According to Engadget, researchers in Japan have demonstrated that any WPA-protected connection using the TKIP algorithm can be broken into within a minute. The details will apparently be revealed September 25th at a tech conference. If you’re running WPA or a WEP/WPA2 combination maybe it’s time to revisit your wifi setup? More…
It’s not a good day to be using Internet Explorer. As reported today by the BBC, if you’re using the world’s most used web browser you’re being advised to switch to an alternative until a reported serious security flaw has been patched. More…
Some of you may remember that back in May we blogged asking for some volunteers to come and trial a safe surfing system called Aladdin.
We are now several months down the line and it’s time to bring the trial phase to an end. We’ve asked those involved in the trial to give us feedback on how the trial went and how it could be improved as a service.
Performing this trial has helped us identify that this type of service is one which would offer great value to our customers, although there is still plenty of work for us to do on aspects of the product before we are in a position to fully launch it.
We’ll let you know as soon as we have further information about how and when we plan to launch our Parental Control product.
Thanks
Chris Parr
If, like me, you’ve seen a recent increase in spam emails relating to ‘breaking news’ from both CNN and MSNBC you might be interested to know they are related to a potential flaw in how Firefox displays Flash based adverts.
If you click the URL in the email, you’ll be taken to a website aiming to exploit this by putting a rogue URL in your clipboard, so next time you paste a link in and click ‘go’ you’ll be taken to a site advertising rogue anti-virus software.
More details available at the Beeb: http://news.bbc.co.uk/1/hi/technology/7567889.stm
Comments Off
After a royal ‘sphericals skyward’ by Matasano the other day, Metasploit have finally released an auxiliary module to their framework which exploits the flaw in the DNS protocol*. This is the same flaw that we rolled a fix for (ok, really a workaround, but fixing an entire protocol isn’t something which can be done in a matter of months, let alone weeks or days) recently, but as you already know we’re not like other companies. We have a very quick turnaround on things of this nature, and for other projects in general. No sooner had the flaw been disclosed (without PoC), NetOps were all over it like a swarm of bees around a honeypot.
That’s great for us, of course, but what about larger companies? Having had experience of big corporate, red-tape is often a hindrance to security rather than a help. Sure, the guys on the ground would have been chomping at the bit to roll out the fix, but there’s every chance it’s been held in testing/approval. That being said, considering the nature and severity of the flaw and the potential impact to customers – not to mention any possibility of liability should any of their customers fall victim to a live exploit – their Ops might very well have dodged the red-tape and gone straight in with a fix. If there’s one thing red-tape can’t stop, it’s a boulder hurtling toward you at a hundred miles an hour – and this really was a potentially huge boulder.
So, are you safer here than anywhere else? Potentially, yes. Because we’re a transparent ISP, we let you know what we’re doing to fix the problems we have – often before you even realise we have a problem. Because of our fast turnaround on rollouts, fixes and security updates especially we’re in a somewhat unique position in the ISP market to ensure our customers are as protected as they can be. Sure, we’ve had our problems in the past, but we’ve learned our lessons well, put measures in place to prevent recurrence of past woes, and generally put our house back in order – and then some. We’re in a better place now than we’ve ever been. All in all PlusNet is a really good place to be, and the recent release of the exploit code into the Metasploit framework, for me, reinforces that opinion.
* The exploit is available as an auxiliary module to the Metasploit Framework in the form of a ruby script. Interesting to note, too, that in one of the change reports they used ‘doxpara.com’ (Dan Kaminsky’s domain, the guy who released the information on the flaw) as a default target, but changed it to ‘example.com’. The change was logged with the comment ‘Be nice to Dan’s server 
‘. See, even hackers have a sense of humour 
Here at Plusnet we're always trying to use clever open source things to make our lives easier. Sometimes we write our own and make other people's lives easier too!
We're a Yorkshire-based provider selling broadband and phone services to homes and businesses throughout the UK. Winner of the ISPA 2010 'Best Consumer Customer Service ISP' Award, we're proud to offer the UK's best value standalone broadband.
© Plusnet plc All Rights Reserved. E&OE
Community Site News.. is powered by WordPress
