Security musings (reflectorium)
Security musings (reflectorium)
Friday, December 19, 2003
  Overreliance on Powerpoint leads to simplistic thinking
This article points out that the simplicification made in Powerpoint slides tends to break up conclusive arguments and to omit important accompanying information. NASA hinted that this might have been one of the causes behind the Columbia disaster. - I think that this should not be blamed to the software, but the overall culture of how we do presentations today. (too many bullet points and wiggly graphics, too little reasoning and actual communication)  
(0) comments
Thursday, December 18, 2003
  Another reason you don't want Edonkey/Overnet on your network
Bugtraq has a very interesting thread on "Edonkey/Overnet Plugins capable of Virus/Worm behavior". As Julian Ashton put it: " I am writing the FastTrack plugin for Edonkey/Overnet and during this process have realized that this is by far the worst and most insecure plugin architechture I have ever seen in my life." - His list of access given to bad plugins includes: local code execution, unlimited disk access and "basically anything you can imagine in the world that can be done to a windows os machine." - Bear in mind that lots of users run edonkey/overnet.
This has the potential to create huge zombie networks e.g. for Distributed-Denial-Of-Service attacks. Because of the decentralised nature of the peer-to-peer networks, it would be easy for an attacker to control it (and potentially introduce changes to the code). I have the strange feeling that 2004 will be the year of the p2p malware.
It's a really interesting thread and should definitely discourage you...
(0) comments
  Free BS7799.2:2002 checklist at SANS
SANS has a free checklist / questionnaire for BS7799 (ISO17799) implementation for download. - This should be very interesting to all the newcomers to the field of security management, that haven't got a hold of the standards, yet. (BS7799 part 2 is pretty much a checklist.) Also for all CISSPs-in-training...  
(0) comments
Wednesday, December 17, 2003
  New version of Beast
Rumour has it that a new version of the Beast trojan is around on the Net. There's a good article on it here. - Good background on dll injection, too.  
(0) comments
  Microsoft RPC attack vectors
Core Security Technologies has a nice write-up here
(0) comments
  Trojans doing peer-to-peer communication
The Internet Storm Center's handler diary today points out an increase in 53/udp traffic. This appears to be tied to W32/Calypso (aka: Backdoor.Sinit). This trojan appears to build a peer-to-peer network by communicating via 53/udp to random hosts.
More details can be found at LURHQ and at this site by George Bakos.  
(0) comments
  CD-based Linux distros - LNX-BBC, eloop, others
I tried quite a few Linux distributions that can be run directly off the CD. I found LNX-BBC Linux an excellent solution for running sshd on laptops and doing *serious* stuff. F.I.R.E. is another interesting one. There's now a lot of development happening based on the Knoppix distribution.
I plan to give eloop a try soon. Eloop is creates a serpent encrypted filesystem on a windows partition and helps you to encrypt personal files. At least, I want to be able to recognize a eloop-ed system, when I see one.
Serpent was an AES-candidate developed by Ross Anderson et al. 
(0) comments
  SSH, SCP in a Java Applet
During the weekend, John hinted to me that there's a Java applet that gives you ssh and scp. After some searching, I think that he might have meant this one. Very nice, handy and GPL'ed. 
(0) comments
Tuesday, December 16, 2003
  Company-internal communications made public - make Diebold look not so good
This is almost a case study, on how bad things can go if internal company mails are made public. Or very public as in this case. (Securityfocus Article with link to the original archive)
(0) comments
  Bluetooth insecurity (SNARF and BACKDOOR) has some friendly advice on bluetooth security and on a related note this article on heise (in German) discusses a universal password in d-link's bluetooth access point. 
(0) comments
Friday, December 12, 2003
  Famous failures of physical perimeter protection - WSIS 2003
A group of privacy researchers managed to get past physical security at the WSIS (Word Summit on the Information Society) in Geneva on Dec 10th, 2003. They found RFIDs... (Here's their site.)  
(0) comments
  Famous failures of physical perimeter protection - Menwith Hill
On July 3rd, 2001, Greenpeace activists stormed Menwith Hill in the UK (a quite famous sigint site). When I first read this, I was amazed how this could have happened. On second thought.. (Here's the article.) 
(0) comments
Wednesday, December 10, 2003
  Federal Agency Security Practices (FASP)
This is an interesting site, with best practices, security awareness briefings and checklists for setting up systems.
There's a very interesting section on this page, that has material by Marianne Swanson et al on security metrics. She's the co-author of "SP 800-55 Security Metrics Guide for Information Technology Systems", which among other documents can be retrieved at - I found here materials very thought-provoking, please have a look. 
(0) comments
  Computer security report card issued by the US House Government Reform Subcommittee on Technology
While US government agencies overall received a "D" grade for computer security, Department of Homeland Security received an "F". (Media coverage, "the source")

(0) comments
Tuesday, December 09, 2003
  German Mcert launched
A German public-private initiative has launched mcert, a German CERT for medium-sized companies. They have a price list up, and the future will show how effective they will be.
Also, the German government launched an informational site to help these companies to use the Internet more securely.  
(0) comments
  U.S. Federal Trade Commission (FTC) probes into e-business security
An article at covers recent US FTC probes into the security of US e-businesses, e.g. how secure customer data is kept. Several large companies are mentioned. The FTC uses its "anti-consumer fraud mandate" in these cases. Special focus seems to be on SQL injection attacks. This is interesting as it should make US companies take a more active stance towards periodic vulnerability scans of internet-facing systems. (Good security management argument).
(0) comments
Monday, December 08, 2003
  Security management papers at ZDNet
ZDNet has a couple of vendor-written security management whitepapers. Of course, the trick is - how do the vendors know?  
(0) comments
  Distributed trojans or self-replicating peer-to-peer networks
There's an interesting article at ArsTechnica that looks into a new motivation behind trojans: creating peer-to-peer networks. 
(0) comments
  Internet Engineering Task Force
I'm a participant of the Internet Engineering Task Force (IETF), more precisely the Extended Incident Handling "inch" working group. (Something that has been lingering in my mind for quite a while.) The charters of the security area working groups can be found here. This is a very wortwhile effort, so please consider supporting it. 
(0) comments
Thursday, December 04, 2003
  Google knows me now .. =) 
(0) comments
  A good place to drown in information? is at first glance overwhelming, but has some really nice corners, e.g. on Standards and Regulations , ... An other nice place to find more of these is
- And finally ISM Ant's Security Matters gives a nice view on what "governance", "policies", "standards" and "guidelines" might be. (incl. seasoned links) 
(0) comments
Wednesday, December 03, 2003
  CI Security
They have benchmarks, tools and they do share
(0) comments
Tuesday, December 02, 2003
  SQL Server Security
from SQL Server security tips, part 2, How SQL Server is hacked, Top 10 SQL Server security blunders, part I, Top 10 SQL Server security blunders, part II

(0) comments
  Selected Securityfocus Articles
A really nice article on securityfocus on the value of security blogs, RRS aggregators and how you can put it to work to more efficiently. There's also a part two, which goes into RRS details (and why it's a good thing). [Wished I had one.]

Also, in another excellent securityfocus article, Mark Rasch, looks at the Wells Fargo case with a special emphasis on californian law SB 1386: "In July of this year, a new law took effect in California, SB 1386, that requires all companies that do business in the state to "promptly" notify any individuals whose personally identifiable information was potentially compromised by a cyber attack...." 
(0) comments
  More Security Ressources
Gideon Rasmussen is keeping a list of security management-oriented security ressources. I like the random security awareness tips.
(0) comments

Me enjoying a "Mate-Club", Alt-Landsberg near Berlin, summer 2003.

RSS Feed now atom.xml!
My public bloglines universe

Essential Security Web-Sites
Internet Head Up Display, Internet Storm Center incl. Handler's Diary on Virii and Security - Messagelabs stats, Trendmicro, Symantec, CAI, McAffee, F-Secure -- securityfocus, packetstorm

Recently added Detections from CAI
Standalone Virus Cleaner
Trendmicro Sysclean and Signature, Symantec Removal tools, Stinger from McAfee, F-Secure removal tools, Bitdefender free removal tools
The Internet Traffic Report monitors the flow of data around the world. It then displays a value between zero and 100. Higher values indicate faster and more reliable connections.
11/01/2003 - 12/01/2003
/ 12/01/2003 - 01/01/2004
/ 01/01/2004 - 02/01/2004
/ 02/01/2004 - 03/01/2004
/ 03/01/2004 - 04/01/2004
/ 04/01/2004 - 05/01/2004
/ 05/01/2004 - 06/01/2004
/ 06/01/2004 - 07/01/2004
/ 07/01/2004 - 08/01/2004
/ 08/01/2004 - 09/01/2004
/ 09/01/2004 - 10/01/2004
/ 10/01/2004 - 11/01/2004
/ 01/01/2005 - 02/01/2005
/ 02/01/2005 - 03/01/2005
/ 03/01/2005 - 04/01/2005
/ 04/01/2005 - 05/01/2005
/ 05/01/2005 - 06/01/2005
/ 06/01/2005 - 07/01/2005
/ 07/01/2005 - 08/01/2005
/ 01/01/2006 - 02/01/2006
/ 02/01/2006 - 03/01/2006
/ 03/01/2006 - 04/01/2006
/ 06/01/2006 - 07/01/2006
/ 08/01/2006 - 09/01/2006
/ 09/01/2006 - 10/01/2006
/ 12/01/2006 - 01/01/2007
/ 03/01/2007 - 04/01/2007
/ 05/01/2007 - 06/01/2007
/ 07/01/2007 - 08/01/2007
/ 08/01/2007 - 09/01/2007
/ 10/01/2007 - 11/01/2007
/ 11/01/2007 - 12/01/2007
/ 12/01/2007 - 01/01/2008
/ 02/01/2008 - 03/01/2008
/ 09/01/2008 - 10/01/2008
/ 10/01/2008 - 11/01/2008
/ 03/01/2009 - 04/01/2009
/ 09/01/2009 - 10/01/2009
/ 11/01/2009 - 12/01/2009
/ 01/01/2010 - 02/01/2010
/ 02/01/2010 - 03/01/2010
/ 06/01/2010 - 07/01/2010

Powered by Blogger

related blogs: general and family research