide, 8' high and 46 feet long)

• There are 8 crawlers in front and 4 in back.

• It has a maximum speed of 1 mile in 3 hours (1/3 mile/hour)

• It can remove over 76,455 cubic meters each day. (100,000 large dump trucks at 40yds. each)

One hundred thousand dump trucks per day? Wow. I can't vouch for any of the validity here, but it's a big machine no matter what figures you slap on it.

First 64-bit virus identified

First 64-bit virus identified 05/28/2004 11:13 AM

802.11b wireless flaw identified

802.11b wireless flaw identified 05/13/2004 07:56 AM
A serious wireless network technology flaw has been identified that could lead to the breakdown of some critical infrastructures. The flaw, which was discovered by the Queensland University of Technology's (QUT) Information Security Research Centre, affects the 802.11b standard.

Mozilla vulnerabilities identified

Mozilla vulnerabilities identified 01/06/2005 11:39 AM
Users of the Mozilla and Firefox browsers and the Thunderbird e-mail client may be vulnerable to flaws that could allow an attacker to spy on or take over a system, according to security researchers.

FTC peers through Windows weakness

FTC peers through Windows weakness 11/06/2003 11:10 AM
ZDNet Nov 6 2003 9:52AM ET

Intel shows weakness

Intel shows weakness 09/02/2004 04:10 PM
ZDNet Sep 2 2004 9:00PM GMT

Re: aterm 0.4.2 tty permission weakness

Re: aterm 0.4.2 tty permission weakness 07/15/2004 03:10 PM
Armin Wolfermann (Jul 14 2004)

aterm 0.4.2 tty permission weakness

aterm 0.4.2 tty permission weakness 07/13/2004 06:40 PM
Maarten Tielemans (Jul 13 2004)

Sales Weakness From InterMune

Sales Weakness From InterMune 04/30/2004 01:43 PM
Actimmune is stumbling without data to support its use.

Origin of 'HIV cancer' identified

Origin of 'HIV cancer' identified 07/03/2004 07:47 PM
A virus 'reprogrammes' cells in the lining of the lymph vessels and turns them cancerous, scientists have found.

Woods body identified as Joanne

Woods body identified as Joanne 03/25/2005 05:08 PM
Police confirm a body found in North Yorkshire woods is that of missing Hull woman Joanne Nelson.

World's tiniest fish identified

World's tiniest fish identified 07/24/2004 03:07 AM
The smallest, lightest animal with a backbone - a fish from Australia's Great Barrier Reef - is described for the first time by scientists.

Prostate cancer gene identified

Prostate cancer gene identified 06/08/2004 08:10 PM
Scientists have identified a gene which could identify how aggressive a man's prostate cancer will be.

Witness: England Identified As Abuser
(AP)

Witness: England Identified As Abuser
(AP) 08/05/2004 10:29 AM
AP - Iraqi detainees at Abu Ghraib prison identified Pfc. Lynndie England as among the soldiers who abused them, an Army investigator testified Thursday.

802.11b wireless flaw identified
(MacCentral)

802.11b wireless flaw identified
(MacCentral) 05/13/2004 10:53 AM
MacCentral - A serious wireless network technology flaw has been identified that could lead to the breakdown of some critical infrastructures. The flaw, which was discovered by the Queensland University of Technology's (QUT) Information Security Research Centre, affects the 802.11b standard.

Courthouse 'Ghost' Identified As Insect
(AP)

Courthouse 'Ghost' Identified As Insect
(AP) 08/12/2004 05:00 PM
AP - It turned out to be just a bug on the lens of a security camera. The would-be ghost haunting Kent County Court House is an anomaly that's happened before, a security company said.

Critical 802.11 wireless flaw identified

Critical 802.11 wireless flaw identified 05/13/2004 06:33 PM
A serious wireless network technology flaw that could lead to the breakdown of some critical infrastructures in just five seconds has been identified by Queensland University of Technology's (QUT) Information Security Research Centre, a finding that is likely to have worldwide ramifications.

Pooch breeds identified by genes

Pooch breeds identified by genes 05/20/2004 02:39 PM
Researchers have worked out how to identify a dog's breed just by looking at its DNA, Science magazine reports.

Shadows Of The Empire Cover
Identified

Shadows Of The Empire Cover
Identified 05/01/2004 11:38 AM
Yesterday I posted a new addition to our Shadows of the Empire gallery, asking for our readers' help in identifying the country of origin for this book, and several wrote in identifying it as coming from Denmark. Thanks to Rebelscum readers Sean, Todd Mount, Benny Fjærå, Malc Dickson, John Jacouris, Danielle Walsmith, and Duncan Jenkins for writing in. Our gallery has been updated.

Mozilla and Firefox Vulnerabilities
Identified

Mozilla and Firefox Vulnerabilities
Identified 01/06/2005 10:18 PM

Body found on beach identified

Body found on beach identified 09/08/2004 10:38 AM
A body washed up last year on the Isle of Wight is believed to be that of Charanjit Kaur, mother-in-law of killed millionaire Amarjit Chohan.

Wi-Fi's new security standard has a
weakness

Wi-Fi's new security standard has a
weakness 11/04/2003 03:37 PM
BoingBoing pal Glenn Fleishman writes:

I wrote a piece yesterday for the Mac journal TidBITS about the recently released implementation of Wi-Fi Protected Access (WPA) in the AirPort Extreme product line from Apple. WPA replaces WEP by fixing its various holes. That article drew a response from Robert Moskowitz, long-time wireless security expert, who sent me a paper and his permission to post it about a serious weakness in the consumer version of WPA: if you choose short keys that are comprised of real words, WPA keys can be easily broken through passive access to a network.

I've written this up and posted his paper here. Interestingly, the problem is all at the presentation layer, not at the encryption layer. It's a flaw with how manufacturers are offering users the chance to create and enter WPA keys, and thus could be easily fixed with a driver update -- no firmware necessary.

Researchers spot XP SP2 security
weakness

Researchers spot XP SP2 security
weakness 08/20/2004 08:22 AM
vnunet.com Aug 20 2004 12:25PM GMT

This Deal Might Reveal Cisco's Weakness

This Deal Might Reveal Cisco's Weakness 06/13/2004 11:02 PM
Business Week Jun 14 2004 2:54AM GMT

Re: [security] aterm 0.4.2 tty
permission weakness

Re: [security] aterm 0.4.2 tty
permission weakness 07/15/2004 05:20 PM
lorenzo (Jul 14 2004)

Weakness in Passphrase Choice in WPA
Interface

Weakness in Passphrase Choice in WPA
Interface 11/04/2003 02:32 PM
By Robert MoskowitzSenior Technical DirectorICSA Labs, a division of TruSecure Corp Use of PSK as the key establishment method WPA and 802.11i provide for a Pre-Shared Key (PSK) as an alternative to 802.1X based key establishment. A PSK is a 256 bit number or a passphrase 8 to 63 bytes long. Each station MAY have its own PSK, tied to its MAC address. To date, vendors are only providing for one PSK for an ESS, just as they do for WEP keying. When a PSK is used instead of 802.1X, the PSK is the Pairwise Master Key (PMK) that is used to drive the 4-way handshake and the whole Pairwise Transient Key (PTK) keying hierarchy. There is a straightforward formula for converting a passphrase PSK to the 256-bit value needed for the PMK. This paper will look into the risks of using a PSK and particularly the risk associated with a passphrase-based PSK. How the PSK is used in WPA and 802.11i The PSK provides an easily implemented alternative for the PMK as compared to using 802.1X to generate a PMK. A 256bit PSK is used directly as the PMK. When the PSK is a passphrase, the PMK is derived from the passphrase as follows: PMK = PBKDF2(passphrase, ssid, ssidLength, 4096, 256) Where the PBKDF2 method is from PKCS #5 v2.0: Password-based Cryptography Standard. This means that the concatenated string of the passphrase, SSID, and the SSIDlength is hashed 4096 times to generate a value of 256 bits. The lengths of the passphrase and the SSID have little impact on the speed of this operation. The PTK is a keyed-HMAC function using the PMK on the two MAC addresses and the two nonces from the first two packets of the 4-Way Handshake. This is why the whole keying hierarchy falls into the hands of anyone possessing the PSK, as all the other information is knowable. The Intra-PSK attack The normal practice is to have a single PSK within an ESS. To generate any PTK, a device only needs to learn the two MAC addresses and nonces (and the selected ciphersuite). All of this is available in the initial exchange, from the ASSOCIATE through the 4-Way Handshake. Any device can passively listen for these frames and then generate the PTK. If the device missed these frames, it can send a DISASSOCIATE against the STA and force the STA to perform the...

Re: Inexcusable weakness in Kmail /
GnuPG

Re: Inexcusable weakness in Kmail /
GnuPG 12/25/2004 05:09 PM
Simple Nomad (Dec 23 2004)

McAfee sees accounting weakness

McAfee sees accounting weakness 04/04/2005 08:22 AM
Another tech company that can't keep the books

U.S. Economic Gauge Signals Weakness

U.S. Economic Gauge Signals Weakness 09/23/2004 04:04 PM
Reuters via Wired News Sep 23 2004 7:31PM GMT

No weakness in IT expat salaries: Survey

No weakness in IT expat salaries: Survey 12/09/2003 08:25 AM
CNET Asia Dec 9 2003 7:43AM ET

e-Government priorities identified by
ODPM for councils to aim towards

e-Government priorities identified by
ODPM for councils to aim towards 04/30/2004 04:51 AM
PublicTechnology.net Apr 30 2004 8:27AM GMT

Computer Profiling Identified 120,000
Potential Terrorists

Computer Profiling Identified 120,000
Potential Terrorists 05/20/2004 04:14 PM
Insight Magazine May 20 2004 8:11PM GMT

Multiple critical flaws identified in
Oracle

Multiple critical flaws identified in
Oracle 08/05/2004 01:56 AM

Direct and Related Links for 'Multiple critical flaws identified in Oracle'

“Thirty-four vulnerabilities — the majority of them critical — have been identified in multiple versions of Oracle’s database server. “Most of the flaws are critical,” said David Litchfield, a researcher at UK-based NGSSoftware, whose company discovered the flaws. “One allows an attacker to gain control of the database server without a userID or password. Others allow low-privileged users (i.e. those that do have a userID and password) to gain complete control of the database server.”…

Sloan-Kettering - New Cancer Gene
Identified

Sloan-Kettering - New Cancer Gene
Identified 02/01/2005 09:11 PM
New Cancer Gene Identified... we shall name it...."POKEMON"!!! .. I knew it!

mskcc.org/mskcc/html/54387.cfm
track this site | 3 links

Suicide Bomber Identified in Musharraf
Attack

Suicide Bomber Identified in Musharraf
Attack 12/26/2003 11:16 AM
Reuters via Wired News Dec 26 2003 9:43AM ET

Sun Java Predictable File Location
Weakness

Sun Java Predictable File Location
Weakness 07/13/2004 10:33 AM
“A weakness has been reported in Sun Java, allowing malicious websites to write arbitrary content to a file with an easily guessable name….Solution: Use another browser than Microsoft Internet Explorer. Alternatively disable Active Scripting in Internet Explorer. If you do not use Internet Explorer, this issue is not considered a security problem.”

Linux VServer procfs Permission Weakness

Linux VServer procfs Permission Weakness 07/07/2004 04:44 AM
“Veit Wahlich has reported a weakness in Linux VServer, which can be exploited by certain malicious, local users to cause a DoS (Denial of Service) or gain knowledge of sensitive information. The vulnerability is caused due to weak permissions on procfs, which allows a privileged user on a virtual server to manipulate the permissions on “/proc” for all virtual servers or gain knowledge of information related to other virtual servers….Solution: Update to version 1.28.”

Broken Networks: The Weakness of Weak
Ties

Broken Networks: The Weakness of Weak
Ties 04/13/2005 08:39 AM

The Idea: The Internet has made it technologically possible for anyone to find and connect with anyone else -- and for ideal relationships to be established. But these idealized connections are rendered almost impossible by human nature, which leads us to prefer the known and trusted over better-suited strangers, and leads the people most in demand to cut off connections with almost everyone else. That effectively prevents a lot of powerful ideas from being realized. In my recent post on Blog-Hosted Conversations, I threw out the following Question as a possible first Conversation topic: How could we overcome the huge disconnect that exists today between the people who have great ideas and the people who have the money and other resources to realize those ideas? The question provoked almost as much response as Jeremy Heigh's idea for the Conversations did, so I thought it might be worth exploring further how and why this disconnect exists. In the post I mentioned that I belong to these informal communities and networks, with about 1500 members in total: natural philosophers/environmentalists, business advisors/theorists/entrepreneurs/co-workers, technophiles/social networkers, progressives, artists/storytellers, Salon bloggers, Canadian bloggers, and physical neighbours/relatives/friends Some of those people are useful 'connectors' that give me access to other communities and networks: For example, some of the bloggers in my business, progressive, Salon and Canadian blogger networks also happen to be published authors, journalists, publishers, economists, venture capitalists, teachers or professors, and know others in these fields. Some of them are true Tipping Point 'connectors< /a>', who pride themselves on hooking people up with others they would probably never find on their own. The logic of LinkedIn and eCademy is based on the presumption that if your networks are substantial and well-managed you should be able to get access to virtually anyone and anything you need through "the strength of weak ties (SWT)". This may work fine in the application that SWT theory was originally developed around -- finding prospective employees. The employer is often looking for the best possible candidate, and wants to cast as wide a net as possible. The onus is on the job-seeker to navigate his/her way through the weak ties and win the job. The employer incurs virtually no cost in casting the wide net (especially today with the cost of posting electronically virtually zero). This is especially true if the recruiter delegates pre-screening duties to HR staff or a 'head-hunter' to create a tiny short-list of candidates to interview. And today, with big corporations being net destroyers, not creators, of jobs, where searches for well-paying jobs are increasingly scarce, a wide net can attract some extraordinary people, enough to pay for the head-hunter in spades. When you're a big corporation with lots of resources at your disposal, it's a buyer's market. But in most situations -- the search for business partners, marriage partners, jobs or investors for example, or the search for experts or employees if you're an entrepreneur with modest resources -- the value of casting a wide net in the search is limited by two constraints: There is a significant cost to the searcher of each potential candidate to be considered. That cost can be mental or physical energy, or time, or money, or all of the above. If you open yourself up to candidates outside your immediate network, you can attract a flood of candidates, many of whom will be inappropriate, annoying, dangerous or even fraudulent.  If you're looking for a business partner you'll likely attract unskilled unemployed people who would really rather just have a job. If you're looking for a marriage partner you may attract hookers, golddiggers, economic refugees, and their respective pimps. If you're looking for an investor you could attract thieves and usurers. If you're looking for an expert you'll often attract charlatans, con artists, and failed consultants. If you're looking for a decent job you'll likely be besieged with pyramid/MLM scheme hucksters, shoddy "education" vendors, and others exploiting your desperation. Unlike the large corporation executive, you can't afford to hire someone to separate the wheat from the chaff (or, more likely, find the needle in the haystack). And even if you could, it's quite possible the agent you hire will accept kickbacks from one of the candidates to give them the inside track. Bottom line: Better not cast a wide net. Go to your strong personal contacts one at a time and ask them for one candidate. Repeat until you find the right person. The human need for trust in all important relationships means that you will tend to prefer a fair candidate you know and trust well, over a good candidate that someone you trust trusts but whom you don't know well enough to trust. And you'll prefer either of these over a sensational candidate you don't know from Adam. Trust takes time, shared experiences, and usually face-to-face contact. Bottom line: We usually go with who we know. Now consider this from the perspective of the person you're seeking -- the prospective business or marriage partner, expert, investor or employer. They're getting overwhelmed by twice or thrice-removed referrals for connections. Most of the 'callers' are looking to get something that the recipient is unable or disinclined to give (especially to a stranger), or may not have even thought about. What do they do? They tell their close contacts not to refer anyone to them. They unsubscribe from social network lists. They get unlisted phone numbers and unlisted e-mail addresses. They get agents and intermediaries to handle communications for them and shield them from 'weak ties'. So instead of the idealized networks of the Tipping Point, shown at right, where connectors, mavens and salesmen work to connect people and ideas virally, we end up with the constricted, broken networks shown in the diagrams above: Outgoing connections are constricted by the high cost of extending too wide a net, and the lack of trust the further away the connection is, to the point the 'ideal' connection is rarely made. And returning connections are likewise constricted by the sequential disconnects of connectors, agents & intermediaries, and filters, to the point the people you most want to connect with are often the least likely to 'return your call'. This has always been so, and insofar as information is concerned, the Internet is much less constricted than previous information channels. But insofar as people are concerned, I would argue that the disconnects are as great as they have always been. The rich, the famous, the powerful, the most-wanted and the ideal matches are no more accessible and available for relationships than they ever were. Even those who are not still on the wrong side of the digital divide have mostly reintermediated themselves so the technologically possible connection between everyone and everyone else is kept humanly impossible. Such is the weakness of weak ties. When it comes to human connection, the network is still broken. I think this is the reason for the disconnect between people with great ideas and people with the money and resources to realize them -- the reason so many great ideas go nowhere. So now we need a Blog-Hosted Conversation to discuss what to do about it -- how to work around these disconnects. I suspect that part of the answer is permissioning and permission marketing. We need to give something away to establish trust and differentiate ourselves from the 'inauthentic' and 'unqualified' callers, and to make ideal connections. My first Blog-Hosted Conversation will take place at the end of the month. Stay tuned.

Grok Description matches for Serious TCP Weakness Identified (26-Apr-2004; 10.4K)
GrokA matches for Serious TCP Weakness Identified (26-Apr-2004; 10.4K)

Serious TCP Weakness Identified (26-Apr-2004; 10.4K)

The following phrases have been identified by the grok system as matching this entry: