Tuesday, November 11, 2008

Spliced feed for Security Bloggers Network

Spliced feed for Security Bloggers Network

Happy Birthday to BelSec [StillSecure, After All These Years]

Posted: 11 Nov 2008 04:30 AM CST

Belseccake One of the most prolific contributors to the Security Bloggers Network is the BelSec blog of the Belgian Security Bloggers Network.  The folks from BelSec contacted me about a year ago and asked if they could join the famous SBN.  I was flattered that they thought the SBN was famous and after checking out the sites sent them an invite. 

Well over the last year the BelSec crew have certainly proven themselves as great members of the SBN and a valuable resource to the security community.  Tomorrow (today for those in Europe) they celebrate their one year birthday. The crew at BelSec has a lot of activities planned throughout the day.  Stop over, see for yourself and enjoy.

Happy birthday BelSec and many more. Keep up the good work!

Disk confusion [D0R's blog]

Posted: 11 Nov 2008 02:42 AM CST

Several years ago, I was at a friend’s house and we were using his Amiga. Hard disks were not that common in those years, and we were loading programs from 3″1/2 diskettes.
After a reset (Ctrl + leftAmiga + rightAmiga) the machine beeped and showed coloured lines for a second. This is the sign that a Terminate and Stay Resident program had survived the warm reboot and was still in memory.  Some of these TSRs were actually viruses, so I warned my friend, and he thanked me.
A few days after I met him again. He told me, relieved, that he discovered that the colors and beeps after reboot were not due to a virus but to a tiny scratch on the surface of the disk.

Some time after I was with another friend which also owned an Amiga.  He had a floppy disk with a program he liked quite a lot, but when we tried to boot it, we faced a read/write error.
He ejected the disk from the drive, shook it vigorously, then re-inserted it into the drive. To his surprise, this didn’t work.
Therefore he handed the disk to me asking if I could do him the favour of making a copy.  At first I didn’t understand; then it dawned to me.  He believed that copying a disk, instead of producing a bitwise duplicate, had the effect of magically restoring in the copied disk the original program, without errors.

I was amazed about that because these guys were smart, although just not computer-savvy.  But then I discovered they both used to hang around with the son of the owner of a local computer shop, a warez kiddie.  Culprit found.


Links for 2008-11-10 [del.icio.us] [Anton Chuvakin Blog - "Security Warrior"]

Posted: 11 Nov 2008 12:00 AM CST

links for 2008-11-10 [Srcasm]

Posted: 10 Nov 2008 11:02 PM CST

3 open InfoSec positions at MIT Lincoln Laboratory [InfoSecPodcast.com]

Posted: 10 Nov 2008 08:48 PM CST

We currently have 3 Information Security positions open at MIT Lincoln Laboratory. The first position is Information Technology Security Team Lead. It is position #914 on the Employment page. Rather than re-hashing all the details you can read about it there. The other 2 positions do not have job postings up yet. We need 2 IDS / IPS analysts full time. Details of the positions should be posted soon.

All 3 positions are in Lexington, MA and will require the candidates to be able to obtain at least a SECRET level security clearance. If you or anybody you know may be interested please contact me at: chris.harrington AT ll.mit.edu



Monthly Blog Round-Up – October 2008 [Anton Chuvakin Blog - "Security Warrior"]

Posted: 10 Nov 2008 06:35 PM CST

As we all know, blogs are a bit "stateless" and a lot of good content gets lost since many people, sadly, only pay attention to what they see today. These monthly round-ups is an attempt to remind people of useful content from the past month!

So, here is my next monthly "Security Warrior" blog round-up of top 5 popular posts and topics.

  1. OF COURSE, the news of my "transition" is the item #1, by far. "Change!!!" and "Qualys" posts rule the list.
  2. Last month I posted a bunch of my presentations on logs, security, etc on the blog.  "Presentation from GOVCERT.NL 2008: Log Forensics" takes one of the tops spots; and so do "Presentation on Application Logging, Done Wrong or Very Wrong" and "Presentation on Optimizing Your Logging for Insider Attack Tracking."  BTW, all the presentations are here.
  3. Shockingly, AGAIN this month, the "Top 11 Reasons to Secure and Protect Your Logs" came up as #1 most popular post (maybe driven by my poll).  BTW, see my other logging polls and my other "top 11" lists.
  4. SIEM bashing reached a new high (eh…"low"? :-)), now that Richard is helping too;  my "11 Signs That Your SIEM Is A Dog or "Raffy, You Killed SIM!" is on the top list. It is both humorous and sadly true (and backed up by other sources and here.)
  5. Somewhat predictably, PCI compliance is obviously still all the rage: MUST-DO Logging for PCI? post was again propelled to a place in my monthly Top5 list.

See you in November.

Possibly related posts / past monthly popular blog round-ups:


Technorati Tags: ,,,

Hoff wants to know who the IF-MAP Haz and Haz'nots are [StillSecure, After All These Years]

Posted: 10 Nov 2008 03:42 PM CST

hoff So Chris Hoff thinks he might have come across the perfect solution to his vexing cloud/virtual security issues.  A comment from from Greg Ness over at Infoblox fired up a synapse in the Hoff's brain and he recalled that the TCG/TNC's IF-MAP protocol could really help with the whole in the cloud/virtual conundrum.  Chris wants to know how many vendors outside of the NAC space are actually supporting IF-MAP.

So while I don't stay as close to the goings on at the TCG/TNC as I would like to, let me venture a guess.  I think very few vendors are actually supporting and have implemented it.  In fact it is not just non-NAC vendors, it is NAC vendors as well. Other than Juniper, I am not aware of another NAC vendor who actually supports MAP yet. Not because we don't want to, it is just not important enough. I was also very jazzed about it last year at Interop. Customers have not demanded it. So no one has the cycles to spend on it. Yes Infoblox would make the comment on your blog.  I think they are the people who originally came up with the idea and pushed it through the TCG with their own server as the storage container.  Beyond that I though ArcSight was behind it, but don't know how far they have gone either.

Chris unfortunately like the TCG/TNC NAC standard itself, without more customers demanding it, it remains in the nice to have category instead of the must have category.  So in your lingo, there are many more haznots, than there are haz's and it will probably stay that way.

Advanced Windows Buffer Overflow 5 [VRT]

Posted: 10 Nov 2008 03:17 PM CST

Time for more pain. I like this one. It'll be different than the last few, and might involve a bit of a brain stretch for those not familiar with exploit techniques that differ from the norm. It'll hurt. There's a bit of basic reversing, but that's not the problem. Win2k please. AWBO5 "This is very important" --Olney "If I were your husband I would take it." -- Winston Churchill, hon VRT

I don't like Mondays [StillSecure, After All These Years]

Posted: 10 Nov 2008 01:46 PM CST

The Telex machine is kept so clean
And it types to a waiting world
And mother feels so shocked
Father's world is rocked
And their thoughts turn to their own little girl
Sweet 16 ain't that peachy keen
Now that ain't so neat to admit defeat
They can see no reasons
'Cos there are no reasons
What reasons do you need?

Oh Oh Oh Oh
Tell me why
I don't like Mondays
Tell me why
I don't like Mondays
Tell me why
I don't like Mondays
I wanna shoo-oo-oo-oo-oo-oot
The whole day down, down, down, shoot it all down

- The Boomtown Rats, I don't like Mondays

Well our economic news week was off to a rockin' start today.  First came word that Circuit City was filing for Chapter 11.  Well at least there should be some good liquidation deals on TVs and stuff in time for the holidays.  While supplies last that is. They had previously announced they were closing 155 stores and their stock was on the verge of being de-listed, so this should not be a surprise.

Next came word that DHL, which is actually owned by a German firm, is basically abandoning the US domestic market and will just service international deliveries from and to the US.  This will involve the loss of about 9,000 jobs, most of them in Ohio.  Just what that area needed. DHL was always a distant third to Big Brown UPS and FedEx.  Still, more tough news, more jobs lost, more bad news. 

This comes on top of some pretty grim news from the US automotive industry and giving our favorite insurance company, AIG another multi-billion dollar bailout.  I don't agree with people who say that all of this bad news will not have a chilling effect on IT in general and security in particular.  Just as a rising tide lifts all boats, an outgoing tide makes them all lower as well.

Reblog this post [with Zemanta]

The Matrix runs on Windows?? [An Information Security Place]

Posted: 10 Nov 2008 01:02 PM CST

A New Corporate Data Protection Nightmare [ImperViews]

Posted: 10 Nov 2008 12:43 PM CST

Thumbnail image for extortion.JPG

Express Scripts (Nasdaq: ESRX), one of the largest pharmacy benefit management companies in North America, announced last week that it has received a letter from an unknown person or persons trying to extort money from the company by threatening to expose millions of the company's patients' records.

The letter included personal information of 75 members, including their names, dates of birth, social security numbers, and in some cases, their prescription information. The company said it has notified the affected members. It also immediately notified the FBI, which is investigating the crime. The company also said that it is conducting its own investigation with the help of outside experts in data security and computer forensics. The letter arrived in early October. (Read the full press release here

While we do not know all the details about what happened at Express Scripts (it is unclear if this was an external hack or a case of an insider taking some data), it looks like extortion schemes for illegally obtained data is becoming increasing common these days.

Every company is a target [Phillip Hallam-Baker's Web Security Blog]

Posted: 10 Nov 2008 09:44 AM CST

THUS is a part of Cable and Wireless that operates in the UK. It is also a victim of phishing, or at the least brand impersonation.

The scam in this case appears to be an advance fee fraud. People are told that they have a job, they just need to pay for the visa application. The mails are of course sent out by crooks, this is a scam.

There have been similar scams involving lotteries, but these tended to involve the larger companies that could conceivably have a PR budget to do such stuff. this is a scam that can affect pretty much any company larger than a corner shop.

Internet addiction defined [The InfoSec Blog]

Posted: 10 Nov 2008 08:52 AM CST

http://www.engadget.com/2008/11/10/internet-addiction-defined-in-china-entire-engadget-staff-now-o/ Is a “dependency” the same as an “addiction“? Many businesses and business processes, to say nothing of Government, are now _dependent_ on the Internet. Its a key part of our economy, not just our lifestyle. The world could possibly give up cell-phones but I doubt it could give up the ‘Net and continue without [...]

No more Windows 3.x licenses [An Information Security Place]

Posted: 10 Nov 2008 08:30 AM CST

image OK, for you people still running out to Joe’s Ol’ Computer Shoppe to get spare parts for you old 386’s and licenses for your Windows 3.11 machines running a peer-to-peer network, you are screwed.  Microsoft stopped issuing licenses for Windows 3.x on Nov 1. 

Sorry.  Time to upgrade to Windows 95.  BTW, you may want to move to a 486 DX66 or something speedy like that.  At get AT LEAST 4 megs or RAM while you are at it.  And upgrade to VGA!  I might still have a VESA Local Bus card laying around with 1 meg of video RAM!  I’ll sell it cheap!


[Chinese]技术专家发现部分破解WPA的新方法 [Telecom,Security & P2P]

Posted: 10 Nov 2008 07:14 AM CST

据computerworld.com报道,下周将在东京召开的PacSec会议上将由Erik Tews演示他是如何破解WPA的。透露的主要破解原理是利用WPA将会自动向下兼容旧客户端,从而通过协商使用TKIP。这时他就有机会使用12-15分钟来破解整个通信的密钥。 所以,专家的推荐是: -Use only CCMP(AES). -Disable Negotiations to TKIP from CCMP(AES). -If you must use TKIP, rekey every 120 seconds. Share To:

Cyber-terrorism will be punishable by death [The InfoSec Blog]

Posted: 10 Nov 2008 06:53 AM CST

http://www.dailytimes.com.pk/default.asp?page=2008\117\story_7-11-2008_pg1_8 Only in Pakistan? Shame! The penalty is limited to an offence that 'causes death of any person', according to the ordinance that will be considered effective from September 29. And, thinking of the “for want of a nail” poem, how indirect does this causality have to be? OK, I can see zapping someone’s pacemaker, but how about [...]

Hack or Halo 5 at ShmooCon 2009 [Room362.com]

Posted: 09 Nov 2008 09:05 PM CST

Even if you have been to ShmooCon, something that alludes most con-goers is the Hack or Halo contest. Most of the time you will see it’s organizers at table near the registration desk getting people signed up. What you may not know is how the whole thing goes down. It’s after hours so, you aren’t missing the great content during the day, and it might save you a few dollars of money spending bar time. But the primary purpose of Hack or Halo isn’t to put money back in your pocket (and yes it’s free). The primary purpose is to get your game on be it gaming or hacking. Actually Chris Compton spells out what goes down really well on the Hack or Halo blog in his post called “In The Beginning”.

I would suggest that for a leg up on the rest of the contestants, you slap the blog in your RSS feed and follow them on twitter @HackorHalo. You never know, they might ‘accidentally’ release some pertinent information.


Primary excuses for not participating:

  • I didn’t bring my tools
    • You are the tool, download BT3 VM put boot it up, update it, take diable the TCP/IP stack on your sisters laptop that you borrowed for the con and you are already better off than some of the other contestants
  • I’m not go enough
    • If Zeff comes for Halo, or Chris Eagle is allowed to hack, you are right, you aren’t, but damn would you have some bragging rights if you kicked their arse.
  • I’m doing something that night
    • No, you really aren’t... you know it, I know it.

Now that we got it all straight. See you there.

P.S. The picture on the right is @KymPossible from the Hack or Halo squad. For most geeks out there, she will be reason enough to sign up. And yes, I may die tomorrow for posting this.



Rising anti-virus software damage users’ Outlook express [Telecom,Security & P2P]

Posted: 09 Nov 2008 08:08 AM CST

It’s reported that China-based anti-virus vendor - Rising damaged users' Outlook Express. The incident was firstly report at Nov.7. The Rising anti-virus software - Kaka was found to kill the Outlook Express folders as virus files. Rising has apologized to their users for this wrong operation and promised to correct this and help users to recover their [...]

Go Software! KiTTY and Komodo Edit [.:Computer Defense:.]

Posted: 08 Nov 2008 02:45 AM CST

Odd Title... but it's 3:30am.

The first thing I wanted to mention was KiTTY ( via /dev/random). It's a fork of PuTTY, which is nice given PuTTY is on a rather slow development cycle, and new features are almost non-existent. Some of the features include folders within the saved sessions box (although, not implemented as "friendly" as they could be), transparency (this didn't work for me), login scripts (also didn't work for me) and integrated scp support. The features list is actually quite a bit longer than that, feel free to read it on the KiTTY website. As mentioned, a number of the features didn't work for me. I'm going to give it a try on a second computer before I rule it out, but I wanted to mention it now. A second bad experience would most likely lead to me never using it or mentioning it here, and it may work wonderfully for others.

The second thing I wanted to mention is that Komodo Edit 5.0 (the free version of Komodo IDE) is now available. Some of the biggest things are limited to Komodo IDE unfortunately, such as Source Code Checkout capabiliies and the ability to "beautify" your code. It does provide some UI clean-up and an update to Firefox 3.0 in the Edit version though.

One of the problems that I had was that my favourite plugin, Sourcetree ended up attached to the left pane instead of the right pane, which is very unnatural to me. It took me a couple of hours, but I dove into plugins for the first time, opening the jar file and pulling out the javascript. After I tracked down the name of the two panes online (not easily documented), I was able to modify the code and re-archive it. If anyone wants a step by step, or just my modified file, let me know.

links for 2008-11-07 [Raffy - Security Data Visualization]

Posted: 07 Nov 2008 08:01 PM CST

McGoodies from operat0r [Room362.com]

Posted: 07 Nov 2008 02:54 PM CST

Many of you know who operat0r is, Darren in particular since operat0r pulled a magic trick on Darren’s ACER ONE that turned it from brick to badass in less than 5 minutes. But what some of you may not know is that ol’ McCurdy (operat0r) has some other awesome side projects that run the same course as my style of apps. PORTABLE. But these aren’t the standard portable apps that I find on the net. Well... let me just get to the list. Oh and I’m not linking directly to the projects because the download links change as he updates the tools.

  • w3af PORTABLE
  • MetaSploit PORTABLE
  • WebScarab PORTABLE

You can find all of these awesome McGoodies at operat0r’s site: http://rmccurdy.com/


The dos and dont’s of location [Srcasm]

Posted: 07 Nov 2008 01:42 PM CST

Cell Phone WatchWay back when, car phones were the new in thing.  Then came cell phones (they could actually fit into your pocket!).  After cell phones came smartphones.  The first gen versions of smartphones were bulky, slow and black and white — Gross.  Today we have iPhones, Blackberrys, Windows Mobile and Android phones (to name a few) that can do so much more than their older brothers and sisters from only a few years ago.

One of the biggest things to enter the cell phone market was GPS and aGPS.  Both of these services provide the ability for the phone, service and people to know exactly where they are in real time.  Scary, huh?

While location based technology can be freaky, it can also be a huge help to your everyday activities.  I leave GPS turned off and use cell tower-based location (where your phone can approximate where you are based on towers around you) to find restaurants and machanics.  But there is so much more than can be done with location.

Since I’ve been testing out the G1 from HTC, there is an amazing application called Locale that comes in the market for Android apps.  This program lets me change almost every setting on the phone based on where I am.  No location information is sent to any outside service so I have no fear of people tracking me.

It automatically turns on vibrate mode when I’m at work and turns the phone up louder when I’m out running (Hey, I run sometimes).  For power-saving, I have the phone set to leave wifi turned off unless I’m at a place that I know has it available like National Mechanics or IndyHall.  This means that I get faster web browsing without touching the configuration of the phone.

This is a location-based application that I believe that everyone could sink their teeth into.  It doesn’t share where I am, it doesn’t interrupt me while I’m in a meeting and it provides a service to me that I otherwise would have had to work for — Changing my own ring volume?  No way!

What do you think are some other great uses of location-based services or applications?  Restaurant reviews?  Movie listings?  Why would you use them in the first place?

Top and Bottom 5 G1 Apps [Srcasm]

Posted: 07 Nov 2008 12:22 PM CST

I’ve had the G1 now for a little over 1 week and I believe I’ve decided it will be my new phone.  I love so much about it and dislike only a few things.  One of the great pluses to having Android on the phone (instead of an iPhone) is that the OS is open source and applications can be made and distributed from anywhere (not just the market).

I’ve decided to give you a recap of the top 5 (the greatest) and bottom 5 (the not-so-great and/or strange apps) third-party apps that I’ve found for the G1.  This list does not include applications like Gmail, integrated Google Talk with contacts and Google Maps with the amazing compass view.

Top 5 - 

5. LocalSpinner - LocalSpinner allows you to press one button to grab your current location and then spin a wheel to find restaurants, clubs and other venues nearby.  The idea is that it’s like Wheel of Fortune — Wherever it lands is where you go.  Apparently I’m going to the bar at 11 am.

4. Klaxon - This application is a replacement app for the built in alarm on the G1.  In addition to allowing you to choose any song on the phone for the alarm sound, you can also turn the phone over to make the alarm snooze and shake it to turn the alarm off.  Kinda neat, right?

3. imeem - For those of us who love to listen to music, imeem streams almost any song (Pandora-style) to the G1.  This application auto adjusts the bitrate based on the connection you have.  Lower quality sound for lower quality connections (Edge or slow wifi).

2. iSkoot - I use Skype for work quite a bit.  iSkoot just came out with a new version of the app that works amazingly well.  You can chat, modify your buddy list and even make Skype calls (the call is placed over GSM with a middle-man number)!

1. Meebo - Meebo just released their new app today and it rocks!  I’ve never seen such a simple design in a smart phone chat application.  There are very few options (a few are missing that probably should be added) so there is no clutter and it just works.  Login with an AIM, Yahoo, MSN, Gtalk or Jabber account or just login with your Meebo account and begin chatting.

Bottom 5 - 

5. Strobe Light - Just as the application says, it makes a strobe light effect on the G1.  If you’re into those kinds of things (raves and seizures), you might really enjoy this app.  For everyone else, not so much.

4. Lolcat Builder - I love cats and LOLing as much as the next guy but this application is a bit ridiculous.  Take a picture with your camera, add some text (Rn’t i sooo funnies?) and then go ahead and spam it to all of your friends.

3. Krystle II - Okay seriously, cats are still cool but this is creepy.  This application shows virtual fur on the screen and when you ‘pet’ the screen, it purrs and vibrates to simulate a purring cat.  I can think of 10 different ways that this app can be abused and “by me” is not one of them.

2. Bubble - If I had a nickel for every time I needed an unplanned level (both normal and a 360 degree level), I’d be poor.  I can understand that this app might come in handy for some but honestly, buy a level — They even make them for your key chain and they’re a lot less than $179.

1. Mario Simulator - That’s right!  With this program you can jump up and down and hear both the jump sound and the sound that is made when Mario grabs a coin.  Cool, no?

Those are some of my top and bottom picks.  What are some that you’ve seen that I should add into my application reserve pool?  With a 16 GB card, I can add every app from the market and still not be anywhere near full!

The Academy is giving away money! [Room362.com]

Posted: 07 Nov 2008 09:47 AM CST

Ok, it’s not to you, but it is to a good cause. Here is their blurb:

Hackers for Charity helps non-malicious hackers gain valuable job experience by putting them to work on projects for charity. They also build computer classrooms to help children and adults break the cycle of poverty through empowerment training, and feed children with funds raised by sales of Johnny Long’s books.

This month, I thought that it would be fun to partner up with Hackers for Charity in order to raise money for the people of Uganda. The Academy has offered to donate $1 to Hackers for Charity for every user that registers for a free account at www.theacademy.ca for the entire month of November. If you’re a registered user already please forward this email or post it on a blog. Anything you can do to spread the word would be greatly appreciated. Let’s try to make a substantial donation to charity this month. Thanks everybody!

So head on over and sign up. It’s free and you can feel better about yourself. Plus you can help me in my goal to make The Academy’s Director broke.

Managed Resnet & NAC [CTO Chronicles]

Posted: 07 Nov 2008 08:58 AM CST

I've written about the link between NAC and MSP before, and the success of NAC in the higher education market is certainly no secret.  More and more of our higher ed customers have been talking lately about outsourcing their residential networks.  This seems to make sense on a number of levels, provided that the schools can work out a structure for the support as well as engineering and maintenance of the residential network.  Certainly, it makes sense to have NAC as an integral part of the managed resnet service, but it also has the potential to go much farther than that, including services like voice and on-demand video in addition to data.  Network Vigilance, a company based in San Diego, CA, provides managed NAC services today.  Another company based here in Austin, Apogee has managed residential services as their primary business function and seems to be making a go of it (except for the domain name, seriously..).

Despite the macro economic conditions (and perhaps because of them), I think this has real growth potential.  Having what amounts to a specialized MSP provided authenticated, well-governed network access to residential halls, freeing on-campus network staff to focus more on backbone services, and providing school administrators with a predictable cost structure that can be baked into the cost of the dorm room seems to make sense for everyone.  Just don't forget the "authenticated, well-governed" part.

IRS requires EV SSL for online filing in 2009 [Tim Callan's SSL Blog]

Posted: 07 Nov 2008 04:18 AM CST

The IRS has published draft 2 of a requirement that will require all e-file tax sites to use Extended Validation SSL Certificates starting January 1, 2009. States the guideline in part,

This requirement applies to Authorized IRS e-file Providers participating in Online Filing of individual income tax returns that collect taxpayer information via the Internet. These Providers shall possess a valid and current Extended Validation Secure Socket Layer (SSL) certificate using SSL 3.0 / TLS 1.0 or later, and minimum 1024-bit RSA / 128-bit AES.

This passage refers to the service that may be offered by sites whereby you can file your taxes directly online from your own computer. The e-file program offers free filing to individual taxpayers with household income under a certain threshhold ($54,000 in 2007) and for-fee filing to any individual. (It also offers filing services to businesses and the self-employed, but those groups are outside this requirement, at least for 2009.) You may recall that online tax scams, including phishing attacks, have run rampant during the past two tax seasons. I believe that's what motivates this decision by the IRS, which seeks to offer e-filing to the populace in a widespread and egalitarian way while minimizing the individual's risk of identity theft.

No comments: