Saturday, November 8, 2008

Spliced feed for Security Bloggers Network

Spliced feed for Security Bloggers Network

PaulDotCom Security Weekly - Episode 129 Part I - November 6, 2008 [PaulDotCom]

Posted: 08 Nov 2008 06:56 AM CST

In Part I of this week's episode we are joined by Bill Brenner, talking to us and the listeners about the best ways to sell security to upper management.

In Part II we discuss stories and bring on none other than Josh Wright to talk about some of the latest attacks against TKIP.

We are still working on the sound quality problems, swapped out a few cables this week and it helped. The intro to the show is messed up and Larry and I are only on the left channel, this does NOT persist throughout the entire episode. Please bare with us while we work towards better sound quality.

  • Sponsored by Core Security, listen for the new customer discount code at the end of the show
  • Sponsored by Astaro, download a free trial of the Astaro Security gateway today!
  • Sponsored by Tenable Network Security, creators of Nessus and makers of the Tenable Security Center, software that extends the power of Nessus through sophisticated reporting, remediation workflow, IDS event correlation and much more.
  • Want to register for any SANS conference? Please visit http://www.pauldotcom.com/sans/ for our referral program
  • Be sure to check out "Maltego" from Paterva, try the community edition for free!
  • Don't forget to sign up for our Mailing List, Forums, and log into our IRC Channel!
  • Full Show Notes
  • 3009128138_aedf946bc3.jpg

Hosts: Larry "HaxorTheMatrix" Pesce, Paul "PaulDotCom" Asadoorian

Email: psw@pauldotcom.com

Direct Audio Download

Audio Feeds:

"US officials say Chinese hackers have raided White House email archives multi..." [Security Circus]

Posted: 08 Nov 2008 04:14 AM CST

US officials say Chinese hackers have raided White House email archives multiple times, according to a report. The Financial Times reports some people it describes as "US government cyber experts" suspect the raids were sponsored by the Chinese regime. "We are getting very targeted Chinese attacks so it stretches credulity that these are not directed by government-related organisations," an unnamed source opined. Each attack cracked the unclassified network's defences for a short time. The classified network remained secure, we're assured by the FT's whispers. "For a short period of time, they successfully breach a wall, and then you rebuild the wall  ...  it is not as if they have continued access. It is constant cat and mouse on this stuff," the source reportedly said. The FT's revelations came just days after Newsweek reported that both the Obama and McCain campaigns had been hacked from overseas, with large amounts of data downloaded, apparently in an attempt to track the candidates' evolving policy positions. This could of course potentially help the unnamed foreign entities in future negotiations. The campaign attacks were picked up by the authorities, with the FBI and the Secret Service notifying the Obama campaign back in August that what staffers thought was a virus was something more sinister. "You have a problem way bigger than what you understand," an FBI agent reportedly told Obama staff members. "You have been compromised, and a serious amount of files have been loaded off your system." –White House network pwned 'multiple' times by Chinese • The Register

"Where in the world does the average citizen spend just two hours a week onlin..." [Security Circus]

Posted: 08 Nov 2008 03:57 AM CST

Where in the world does the average citizen spend just two hours a week online? An isolated backwater, perhaps? Or maybe netizen figures from a far-off land trapped in a time bubble of its own desiring? Well, close. This bastion of digital indifference is Italy, one of our closest neighbours, a super-rich G7 nation and homeland to the inventors of the telephone and radio. –This is social networking, Italian style - The Guardian - Will someone please take care of this, instead of debating suntan? Thanks!

Faust 2.0 [Security Circus]

Posted: 08 Nov 2008 03:54 AM CST

4160_13d6_400

Faust 2.0
The only blood these contracts are signed in is from me cutting my hand trying to open the goddamn CD case.

Reposted from xkcd

This posting includes an audio/video/photo media file: Download Now

"Death stands before me today like the hope of health for a sick man, like s..." [Security Circus]

Posted: 08 Nov 2008 03:52 AM CST

Death stands before me today like the hope of health for a sick man, like stepping out into the open air after a time of suffering. Death stands before me today like the aroma of incense, like sitting under the sail on the Day of the Great Wind. Death stands before me today like the odor of lotos-blossoms, like the first moments on the edge of sweet drunkenness. Death stands before me today like the end of a long rain, like the homecoming of a soldier a long time at war. Death stands before me today like the clarity of heaven, like the answer long-desired to a heavy riddle. And Death stands before me today like the way a man feels about home after he has spent many years in bondage. –"Dispute of A Man with His Ba", a text from a papyrus manuscript [Berlin 3024] of the 12th Dynasty, ca. 1800 B.C.E.

Go Software! KiTTY and Komodo Edit [.:Computer Defense:.]

Posted: 08 Nov 2008 02:45 AM CST

Odd Title... but it's 3:30am.

The first thing I wanted to mention was KiTTY ( via /dev/random). It's a fork of PuTTY, which is nice given PuTTY is on a rather slow development cycle, and new features are almost non-existent. Some of the features include folders within the saved sessions box (although, not implemented as "friendly" as they could be), transparency (this didn't work for me), login scripts (also didn't work for me) and integrated scp support. The features list is actually quite a bit longer than that, feel free to read it on the KiTTY website. As mentioned, a number of the features didn't work for me. I'm going to give it a try on a second computer before I rule it out, but I wanted to mention it now. A second bad experience would most likely lead to me never using it or mentioning it here, and it may work wonderfully for others.

The second thing I wanted to mention is that Komodo Edit 5.0 (the free version of Komodo IDE) is now available. Some of the biggest things are limited to Komodo IDE unfortunately, such as Source Code Checkout capabiliies and the ability to "beautify" your code. It does provide some UI clean-up and an update to Firefox 3.0 in the Edit version though.

One of the problems that I had was that my favourite plugin, Sourcetree ended up attached to the left pane instead of the right pane, which is very unnatural to me. It took me a couple of hours, but I dove into plugins for the first time, opening the jar file and pulling out the javascript. After I tracked down the name of the two panes online (not easily documented), I was able to modify the code and re-archive it. If anyone wants a step by step, or just my modified file, let me know.

How about a discount for the SC World Congress? [StillSecure, After All These Years]

Posted: 07 Nov 2008 09:37 PM CST

SCWCLogo So courtesy of the folks at SC Magazine and the Security Bloggers Network here is a great offer to attend a great security conference.  This offer is for the inaugural SC World Congress this December 9-10, at the Javits Center in NYC. The show has a great schedule and an "A" list of speakers lined up.  Unfortunately (or fortunately depending on how you feel about it) no vendors will be speaking, only "real experts", so you won't hear from the likes of me or other vendor pukes.

With the economy the way it is, I know many of you are probably finding it difficult to get buget to pay to attend conferences, not to mention budget for travel and expenses. With so many folks in the metro NYC area, SC World Congress is a great chance to get some top notch sessions in. So here is a way to make it a bit more affordable.  If you would like to attend the SC World Congress, here is a quick 35% off!  Just use Blog1(for a one day pass) or Blog2 (for a two day pass) in the special offers section when you register for the show.

There you go, what a deal!  I will be at the show as will StillSecure. If you are attending, come by and say hello!  Hope to see you there.

links for 2008-11-07 [SOURCE Conference Blog]

Posted: 07 Nov 2008 08:01 PM CST

Infrastructure 2.0 - Recent Post Roundup [ARCHIMEDIUS]

Posted: 07 Nov 2008 04:07 PM CST

I think it is very likely that network infrastructure will be transformed in coming years by new levels of automation and connectivity intelligence driven by demands from new IT initiatives, from RFID to collaboration, data center virtualization and even cloud computing.  I think we'll call this transformed network infrastructure 2.0.  The following are recent blogs [...]

It's official. Moving on. [stiennon's blog]

Posted: 07 Nov 2008 01:42 PM CST

I have been taking a look at the security industry lately as I get back into being a full time analyst.  Preliminary results indicate that about 30% of 1,200 companies I tracked two years ago have either been acquired or have quietly disappeared.  Anyone who has followed this blog over those years knows that I often object to calling this industry consolidation. 

Read more

Everyone Needs A Solution [ImperViews]

Posted: 07 Nov 2008 01:03 PM CST

HandsRaised_Small.jpgA friend of a friend of mine is an IT consultant that works with many companies (for the sake of blog anonymity, let's call him Steve). At a party last weekend, Steve mentioned that most of his customers are not very large - in fact, some are small brick-and-mortar shops. Regardless of size, they all have two things
in common: limited IT resources and very sophisticated IT needs.

Friday Funnies: "Star Wars" - an a capella tribute to John Williams [The Falcon's View]

Posted: 07 Nov 2008 10:27 AM CST

This is an amazing video by one clever and musically talented dude. It takes movie theme songs and combines it into a lovely compilation with Star Wars tribute lyrics. Check it out! :)...

Sarbanes Oxley, good to hear people questioning [Security Balance]

Posted: 07 Nov 2008 10:23 AM CST

John Pescatore is right when he says that talking about less regulation at this time seems to be not aligned with the current crysis, but the article he is pointing to is very precise on saying that the costs from SOX are pretty high and, as we could see, it wasn’t able to prevent cases like Bear Sterns, Lehman Bros., AIG and Merrill Lynch. Accountants are as creative as lawyers, they will always look for breaches in the controls (lawa) to do their magic.

SOX brought a lot of money to Information Security, but it also brought some directed focus on some controls that are not always the most required for all organizations. It would be nice to see a review of the law, verifying its results and actual costs.

US Government Detects Attacks on Obama and McCain Computers [SOURCE Conference Blog]

Posted: 07 Nov 2008 10:18 AM CST

Now that the presidential race is over Newsweek is reporting that the US Government, through the FBI and Secret Service, notified the Obama and McCain campaigns that their computers had been compromised and sensitive documents copied.

…the FBI and the Secret Service came to the campaign with an ominous warning: “You have a problem way bigger than what you understand,” an agent told Obama’s team. “You have been compromised, and a serious amount of files have been loaded off your system.” The following day, Obama campaign chief David Plouffe heard from White House chief of staff Josh Bolten, to the same effect: “You have a real problem … and you have to deal with it.” The Feds told Obama’s aides in late August that the McCain campaign’s computer system had been similarly compromised.

This information demonstrates that the US government has a sophisticated intrusion detection capability. This is likely part of the NSA internet surveillance system that was made public by an AT&T technician in 2006.

It is likely that the system has a set of watch IP ranges that are sensitive from a national security perspective. The campaigns’ computers were probably on this list. The traffic between foreign IP addresses and these watch IPs is then scrutinized for espionage. The pattern of activity flagged would be Microsoft Office documents and PDFs being retrieved or other intruder signs such as an encrypted tunnel with a foreign endpoint.

This shows that the US Government has the capability to detect some types foreign attacks although they probably have to be selective of the IP ranges they monitor. It’s nice to know that if the White House computers were leaking documents to China or Russia that there is some detection capability, but the fact that this is done at the Internet backbone level means any IP could be targeted and it might not just be to look for foreign intrusions.

The WPA sky is not falling [Security Balance]

Posted: 07 Nov 2008 09:58 AM CST

A lot of noise about a new research that “cracked” WAP was made this week. Well, there are more details about it today, and they clearly show that the WAP sky is not falling.

There is a very good abstract of what is happening on the article above:

“To describe the attack succinctly, it’s a method of decrypting and arbitrarily and successfully re-encrypting and re-injecting short packets on networks that have devices using TKIP. That’s a very critical distinction; this is a serious attack, and the first real flaw in TKIP that’s been found and exploited. But it’s still a subset of a true key crack.”

So, it’s not the final attack against WAP protected networks, but it is a very important building block for more elaborate attacks. I can see that in a near future we will see more serious stuff being done using this as a starting point. Keep your ears open.

Chinese hackers pwn whitehouse (.gov, not the other one) [The Dark Visitor]

Posted: 07 Nov 2008 09:32 AM CST

A Financial Times article discusses multiple security compromises in the Whitehouse network. Heike blogged already about both President-Elect Obama’s and Senator McCain’s campaign networks were compromised by foreign hackers as well. The network of my precinct committee chairperson is next. From the article:

"For a short period of time, they successfully breach a wall, and then you rebuild the wall . . . it is not as if they have continued access," said the official. "It is constant cat and mouse on this stuff."

As usual, the article is slim on technical details and fills in the space with general cybersecurity background. At this point, it may be easier to list the government organizations that haven’t been compromised by Chinese hackers.

Share/Save/Bookmark

Managed Resnet & NAC [CTO Chronicles]

Posted: 07 Nov 2008 08:58 AM CST

I've written about the link between NAC and MSP before, and the success of NAC in the higher education market is certainly no secret.  More and more of our higher ed customers have been talking lately about outsourcing their residential networks.  This seems to make sense on a number of levels, provided that the schools can work out a structure for the support as well as engineering and maintenance of the residential network.  Certainly, it makes sense to have NAC as an integral part of the managed resnet service, but it also has the potential to go much farther than that, including services like voice and on-demand video in addition to data.  Network Vigilance, a company based in San Diego, CA, provides managed NAC services today.  Another company based here in Austin, Apogee has managed residential services as their primary business function and seems to be making a go of it (except for the domain name, seriously..).


Despite the macro economic conditions (and perhaps because of them), I think this has real growth potential.  Having what amounts to a specialized MSP provided authenticated, well-governed network access to residential halls, freeing on-campus network staff to focus more on backbone services, and providing school administrators with a predictable cost structure that can be baked into the cost of the dorm room seems to make sense for everyone.  Just don't forget the "authenticated, well-governed" part.

Friday News and Notes [Digital Bond]

Posted: 07 Nov 2008 08:30 AM CST

  • Being up in Canada the last two weeks I’m hearing a lot about the 3 pipeline bombings in BC. Ecoterrorism at work here as an anonymous writer warned “Encana and all other oil and gas interests” to close down operations near where the explosions took place. Even called the oil and gas companies “terrorists”. Local residents are getting increasingly worried.
  • A reader pointed out that the two-day SANS SCADA Security Summit on Feb 2-3 costs $1,945. Very pricey for information and presentations you would see at many other free or much lower cost venues. If money is tight in your organization I would recommend waiting a few months until PCSF 2009.
  • Another control system exploit released for the Metasploit framework. This time for the GE Fanuc Proficy Information Portal vulnerability that Eyal Udassin presented at S4 this year. The exploit had been passed around a couple of weeks before becoming public. The amusing side of this is that Digital Bond alumni Matt Franz is listed as the author in the code. He claims no part of this, so is it an homage to Matt or trying to get him in trouble?
  • KnujOn Interrogatory Terminated By ICANN Official [Infosecurity.US]

    Posted: 07 Nov 2008 08:21 AM CST

    Further Evidence Pointing To ICANN Failures

    News today, from our friends at KnujOn of failed attempts (due to intervention by ICANN officials) to bring reports of nefarious criminal activity within the Domain Registrar accreditation system to ICANN.

    Infosecurity.US is calling for law enforcement to investigate this issue, and the participatory actions of ICANN officials, whom appear, anecdotally, to be quite pleased with the current status, regardless of evidence pointing to potentially surreptitious domain registrar accreditation data. The full KnujOn posting appears after the break.

    From the post: “KnujOn Censored at ICANN Session

    In an unusual and shocking move Dr. Robert Bruen was interrupted and silenced at an open, cross-function ICANN meeting in Cairo Monday. At a meeting entitled: “ Open Joint Session (GNSO, ccNSO, GAC, ALAC): Domain Name Space" Dr. Bruen was handed the microphone in the question and answer portion. As he began speaking about the problems of compliance and the need for better controls within the expanding Internet, specifically in relation to criminal infiltration of the Domain Name space, Patrick Sharry (ICANN ccNSO Consultant) stopped Dr. Bruen and said: “I don’t want to pursue it any more in this forum.Chris Disspain (CEO of Australian Domain Administration) followed this rare dismissal by saying: "[if] it turns into an open microphone, then I, for one, won’t be supporting it again." Meaning he would no longer support question and answer portions at ICANN sessions.

    This was quite a shock after several other attendees were able ask lengthy questions uninterrupted. However, Dr. Bruen should have known he was walking on thin ice. Once he introduced himself as a KnujOn representative Patrick Sharry told him to "keep it brief."

    This is somewhat reminiscent of Peter Dengate-Thrush's response to questions from KnujOn's Garth Bruen at the Washington D.C. ICANN Session entitled: "Improving Institutional Confidence consultation" KnujOn brought up issues of criminality, contract violations, and exclusion of the Internet consumer. Dengate-Thrush admonished Bruen that "this was not relevant to institutional confidence." Later at this same session Dengate-Thrush told the audience that he did not "want to hear from any more angry IP lawyers." Many of the attendees were attorneys representing brand holders being exploited by cyber-squatters and counterfeiters. The Intellectual Property community expressed its feeling of being marginalized by ICANN in favor of shadowy criminal interests.

    So, as at the Cairo meeting, open forums only seem open if the panel wants to hear the question. The summary dismissal of Dr. Bruen can only be seen as prejudiced as it violates Sharry's own ground rules for the session:

    "…our joint SO and AC meeting is focusing on new gTLDs, IDN ccTLDs, and issues that run across that space."

    Dr. Bruen's unasked and unanswered question concerned the fact that since the existing compliance structure is inadequate, how can ICANN ensure contractual compliance is enforced in a rapidly expanded Internet? Furthermore, Sharry opened the session with this commitment:

    "We will try, as we do that, on the way through, to involve a little bit of at least conversation, if not a little bit of conflict or argument or heated debate or discussion or something like that is(sic) well. And we will see how we go then, bringing the audience into that conversation."

    But, as we can see no debate or discussion was allowed. Since the serious issue has emerged of Registrar Secrecy, we simply want to know if this will be allowed to continue within the new Doamin Registrar space or will common-sense policy be implemented. If the issues of contract violations, criminality in the Registrar community, and exclusion of the consumer are not relevant to improving institutional confidence, then what is?

    KnujOn will be contacting Sharry and Disspain directly, as well as ICANN's Ombudsman, to get a better explanation. We are speaking on behalf of the consumer and wont be silenced.

    Reblog this post [with Zemanta]

    Genius: Alan Mathison Turing, Ph.D., OBE, FRS [Infosecurity.US]

    Posted: 07 Nov 2008 07:42 AM CST

    Infosecurity.US continues our Genius Series with an obvious choice of subject boffins, this time, Alan Mathison Turing, Ph.D. OBE, FRS.. Dr. Turing ( 23 June 1912 - 7 June 1954 ) was a British mathematician and cryptographer, considered to be one of the fathers of modern computer science, and a significant figure in the Allies successful cracking of Nazi Germany’s cryptographic work, thereby bring a swifter end to World War II. Further information including a couple of short videos,  appear after the break.

    From The  :”Encyclopedia of World Biography

    The British mathematician Alan Mathison Turing (1912-1954) was noted for his contributions to mathematical logic and to the early theory, construction, and use of computers.

    Alan Turing was born in London, England, on June 23, 1912. Both his parents had upper middle class origins, and his father continued that tradition as an administrator in the Indian civil service. With his father off in India, Turing was sent away to private boarding schools. After some early problems with social adjustment, he distinguished himself in mathematics and science.

    Turing’s exceptional mathematical abilities were first generally recognized in his college years (1931-1936) at King’s College of Cambridge University. His most important mathematical work, “On Computable Numbers,” was written in Cambridge in 1936. In this paper Turing answered a question of great significance to mathematical logic–namely, which functions in mathematics can be computed by an entirely mechanical procedure. His answer was phrased in terms of a theoretical machine (today known as the “Turing machine”) which could mechanically carry out these computations. Embodied in the Turing machine idea is the concept of the stored program computer.”

    Heroes: Colonel Juan Ayala, USMC [Infosecurity.US]

    Posted: 07 Nov 2008 07:41 AM CST

    Infosecurity.US carries on with our Heroes Series, focusing this time on Legion of Merit with Combat Distinguishing Device recipient Juan Ayala, COL, USMC. He was awarded the Legion of Merit for efforts in building up the 1st Iraqi Army Division, thereby assisting in protecting the lives of fellow Marines, other service members in-theater, colleagues in the Iraqi Army and Iraqi citizenry.

    We applaud the Colonel’s efforts, and all who serve our great nation. Further information regarding Colonel Ayala’s immensely valuable service to the Corps, and  the people of the United States, appears after the break.


    A secure Iraq requires competent local police and national army. In Iraq, U.S. commanders have helped achieve stability in former hotbeds of violence by building up Iraqi Security Forces, thanks to the creative efforts of soldiers and Marines, such as Marine Corps Col. Juan Ayala.

    During his third tour in Iraq, from January 2006 to January 2007, Col. Ayala served as the Senior Advisor to the 1st Iraqi Army Division, based at Camp Habbaniyah. Numerous challenges faced Ayala and his 29-man team, as they operated daily in tandem with the Iraqis. The Division lacked soldiers, trained officers and equipment. The surrounding terrain proved hostile as well. In early 2006, Anbar province remained volatile, and the Iraqi Army often found itself engaged in battles with civilians allied with insurgents.

    Over time, under Ayala's guidance, the Iraqis increased their areas of responsibility and gained credibility among the population. Specifically, Col. Ayala revamped the staff functions of the Division, drawing up missions that fit its skill set. He collaborated with local imams and sheiks to obtain approval for operations. As a result of the built-up trust, the flow of actionable intelligence to the Division increased, as did the number of formerly hostile Sunnis to the Division's ranks. So many ended up joining the Iraqi forces that they eventually gained a title: the "sons of Al Anbar."

    Ayala helped plan and execute 52 direct action patrols in the area, which yielded 25 captured insurgents. Ayala's input resulted in the creation of a 24-hour joint Iraqi/Advisor Combat Operations Center, which helped obtain situational awareness on the ground. Other positive developments under Ayala's tenure included equipment improvements and the purging of hundreds of bogus soldiers from the Division's ranks. Under Ayala, the implementation of a Unit Tracking Program (UTP) was influential in maintaining accountability among the Iraqi soldiers in the Division.

    Ayala often went on patrols, serving as a vehicle and convoy commander. He was hit twice by IEDs, but kept going out on missions to assess the Division's ability in the field. He led 17 teams and 225 advisors at different levels of command, to improve the capabilities of the Division. Today, two of the Division's Brigades, the 3rd and the 4th, function without coalition assistance.

    For his efforts in building up the 1st Iraqi Army Division, Col. Ayala earned the Legion of Merit with Combat Distinguishing Device.

    Reblog this post [with Zemanta]

    IRS requires EV SSL for online filing in 2009 [Tim Callan's SSL Blog]

    Posted: 07 Nov 2008 04:18 AM CST

    The IRS has published draft 2 of a requirement that will require all e-file tax sites to use Extended Validation SSL Certificates starting January 1, 2009. States the guideline in part,

    This requirement applies to Authorized IRS e-file Providers participating in Online Filing of individual income tax returns that collect taxpayer information via the Internet. These Providers shall possess a valid and current Extended Validation Secure Socket Layer (SSL) certificate using SSL 3.0 / TLS 1.0 or later, and minimum 1024-bit RSA / 128-bit AES.

    This passage refers to the service that may be offered by sites whereby you can file your taxes directly online from your own computer. The e-file program offers free filing to individual taxpayers with household income under a certain threshhold ($54,000 in 2007) and for-fee filing to any individual. (It also offers filing services to businesses and the self-employed, but those groups are outside this requirement, at least for 2009.) You may recall that online tax scams, including phishing attacks, have run rampant during the past two tax seasons. I believe that's what motivates this decision by the IRS, which seeks to offer e-filing to the populace in a widespread and egalitarian way while minimizing the individual's risk of identity theft.

    [Chinese]给UTM泼点冷水 - 防火墙-UTM-IPS之三国争霸 [Telecom,Security & P2P]

    Posted: 07 Nov 2008 03:58 AM CST

    看完皓月所写的"防火墙、UTM产品OEM第三方产品或嵌入第三方反病毒引擎的利弊分析",掩卷而思,这些观点印证了前些天和朋友们探讨的若干观点。近几年,防火墙和入侵检测系统IDS演变到防火墙FW、入侵防御系统IPS和统一威胁管理UTM系统的三国争霸,UTM将会代替防火墙的声音获得了不少关注。从皓月的这篇文章中,你能发现很多更深层次的思索。与这几年的安全运营经验匹配,下面三点可能会对FW/IPS和UTM之争产生相当大的影响:     位置和策略的合理性:网关位置对抗恶意代码不是一劳永逸的,一方面恶意代码的最终目标并不是网关,而是在网关之后内网内的各类终端节点,而单纯的依赖网关防毒,则会造成"单点突破,全局沦陷"的现象出现;另一方面,恶意代码无法单独存在,势必要通过各类行为(如:扫描、攻击、窃取等)扩散其影响,而这些行为对于现有直路带基于文件代理方式静态匹配的病毒功能的防火墙以及UTM设备来说,是根本无法检测的;     升级频率的差异化:传统的防火墙理论上是一个稳定的面向策略的高性能安全功能组件,通过策略的配置、变更来起到安全控制;其最坏的情况下即使不能够确保预定义的安全策略有效执行,也可以通过全部阻断方式切断网络出口连接。换句话说,即使无法对内网内的威胁作出响应,也可以使之不通过网络出口进一步扩散。对于反病毒来说,其是一个可变的面向恶意代码对象的易扩展安全功能组件,特征库的升级、程序模块的升级频率远高于防火墙类安全产品的升级。对于UTM产品来说,其统一化的功能架构为新功能的扩充打下了基础,但这并不是一个简单的堆叠、加法过程,相反,当可变的功能组件与稳定的功能组件发生同处于一个硬件及部署位置时,就会导致每个功能都会大打折扣,而反病毒引擎的不稳定概率是最高的。     运维管理的特殊性:对于IT管理者来说,其最根本的目标是保障业务的连续性不受破坏,那么在网络出口直连的带防病毒功能的防火墙、新型UTM设备如果频繁的升级、变更安全策略,势必会引入一定的风险,而致使业务的可用性受到很大的损害,那么是得不偿失的。 - 点击下载原文(pdf) -。 Share To:

    TKIP, comment ça marche ? [SOURCE Conference Blog]

    Posted: 07 Nov 2008 01:49 AM CST

    Microsoft Releases Advanced Security Notification [Infosecurity.US]

    Posted: 06 Nov 2008 07:19 PM CST

    Microsoft Corporation (NasdaqGS; MSFT) has released advanced notification of it’s famous Patch Tuesday effort (now slated for November 11, 2008 (Veterans Day in the United States, and Remembrance Day in Canada) - probably not the best choice of days to release major security patches….

    The full text of the notification appears after the break.

    Microsoft Security Bulletin Advance Notification for November 2008

    **************************************
    Microsoft Security Bulletin Advance Notification for November 2008
    Issued: November 6, 2008
    **************************************

    This is an advance notification of security bulletins that
    Microsoft is intending to release on November 11, 2008.

    The full version of the Microsoft Security Bulletin Advance
    Notification for November 2008 can be found at
    http://www.microsoft.com/technet/security/bulletin/ms08-nov.mspx.

    This bulletin advance notification will be replaced with the
    November bulletin summary on November 11, 2008. For more information
    about the bulletin advance notification service, see
    http://www.microsoft.com/technet/security/Bulletin/advance.mspx.

    To receive automatic notifications whenever Microsoft Security
    Bulletins are issued, subscribe to Microsoft Technical Security
    Notifications on
    http://www.microsoft.com/technet/security/bulletin/notify.mspx.

    Microsoft will host a webcast to address customer questions on
    these bulletins on Wednesday, November 12, 2008,
    at 11:00 AM Pacific Time (US & Canada). Register for the November
    Security Bulletin Webcast at
    http://www.microsoft.com/technet/security/bulletin/summary.mspx.

    Microsoft also provides information to help customers prioritize
    monthly security updates with any non-security, high-priority
    updates that are being released on the same day as the monthly
    security updates. Please see the section, Other Information.

    This advance notification provides the software subject as the
    bulletin identifier, because the official Microsoft Security
    Bulletin numbers are not issued until release. The bulletin summary
    that replaces this advance notification will have the proper
    Microsoft Security Bulletin numbers (in the MSyy-xxx format) as the
    bulletin identifier. The security bulletins for this month are as
    follows, in order of severity:

    Critical Security Bulletins
    ===========================

    Windows Bulletin 1

    - Affected Software:
    - Microsoft XML Core Services 3.0 on
    Microsoft Windows 2000 Service Pack 4
    - Microsoft XML Core Services 4.0 when installed on
    Microsoft Windows 2000 Service Pack 4
    - Microsoft XML Core Services 6.0 when installed on
    Microsoft Windows 2000 Service Pack 4
    - Microsoft XML Core Services 3.0 on
    Windows XP Service Pack 2 and
    Windows XP Service Pack 3
    - Microsoft XML Core Services 4.0 when installed on
    Windows XP Service Pack 2 and
    Windows XP Service Pack 3
    - Microsoft XML Core Services 6.0 when installed on
    Windows XP Service Pack 2 and
    Windows XP Service Pack 3
    - Microsoft XML Core Services 3.0 on
    Windows XP Professional x64 Edition and
    Windows XP Professional x64 Edition Service Pack 2
    - Microsoft XML Core Services 4.0 when installed on
    Windows XP Professional x64 Edition and
    Windows XP Professional x64 Edition Service Pack 2
    - Microsoft XML Core Services 6.0 when installed on
    Windows XP Professional x64 Edition and
    Windows XP Professional x64 Edition Service Pack 2
    - Microsoft XML Core Services 3.0 on
    Windows Server 2003 Service Pack 1 and
    Windows Server 2003 Service Pack 2
    - Microsoft XML Core Services 4.0 when installed on
    Windows Server 2003 Service Pack 1 and
    Windows Server 2003 Service Pack 2
    - Microsoft XML Core Services 6.0 when installed on
    Windows Server 2003 Service Pack 1 and
    Windows Server 2003 Service Pack 2
    - Microsoft XML Core Services 3.0 on
    Windows Server 2003 x64 Edition and
    Windows Server 2003 x64 Edition Service Pack 2
    - Microsoft XML Core Services 4.0 when installed on
    Windows Server 2003 x64 Edition and
    Windows Server 2003 x64 Edition Service Pack 2
    - Microsoft XML Core Services 6.0 when installed on
    Windows Server 2003 x64 Edition 1 and
    Windows Server 2003 x64 Edition Service Pack 2
    - Microsoft XML Core Services 3.0 on
    Windows Server 2003 with SP1 for Itanium-based Systems and
    Windows Server 2003 with SP2 for Itanium-based Systems
    - Microsoft XML Core Services 4.0 when installed on
    Windows Server 2003 with SP1 for Itanium-based Systems and
    Windows Server 2003 with SP2 for Itanium-based Systems
    - Microsoft XML Core Services 6.0 when installed on
    Windows Server 2003 with SP1 for Itanium-based Systems and
    Windows Server 2003 with SP2 for Itanium-based Systems
    - Microsoft XML Core Services 3.0 on
    Windows Vista and
    Windows Vista Service Pack 1
    - Microsoft XML Core Services 4.0 when installed on
    Windows Vista and
    Windows Vista Service Pack 1
    - Microsoft XML Core Services 6.0 when installed on
    Windows Vista and
    Windows Vista Service Pack 1
    - Microsoft XML Core Services 3.0 on
    Windows Vista x64 Edition and
    Windows Vista x64 Edition Service Pack 1
    - Microsoft XML Core Services 4.0 when installed on
    Windows Vista x64 Edition and
    Windows Vista x64 Edition Service Pack 1
    - Microsoft XML Core Services 6.0 when installed on
    Windows Vista x64 Edition and
    Windows Vista x64 Edition Service Pack 1
    - Microsoft XML Core Services 3.0 on
    Windows Server 2008 for 32-bit Systems
    (Windows Server 2008 Server Core installation not affected)
    - Microsoft XML Core Services 4.0 when installed on
    Windows Server 2008 for 32-bit Systems
    (Windows Server 2008 Server Core installation not affected)
    - Microsoft XML Core Services 6.0 when installed on
    Windows Server 2008 for 32-bit Systems
    (Windows Server 2008 Server Core installation not affected)
    - Microsoft XML Core Services 3.0 on
    Windows Server 2008 for x64-based Systems
    (Windows Server 2008 Server Core installation not affected)
    - Microsoft XML Core Services 4.0 when installed on
    Windows Server 2008 for x64-based Systems
    (Windows Server 2008 Server Core installation not affected)
    - Microsoft XML Core Services 6.0 when installed on
    Windows Server 2008 for x64-based Systems
    (Windows Server 2008 Server Core installation not affected)
    - Microsoft XML Core Services 3.0 on
    Windows Server 2008 for Itanium-based Systems
    - Microsoft XML Core Services 4.0 when installed on
    Windows Server 2008 for Itanium -based Systems
    - Microsoft XML Core Services 6.0 when installed on
    Windows Server 2008 for Itanium -based Systems
    - Microsoft XML Core Services 5.0 on
    Microsoft Office 2003 Service Pack 3
    - Microsoft XML Core Services 5.0 on
    Microsoft Word Viewer 2003 Service Pack 3
    - Microsoft XML Core Services 5.0 on
    2007 Microsoft Office System and
    2007 Microsoft Office System Service Pack 1
    - Microsoft XML Core Services 5.0 on
    Microsoft Office Compatibility Pack for Word, Excel, and
    PowerPoint 2007 File Formats and
    Microsoft Office Compatibility Pack for Word, Excel, and
    PowerPoint 2007 File Formats Service Pack 1
    - Microsoft XML Core Services 5.0 on
    Microsoft Expression Web and
    Microsoft Expression Web 2
    - Microsoft XML Core Services 5.0 on
    Microsoft Office SharePoint Server 2007 and
    Microsoft Office SharePoint Server 2007 Service Pack 1
    (32-bit editions)
    - Microsoft XML Core Services 5.0 on
    Microsoft Office SharePoint Server 2007 and
    Microsoft Office SharePoint Server 2007 Service Pack 1
    (64-bit editions)
    - Microsoft XML Core Services 5.0 on
    Microsoft Office Groove Server 2007

    - Impact: Remote Code Execution
    - Version Number: 1.0

    Important Security Bulletins
    ============================

    Windows Bulletin 2

    - Affected Software:
    - Microsoft Windows 2000 Service Pack 4
    - Windows XP Service Pack 2 and
    Windows XP Service Pack 3
    - Windows XP Professional x64 Edition and
    Windows XP Professional x64 Edition Service Pack 2
    - Windows Server 2003 Service Pack 1 and
    Windows Server 2003 Service Pack 2
    - Windows Server 2003 x64 Edition and
    Windows Server 2003 x64 Edition Service Pack 2
    - Windows Server 2003 with SP1 for Itanium-based Systems and
    Windows Server 2003 with SP2 for Itanium-based Systems
    - Windows Vista and
    Windows Vista Service Pack 1
    - Windows Vista x64 Edition and
    Windows Vista x64 Edition Service Pack 1
    - Windows Server 2008 for 32-bit Systems
    (Windows Server 2008 Server Core installation affected)
    - Windows Server 2008 for x64-based Systems
    (Windows Server 2008 Server Core installation affected)
    - Windows Server 2008 for Itanium-based Systems

    - Impact: Remote Code Execution
    - Version Number: 1.0

    Reblog this post [with Zemanta]

    SIRv5 Vulnerability Trends Webcast - 1 of 2 - Industry Trends [Jeff Jones Security Blog]

    Posted: 06 Nov 2008 03:36 PM CST

    With the recent release of v5 of the Security Intelligence Report, I decided to produce a couple of webcast videos where I present my findings to you directly in a brief presentation. In this first one, I go over the industry-wide trends.

     


    1H08 Vulnerability Trends - Part1 - Industry

    To see all of my videos on http://edge.technet.com, click here (http://edge.technet.com/Tags/SecurityGuy/).

    Best regards, Jeff

    I stare in disbelief... [Security Circus]

    Posted: 06 Nov 2008 03:07 PM CST

    2338_4cda

    I stare in disbelief...

    This posting includes an audio/video/photo media file: Download Now

    1 comment:

    kiramatali shah said...

    Everyone has their favorite way of using the internet. Many of us search to find what we want, click in to a specific website, read what’s available and click out. That’s not necessarily a bad thing because it’s efficient. We learn to tune out things we don’t need and go straight for what’s essential.

    www.onlineuniversalwork.com