Spliced feed for Security Bloggers Network |
| Success story of the OWASP Day II in Italy [Writing Secure Software] Posted: 02 May 2008 06:53 AM CDT I participated to OWASP Italy back in March. OWASP Italy was a success story: more than 200 attendees, 9 great speakers, 5 sponsors, 1 round table and an article (in Italian) here: http://punto-informatico.it/2266944/PI/Commenti/La-Web-Application-Security-parla--anche--italiano/p.aspx Here is the OWASP page of the event in English with the presentations: http://www.owasp.org/index.php/Italy_OWASP_Day_2 It was very nice to meet Matteo Meucci, Stefano Di Paola, Giorgio Fedon and Jacob West in Rome. The organization of the conference was fantastic and good lesson for me. Wish one day I will be able to organize a similar event with my OWASP chapter here in USA. My kudos to Matteo bellissimo lavoro, bravi!! Go OWASP! |
| China attacking Belgium ?? [Wavci] [Belgian Security Blognetwork] Posted: 02 May 2008 03:19 AM CDT I just was disturbed by a message on the radio this morning, being back in Belgium for just one day to make me ready for our EICAR conference in France. So I heard several newspapers refering to possible cyberattacks coming from China to some Belgium governmental institutions. Hmmmm, is this real? Why just stating this now to the public? So a lot of rumour on the radio and the newspapers (De Tijd, GVA, but the statements I've heard from our Minister Jo Vandeurzen (Ministry of Justice, CD&V)) are the exact things, even the exact words I've said to some personal friends in the past... But is it true? Well there is one thing for sure: I'm seeing a lot more malware coming from China compared to one year ago, but explaining that we are under attack is over the top. Of course this an investigation. But is there no continuing investigation going on all the time by the AV industry? What do you think? We just let everything pass without doing anything... of course not: So every AV company has is own research and indeed we see an ongoing growth of this kind of malware. Can we speak about a targetted attack to Belgium or some other countries? I don't think so, well at least not at this moment as I write this blog, and above all it's very difficult to pinpoint and state that this is coming from China as tracking down such kind of malware and attacks are harder than you think. I'm not saying that we don't have to be careful and that we don't have to do some research about these things, of course not, I'm even helping in such kind of investigations in the AV industry. I'm still wondering why this came up just at this moment? Could it have something to do with the strange(read bad) situation of our government at this moment? Maybe CD&V wanted to come up with some different subject to conceal the real problems of the Belgian government at this moment? I don't know, I'm not a politician, I'm an anti-malware expert. At least the real problem, more malware coming from China, is not new to me and is a real threat today! And also Belgium could be very interesting for some foreign countries as we got a lot of interesting parties having their office in Belgium: European Commission, NATO, etc ... so could that be the real reason of the possible attacks? During writing of this blog VRT Radio magazine 'Vandaag' called me about this and will do a live interview with me at Radio 1 after 17:00 today. |
| Is NAC clawing its way up the slope of enlightenment? [StillSecure, After All These Years] Posted: 01 May 2008 11:14 PM CDT Its no secret that over the past year it has been quite fashionable to bash NAC. It has not lived up to the hype. It is not the promised silver bullet. Some companies in the market went belly up. Yes, yes and true. But as I have said all along this was I think just the natural evolution of a technology as it matures. There was no way it could live up to the over hype that it was saddled with. Those who spoke about it realistically always said it was not the next "great white hope" of security, just another arrow in the quiver. However, the reason that people got excited about NAC was that at a rather simple level it was very easy to describe the problem it was trying to solve. As it turns out, solving that simple problem takes a rather complex solution, no matter how you slice it. In the end though what we have seen in the NAC market is textbook hype cycle. The technology triggers for NAC were unseen before numbers of guests having legitimate reasons to access the network. The spread of malware not through downloading via the Internet, but by introduction via devices logging on and the need for compliance or otherwise to enforce access policies with the network technologies to make it happen. With Cisco announcing their Network Admission Control program in December, 2003 and Microsoft announcing NAP that summer (interesting that it would be years before either one was actually available) NAC buzz went through a big bang expansion to the very height of inflated expectations. What goes up, must come down and NAC certainly has been dragged into the trough of disillusionment. However, the inherent appeal of the problems it can solve continue to drive customers and interest. Now we are seeing real signs of NAC emerging into the slope of enlightenment on the way to the plateau of productivity. What has got me so optimistic? It is a variety of things. Let me list them: 1. Network Computing's 3rd annual NAC survey which while it shows demand is down for NAC from past years, it is still substantial and appears to be deeper if not as wide. It also has several other metrics that show people are being more realistic in what they want to accomplish with NAC and have more confidence that it will work. 2. Forrester's new report that shows that customers think NAC is mature enough to be ready for more wide scale deployments. Remember this is the same Forrester who said that NAC as we know it would fail last year. Has NAC changed so much in a year or has Forrester? 3. That Ebenezer Scrooge of NAC, Mike Rothman, actually admits that maybe we are seeing some progress with less inflated expectations with NAC. What could be next, the NAC Grinch, Richard Stiennon admitting it might be OK as well. Here is my prediction: When Rich's new MSSP can make money offering a managed NAC service, Richard will jump on the NAC bandwagon with bells on. 4. My own observations at Interop, RSA, SANS and other events where I spoke to real live potential customers. I have personally seen a marked upturn in the amount of real NAC projects that we see coming into both our partners and our sales pipelines. I assume that other NAC products are seeing the same pick up. All of this is very gratifying to see after the bashing NAC has taken. Now it is onwards and upwards to the plateau of productivity. See you there! This posting includes an audio/video/photo media file: Download Now |
| Security issues presentations all get to the same place... [Compliance Focus - Blogs] Posted: 01 May 2008 11:00 PM CDT
Doing what I do in my day job, I sit through a lot of presentations on various aspects of security. I had the pleasure of sitting through a couple of presentations this week (one by a leading analyst on Web 2.0 security issues, and one by a vendor CTO). My short version of the takeaways from the talk were that there are a huge number of security issues related to Web 2.0 technologies, including cross-site scripting and many more. Many of these existed before Web 2.0, but are exacerbated by Without rehashing a lot of the detail from the event, the thing that really struck me was how similar my own internalized summary from the event was to almost every other security presentation I have heard in the last five years or so. You could almost use this as the punch line to every security issues talk: “The security issues are not generally well understood yet, they are going to be very significant, we’re pretty much screwed, and we don’t know where the solutions to the problem are going to come from.“ It’s a depressing conclusion to reach at the end of most talks on IT security. And I'm generally an optimistic person, so it's not like this is my "glass half empty" self talking.
|
| A career guide book in manga style [Security4all] [Belgian Security Blognetwork] Posted: 01 May 2008 07:08 PM CDT This has nothing to do with me being a HUGE anime fan (okay, maybe a little) but I noticed this book over at presentationzen.com. The Adventures of Johnny Bunko: The Last Career Guide You'll Ever... |
| Heike is out for a few days [The Dark Visitor] Posted: 01 May 2008 05:35 PM CDT Heike asked me to let our readers know that he is at a conference in some remote location without the Interwebs. I’ll keep you posted while he is out. -Jumper |
| Compacting your presentations. Yes, you really can. [Security4all] [Belgian Security Blognetwork] Posted: 01 May 2008 02:34 PM CDT There are 2 kinds of presentations, or if you will, 2 aspects: informative and convincing. If you are teaching a course and using powerpoint as a datadump, I wouldn't call this a presentation. If... |
| Anonymous Packet Capture [/dev/random] [Belgian Security Blognetwork] Posted: 01 May 2008 10:34 AM CDT
Using packet capture softwares or “sniffers” can be often useful to debug network issues or for educational purposes (they can also be used to perform malicious activities but let’s stay on the visible side of the iceberg ;-)). Well known softwares are tcpdump on UNIX and Wireshark on Windows platforms (non exhaustive list of course). All of them are based on the same API: pcap (libpcap or winpcap). For a few months, there is a free repository of packet captures available on the Net where administrators or security guys can exchange traces. Sometimes, you would like to share data but stay anonymous. How to post-process your capture files? tcpreplay is the solution! It’s a package of free tools which help you to manipulate files created by a libpcap compatible software. From this toolbox, tcprewrite is a “re-writer”. Basically, it takes an input pcap file, apply changes and save the output to a new file. What “changes” are supported?
The following example will rewrite the sessions with respectively source and destination IP as 10.0.0.1 and 192.168.0.1: $ tcprewrite --endpoints=10.0.0.1:192.168.0.1 \ --cachefile=input.cache \ --infile=input.pcap \ --outfile=output.pcap \ --skipbroadcast Note that in this example, you need a “cache” file. This file is first generated by tcpprep. The third interesting tool is tcpreplay. As the name suggests it, it allows you to re-inject data traffic from a pcap file to a specific interface: # tcpreplay --pps=25 --intf1=eth0 sample.pcap The example below will replay the content of sample.pcap via eth0 at a rate of 25 packets/sec. Very very interesting to test an IDS/IPS or to generate network traffic to test a new server. Happy anonymizing! |
| Posted: 01 May 2008 09:43 AM CDT Three Consoles for the Network Devices under the cloud, (with apologies to J. R. R. Tolkien) |
| I hack Johnny Long [Andy, ITGuy] Posted: 30 Apr 2008 08:35 PM CDT I was a little familiar with "Hackers for Charity" but had never really checked into it. After hearing Johnny talk about it and seeing a few slides that he had I decided that I wanted to do something to support it. Right now I can't go to Africa but I can do a couple of other things. I'm going to buy a copy of Johnny's new book "No Tech Hacking". This will help because when you go to his site and click on the book link it takes you to Amazon and you can buy it there. Also when you do it this way all of the proceeds of the sale go to "Hackers for Charity" . The proceeds of the sale of just one book will feed a child for a month. Johnny isn't keeping any money from the sale of these books. So in addition to getting a good book I'll also be doing something to help the charity. The next thing that I'm going to do is ask each of you to do a couple of things. Buy the book from Johnny's site and take a look at "Hackers for Charity" and see if there is anything else that you can do. Then tell all your friends about it and encourage them to do something. Why am I making such a big deal about this? Not that I think that this is the greatest charity ever but because it is a charity that was started by a hacker and security professional. It's something that we as Security Pros can get involved with and make a real difference in the lives of kids and others. We all talk about wanting to make a difference in the world of security but that has limited impact. Changing lives is something that has lasting impact. |
| SecureWorld Atlanta 2008 Day 2 [Andy, ITGuy] Posted: 30 Apr 2008 07:50 PM CDT Day 2 at SecureWorld was much the same yet quiet different. It started off with a Atlanta InfraGard Chapter meeting. There was a report on "Emerging Threats" by an FBI analysts that was pretty good and then followed by a Panel discussion (I missed the topic) that never was. What I mean by that is that each of the panelists talked a little about who they are and what they do. Then the moderator asked if there were any questions. A lady asked a question about SMB security and the moderator opened it up to allow the audience to give input. That pretty much took the rest of the time. I never did find out what the topic of the panel was because the panel was never given the chance to talk. The morning Keynote was by far the highlight of the conference. The speaker was Johnny Long talking about his No Tech Hacking. Not only was it informative but it was also enjoyable. I'm going to talk more about this in a separate post. After Johnny's Keynote I attended a talk about aligning your security program with business objectives. This is something that is easier said than done and I am looking for any good tips I can get. The reason I say it is easier said than done is because often you get lots of push back when you try to do security the right way. Too often Management is only concerned about compliance checkboxes and so they don't support efforts to align the security program with the business objectives. The biggest obstacle here is educating management. They often don't want to learn or change and it's our job to convince them otherwise. The rest of the day was pretty decent. I attended a couple of talks that were OK but nothing earth shattering. I had to miss the last session (of course it was one that I really wanted to go to) because of a conference call that I had to join in on. All in all the conference is worth the money. It's a $200 conference so don't expect too much but you get your moneys worth. I'll probably attend next year again since it's here in Atlanta and offers good opportunities to network, meet new people and learn a little. If you're in the Atlanta area you many want to look into it next year. |
| SecureWorld Atlanta 2008 Day 1 [Andy, ITGuy] Posted: 30 Apr 2008 07:27 PM CDT OK, so I'm a little late on my day one update. When I got home after day one I spent time with the family and then had some work to do. I was up until 1:00 am finishing a project plan that was due today. This is my first SecureWorld Atlanta conference and wasn't sure exactly what to expect. I had looked over the conference schedule and knew from the length of the sessions and the titles that it wasn't going to be too technical. That's fine with me because I don't do much that is technical in my day to day work any longer, but I do enjoy sitting in technical sessions to stay fresh and learn new things. I attended a session on SAN security considerations and a discussion by DHS on Securing critical infrastructure. I figured that the critical infrastructure talk would be a good one for me since I work for a company that is part of Atlanta's critical infrastructure. Neither session was overly informative but the CI session did have some good content and most importantly gave me some good contacts to keep for the future. From the SAN session I did come up with a few questions that I need to have my SAN team answer for me now. The rest of Day one was spent talking to vendors trying to get past the "snake oil" and see what it is that they really do and how they are different than their competitors. I'm am actively looking at several different technologies to determine if they will meet needs that we have. The vendor time gave me a chance to see how some companies that I'm not as familiar with are doing things. All in all the biggest benefit that I gleaned from day one was the networking opportunities. I also ran into a guy that did some consulting work with a company that I worked for a few years ago. He's still with the same company that he worked with then and I'm going to see about having him come in and help us with some professional services that we need. |
| How to secure your browser [Security4all] [Belgian Security Blognetwork] Posted: 30 Apr 2008 05:06 PM CDT Even if you recognize and ignore phishing emails, statistically, sooner or later you will visit an infected website. Previous research has shown that 0.45% of all websites are infected (your millage... |
| Scary Mass-SQL Attack… [Trey Ford - Security Spin Control] Posted: 30 Apr 2008 11:58 AM CDT With well over half a million websites compromised, if you have not already heard about the live mass SQL exploit, get reading. This is real, this is clever, and it is scary. This is attack is creative to the tune of rain forest puppy and resourceful like Johnny Long. This attack is [...] |
| Posted: 30 Apr 2008 09:52 AM CDT Microsoft has developed a small plug-in device that investigators can use to quickly extract forensic data from computers that may have been used in crimes. The COFEE, which stands for Computer Online Forensic Evidence Extractor, is a USB "thumb drive" that was quietly distributed to a handful of law-enforcement agencies last June. Microsoft General Counsel Brad Smith described its use to the 350 law-enforcement experts attending a company conference Monday. The device contains 150 commands that can dramatically cut the time it takes to gather digital evidence, which is becoming more important in real-world crime, as well as cybercrime. It can decrypt passwords and analyze a computer's Internet activity, as well as data stored in the computer. It also eliminates the need to seize a computer itself, which typically involves disconnecting from a network, turning off the power and potentially losing data. Instead, the investigator can scan for evidence on site. More than 2,000 officers in 15 countries, including Poland, the Philippines, Germany, New Zealand and the United States, are using the device, which Microsoft provides free. "These are things that we invest substantial resources in, but not from the perspective of selling to make money," Smith said in an interview. "We're doing this to help ensure that the Internet stays safe." Law-enforcement officials from agencies in 35 countries are in Redmond this week to talk about how technology can help fight crime. Microsoft held a similar event in 2006. Discussions there led to the creation of COFEE. Smith compared the Internet of today to London and other Industrial Revolution cities in the early 1800s. As people flocked from small communities where everyone knew each other, an anonymity emerged in the cities and a rise in crime followed. The social aspects of Web 2.0 are like "new digital cities," Smith said. Publishers, interested in creating huge audiences to sell advertising, let people participate anonymously. That's allowing "criminals to infiltrate the community, become part of the conversation and persuade people to part with personal information," Smith said. Children are particularly at risk to anonymous predators or those with false identities. "Criminals seek to win a child's confidence in cyberspace and meet in real space," Smith cautioned. Expertise and technology like COFEE are needed to investigate cybercrime, and, increasingly, real-world crimes. So many of our criay, just as our lives, involve the Internet and other digital evidence," said Lisa Johnson, who heads the Special Assault Unit in the King County Prosecuting Attorney's Office. A suspect's online activities can corroborate a crime or dispel an alibi, she said. The 35 individual law-enforcement agencies in King County, for example, don't have the resources to investigate the explosion of digital evidence they seize, said Johnson, who attended the conference. "They might even choose not to seize it because they don't know what to do with it," she said. "... We've kind of equated it to asking specific law-enforcement agencies to do their own DNA analysis. You can't possibly do that." Johnson said the prosecutor's office, the Washington Attorney General's Office and Microsoft are working on a proposal to the Legislature to fund computer forensic crime labs. Microsoft also got credit for other public-private partnerships around law enforcement. Jean-Michel Louboutin, Interpol's executive director of police services, said only 10 of 50 African countries have dedicated cybercrime investigative units. "The digital divide is no exaggeration," he told the conference. "Even in countries with dedicated cybercrime units, expertise is often too scarce." He credited Microsoft for helping Interpol develop training materials and international databases used to prevent child abuse. Smith acknowledged Microsoft's efforts are not purely altruistic. It benefits from selling collaboration software and other technology to law-enforcement agencies, just like everybody else, he said. Source: Benjamin J. Romanohttp://seattletimes.nwsource.com/html/microsoft/2004379751_msftlaw29.html |
| Microsoft Helps Big Brother [/dev/random] [Belgian Security Blognetwork] Posted: 30 Apr 2008 06:45 AM CDT
In a previous post, I talked about US authorities who have rights to read your hard drives. Today, Microsoft announced a “The device contains 150 commands that can dramatically cut the time it takes to gather digital evidence, which is becoming more important in real-world crime, as well as cybercrime. It can decrypt passwords and analyze a computer’s Internet activity, as well as data stored in the computer. It also eliminates the need to seize a computer itself, which typically involves disconnecting from a network, turning off the power and potentially losing data. Instead, the investigator can scan for evidence on site.” Of course, if the devices is used correctly, it can dramatically increase the changes to save evidences. Which is good! Anyway, I’d like to test one by myself! “More than 2,000 officers in 15 countries, including Poland, the Philippines, Germany, New Zealand and the United States, are using the device, which Microsoft provides free.” And why not the FCCU? Another question: does Microsoft use specific softwares to use available backdoors in Vista? Source: http://seattletimes.nwsource.com/html/microsoft/2004379751_msftlaw29.html |
| Thousands need to update Wordpress (again) [belsec] [Belgian Security Blognetwork] Posted: 30 Apr 2008 02:58 AM CDT You need to have updated wordpress again by now. An important security update was released last week. otherwise you could get infected by injected iframes like those http://www.wp-stats-php.info If I google "powered by wordpress" site:be than I have about 251.000 pages but if I add 2.5.1 (the last version) than I only have 47 pages but it seems the version isn't always indicated on the site (that would make it too easy) but as said before, this doesn't mean the injectionbots won't come by and try leaving their mark on your site, like dogs on every corner they can find....
|
| Posted: 30 Apr 2008 02:33 AM CDT Take this as an example Acez jukebox from http://www.acez.com or http:// freefunfiles.com According to badware.org this is adware (red) According to spywaresignatures and many others this has adware, but moderate But according to softalizer this is free of malware and adware as says suggestsoft.com So what is it ? Some antivirus companies say it is greyware, it is not really adware or a virus but you shouldn't allow it on your network. That is clear for your network, but for the simple home-user looking for something free, this seems quite confusing. I didn't find it on download.com but on many others. Maybe those others should start looking at why I trust download.com more than those that just upload any crap they receive |
| The dangers of jumping to conclusions [Rory.Blog] Posted: 30 Apr 2008 01:29 AM CDT I've been reading quite a few posts about Microsofts COFEE toolkit which seems to be designed to help forensics investigators get evidence from (presumably windows based) PCs. It's amazing to see how many sources on the Internet took the original article here from the Seattle times and came to the conclusion that this was some magical box of tricks that would instantly bypass windows security, as opposed to just being a useful collection of forensics tools, examples of this response are here, here, here and here Luckily someone at the Seattle Times did some follow-up with Microsoft to confirm that it's actually just a collection of forensics tools and doesn't bypass windows security here |
| You are subscribed to email updates from Security Bloggers Network To stop receiving these emails, you may unsubscribe now. | Email Delivery powered by FeedBurner |
Inbox too full?  Subscribe to the feed version of Security Bloggers Network in a feed reader. | |
| If you prefer to unsubscribe via postal mail, write to: Security Bloggers Network, c/o FeedBurner, 20 W Kinzie, 9th Floor, Chicago IL USA 60610 | |
No comments:
Post a Comment