Posted: 20 Oct 2008 05:04 AM CDT
This posting includes an audio/video/photo media file: Download Now
Posted: 20 Oct 2008 04:55 AM CDT
This posting includes an audio/video/photo media file: Download Now
Posted: 19 Oct 2008 11:59 PM CDT
Posted: 19 Oct 2008 08:51 PM CDT
Last Wednesday I gave a presentation to the Northeast Ohio Information Security Forum on Maltego which is a fantastic tool for information gathering. The presentation focused on a high level overview of the application and how it can be used for all types of security related work including security assessments, investigations and helping find public information about a company or person.
You can download the presentation here. Like I mentioned at the talk you can get more information on Maltego from the Paterva website. If you are looking for a few good tutorials you can check out part one and part two on Room362.com or Ethicalhacker.net.
Posted: 19 Oct 2008 05:40 PM CDT
Here is some information regarding this week’s Wednesday ISSA - Baltimore Chapter infosec meetup event. You can’t go wrong attending a general pen test talk! There’s always something more to learn.
For more information on the ISSA - Baltimore Chapter, see its description in our NoVA Meetups section. View our Calendar for a complete list of infosec events in and around the NoVA area. Here is a link to the page with information on this meetup.
Posted: 19 Oct 2008 05:25 PM CDT
Here is some information regarding this week’s Wednesday ISACA - National Capital Area (NCA) Chapter infosec meetup event.
For more information on the ISACA - NCA Chapter, see its description in our NoVA Meetups section. View our Calendar for a complete list of infosec events in and around the NoVA area. Here is a link to the page with information on this meetup.
Posted: 19 Oct 2008 04:42 PM CDT
Here is some information regarding this week’s Tuesday ISSA - DC Chapter infosec meetup event. This looks to be a very interesting session on whitelisting applications. I’ve been thinking for a while that this is probably the only way we’re going to make a dent in curving the proliferation of malware. It’s useless trying to play detect and react. The security industry needs to be more proactive and whitelisting may be one tool that we can use. It’s been done with firewalls and many companies are now doing it for web sites as well. Applications are probably next in line.
For more information on the ISSA - DC Chapter, see its description in our NoVA Meetups section. View our Calendar for a complete list of infosec events in and around the NoVA area. Here is a link to the page with information on this meetup.
Posted: 19 Oct 2008 03:41 PM CDT
From the asp.net blog. "Today we shipped the final release of Silverlight 2. You can download Silverlight 2, as well the Visual Studio 2008 and Expression Blend 2 tool support to target it, here. Cross Platform / Cross Browser .NET Development Silverlight 2 is a cross-platform browser plugin that enables rich...
Posted: 19 Oct 2008 09:06 AM CDT
On 17 October, Chinese hackers defaced the South Korean Soccer Association website. According to the article, the Chinese soccer team has suffered a “Korean Phobia” in past encounters with the South Korean team. This may have been an attempt by the Red Hacker Alliance to show that no such phobia exists…somehow.
The defacement also illustrates that the hackers are not happy with claims that Chinese characters and Confucianism originated in South Korea.
The defacment reads:
“In addition to Confucius, the Emperor and Bush…martians are also South Korean”
Posted: 18 Oct 2008 11:59 PM CDT
Posted: 18 Oct 2008 06:19 PM CDT
Cloud computing has become a reality, yet the hype surrounding cloud has started to exceed the laws of physics and economics. The robust cloud (of all software on demand that will replace the enterprise data center) will crash into some of the same barriers and diseconomies that are facing enterprise IT today. Certainly there will always [...]
Posted: 18 Oct 2008 08:25 AM CDT
I installed Kubuntu 8.10 (Intrepid) Beta on one of my Workstations at work this week and I had really problems to get into the internet. Why? We have a PAC (proxy auto-config) script for our proxies and that PAC is reachable under
$ sudo vim /etc/nsswitch.conf
I hope Google helps others to find this post fast, so they don’t need to search that long for a workaround.
Posted: 17 Oct 2008 11:59 PM CDT
Posted: 17 Oct 2008 09:17 PM CDT
The IRS has sensitive data about 130 million people filing tax returns. But their computer systems storing that data have inadequate security controls, according to a study by the Treasury Inspector General for Tax Administration in a report released in September.
The security issues run the gamut from inadequate access controls, lack of auditing of privileged users and weak application security.
The study focused on the Customer Account Date Engine (CADE, for you acronym junkies who aren't US government employees), which is meant to streamline access to taxpayer data. I guess now that would also streamline access for hackers, as well.
The IRS was aware of the issues but didn't think they were important. Now, they do, and have agreed to work with the Inspector General's office to fix the vulnerabilities, the report says.
Posted: 17 Oct 2008 03:33 PM CDT
Matthew Chalmers submitted the following news. "With the theme "Setting the AppSec Agenda for 2009" the OWASP Summit will be a worldwide gathering of OWASP leaders and key industry players to present and discuss the latest OWASP tools, documentation projects, and web application security trends. Join us in Portugal in just...
Posted: 17 Oct 2008 03:26 PM CDT
For you listeners of the podcast, you may be aware that I'm doing some research into utilizing document metadata, and the inferences that an attacker can make about the victims overall operating environment. This analysis would allow an attacker to be able to deliver more accurate, targeted attacks against a victim.
One of the tools that I've been using is Exiftool, which at it's core, is an over driven command line front end to all of the options of libexif.
The other day I discovered an advisory about a integer-overflow vulnerability in libexif, the basis to several other tools I've been looking at as well. There is no know vulnerability, but from the description, it seems fairly trivial to create a corrupt file to trigger the condition.
Time to proceed my analysis with more caution.
That said, you should always be analyzing unknown, untrusted files in a protected environment. Maybe the environment is an air-gapped machine, or a VM with no networking that you can revert to a known state. This, all in your non-production lab of course.
This also brings up some more points. I relate this to some of the updates to the tools that many of us use every day that introduce vulnerabilities into our environments. Don't forget that the complexity of the options in a tool (Wireshark for example), or the complexity and implementation if a standard (Exif, 802.11) all contribute to some potential downfall.
That said, I love multi-purpose, extensible tools and standards (Wireshark, Exif and 802.11 included!), but for these complexity reasons, it is important to keep them up to date, and evaluate the implementations.
Sometimes this is easier said than done.
- Larry "haxorthematrix" Pesce
Posted: 17 Oct 2008 08:31 AM CDT
I only post this article because it mentions one of Heike’s favorite subjects.
This China Journal article covers news that the PRC government is requiring net cafes to skim ID cards for patrons and to take a photograph for first time users. Advocates of this new measure point to widespread problems with Internet addiction.
Posted: 16 Oct 2008 11:59 PM CDT
Posted: 16 Oct 2008 11:09 PM CDT
This week was Microsoft's monthly patch release and you may have noticed that we didn't blog a list of the released advisories, since you can find them all over the net (here, here or even here). I did, however, want to mention a few things.
One of the things that I wanted to mention was MS08-060, which was discovered by a colleague of mine - Paul Miseiko. Paul discovered this vulnerability while working on another MS Update earlier this year. We worked with the Proof of Concept code for a little while to make sure we didn't waste Microsoft's time by reporting something they'd already fixed. After testing we passed the proof of concept and details along to Microsoft, and now we have a patch.
The reason I wanted to bring this up is actually completely unrelated to Microsoft and Patch Tuesday, and leans more towards Paul's discovery. When I mention I work in security or security research, the first thing people tend to say is, 'Oh, you're a hacker.' In fact, on my way home last night the cab driver asked why I was out so late (working on MS Tuesday of course). I said I was working, and he asked what I did... I said I work with computer security and he immediately said, "So a hacker?". I only mention this because it's a common misconception that occurs in the general public when you put the words 'computer' and 'security' together. I actually find it's similar to a common misconception that occurs within the IT community.
Quite often when I'm speaking to others in the community, be it IT or IS, I'll find myself saying I do security research. A common response is, "So have you found any interesting vulnerabilities lately?" While the general public equates 'security research' or 'computer security' to 'hacking', we tend to equate it to 'vulnerability discovery'. Yet that's not what I do on a daily basis, nor is it what the other members of VERT do. The same is true for many people that perform research on a regular basis (AV Researchers, IDS Signature Developers, etc).
So then, what do we do? If you already know, you might just want to skip to the links at the bottom of the post. For those who don't know what we do every day: I'd like to say we do everything... but that would be a little far-fetched. Some of what we do can be summed up as Vulnerability Detection and Application Feature-printing. However this entails a lot of different things. Reverse engineering and packet analysis are a couple of things that come to mind. That being said we also work extensively with multiple operating systems, perform a fair amount of python development and analyze various protocols.
While vulnerability detection doesn't sound very interesting (compared to say vulnerability discovery or exploit development) it is quite often harder than either of those tasks. One of the key points it to be non-invasive. If you know something is vulnerable and are able to reach the vulnerable code, you can trigger the vulnerability (even if you perform a denial of service, instead of actually performing a buffer overflow, for example). It's much harder to figure out what else has changed between versions of the software. That's how you feature-print the application and based on accurate feature-printing of specific versions of applications, that's one way to identify which versions are vulnerable. This is more than writing a banner check, as banners are quite often hidden or modified, this is about understanding how the application acts on a protocol level.
Since we delve rather deeply into the applications, looking for differences that won't trigger the vulnerability, we find ourselves discovering vulnerabilities such as MS08-060. It isn't our intended focus but when you dig in like we do it's bound to happen.
For those of you that already knew what we did, maybe you picked up something new. For those of you that didn't... now you know.
Posted: 16 Oct 2008 09:59 PM CDT
For more information on the Techno Forensics Conference, see its description in our Infosec Conferences section. View our Calendar for a list of similar infosec events in and around the NoVA area. See the Techno Forensics Conference main page for more information.
Posted: 16 Oct 2008 09:34 PM CDT
It seemed a bit early, but I happened to see the latest issue of 2600 on the newstand this week, and snapped it up, as I do every three months.
As always, there's some good stuff in here. There are articles about Tor, cyberwar, Google Analytics, Blackhat SEO, pen testing and USB forensics.
Posted: 16 Oct 2008 03:33 PM CDT
While we love Google (I mean, they make a fantastic search engine), it was time to say goodbye to Google groups and get our very own mailing list server. Look for more good things to come on that front...
In the mean time, I have moved everyone over from the old Google groups mailing list to the new one. The "PaulDotCom" mailing list is for discussions about the show, general computer and network security topics, hacking, and the like. Feel free to discuss and ask questions. If you don't get an answer right away, be patient, it may take some time before people are able to respond.
If you have not yet joined the mailing list, then what are you wait for?
You just have to join the debate, who knows, we may even bat around the old "Ninjas Vs. Pirates" debate just for fun.
|You are subscribed to email updates from Security Bloggers Network |
To stop receiving these emails, you may unsubscribe now.
|Email Delivery powered by FeedBurner|
|Inbox too full? Subscribe to the feed version of Security Bloggers Network in a feed reader.|
|If you prefer to unsubscribe via postal mail, write to: Security Bloggers Network, c/o FeedBurner, 20 W Kinzie, 9th Floor, Chicago IL USA 60610|