Security musings (reflectorium)
Security musings (reflectorium)
Friday, March 26, 2004
(0) comments
(0) comments
In-depth analysis of the spread of Witty
There's a good analysis on the CAIDA site on the spread (speed, characteristics) of Witty - and why it was indeed a special beast.
http://www.caida.org/analysis/security/witty/
(0) comments
There's a good analysis on the CAIDA site on the spread (speed, characteristics) of Witty - and why it was indeed a special beast.
http://www.caida.org/analysis/security/witty/
Thursday, March 25, 2004
An illustrated penetration test
This one went very smoothly - .. anyway, it has nice screenshots and tells some story. http://www.webpronews.com/it/security/wpn-23-20040211HowIGotRootAPenetrationTestersDiary.html
(0) comments
This one went very smoothly - .. anyway, it has nice screenshots and tells some story. http://www.webpronews.com/it/security/wpn-23-20040211HowIGotRootAPenetrationTestersDiary.html
Tuesday, March 23, 2004
Witty thread
I actually started a Witty thread on Usenet on Saturday. One of the last responses is somewhat worrying:
http://www.mcse.ms/message495319.html
(0) comments
I actually started a Witty thread on Usenet on Saturday. One of the last responses is somewhat worrying:
http://www.mcse.ms/message495319.html
Sunday, March 21, 2004
(0) comments
Witty - "highly destructive"
http://www.ravantivirus.com/virus/showvirus.php?v=213
http://www.f-secure.com/weblog/
http://www.lurhq.com/witty.html
http://www.f-secure.com/v-descs/witty.shtml
Variations of witty appeared
http://isc.incidents.org/diary.html?date=2004-03-20
from there:
"The latest version of BlackIce, released this Wednesday, is the only version which is likely safe. It is identified by the letter 'g' at the end of its version. For example:
BlackIce 3.6 ccf and BlackIce 3.6 ecf are vulnerable
BlackIce 3.6 ccg and BlackIce 3.6 ecg are likely safe
Other ISS products may be vulnerable as well. Please refer to ISS for details (see end of this post for links). The Witty worm will only effect some of the vulnerable versions. 3.5 appears to be not vulnerable to the worm, even though the PAM module has the bug. Version 3.6 ccf is confirmed to be vulnerable."
(0) comments
http://www.ravantivirus.com/virus/showvirus.php?v=213
http://www.f-secure.com/weblog/
http://www.lurhq.com/witty.html
http://www.f-secure.com/v-descs/witty.shtml
Variations of witty appeared
http://isc.incidents.org/diary.html?date=2004-03-20
from there:
"The latest version of BlackIce, released this Wednesday, is the only version which is likely safe. It is identified by the letter 'g' at the end of its version. For example:
BlackIce 3.6 ccf and BlackIce 3.6 ecf are vulnerable
BlackIce 3.6 ccg and BlackIce 3.6 ecg are likely safe
Other ISS products may be vulnerable as well. Please refer to ISS for details (see end of this post for links). The Witty worm will only effect some of the vulnerable versions. 3.5 appears to be not vulnerable to the worm, even though the PAM module has the bug. Version 3.6 ccf is confirmed to be vulnerable."
Saturday, March 20, 2004
Symantec Alert on Witty got Updated!!
http://securityresponse.symantec.com/avcenter/venc/data/w32.witty.worm.html
(0) comments
http://securityresponse.symantec.com/avcenter/venc/data/w32.witty.worm.html
More on witty and dealing with it
ISS has patches and recommends at http://xforce.iss.net/xforce/alerts/id/166:
"While deploying the updates, it may be advisable to block some ICQ traffic in network environments where the ICQ protocol is not in use. This can be achieved by blocking UDP packets with a source port of 4000 at the network perimeter."
The original eeye advisory is at
http://www.eeye.com/html/Research/Advisories/AD20040318.html.
(0) comments
ISS has patches and recommends at http://xforce.iss.net/xforce/alerts/id/166:
"While deploying the updates, it may be advisable to block some ICQ traffic in network environments where the ICQ protocol is not in use. This can be achieved by blocking UDP packets with a source port of 4000 at the network perimeter."
The original eeye advisory is at
http://www.eeye.com/html/Research/Advisories/AD20040318.html.
Black Ice worm - (ISC upgrades Infocon to Yellow)
A small worm spreads via UDP packets to Black ICE software.
Seems to generate quite a bit of traffic. Details at
http://isc.sans.org/diary.html?date=2004-03-20
http://securityresponse.symantec.com/avcenter/venc/data/w32.witty.worm.html
symantec says it tries to write data to sectors on the physical drive
It is strange, because the AV vendors don't seem to have
it high up their list yet.
(0) comments
A small worm spreads via UDP packets to Black ICE software.
Seems to generate quite a bit of traffic. Details at
http://isc.sans.org/diary.html?date=2004-03-20
http://securityresponse.symantec.com/avcenter/venc/data/w32.witty.worm.html
symantec says it tries to write data to sectors on the physical drive
It is strange, because the AV vendors don't seem to have
it high up their list yet.
Friday, March 19, 2004
Phatbot - analysis, media
Analysis
http://www.lurhq.com/phatbot.html
http://isc.sans.org/diary.html?date=2004-03-19
Slashdot
http://slashdot.org/article.pl?sid=04/03/17/1942232
Media reports calming down
http://www.infoworld.com/article/04/03/18/HNphatbot_1.html
(0) comments
Analysis
http://www.lurhq.com/phatbot.html
http://isc.sans.org/diary.html?date=2004-03-19
Slashdot
http://slashdot.org/article.pl?sid=04/03/17/1942232
Media reports calming down
http://www.infoworld.com/article/04/03/18/HNphatbot_1.html
Thursday, March 18, 2004
Phatbot perceived a sizeable threat by US govt.
Why do my worst dreams need to come true?
http://www.detnews.com/2004/technology/0403/18/technology-95388.htm
(0) comments
Why do my worst dreams need to come true?
http://www.detnews.com/2004/technology/0403/18/technology-95388.htm
GAO publsishes security guide outlining today's security approaches and tools
The US Government Accounting Office published a solid guide on today's security approaches and solutions, called "INFORMATION SECURITY - Technologies to Secure Federal Systems". The guide can be found here: http://www.gao.gov/new.items/d04467.pdf
(0) comments
The US Government Accounting Office published a solid guide on today's security approaches and solutions, called "INFORMATION SECURITY - Technologies to Secure Federal Systems". The guide can be found here: http://www.gao.gov/new.items/d04467.pdf
Wednesday, March 17, 2004
Google as a recon-/hacking tool
Securityfocus carries a very nice article on "Googling up Passwords"
One good reference mentioned there: Google's Advanced Search Operators
And the applied grey-hat shortcuts: Googledorks!
(0) comments
Securityfocus carries a very nice article on "Googling up Passwords"
One good reference mentioned there: Google's Advanced Search Operators
And the applied grey-hat shortcuts: Googledorks!
Tuesday, March 16, 2004
Open Web Application Security Project
http://www.owasp.org/ .. they know what they are doing, papers, free tools and they are respected
(0) comments
http://www.owasp.org/ .. they know what they are doing, papers, free tools and they are respected
Friday, March 12, 2004
Schnüffeling Liebesbriefe kiddie-fake-style explained
Humour, german - network sniffing through the eyes of a (make-belief) 4th grader
http://fun.sdinet.de/pics/german/schnueffeln/index.html
(0) comments
Humour, german - network sniffing through the eyes of a (make-belief) 4th grader
http://fun.sdinet.de/pics/german/schnueffeln/index.html
Risk management in IT projects
In a meeting of our local ISACA chapter, Markus Gaulke presented a very good talk on risk management in IT projects. As it was an ISACA event, the focus was on "how can you tell early on that a project is going to blow up?" - You can find more on this (in German) on his website: http://www.risikomanagement-in-it-projekten.de/
(I also got a black, expensive looking, ISACA baseball cap.. [maybe sun glasses next time?])
(0) comments
In a meeting of our local ISACA chapter, Markus Gaulke presented a very good talk on risk management in IT projects. As it was an ISACA event, the focus was on "how can you tell early on that a project is going to blow up?" - You can find more on this (in German) on his website: http://www.risikomanagement-in-it-projekten.de/
(I also got a black, expensive looking, ISACA baseball cap.. [maybe sun glasses next time?])
Thursday, March 11, 2004
Trustworthy Refinement Through Intrusion aware Design (TRIAD)
might also be of interest
http://www.cert.org/archive/pdf/03tr002.pdf
(0) comments
might also be of interest
http://www.cert.org/archive/pdf/03tr002.pdf
A Survey of Techniques for Security Architecture Analysis
This looks like a very worthwhile document.
http://www.dsto.defence.gov.au/corporate/reports/DSTO-TR-1438.pdf
(0) comments
This looks like a very worthwhile document.
http://www.dsto.defence.gov.au/corporate/reports/DSTO-TR-1438.pdf
Tuesday, March 09, 2004
Security Remediation in Practice
Here's a nice write-up by Albert Caruana (Malta) on what can happen if IT security arrives on the scenes (read: is introduced) in the real world.. sometimes. One of the passages I like best reads:
"This non-ideal cycle can be depicted as the following sequence of attitudes:
• The wildebeest theory
• The trigger incident
• The first security audit
• Knee jerk reaction
• Reactive mode
• Sobering down
• Slowing down
• Picking up again
• Prophylactic mode"
It's a really good read.
(0) comments
Here's a nice write-up by Albert Caruana (Malta) on what can happen if IT security arrives on the scenes (read: is introduced) in the real world.. sometimes. One of the passages I like best reads:
"This non-ideal cycle can be depicted as the following sequence of attitudes:
• The wildebeest theory
• The trigger incident
• The first security audit
• Knee jerk reaction
• Reactive mode
• Sobering down
• Slowing down
• Picking up again
• Prophylactic mode"
It's a really good read.
Friday, March 05, 2004
Good article peeks into script kiddie scene
cool bits include that RPC.DCOM exploit came out in May 03 (not Sept 03)
http://software.newsforge.com/software/04/02/28/0130209.shtml
(0) comments
cool bits include that RPC.DCOM exploit came out in May 03 (not Sept 03)
http://software.newsforge.com/software/04/02/28/0130209.shtml
Me enjoying a "Mate-Club", Alt-Landsberg near Berlin, summer 2003.
RSS Feed now atom.xml!
My public bloglines universe
Essential Security Web-Sites
Internet Head Up Display,
Internet Storm Center incl. Handler's Diary
NewsNow.co.uk on Virii and Security -
Messagelabs stats,
Trendmicro,
Symantec,
CAI,
McAffee,
F-Secure
-- securityfocus,
packetstorm
Recently added Detections from CAI
Standalone Virus Cleaner
Trendmicro Sysclean and Signature, Symantec Removal tools, Stinger from McAfee, F-Secure removal tools, Bitdefender free removal tools
ARCHIVES
11/01/2003 - 12/01/2003/ 12/01/2003 - 01/01/2004
/ 01/01/2004 - 02/01/2004
/ 02/01/2004 - 03/01/2004
/ 03/01/2004 - 04/01/2004
/ 04/01/2004 - 05/01/2004
/ 05/01/2004 - 06/01/2004
/ 06/01/2004 - 07/01/2004
/ 07/01/2004 - 08/01/2004
/ 08/01/2004 - 09/01/2004
/ 09/01/2004 - 10/01/2004
/ 10/01/2004 - 11/01/2004
/ 01/01/2005 - 02/01/2005
/ 02/01/2005 - 03/01/2005
/ 03/01/2005 - 04/01/2005
/ 04/01/2005 - 05/01/2005
/ 05/01/2005 - 06/01/2005
/ 06/01/2005 - 07/01/2005
/ 07/01/2005 - 08/01/2005
/ 01/01/2006 - 02/01/2006
/ 02/01/2006 - 03/01/2006
/ 03/01/2006 - 04/01/2006
/ 06/01/2006 - 07/01/2006
/ 08/01/2006 - 09/01/2006
/ 09/01/2006 - 10/01/2006
/ 12/01/2006 - 01/01/2007
/ 03/01/2007 - 04/01/2007
/ 05/01/2007 - 06/01/2007
/ 07/01/2007 - 08/01/2007
/ 08/01/2007 - 09/01/2007
/ 10/01/2007 - 11/01/2007
/ 11/01/2007 - 12/01/2007
/ 12/01/2007 - 01/01/2008
/ 02/01/2008 - 03/01/2008
/ 09/01/2008 - 10/01/2008
/ 10/01/2008 - 11/01/2008
/ 03/01/2009 - 04/01/2009
/ 09/01/2009 - 10/01/2009
/ 11/01/2009 - 12/01/2009
/ 01/01/2010 - 02/01/2010
/ 02/01/2010 - 03/01/2010
/ 06/01/2010 - 07/01/2010
/
related blogs: general and family research