Very interesting lock & key vulnerability. Heads up out there! Geo -----Original Message----- From: NIPC Watch [mailto:nipc.watch@private] Sent: Friday, January 24, 2003 7:18 AM To: Information Technology Subject: [Information_technology] Daily News 01/24/03 January 23, New York Times Master key copying revealed. A security researcher has revealed a little-known vulnerability in many locks that lets a person create a copy of the master key for an entire building by starting with any key from that building. The researcher, Matt Blaze of ATTLabs-Research, found the vulnerability by applying his area of expertise - the security flaws that allow hackers to break into computer networks - to the real-world locks and keys that have been used for more than a century in office buildings, college campuses and some residential complexes. The attack described by Blaze, which is known by some locksmiths, leaves no evidence of tampering. It can be used without resorting to removing the lock and taking it apart or other suspicious behavior that can give away ordinary lock pickers. All that is needed, Blaze wrote, is access to a key and to the lock that it opens, as well as a small number of uncut key blanks and a tool to cut them to the proper shape. No special skills or tools are required; key-cutting machines costing hundreds of dollars apiece make the task easier, but the same results can be achieved with a simple metal file. After testing the technique repeatedly against the hardware from major lock companies, Blaze wrote, "it required only a few minutes to carry out, even when using a file to cut the keys." ATTdecided that the risk of abuse of the information was great, so it has taken the unusual step of posting an alert to law enforcement agencies nationwide. The alert describes the technique and the possible defenses against it, though the company warns that no simple solution exists. The paper, which Blaze has submitted for publication in a computer security journal, has troubled security experts who have seen it. Marc Weber Tobias, a locks expert who works as a security consultant to law enforcement agencies, said he was rewriting his police guide to locks and lock-picking because of the paper. He said the technique could open doors worldwide for criminals and terrorists. "I view the problem as pretty serious," he said, adding that the technique was so simple, "an idiot could do it." Source: http://www.nytimes.com/2003/01/23/business/23LOCK.html January 23, Associated Press Pentagon to offer combat videophones. The Pentagon plans to equip public affairs officers with two-way satellite video transmitters to provide on-the-spot visuals from combat zones. The $27,000 Austrian-made videophone system will allow military field commanders to hold "near real-time" videoconferences with journalists who may be sitting anywhere on the planet, said Lt. Col. David Lamp, a spokesman for the U.S. Joint Forces Command. The videophone is a rugged briefcase that cradles a laptop computer with video-editing and recording capacity and includes a built-in camera, keyboard and a pair of external collapsible satellite dish antennas. Lamp said the videophones could be used to combat the type of false information faced by U.S. forces in Afghanistan -- that an aerial bombardment had destroyed a hospital, or that emergency food rations dropped to refugees had been poisoned. The device might also be useful to conduct interviews with Special Operations forces or pilots of the B-2 "Stealth" bombers, whose locations might be secret but whose stories the Pentagon may still want to publicize, Lamp said. Source: http://www.cnn.com/2003/TECH/ptech/01/23/pentagon.videophones.ap/ index.html January 23, Government Computer News DOD demands technological interoperability. The Joint Chiefs of Staff plans to open a hub for technology companies to show off their latest wares to the Defense Department as a means to speed up development. But Army Lt. Gen. Joseph Kellogg Jr., director of command, control, communications and computer systems for the Joint Staff, warned vendors not to submit technologies that are platform-centric. The IT Development Center will only consider technologies that are interoperable, he said. Kellogg spoke today in Washington at the Network Centric Warfare 2003 conference sponsored by the Institute for Defense and Government Advancement. Kellogg said the Department of Defense already has many applications that are not interoperable. For example, he said soldiers in Kuwait and Afghanistan using different collaboration tools couldn't speak to one another. "Now that is not the way you fight battles," Kellogg said. "The advantage we see on network-centric warfare is everything ties together on a network. You get tremendous capabilities by tying everything together." The center will be located at the Joint Forces Command in Suffolk, Virginia Source: http://www.gcn.com/vol1_no1/daily-updates/20959-1.html January 22, BetaNews Security flaw exposes AOL accounts. The accounts of millions of AOL subscribers were jeopardized this week due to a flaw in the company's Web-based mail system. The vulnerability stems from an error in one of AOL's international e-mail authentication systems, which granted users access without correctly verifying passwords. By simply entering an account name, an AOL user had the ability to read any other user's e-mail and all personal data contained therein. Although AOL plugged the security hole early Wednesday morning, it is unclear at this point how many AOL and AIM accounts have been compromised. The only accounts entirely spared were those of AOL employees, as a SecurID code is required for such accounts, in addition to a password. Source: http://www.eweek.com/article2/0,3959,840980,00.asp Virus: #1 Virus in USA: WORM_KLEZ.H Source: http://wtc.trendmicro.com/wtc/wmap.html, Trend World Micro Virus Tracking Center [Infected Computers, North America, Past 24 hours, #1 in United States] Top 10 Target Ports 137 (netbios-ns), 80 (http), 1433 (ms-sql-s), 445 (microsoft-ds), 139 (netbios-ssn), 4662 (???), 53 (domain), 23 (telnet), 135 (???), 8714 (???) Source: http://isc.incidents.org/top10.html; Internet Storm Center _______________________________________________ Information_technology mailing list Information_technology@listserv http://listserv.infragard.org/mailman/listinfo/information_technology
This archive was generated by hypermail 2b30 : Fri Jan 24 2003 - 09:39:55 PST