Ok, the posting-pace has been really bad the latest weeks (Shame on me..). I’ve had tons of stuff to do, and I’ve almost been forced to leave out necessery stuff like eating and slashdotting. Terrible.
So what have I been doing? First of all, the latest courses where tought, to say the least. They fed us with projects, laboration-exerices and exams. While studying, I also wrote an article for the swedish security-related paper-zine Säkerhet & Sekretess. In the article I discussed the different aproaches Anomaly-detection take, and a bit on how they do it. I also wrote an article last month (which will be in stores some time in april) about the vulnerbility-scanner Nessus.

So, whats up now? Well, this monday I started on my master thesis, which I’m doing in collaboration with one of the bigger banks in Swedens. The thesis will to different distinct relate to security in mobile devices, like PDA etc. I think it might turn out cool, even though it’s a kinda frequent subject of discussion, and lots of material already exists. Im currently (and for the next week) doing litterature-studies, and when finished with that, I’ll hopefully have a more complete and in-depth view of whats interesting. I guess the making of this thesis will influence my writing here, but I’ll try to get the time to write about some other stuff too :)

On saturday, this advisory was posted to the bugtraq-mailinglist. It stated that Windows XP and 2003 is vulnerable to the LAND-attack.. (again?)
Definition:

Sending TCP packet with SYN flag set, source and destination IP address and source and destination port as of destination machine, results in 15-30 seconds DoS condition.

I did a quick google for this, and got to this mail from 97 to one of insecure.orgs lists

i recently discovered a bug which freezes win95 boxes. here’s how
it works: send a spoofed packet with the SYN flag set from a host, on an open port (such as 113 or 139), setting as source the SAME host and port (ie: 10.0.0.1:139 to 10.0.0.1:139). this will cause the win95 machine to lock up.

So, either microsoft didn’t really fix this thing (but I’m sure they did, since only late versions of XP and w2003 are vuln), or they are clearly not learning from their mistakes. Embarrassing, huh?