Security musings (reflectorium)
Security musings (reflectorium)
Tuesday, June 29, 2004
Instant Messaging in the Enterprise introduces risks..
This seems to be a hot topic lately. - With predictions of a possible instant messaging worm. A nice write-up "Top 5 IM security risks" can be found here:
http://www.nwfusion.com/research/2004/0628imfeat5.html
(0) comments
This seems to be a hot topic lately. - With predictions of a possible instant messaging worm. A nice write-up "Top 5 IM security risks" can be found here:
http://www.nwfusion.com/research/2004/0628imfeat5.html
http://www.VMyths.com and the 100% virus detection guarantee
A site "about computer virus myths, hoaxes, urban legends, hysteria, and the implications if you believe in them. You can also search a list of computer virus hoaxes & virus hysteria from A to Z".
On the other hand, I think that this particular article "An open letter to the CISO of the American Red Cross" that they carry right now, is grossly unfair to Ron Baklarz and incredibly naive in the way it buys into sales pitches. So two antivirus scanning operations claim that they have a "money back guarantee" if a mail virus slips through .. I mean .. really.. irony on/off ??
There shouldn't be a 100% virus detection guarantee ever..
We should have learnt that much by now.
(0) comments
A site "about computer virus myths, hoaxes, urban legends, hysteria, and the implications if you believe in them. You can also search a list of computer virus hoaxes & virus hysteria from A to Z".
On the other hand, I think that this particular article "An open letter to the CISO of the American Red Cross" that they carry right now, is grossly unfair to Ron Baklarz and incredibly naive in the way it buys into sales pitches. So two antivirus scanning operations claim that they have a "money back guarantee" if a mail virus slips through .. I mean .. really.. irony on/off ??
There shouldn't be a 100% virus detection guarantee ever..
We should have learnt that much by now.
Monday, June 28, 2004
Max Mosers Auditor CD-Rom update
Max Moser has released a new version of the Auditor security collection (auditor-220604-01B). It is available now
at http://www.moser-informatik.ch/?page=products&lang=eng
(0) comments
Max Moser has released a new version of the Auditor security collection (auditor-220604-01B). It is available now
at http://www.moser-informatik.ch/?page=products&lang=eng
Friday, June 25, 2004
Virus Total Web Site
very cool site.. "Virustotal offers a free service of suspicious file scanning, using several antivirus engines."
http://www.virustotal.com/flash/index_en.html
(0) comments
very cool site.. "Virustotal offers a free service of suspicious file scanning, using several antivirus engines."
http://www.virustotal.com/flash/index_en.html
Wednesday, June 23, 2004
(0) comments
(0) comments
Tuesday, June 22, 2004
Fold your own 2-CD case from a sheet of paper
Jorma Oksanen has instructions on how to fold a 2-CD case out of a sheet of paper. (Without glue): http://www.sci.fi/~tenu/diag/2CD.gif
Found this at Tim Pritlove's Lunatic Fringe.
(0) comments
Jorma Oksanen has instructions on how to fold a 2-CD case out of a sheet of paper. (Without glue): http://www.sci.fi/~tenu/diag/2CD.gif
Found this at Tim Pritlove's Lunatic Fringe.
Foremost - free forensic tool by the United States Air Force Office of Special Investigations
The US Air Force Office of Special Investigations offers a free forensic toolkit.
"Foremost is a console program to recover files based on their headers and footers."
You can get it at http://foremost.sourceforge.net/ .
In addition, there's also a NetworkWorldFusion article to go with it.
(0) comments
(0) comments
The US Air Force Office of Special Investigations offers a free forensic toolkit.
"Foremost is a console program to recover files based on their headers and footers."
You can get it at http://foremost.sourceforge.net/ .
In addition, there's also a NetworkWorldFusion article to go with it.
Script injection via DHCP
Now this is fun. - It seems that with one SOHO wireless router (AirPlus DI-614+) you can make the administrator run malicious scripts when he looks at the the web-based management console.
In a nutshell:
+ you send a maliciously hand-crafted DHCP packet
+ which the router takes and verbatimly embeds in the DHCP administrative and logs web pages it offers to the admin
Details are at
http://www.securityfocus.com/archive/1/366615
(0) comments
Now this is fun. - It seems that with one SOHO wireless router (AirPlus DI-614+) you can make the administrator run malicious scripts when he looks at the the web-based management console.
In a nutshell:
+ you send a maliciously hand-crafted DHCP packet
+ which the router takes and verbatimly embeds in the DHCP administrative and logs web pages it offers to the admin
Details are at
http://www.securityfocus.com/archive/1/366615
Monday, June 21, 2004
Security Managers Could Face Court Penalties
Just to showcase how dangerous the security manager job can be - another article, this one titled "Security Managers Could Face Court Penalties" - scary stuff, takes real men, 'nuff said.. ;-)
(0) comments
Just to showcase how dangerous the security manager job can be - another article, this one titled "Security Managers Could Face Court Penalties" - scary stuff, takes real men, 'nuff said.. ;-)
One company's SASSER thriller story
A nice thriller-like story on how some fictitious company experienced SASSER. If someone thinks your job is dull, this is probably what you want to let them read..
(0) comments
A nice thriller-like story on how some fictitious company experienced SASSER. If someone thinks your job is dull, this is probably what you want to let them read..
Saturday, June 19, 2004
The home of the penguin sleuth cd-rom
Using a live-cd for forensics. (e.g. like knoppix std, fire, ..)
http://www.linux-forensics.com/
(0) comments
Using a live-cd for forensics. (e.g. like knoppix std, fire, ..)
http://www.linux-forensics.com/
Internet Security Alliance and its best practice guides
The Internet Security Alliance has published some best practice guides and is working on some more. (see http://www.isalliance.org/ ).
CCCure has the story that DHS tells Congress it Endorses the ISA Best Practices Guide,
(0) comments
The Internet Security Alliance has published some best practice guides and is working on some more. (see http://www.isalliance.org/ ).
CCCure has the story that DHS tells Congress it Endorses the ISA Best Practices Guide,
The SASSER author - responsibility and age
Axel has some worthwhile thoughts on responsibility and age - and the what future might held for the SASSER author over at his blog.
(0) comments
Axel has some worthwhile thoughts on responsibility and age - and the what future might held for the SASSER author over at his blog.
Friday, June 18, 2004
IT-Security and outsourcing in the financial services industry
This my marketing plug. =)
Here's a German review of IT-Sicherheitsmanagement in Banken.
(A book on security management in banks, that I contributed to last year).
(0) comments
This my marketing plug. =)
Here's a German review of IT-Sicherheitsmanagement in Banken.
(A book on security management in banks, that I contributed to last year).
Thursday, June 17, 2004
HOACD 1.0 (bootable OpenBSD + honeyd CD)
The Brazilian Distributed Honeypots Project brings us: HOACD = Honeyd+OpenBSD+Arpd in a CD.
"It is the implementation of a low-interaction honeypot that runs directly from a CD and
stores its logs and configuration files on a hard disk."
"The CD is bootable and uses the OpenBSD operating system, the low-interaction honeypot daemon honeyd and the user-space arp daemon."
The CD image is available at:
http://www.honeynet.org.br/tools/
(0) comments
The Brazilian Distributed Honeypots Project brings us: HOACD = Honeyd+OpenBSD+Arpd in a CD.
"It is the implementation of a low-interaction honeypot that runs directly from a CD and
stores its logs and configuration files on a hard disk."
"The CD is bootable and uses the OpenBSD operating system, the low-interaction honeypot daemon honeyd and the user-space arp daemon."
The CD image is available at:
http://www.honeynet.org.br/tools/
Sunday, June 13, 2004
Blog aggregation sites and "The blog-only news diet"
Poynteronline carries a story on, Steve Rubel, a guy that tried to live on a blog-only news diet. Steve also covers this in his own blog micropersuasion. - In the article Steve points out several blog aggregation sites that helped him during his "diet":
(0) comments
Poynteronline carries a story on, Steve Rubel, a guy that tried to live on a blog-only news diet. Steve also covers this in his own blog micropersuasion. - In the article Steve points out several blog aggregation sites that helped him during his "diet":
- blogdex has the "most contagious information currently spreading in the weblog community."
- Popdex gives you the "most popular links on the Internet".
- Memeorandum
- Daypop, "a current events/weblog/news search engine" - Daypop overs customized RRS feeds with the search results - e.g. on "security"
Saturday, June 12, 2004
2004 New CSI/FBI Computer Crime and Security Survey is out
The New CSI/FBI Computer Crime and Security Survey is out. Dana Epp has a nice summary and links in his most excellent blog. One quote from his summary "Most organizations conduct some form of economic evaluation of their security expenditures, with 55 percent using Return on Investment (ROI), 28 percent using Internal Rate of Return (IRR), and 25 percent using Net Present Value (NPV)." (Hello Axel!) - Somehow I sense an upcoming thread on this on cissp-forum..
[Comment: I had to re-edit this, after realising that Dana Epp is a guy.. a big one apparently.. -> page with his picture? Note to self: x-files, Agent Mulder, Dana Scully - look for subtext ("truth is out there?"). ]
(0) comments
The New CSI/FBI Computer Crime and Security Survey is out. Dana Epp has a nice summary and links in his most excellent blog. One quote from his summary "Most organizations conduct some form of economic evaluation of their security expenditures, with 55 percent using Return on Investment (ROI), 28 percent using Internal Rate of Return (IRR), and 25 percent using Net Present Value (NPV)." (Hello Axel!) - Somehow I sense an upcoming thread on this on cissp-forum..
[Comment: I had to re-edit this, after realising that Dana Epp is a guy.. a big one apparently.. -> page with his picture? Note to self: x-files, Agent Mulder, Dana Scully - look for subtext ("truth is out there?"). ]
Thursday, June 10, 2004
Security quiz at ISS
ISS is offering some security tests (multiple-choice questions, anonymous, free)
http://xforce.iss.net/xforce/security_games/
enjoy..
(0) comments
ISS is offering some security tests (multiple-choice questions, anonymous, free)
http://xforce.iss.net/xforce/security_games/
enjoy..
Everyone at SUN can blog..
blogs.sun.com is an official site set up by SUN, so all their employees can blog. - This Infoworld article discusses some of the aspects of it. All in all, I think this is a very interesting move. Now, I don't know what SUN would do if any internal information would leak that way.
By the way, on blogs.sun.com, there's also this blog entry about getting hit with a Denial-of-Service attack just prior to an official announcement.
(0) comments
blogs.sun.com is an official site set up by SUN, so all their employees can blog. - This Infoworld article discusses some of the aspects of it. All in all, I think this is a very interesting move. Now, I don't know what SUN would do if any internal information would leak that way.
By the way, on blogs.sun.com, there's also this blog entry about getting hit with a Denial-of-Service attack just prior to an official announcement.
Hacker Intel is shutting down for good..
from the site below "I'll leave Hacker Intel online for a few more days. Eventually I'll take it down so if you want any of the 900 plus stories in the archives grab them now."
http://www.hackerintel.com/article.php?story=20040610090659213
It's sad that the site closes.
(0) comments
from the site below "I'll leave Hacker Intel online for a few more days. Eventually I'll take it down so if you want any of the 900 plus stories in the archives grab them now."
http://www.hackerintel.com/article.php?story=20040610090659213
It's sad that the site closes.
Terror Threat Levels
The USA have this interesting concept of color-coding "threat levels" - which seems a bit bizarre to me, to be honest, outside a military setting.
Here's the US Homeland security system explained by the DHS. There's also a nice site called Ready.GOV that has some "guidance". - This site has been parodied here.
Whackyneighbor puts its level at
For geekandproud, it's at
.. some good source of information is here.
(0) comments
The USA have this interesting concept of color-coding "threat levels" - which seems a bit bizarre to me, to be honest, outside a military setting.
Here's the US Homeland security system explained by the DHS. There's also a nice site called Ready.GOV that has some "guidance". - This site has been parodied here.
Whackyneighbor puts its level at
For geekandproud, it's at
.. some good source of information is here.
Application worms
Just to emphasise my point made earlier that quite a few people are thinking about future worms: Here's an article on "Application Worms" - which, while they do sound like automated hacking agents, don't look like terrible effective "worms" to me. It has some good points though, and of course Google is a means for finding systems vulnerable to some attacks..
http://www.imperva.com/docs/Application_Worms.pdf
(0) comments
Just to emphasise my point made earlier that quite a few people are thinking about future worms: Here's an article on "Application Worms" - which, while they do sound like automated hacking agents, don't look like terrible effective "worms" to me. It has some good points though, and of course Google is a means for finding systems vulnerable to some attacks..
http://www.imperva.com/docs/Application_Worms.pdf
a net law blog
I just came across a Net Law Blog at
http://www.netlawblog.com/categories/netSecurityForLawyers/.
They do carry an interesting story about some banks banning 3rd party (webmail) access for their employees. The idea of which was somewhat hotly debated on a few forums.
http://www.netlawblog.com/categories/netSecurityForLawyers/2003/08/09.html#a455
(0) comments
I just came across a Net Law Blog at
http://www.netlawblog.com/categories/netSecurityForLawyers/.
They do carry an interesting story about some banks banning 3rd party (webmail) access for their employees. The idea of which was somewhat hotly debated on a few forums.
http://www.netlawblog.com/categories/netSecurityForLawyers/2003/08/09.html#a455
"A worst case worm" paper by Nicholas Weaver and Vern Paxson (and Stuart Staniford)
This entry is for Axel (Balrog) Eble, who hasn't seen that one on the f-secure blog before . - No really, I wanted to blog this, but then I somehow forgot.
Nicholas Weaver et al. published a paper on a worst-case worm that could cause $50 billion or more in damage by attacking Microsoft Windows systems and carrying a destructive payload.
http://www.dtc.umn.edu/weis2004/weaver.pdf
Apparently, quite a few people are developing worst worm scenarios now (incl. Axel, Marcus and me..) Bruce Schneier just commented on WITTY and the "firsts" that came with it elsewhere. (Basically, he is commenting on that other Weaver paper blogged below.)
(0) comments
This entry is for Axel (Balrog) Eble, who hasn't seen that one on the f-secure blog before . - No really, I wanted to blog this, but then I somehow forgot.
Nicholas Weaver et al. published a paper on a worst-case worm that could cause $50 billion or more in damage by attacking Microsoft Windows systems and carrying a destructive payload.
http://www.dtc.umn.edu/weis2004/weaver.pdf
Apparently, quite a few people are developing worst worm scenarios now (incl. Axel, Marcus and me..) Bruce Schneier just commented on WITTY and the "firsts" that came with it elsewhere. (Basically, he is commenting on that other Weaver paper blogged below.)
Wednesday, June 09, 2004
Metasploit
One of the things we discussed in the last CISSP-FFM meeting.
A new version of the framework has just been released by HD Moore et al.:
http://metasploit.org/projects/Framework/
(0) comments
One of the things we discussed in the last CISSP-FFM meeting.
A new version of the framework has just been released by HD Moore et al.:
http://metasploit.org/projects/Framework/
Tuesday, June 08, 2004
(0) comments
Wireless Auditing LiveCD
Max Mosers Auditor CD includes a lot of useful tools
http://www.moser-informatik.ch
(0) comments
Max Mosers Auditor CD includes a lot of useful tools
http://www.moser-informatik.ch
Sanctum Paper on HTTP response splitting, web cache poisoning attacks, and related topics
Sanctum published paper on "Divide and Conquer - HTTP response splitting, web cache poisoning attacks, and related topics" in March 2004. I read it last nights. It's an excellent read, very technical, with some sample code. It discusses the behaviour of common platforms, incl. IE 6.0 SP1, Squid 2.4, Apache/2.0, Netcache/5.2 and WebLogic 8.1 SP1. - It reads almost like a scientific paper, with a lot of helpful practical information. I think it really helps to understand some of the often-over-looked risks in web services security.
- After reading the paper, cache poisoning is no longer a remote possibility. (I know we've seen report on it being used for years, but this paper adds a new twist.)
(0) comments
Sanctum published paper on "Divide and Conquer - HTTP response splitting, web cache poisoning attacks, and related topics" in March 2004. I read it last nights. It's an excellent read, very technical, with some sample code. It discusses the behaviour of common platforms, incl. IE 6.0 SP1, Squid 2.4, Apache/2.0, Netcache/5.2 and WebLogic 8.1 SP1. - It reads almost like a scientific paper, with a lot of helpful practical information. I think it really helps to understand some of the often-over-looked risks in web services security.
- After reading the paper, cache poisoning is no longer a remote possibility. (I know we've seen report on it being used for years, but this paper adds a new twist.)
Monday, June 07, 2004
(0) comments
Friday, June 04, 2004
Scripting with the Microsoft Baseline Security Analyser 1.2
http://www.microsoft.com/technet/security/tools/mbsascript.mspx
and of course the FAQ of the beast at
http://www.microsoft.com/technet/security/tools/mbsawp.mspx
- which is, mind you, not a real beast.
(0) comments
http://www.microsoft.com/technet/security/tools/mbsascript.mspx
and of course the FAQ of the beast at
http://www.microsoft.com/technet/security/tools/mbsawp.mspx
- which is, mind you, not a real beast.
Thursday, June 03, 2004
IDC 3rd Security Conference (Germany, Switzerland)
Looks like it could be a fun event, curious about the actual agenda.
http://www.idc.de/sec04/sgeneral.php
(0) comments
Looks like it could be a fun event, curious about the actual agenda.
http://www.idc.de/sec04/sgeneral.php
Wednesday, June 02, 2004
Understanding Threat Modelling
Good coverage at Dana Epp's most excellent blog:
http://silverstr.ufies.org/blog/archives/000611.html
also for the Microsoft Threat Modelling tool:
http://silverstr.ufies.org/blog/archives/000609.html
(0) comments
Good coverage at Dana Epp's most excellent blog:
http://silverstr.ufies.org/blog/archives/000611.html
also for the Microsoft Threat Modelling tool:
http://silverstr.ufies.org/blog/archives/000609.html
Me enjoying a "Mate-Club", Alt-Landsberg near Berlin, summer 2003.
RSS Feed now atom.xml!
Essential Security Web-Sites
Internet Head Up Display,
Internet Storm Center incl. Handler's Diary
NewsNow.co.uk on Virii and Security -
Messagelabs stats,
Trendmicro,
Symantec,
CAI,
McAffee,
F-Secure
-- securityfocus,
packetstorm
Recently added Detections from CAI
Standalone Virus Cleaner
Trendmicro Sysclean and Signature, Symantec Removal tools, Stinger from McAfee, F-Secure removal tools, Bitdefender free removal tools
ARCHIVES
11/01/2003 - 12/01/2003/ 12/01/2003 - 01/01/2004
/ 01/01/2004 - 02/01/2004
/ 02/01/2004 - 03/01/2004
/ 03/01/2004 - 04/01/2004
/ 04/01/2004 - 05/01/2004
/ 05/01/2004 - 06/01/2004
/ 06/01/2004 - 07/01/2004
/ 07/01/2004 - 08/01/2004
/ 08/01/2004 - 09/01/2004
/ 09/01/2004 - 10/01/2004
/ 10/01/2004 - 11/01/2004
/ 01/01/2005 - 02/01/2005
/ 02/01/2005 - 03/01/2005
/ 03/01/2005 - 04/01/2005
/ 04/01/2005 - 05/01/2005
/ 05/01/2005 - 06/01/2005
/ 06/01/2005 - 07/01/2005
/ 07/01/2005 - 08/01/2005
/ 01/01/2006 - 02/01/2006
/ 02/01/2006 - 03/01/2006
/ 03/01/2006 - 04/01/2006
/ 06/01/2006 - 07/01/2006
/ 08/01/2006 - 09/01/2006
/ 09/01/2006 - 10/01/2006
/ 12/01/2006 - 01/01/2007
/ 03/01/2007 - 04/01/2007
/ 05/01/2007 - 06/01/2007
/ 07/01/2007 - 08/01/2007
/ 08/01/2007 - 09/01/2007
/ 10/01/2007 - 11/01/2007
/ 11/01/2007 - 12/01/2007
/ 12/01/2007 - 01/01/2008
/ 02/01/2008 - 03/01/2008
/ 09/01/2008 - 10/01/2008
/ 10/01/2008 - 11/01/2008
/ 03/01/2009 - 04/01/2009
/ 09/01/2009 - 10/01/2009
/ 11/01/2009 - 12/01/2009
/ 01/01/2010 - 02/01/2010
/ 02/01/2010 - 03/01/2010
/ 06/01/2010 - 07/01/2010
/
related blogs: general and family research
