UW Computer Security Research and Course Blog

Given the iPhone’s myriad vulnerabilities and the unrest spawned by their high-profile discovery and exploitation, perhaps the security aspects of new Apple products, such as the Time Capsule, merit our consideration. The Time Capsule is a sleek wireless hard drive that doubles as a 802.11n Wi-Fi base station. Through the Time Machine application in OS X Leopard, the Time Capsule enables automated backup from multiple Macs to its 500GB or 1TB hard drive. Security features include WPA, WEP, MAC address filtering, and a NAT firewall. However, the amount of configuration needed for these security features is not specified on Apple’s website, and the emphasis is on a easy setup (“a matter of a few clicks”).

(Read on …)

An article in InformationWeek yesterday exposes the details of what McAfee’s ScanAlert product actually means by “Hacker Safe”. The ScanAlert product issues certifications that websites are safe from attack. However XSSed.com, a website dedicated to exposing Cross-Site Scripting attacks, gave InformationWeek a listing of 60+ Hacker Safe websites with open XSS vulnerabilities. In response to the accusations, ScanAlert representatives assert that ScanAlert certification does not consider XSS vulnerabilities as dangerous. The reason being the XSS attacks are entirely ‘client side’, meaning they do not allow the hacker access to the server, data, or customer information.

(Read on …)