Spliced feed for Security Bloggers Network

Scam Squared [Commtouch Café] Posted: 02 Jun 2008 07:27 AM CDT What do you get when a scammer scams a scammer? I guess you could call that scam squared. Perhaps there used to be honor among thieves, but not anymore. Check out this spam message targeted at, no, not unsuspecting purchasers of fake meds, but at those people who are selling the stuff! Now, it’s not so [...]

Drive, Not Spot [Commtouch Café] Posted: 02 Jun 2008 07:21 AM CDT Blogspot has been a popular hosting site for spammers, and even malware distributors, but Arik from the detection team informs me that we are now starting to see outbreaks using hyperlinks to a different, less popular blog site, known as blogdrive. This particular outbreak uses misspelled pornographic subject lines of around four words each; it seems [...]

Security Briefing: June 2nd [Liquidmatrix Security Digest] Posted: 02 Jun 2008 05:49 AM CDT I’m baaaaaack! As many of you noticed, Myrcurial was a trooper last week manning the battlements here at Liquidmatrix as I handled a personal project. And now, I can share the good news. My wife and I had our first child last week! Both mother and baby are doing great! Thanks to all of our new subscribers that joined us yesterday. Welcome! Click here to subscribe to Liquidmatrix Security Digest! And now, the news… Phishers Target New Victims on LinkedIn | PC World Banks and Google mailing PIN codes on pieces of paper | the Inquirer Sourcefire rejects Barracuda bid | vnunet MediaDefender Defends Revision3 SYN Attack | Wired US FAA database corrupted by hard drive failure | Blocks and Files Bruce Schneier Q&A: The Endless Broadening of Security | CSO Online Card issuers passing on fraud costs to retailer | Colorado Springs Gazette H-1B opponents challenge Bush administration in court | Computerworld Tags: News, Daily Links, Security Blog, Information Security, Security News

Gartner IT Security Summit - Pre-Show [Liquidmatrix Security Digest] Posted: 02 Jun 2008 05:26 AM CDT I’ve arrived at the Gartner IT Security Summit in lovely Washington, DC. The flight was uneventful (after the intensive security screening and additional measures taken at the gate when departing for Washington National). This year, we’re being hosted at the Gaylord National Resort - it’s like a casino-less piece of Vegas right here on the Potomac. After sign in and some pre-conference tutorials, I took in the Optenet party - spanish food, spanish wine, spanish dancers. And I even left while I could still walk! I’ll have lots more to report after things get underway tomorrow (today). Until then… sunset over the Potomac from the atrium at the Gaylord National. Tags: gartner it security summit, gartner, optenet, gaylord national, security conferences

Don’t Sweat or Scratch Your Face Whilst Flying [Darknet - The Darkside] Posted: 02 Jun 2008 01:44 AM CDT If not the magic camera in the sky might think you are a terrorist and a squad of crack F16s might be dispatched to blow up your plane.. Don’t go to the toilet too often too, or walk around too much…or do anything really. Better just sit in your seat with a blank expression on your [...]SHARETHIS.addEntry({ title: "Don’t Sweat or... Read the full post at darknet.org.uk

Webcast June 4th: DLP Content Discovery [securosis.com] Posted: 01 Jun 2008 08:07 PM CDT Yes, it’s one of those weeks, with two webcasts and a conference (SANS Pen Testing and Application Security in Vegas). For this one we’ll be talking about DLP content discovery for Vontu/Symantec. It’s not just me, there will be a customer case study (yes, an honest to goodness security person willing to talk about what they’ve done). Here’s the official description, and you can register here: Where Is Your Confidential Data and How Do You Protect It? A Real Life Customer Success Do you know where your confidential data is stored and how to protect it? Industry analysts predict that data discovery will be the single fastest-growing segment of the Data Loss Prevention (DLP) market in 2008 and beyond. In this webcast, you will get the opportunity to hear first hand how Sharp HealthCare implemented a DLP solution to secure their sensitive customer data stored across the organization, and what business results they are seeing today. Join Rich Mogull, founder of Securosis LLC and former Gartner analyst, and Starla Rivers, Technical Security Architect at Sharp, as they address how to easily deploy DLP and quickly realize the solution benefits.

Webcast On Tuesday: Encryption And Key Management [securosis.com] Posted: 01 Jun 2008 08:03 PM CDT This Tuesday I’ll be giving a webcast for RSA on encryption and key management. It’s heavy on the data center side; focusing on SAN/NAS/Tape, Databases, and Applications. Not much discussion of mobile or email, but a bit of file and folder (server based). Here’s the official description, and you can register here: Encryption Considerations for the Enterprise Business Trends, Impact, and Solutions Government regulations and internal policies drive your need to secure information wherever it lives and travels. Get the facts on Encryption and Key Management technologies during this seminar series and Q&A featuring Rich Mogull, founder of Securosis.com, who will discuss: Why encrypt data? Where to encrypt data? What are the pros and cons of different solutions? What role should enterprise key management play as part of an overall encryption strategy? What is the value of centralizing encryption key management?

Emergency SunSec This Wednesday! Rothman Hits Phoenix! [securosis.com] Posted: 01 Jun 2008 07:57 PM CDT The legendary Mike Rothman will be in Phoenix this week, so we’re going to call an emergency session of SunSec on Wednesday to celebrate the occasion. Rumor is we might also have another surprise guest or two. I realize I’ve been a total slacker on organizing these; we really need to figure out a regular schedule at some point. We’ll be starting at Furio in Old Town Scottsdale for happy hour at 6 (we’ll probably head down early at 5), and possibly move someplace cheaper after happy hour ends. As always, email me with any questions, and we hope to see you there. SunSec is an informal gathering of anyone with an interest in security. We hang our, drink beverages, and just generally socialize.

Open thread [Emergent Chaos] Posted: 01 Jun 2008 01:10 PM CDT What the heck. Let's see what happens. Comment on what you will.

The next move [IT Security: The view from here] Posted: 01 Jun 2008 11:25 AM CDT Often, when I read other people's blogs, I look at the companies they are working for and think "well, they would say that, wouldn't they?" Richard Stiennon was very vocal whilst at Fortinet about all things firewall and network, at a time when I was coming down heavily on the other side of the fence. Chris Hoff, when at Crossbeam, talked a lot about UTM. Both of these guys are at the top of their game however, so their arguments also seemed reasoned and seasoned, and when they both moved to new jobs, their opinions remained broadly the same. Indeed Stiennon is now at a new startup with a similar message, and Hoff still refers to Crossbeam with reverence. I fully admit that I have made mistakes in choosing various parts of my career path so far, hence why I took the last 2 months off and took advice from Rich Mogull, Mike Rothman and as many others who would listen to my limey whingeing. The general message I got was "take your time, listen to what comes your way, and act only when you think you've got something worth doing". In the meantime I was still in constant contact with the security community, vendors and colleagues. Jobs are not as thin on the ground as I had expected in the current downturn, possibly because of the heightened awareness, particularly in data security created by the mistakes our government have made over here recently. It is therefore with great pride that I am able to report my latest move. I've just signed up Robert Newby and Associates (i.e. me) with PKWare for 12 months. I talked about some time ago when they first aroused my interest. I am going to be helping them make a big noise in the UK and EMEA. My reason for choosing this company...? Because I could. I'm genuinely excited about the software, the product direction and the easy story it tells. It aligns with everything I've ever thought about data security, and from the conversations I've had with the CTO and product managers, all I am likely to think about it in the coming months. So what do you know of PKWare? The normal reaction to the name is "PKWhat?", so I say "you know PKZip?", which of course everyone does. "That's them." The history is interesting, and something I will write more on another time, but their future is what concerns me for now. PK are no longer just about zip, but security too, SecureZIP is just that, a secure zip product, encryption and compression in one. PartnerLink is again, just that, linking a company to their partners by encrypting, compressing and applying policies to data at source. I wrote about PartnerLink before, saying that it was something I'd wanted to get written when I was a product manager. I'm quite glad I didn't now, as this is better than I could have managed with my resources. The products are good because they are simple ideas, effectively executed. Being a fully private company with no VC borrowing, there are no odd decisions passed down from people not involved in the business, so no nasty surprises or sell outs when the market is at its lowest point of appeal. Being a small company with an excellent pedigree, I can talk to the CTO as easily as I can the sales guy working on my accounts. This communication is evident throughout the company, most obviously to me by the quality of the software. At last, someone who QAs to their own deadlines, not the VCs'. So, I'm excited, I've found a breath of fresh air in an industry which looks like it's slightly lost its way of late. So, look forward to lots more data security posts again now I'm back working amongst customers with real data security needs. And to those of you who have picked this up because you have a Google alert for "PKWare" - hi, good to be working with you.

Because it is the weekend and I am lazy [Emergent Chaos] Posted: 30 May 2008 10:56 PM CDT Chris's beach reading recommendations John Maynard Smith, Evolution and the Theory of Games James S. Coleman, Foundations of Social Theory Ken Binmore, Natural Justice

Cyberterror! Cyberterror! Pfffft..Sputter…Gak!! [securosis.com] Posted: 30 May 2008 11:15 AM CDT Kevin Poulson over at Wired reports that a new National Journal report claims that Chinese hackers may have been responsible for a recent power outage in Florida and the big 2003 northeast blackout. Kevin does a good job of ripping this report a new one, and I even learned about a SCADA bug I didn’t know about the contributed to the 2003 event. I’m not going to get into the Chinese paranoia. Truth is, I have no doubt they both have advanced offensive cyber capabilities they use for intelligence gathering, and encourage the local hacking community to target us. Why not? Countries have been spying on each other ever since the creation of nations; no reason to think it will stop now because we’re too tied up watching American Idol to deal with it. I sure as heck hope we’re doing the same to them; that’s what I pay taxes for. But “cyberterrorism” and the 2003 blackout? Not so much. Unlike some I do consider cyberterrorism a legitimate concern for a nation-state, but I also consider the bar to be higher than any cyber event we’ve seen. If there isn’t serious loss of life or property that creates fear in a population for political or social goals, it ain’t terrorism. Sorry Estonia, we haven’t seen this yet, and I won’t be the idiot to predict it will happen in any given year. Bombs are a heck of a lot more effective at creating fear. As for the blackouts, the various people I’ve talked with in the energy/utilities sector indicate that the Blaster virus may have played a part in slowing down control and communication systems, exacerbating the event. It’s not that Blaster brought down the power systems, but that it infected the Windows control workstations, messing up email, alerting, and control software (because it hosed the OS, not because it infected those bits). That drops everything to a more manual process and the automated SCADA safeties, which combined with everything else going on weren’t enough. Could I be wrong? Absolutely; but it makes a lot more sense than Chinese hackers deliberately and successfully targeting our power grid. Not that I don’t think they aren’t capable, but there’s no evidence to indicate that occurred. You can always tell when it’s budget and election season in Washington, especially in these days of national FUD.

Collaboration Is Still a Singular, Personal Experience [The InfoSec Blog] Posted: 30 May 2008 10:14 AM CDT http://www.baselinemag.com/c/a/Messaging-and-Collaboration/Collabortion-Is-Still-a-Singular-Personal-Experience/?kc=BLBLBEMNL052908STR3 The primary collaboration tool today is still what it was 10 years ago: sending an e-mail attachment with a PowerPoint deck or Word document back and forth between two or more parties. It is a serial form of collaboration: I put together my work product, send it to you, and you send back your thoughts [...]

Jonathan Ive's Sharia Style [Emergent Chaos] Posted: 30 May 2008 09:11 AM CDT I was on a business commuter flight the other day, which was also the maiden voyage of my MacBook Air. I had it out before takeoff. This was an international flight and I was in bulkhead. On international flights, they're not as strict about not having your laptop on your lap during takeoff. This flight was only an hour and ten, and if I had to wait 'til cruising altitude, I'd never get any work done. I slid it into the middle of my Economist (manila envelopes are the only think it fits in), but other guys had their mondo Dells out, so I stopped hiding it. One of the flight attendants saw it and came over, pouncing on me. Drat. Nabbed. I blinked when she cooed, "Ooooooo, is that the new MacBook? Can I touch it?", because this wasn't what I would think of as a nerd-bird. It was Etihad from DMM to AUH, and after a few days in Al Khobar, I found the fact that the flight attendants had neither an abaya nor hijab to be a pleasant surprise. I handed it to her. She called over another flight attendant, who also cooed over it. They passed it back and forth extolling, "It's so light! It's so smooth! It feels sooooo good!" They called over a third young woman who turned up her her nose and sniffed, unimpressed, "My brother has one of those." She thus put the others in their place for being so unsophisticated as to not be totally bored by it yet. It's a good thing that SAFEE isn't implemented, yet, or we'd never have gotten off the ground. If looks could kill.... Pointedly ignoring her, my pair of flight attendants marveled over the Air for a bit longer and then handed it off to me so they could play with seatbelts and oxygen masks. After they left, the guy across the aisle turned to me and said, "My god, I never thought I'd see the day when a laptop was better at picking up girls than a Ferrari. That's it, I'm ditching Windows."

sqlninja 0.2.3 released - Advanced Automated SQL Injection Tool for MS-SQL [Darknet - The Darkside] Posted: 30 May 2008 02:51 AM CDT We’ve been folowing the development of sqlninja since the early days, it’s growing into a well matured and more polished tool with advanced features. Sqlninja is a tool written in PERL to exploit SQL Injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end. Its main goal is to provide a remote... Read the full post at darknet.org.uk

Offtopic: 0xe0030005 [Security Retentive] Posted: 30 May 2008 12:13 AM CDT Question: What is the sound of a disk drive crashing? Answer: Not much. Question: What does it do? Answer: It spits out "disk0s2: 0xe0030005 (UNDEFINED) and then it just locks up and won't boot. Question: When/Why does it do this? Answer: If its a Macbook whose hard drive just went bad. Delightfully Apple's Disk Utility still shows the drive as good, as does the S.M.A.R.T. monitoring. Alas - off to the store for a replacement drive. Ok, I can't let this post go by without making some sort of web security note.... The above "dialog" would have been much better if your browser supported the draft HTML5 spec. Then I'd have been able to use the tags to make it easier to see the above as a dialog...... wow, I guess I do need that nonsensical tag after all.

CSO's FUD Watch [Emergent Chaos] Posted: 29 May 2008 11:22 AM CDT "Introducing FUD Watch:" Most mornings, I start the work day with an inbox full of emails from security vendors or their PR reps about some new malware attack, software flaw or data breach. After some digging, about half turn out to be legitimate issues while the rest - usually the most alarming in tone - turn out to be threats that have little or no impact on the average enterprise. The big challenge for security writers is to separate the hot air from the legitimate threats. This column aims to do just that. But for this to work, audience participation is a must. I'm highly in favor of reducing the FUD. I hope that Bill Brenner's efforts will help constrain and shame some of the worst of the FUD. However, it won't go all the way. Bill admits that he's working from opinion not data. In The New School, we talk about how we need data on how often various problems actually manifest. When we get that data, we won't need as much audience participation. In the meantime, go mock the FUDsters.

You are subscribed to email updates from Security Bloggers Network To stop receiving these emails, you may unsubscribe now.	Email Delivery powered by FeedBurner
Inbox too full? Subscribe to the feed version of Security Bloggers Network in a feed reader.
If you prefer to unsubscribe via postal mail, write to: Security Bloggers Network, c/o FeedBurner, 20 W Kinzie, 9th Floor, Chicago IL USA 60610