http://weblogs.asp.net/jtobler/archive/tags/_5B00_Security_5D00_/default.aspxTags: [Security]enCommunityServer 2007 SP1 (Build: 20510.895)http://weblogs.asp.net/jtobler/archive/2004/08/18/216869.aspxThu, 19 Aug 2004 01:09:00 GMTc06e2b9d-981a-45b4-a55f-ab0d8bbfdc1c:216869CSharpener0http://weblogs.asp.net/jtobler/rsscomments.aspx?PostID=216869http://weblogs.asp.net/jtobler/archive/2004/08/18/216869.aspx#commentsIt is definitely not April Fools' Day, but the article <a href="http://news.com.com/2100-1002_3-5313655.html">Crypto researchers abuzz over flaws</a> will probably make you think it is.&nbsp; As if all of the nasty viruses and worms and buffer overruns of late aren't enough, now MD4, MD5, HAVAL-128, RIPEMD, SHA-1, and other basic cryptographic algorithms currently in heavy production usage are under severe mathematical attack.&nbsp; <br /> <br /> I think the only reasonable non-Occamian (Null-O) theory is that we must have recently experienced a serious rise in bogon flux density.&nbsp; It's obvious (TM) that <a href="http://catb.org/%7Eesr/jargon/html/B/bogon.html">bogons</a> and <a href="http://catb.org/%7Eesr/jargon/html/P/psyton.html">psytons</a> have started poking their holes not only through electronic equipment but also even through basic theories and abstractions of all types.&nbsp; <a href="http://info.astrian.net/jargon/terms/q/quantum_bogodynamics.html">Quantum bogodynamics</a> has evolved into the abstract realm!&nbsp; Start boning up on your <a href="http://www.nada.kth.se/%7Easa/madsci/qcd.html">quantum compudynamics</a> or we are surely lost. Hmmmmmm?&nbsp; Perhaps we're lost, anyway.<br /> <br /> "Caveat everybody!&nbsp; She's gonna' blow!"&nbsp; <br /> <br /> <img src="http://weblogs.asp.net/aggbug.aspx?PostID=216869" width="1" height="1">[General][Security]http://weblogs.asp.net/jtobler/archive/2004/08/14/214738.aspxSun, 15 Aug 2004 06:07:00 GMTc06e2b9d-981a-45b4-a55f-ab0d8bbfdc1c:214738CSharpener0http://weblogs.asp.net/jtobler/rsscomments.aspx?PostID=214738http://weblogs.asp.net/jtobler/archive/2004/08/14/214738.aspx#commentsSecurity conscious software developers, certainly including .NET developers, should take particular note of the <a href="http://www.metasploit.com/projects/Framework/">Metasploit Framework</a> released into the wild by <a href="http://www.metasploit.com/index.html">Metasploit</a>.&nbsp; I have to stretch a bit to have faith that this information and toolkit will be used more for good than harm.&nbsp; Still, with all sorts of very nasty new viruses appearing, ones that can even hop from Bluetooth to your Symbian-enabled cellphone (see <a href="http://securityresponse.symantec.com/avcenter/venc/data/epoc.cabir.html">SymbOS.Cabir</a>), all of us serious software professionals had better educate ourselves on the tools and techniques being used against us by the denizens of the Dark Side.&nbsp; Frankly, I think the virus wars have escalated beyond the coping ability of the normal anti-virus vendors and their products.&nbsp; From what I see, most organizations are absolutely clueless as to the new hazards we face today!&nbsp; If you care about your users, you will need to work very hard to protect them and your applications from the kinds of tactics demonstrated publicly by <a href="http://www.metasploit.com/index.html">Metasploit</a> and similar exploit information sources.&nbsp; May the Force be with you!<br /> <br /> <img src="http://weblogs.asp.net/aggbug.aspx?PostID=214738" width="1" height="1">[Tools][Security]