Security musings (reflectorium)
Security musings (reflectorium)
Tuesday, June 29, 2004
  Instant Messaging in the Enterprise introduces risks..

This seems to be a hot topic lately. - With predictions of a possible instant messaging worm. A nice write-up "Top 5 IM security risks" can be found here: 
(0) comments and the 100% virus detection guarantee

A site "about com­puter virus myths, hoaxes, urban legends, hys­teria, and the impli­ca­tions if you be­lieve in them. You can also search a list of com­puter virus hoaxes & virus hys­teria from A to Z".
On the other hand, I think that this particular article "An open letter to the CISO of the American Red Cross" that they carry right now, is grossly unfair to Ron Baklarz and incredibly naive in the way it buys into sales pitches. So two antivirus scanning operations claim that they have a "money back guarantee" if a mail virus slips through .. I mean .. really.. irony on/off ??
There shouldn't be a 100% virus detection guarantee ever..
We should have learnt that much by now.  
(0) comments
Monday, June 28, 2004
  Max Mosers Auditor CD-Rom update
Max Moser has released a new version of the Auditor security collection (auditor-220604-01B). It is available now
(0) comments
Friday, June 25, 2004
  Virus Total Web Site
very cool site.. "Virustotal offers a free service of suspicious file scanning, using several antivirus engines." 
(0) comments
Wednesday, June 23, 2004
  CISSP certification gets accreditation under ISO/IEC 17024.  
(0) comments
  IM worm threat  
(0) comments
Tuesday, June 22, 2004
  Fold your own 2-CD case from a sheet of paper
Jorma Oksanen has instructions on how to fold a 2-CD case out of a sheet of paper. (Without glue):
Found this at Tim Pritlove's Lunatic Fringe
(0) comments
  Foremost - free forensic tool by the United States Air Force Office of Special Investigations

The US Air Force Office of Special Investigations offers a free forensic toolkit.
"Foremost is a console program to recover files based on their headers and footers."
You can get it at .
In addition, there's also a NetworkWorldFusion article to go with it. 
(0) comments
  Newly detected viruses (CAI)  
(0) comments
  Script injection via DHCP

Now this is fun. - It seems that with one SOHO wireless router (AirPlus DI-614+) you can make the administrator run malicious scripts when he looks at the the web-based management console.
In a nutshell:
+ you send a maliciously hand-crafted DHCP packet
+ which the router takes and verbatimly embeds in the DHCP administrative and logs web pages it offers to the admin
Details are at 
(0) comments
Monday, June 21, 2004
  Security Managers Could Face Court Penalties

Just to showcase how dangerous the security manager job can be - another article, this one titled "Security Managers Could Face Court Penalties" - scary stuff, takes real men, 'nuff said.. ;-) 
(0) comments
  One company's SASSER thriller story

A nice thriller-like story on how some fictitious company experienced SASSER. If someone thinks your job is dull, this is probably what you want to let them read..
(0) comments
Saturday, June 19, 2004
  The home of the penguin sleuth cd-rom

Using a live-cd for forensics. (e.g. like knoppix std, fire, ..) 
(0) comments
  Internet Security Alliance and its best practice guides

The Internet Security Alliance has published some best practice guides and is working on some more. (see ).
CCCure has the story that DHS tells Congress it Endorses the ISA Best Practices Guide
(0) comments
  The SASSER author - responsibility and age
Axel has some worthwhile thoughts on responsibility and age - and the what future might held for the SASSER author over at his blog
(0) comments
Friday, June 18, 2004
  IT-Security and outsourcing in the financial services industry

This my marketing plug. =)
Here's a German review of IT-Sicherheitsmanagement in Banken.
(A book on security management in banks, that I contributed to last year).

(0) comments
Thursday, June 17, 2004
  HOACD 1.0 (bootable OpenBSD + honeyd CD)

The Brazilian Distributed Honeypots Project brings us: HOACD = Honeyd+OpenBSD+Arpd in a CD.
"It is the implementation of a low-interaction honeypot that runs directly from a CD and
stores its logs and configuration files on a hard disk."
"The CD is bootable and uses the OpenBSD operating system, the low-interaction honeypot daemon honeyd and the user-space arp daemon."
The CD image is available at:
(0) comments
Sunday, June 13, 2004
  Blog aggregation sites and "The blog-only news diet"

Poynteronline carries a story on, Steve Rubel, a guy that tried to live on a blog-only news diet. Steve also covers this in his own blog micropersuasion. - In the article Steve points out several blog aggregation sites that helped him during his "diet":

  • blogdex has the "most contagious information currently spreading in the weblog community."
  • Popdex gives you the "most popular links on the Internet".
  • Memeorandum
  • Daypop, "a current events/weblog/news search engine" - Daypop overs customized RRS feeds with the search results - e.g. on "security"
(0) comments
Saturday, June 12, 2004
  2004 New CSI/FBI Computer Crime and Security Survey is out

The New CSI/FBI Computer Crime and Security Survey is out. Dana Epp has a nice summary and links in his most excellent blog. One quote from his summary "Most organizations conduct some form of economic evaluation of their security expenditures, with 55 percent using Return on Investment (ROI), 28 percent using Internal Rate of Return (IRR), and 25 percent using Net Present Value (NPV)." (Hello Axel!) - Somehow I sense an upcoming thread on this on cissp-forum..

[Comment: I had to re-edit this, after realising that Dana Epp is a guy.. a big one apparently.. -> page with his picture? Note to self: x-files, Agent Mulder, Dana Scully - look for subtext ("truth is out there?").
(0) comments
Thursday, June 10, 2004
  Security quiz at ISS

ISS is offering some security tests (multiple-choice questions, anonymous, free)
(0) comments
  Everyone at SUN can blog.. is an official site set up by SUN, so all their employees can blog. - This Infoworld article discusses some of the aspects of it. All in all, I think this is a very interesting move. Now, I don't know what SUN would do if any internal information would leak that way.

By the way, on, there's also this blog entry about getting hit with a Denial-of-Service attack just prior to an official announcement.  
(0) comments
  Hacker Intel is shutting down for good..

from the site below "I'll leave Hacker Intel online for a few more days. Eventually I'll take it down so if you want any of the 900 plus stories in the archives grab them now."
It's sad that the site closes.  
(0) comments
  Terror Threat Levels

The USA have this interesting concept of color-coding "threat levels" - which seems a bit bizarre to me, to be honest, outside a military setting.

Here's the US Homeland security system explained by the DHS. There's also a nice site called Ready.GOV that has some "guidance". - This site has been parodied here.

Whackyneighbor puts its level at

For geekandproud, it's at

Terror Alert Level

.. some good source of information is here.

(0) comments
  Application worms
Just to emphasise my point made earlier that quite a few people are thinking about future worms: Here's an article on "Application Worms" - which, while they do sound like automated hacking agents, don't look like terrible effective "worms" to me. It has some good points though, and of course Google is a means for finding systems vulnerable to some attacks..  
(0) comments
  a net law blog

I just came across a Net Law Blog at
They do carry an interesting story about some banks banning 3rd party (webmail) access for their employees. The idea of which was somewhat hotly debated on a few forums. 
(0) comments
  "A worst case worm" paper by Nicholas Weaver and Vern Paxson (and Stuart Staniford)

This entry is for Axel (Balrog) Eble, who hasn't seen that one on the f-secure blog before . - No really, I wanted to blog this, but then I somehow forgot.
Nicholas Weaver et al. published a paper on a worst-case worm that could cause $50 billion or more in damage by attacking Microsoft Windows systems and carrying a destructive payload.

Apparently, quite a few people are developing worst worm scenarios now (incl. Axel, Marcus and me..) Bruce Schneier just commented on WITTY and the "firsts" that came with it elsewhere. (Basically, he is commenting on that other Weaver paper blogged below.)  
(0) comments
Wednesday, June 09, 2004

One of the things we discussed in the last CISSP-FFM meeting.
A new version of the framework has just been released by HD Moore et al.:
(0) comments
Tuesday, June 08, 2004
  Reflections on Witty 
(0) comments
  Wireless Auditing LiveCD
Max Mosers Auditor CD includes a lot of useful tools 
(0) comments
  Sanctum Paper on HTTP response splitting, web cache poisoning attacks, and related topics
Sanctum published paper on "Divide and Conquer - HTTP response splitting, web cache poisoning attacks, and related topics" in March 2004. I read it last nights. It's an excellent read, very technical, with some sample code. It discusses the behaviour of common platforms, incl. IE 6.0 SP1, Squid 2.4, Apache/2.0, Netcache/5.2 and WebLogic 8.1 SP1. - It reads almost like a scientific paper, with a lot of helpful practical information. I think it really helps to understand some of the often-over-looked risks in web services security.
- After reading the paper, cache poisoning is no longer a remote possibility. (I know we've seen report on it being used for years, but this paper adds a new twist.)  
(0) comments
Monday, June 07, 2004
  Microsoft's Threat Modelling Ressource Page  
(0) comments
Friday, June 04, 2004
  Scripting with the Microsoft Baseline Security Analyser 1.2
and of course the FAQ of the beast at
- which is, mind you, not a real beast.  
(0) comments
Thursday, June 03, 2004
  IDC 3rd Security Conference (Germany, Switzerland)

Looks like it could be a fun event, curious about the actual agenda. 
(0) comments
Wednesday, June 02, 2004
  Understanding Threat Modelling

Good coverage at Dana Epp's most excellent blog:
also for the Microsoft Threat Modelling tool: 
(0) comments

Me enjoying a "Mate-Club", Alt-Landsberg near Berlin, summer 2003.

RSS Feed now atom.xml!
My public bloglines universe

Essential Security Web-Sites
Internet Head Up Display, Internet Storm Center incl. Handler's Diary on Virii and Security - Messagelabs stats, Trendmicro, Symantec, CAI, McAffee, F-Secure -- securityfocus, packetstorm

Recently added Detections from CAI
Standalone Virus Cleaner
Trendmicro Sysclean and Signature, Symantec Removal tools, Stinger from McAfee, F-Secure removal tools, Bitdefender free removal tools
The Internet Traffic Report monitors the flow of data around the world. It then displays a value between zero and 100. Higher values indicate faster and more reliable connections.
11/01/2003 - 12/01/2003
/ 12/01/2003 - 01/01/2004
/ 01/01/2004 - 02/01/2004
/ 02/01/2004 - 03/01/2004
/ 03/01/2004 - 04/01/2004
/ 04/01/2004 - 05/01/2004
/ 05/01/2004 - 06/01/2004
/ 06/01/2004 - 07/01/2004
/ 07/01/2004 - 08/01/2004
/ 08/01/2004 - 09/01/2004
/ 09/01/2004 - 10/01/2004
/ 10/01/2004 - 11/01/2004
/ 01/01/2005 - 02/01/2005
/ 02/01/2005 - 03/01/2005
/ 03/01/2005 - 04/01/2005
/ 04/01/2005 - 05/01/2005
/ 05/01/2005 - 06/01/2005
/ 06/01/2005 - 07/01/2005
/ 07/01/2005 - 08/01/2005
/ 01/01/2006 - 02/01/2006
/ 02/01/2006 - 03/01/2006
/ 03/01/2006 - 04/01/2006
/ 06/01/2006 - 07/01/2006
/ 08/01/2006 - 09/01/2006
/ 09/01/2006 - 10/01/2006
/ 12/01/2006 - 01/01/2007
/ 03/01/2007 - 04/01/2007
/ 05/01/2007 - 06/01/2007
/ 07/01/2007 - 08/01/2007
/ 08/01/2007 - 09/01/2007
/ 10/01/2007 - 11/01/2007
/ 11/01/2007 - 12/01/2007
/ 12/01/2007 - 01/01/2008
/ 02/01/2008 - 03/01/2008
/ 09/01/2008 - 10/01/2008
/ 10/01/2008 - 11/01/2008
/ 03/01/2009 - 04/01/2009
/ 09/01/2009 - 10/01/2009
/ 11/01/2009 - 12/01/2009
/ 01/01/2010 - 02/01/2010
/ 02/01/2010 - 03/01/2010
/ 06/01/2010 - 07/01/2010

Powered by Blogger

related blogs: general and family research