| August 2007 |
|---|
| Sun |
Mon |
Tue |
Wed |
Thu |
Fri |
Sat |
| |
|
|
1 |
2 |
3 |
4 |
| 5 |
6 |
7 |
8 |
9 |
10 |
11 |
| 12 |
13 |
14 |
15 |
16 |
17 |
18 |
| 19 |
20 |
21 |
22 |
23 |
24 |
25 |
| 26 |
27 |
28 |
29 |
30 |
31 |
|
|
Recent Comments
Wiki RSS
|
Wed, 31 Mar 2004
|
|
|
joat: 11:47:00 31 Mar 2004 |
|
|
|
|
|
joat: 11:46:00 31 Mar 2004 |
|
|
Tue, 30 Mar 2004
|
|
Here's an analysis of the Witty worm. joat: 10:50:00 30 Mar 2004 |
|
|
|
|
Here's Linux Security's two part series on "How to be a Security Warrior (part one and two). joat: 10:23:00 30 Mar 2004 |
|
|
Mon, 29 Mar 2004
|
|
|
Posting may get a little spotty during the coming months as I've started the local mentor class for the SANS GIAC GCIA certification (as a student). This is one of the harder ones and the practical is going to take a lot of analytical work in a short period of time (something that requires practice).
The following has priority over blogging when it comes to my remaining waking hours: a day job, trying to get a business up and running, attending meetings of various professional orgs, and attending college. I'm not saying that I won't stop blogging, just that it may be short, sparse and/or sporadic. joat: 11:43:00 29 Mar 2004 |
|
|
Sun, 28 Mar 2004
|
|
The PIRATE Act could lean things in further against "innocent until proven guilty". We've already seen "accidental" seizures of systems with legitmate MP3's (whose filenames just happen to coincide with ones made up by pirates for songs they stole). I don't think that another law is going to improve the situation. We run the risk of having just as many IP laws as gun laws. The act is still illegal, another law will not deter people already determined to commit the crime. (courtesy of /.) joat: 13:57:00 28 Mar 2004 |
|
|
|
|
This gets old quickly. If you're considering a move in either direction, find yourself an objective third party with no interest in the outcome (it's more difficult than it sounds though). joat: 02:33:00 28 Mar 2004 |
|
|
Fri, 26 Mar 2004
|
|
Memestreams has a pointer to the NANOG Security Curriculum, a collection of presentations (pdf's, audio files, etc.) intended to educate the reader in various facets of network security. In other words, free education! These are well worth the reading. joat: 23:51:00 26 Mar 2004 |
|
|
|
|
Furrygoat has a piece on bootable USB drives. This came out about the time we (at work) were discussing policy on these things and talking about them as attack devices (the insider threat). joat: 23:40:00 26 Mar 2004 |
|
|
|
|
Tim Chiu says " appliances are better" but I'm not sure I'm taking the bite. The devices he's talking about are just computers devoted to running the same software. I dislike the blackbox approach as it promotes the seriously bad idea of "plug it in and it works". This paradigm only works if technology and threats do not change. Or, if you buy a managed box, you have to trust someone with no interest in your busines to protect it. In reading the article, it appears that the main argument is the usual standardization, one-size-fits-all approach to network security. Sorry, but I don't buy it. While using the best technologies is a good idea, you also have to take into account what you're protecting. Just like IDS's, anti-spam devices have to be "tuned" to work properly. Guess that means that I agree with Ken Schneider. joat: 23:23:00 26 Mar 2004 |
|
|
|
|
Network World Fusion has an article which discusses the various reasons why hackers attack (mostly opportunity, some status, money, data, etc.), examples included. joat: 12:39:00 26 Mar 2004 |
|
|
Thu, 25 Mar 2004
|
|
At the risk of alienating yet more MS purists, this is yet another point-and-click rant.
Steve Friedl has a post about exploiting the ability to quickly block new worms, in this case the NetSky worm. This is a support for my ongoing argument that, if you're running an Exchange server, you should have a Unix/Linux-based mail handler immediately upstream from it to filter viruses, score/filter spam, and gather various metrics. Why? If you know Perl (or some other just as capable scripting language), you can quickly adapt to an outbreak, in as little as fifteen minutes, without having to wait for the anti-virus vendors to issue a signature update (which can take up to two days).
For Steve's example, it would look something like:
if($source_domain eq $dest_domain) {
move_to_quarantine($msg_ID);
}
This design exploits the assumption that anything meant to remain within the domain would remain on the Exchange box. The mail handler would filter only traffic entering or leaving the network. The idea is to add an additional level of security, invisible to the users. For that matter, even MS can be used for this as long as it's not running the same MTA software as the main mail server. joat: 11:49:00 25 Mar 2004 |
|
|
|
|
Found this while looking for a tool to play back Rootfu files (tcpreplay doesn't work in this case): CAIDA has a site devoted to learning traffic analysis.
joat: 11:46:00 25 Mar 2004 |
|
|
|
|
Here's a decent overview of SSH. Includes descriptions of protocol versions 1 and 2. Also includes other good SSH-related links. (via Information Security Magazine) joat: 11:43:00 25 Mar 2004 |
|
|
|
|
Only two more days in the SoTM challenge. How'd you do? joat: 11:41:00 25 Mar 2004 |
|
|
Wed, 24 Mar 2004
|
|
|
joat: 11:19:00 24 Mar 2004 |
|
|
|
|
From SecuriTeam, a paper on BlueTooth man-in-the-middle attacks. joat: 11:15:00 24 Mar 2004 |
|
|
|
|
|
joat: 02:25:00 24 Mar 2004 |
|
|
|
|
As I've not used the most popular operating system in years, I'm only recently getting back into the desktop-level of security. Here's an article about what appears to be the two more popular spyware clean-up tools. I'm still somewhat amazed at the amount of kruft that creeps in via surfing with Windows. joat: 02:24:00 24 Mar 2004 |
|
|
|
|
NIST has a list of Unix Host and Network Security Tools. joat: 02:23:00 24 Mar 2004 |
|
|
Tue, 23 Mar 2004
Mon, 22 Mar 2004
Sun, 21 Mar 2004
|
|
I have a sales droid mockup of one of these on my desk at work. It's swag from a recent wireless conference that I attended. Just too cool. Voice dial. Touch to talk. Caller ID.
The only drawbacks that I could come up with is that this is not a phone. Other people in the room get to hear both sides of the conversation. Also, the size of the battery probably doesn't lend to extended conversations.
Obvious uses? Hospitals and warehouses where the user is normally mobile. joat: 23:05:00 21 Mar 2004 |
|
|
|
|
I agree with L. M. Orchard (over at DECAFBAD), get over it. Since when does heavy use (or abuse) equate to death? What about IRC and e-mail? The only technologies that I've seen "die" are those that are proprietary in nature and someone wants more money for its use than the general public is willing to pay. Note: this is one of the problems with ".NET". (Why should I pay a penny for a weather forecast when I can get it for free elsewhere?) Most .NET services are subscription based and are already available via SOAP, XMLRPC, or some other technology. joat: 07:23:00 21 Mar 2004 |
|
|
|
|
This is old news but is interesting read in any case. (via ThisIsLondon) joat: 07:22:00 21 Mar 2004 |
|
|
|
|
Personally, I'm very suspicious when a complete stranger talks about something that involves my money or data. joat: 07:18:00 21 Mar 2004 |
|
|
|
|
|
joat: 01:43:00 21 Mar 2004 |
|
|
|
|
Why do I feel that we'll see a certain company for sale on eBay real soon now?
Hey Darl! I'll save you the trouble. I'll give you a dollar for the entire company! But you gotta hurry, I'm not going to make this offer for long. joat: 01:21:00 21 Mar 2004 |
|
|
Sat, 20 Mar 2004
|
|
IT Toolbox has an article about "experts" wanting an early warning network for various Internet threats (from the government). Unknown to them, many of these already exist and are active to the point that the major problems experienced on the Internet could have been much worse. The problem with these networks is that they are somewhat elitist and/or restrictive (to the point that many that could benefit from participation in these networks are excluded). Justifications include signal-to-noise ratio, disclosure risks, and/or lack of peer recognition. I was a member of a well-used mailing list for network security types for almost two years until it was decided that I didn't pass the weeding out process (the two times I actually interacted with others from the list involved law enforcement and disclosure restrictions). Two attempts to rejoin the list (required peer "vouching") were only temporarily succussful. I've since switched jobs but may be qualified to rejoin the list in the near future (Yeah, I'm frustrated by being excluded. I miss the "edge" on various inter-network problems.) joat: 01:07:00 20 Mar 2004 |
|
|
|
|
|
joat: 00:33:00 20 Mar 2004 |
|
|
Fri, 19 Mar 2004
|
|
|
joat: 23:25:00 19 Mar 2004 |
|
|
|
|
Tech Republic has another "catching the bad guy" story. Interesting reading. joat: 04:54:00 19 Mar 2004 |
|
|
Thu, 18 Mar 2004
|
|
HNS has a pointer to a SysAdmin article about Linux memory forensics. joat: 04:02:00 18 Mar 2004 |
|
|
Wed, 17 Mar 2004
Tue, 16 Mar 2004
|
|
Host-based Intrusion Detection Systems (HIDS) are a recent development that has been a bit overhyped as late. Don't get me wrong, HIDS are a valuable too. It's just that the technology has been pushed as the solution du-jour a bit more than I care to see. In any case, it should be part of your reptoire for defense-in-depth. Linux Security has an article about a project called Open Source HIDS. joat: 02:04:00 16 Mar 2004 |
|
|
Sun, 14 Mar 2004
|
|
Sorry for the slow-down in posting. I'm heavily loaded at the moment, building servers for a show at the end of the week.
In other news, I've managed to wedge TWiki into MT (on another site), thanks to this link from DECAFBAD. It's something that I've been searching for over the last few weeks. It was a bit hard to find as some of DECAFBAD's wiki is broken. I'm hoping I can talk the powers-that-be here into adding a Perl module and an MT plugin to the site.
It's an awesome tool (better than the PHPWiki I'm using now). joat: 17:04:00 14 Mar 2004 |
|
|
|
|
Deadman has some interesting scripts and templates, including PHP programming templates for Vi. joat: 02:41:00 14 Mar 2004 |
|
|
Sat, 13 Mar 2004
|
|
NetworkWorld Fusion has an article which discusses yet another proposed solution for fighting spam, this one involves the sender paying if the recipient rejects the e-mail. Personally, I dislike the thought of paying anything for e-mail because it leads directly into "quality of service", "service level agreements", and law suits. joat: 03:42:00 13 Mar 2004 |
|
|
|
|
How to skin a web site.
Update: BlogSkins joat: 02:43:00 13 Mar 2004 |
|
|
Fri, 12 Mar 2004
|
|
Randy Bias has an article about various security-related items including a Bruce Schneier interview and the Stupid Security Contest results. joat: 02:25:00 12 Mar 2004 |
|
|
|
|
Here's another hijacking story. (via GrayScales) joat: 02:14:00 12 Mar 2004 |
|
|
Thu, 11 Mar 2004
|
|
SilverStr has an article which discusses some scary stuff. Many security types seem to go through this state at one point in their career or another (usually very early but not necessarily). Hopefully, the people at Symbiot will think it through. SilverStr is able to cover most of the points why hack-back is really not a good idea. Update: /. has an additional article about Symbiot's product. joat: 01:31:00 11 Mar 2004 |
|
|
Wed, 10 Mar 2004
|
|
Linux Exposed has an article describing how to secure an Apache-based web server. joat: 02:32:00 10 Mar 2004 |
|
|
|
|
Here's an article which talks about hijacking conference call systems. The article says the practice is new but I know of one incident locally that happened almost two years ago. If you have a PBX, you should take a close look at your security capabilities and practices. joat: 02:29:00 10 Mar 2004 |
|
|
|
|
Mebbe I'm biased because of my customer service days but the only response I can come with for this is, "clueless few"?? Anyone want to explain to the reporters that being able to point-and-click does NOT amount to "clue". If it was actually just a few, we could go over to their house and either teach them or have their Internet disconnected. joat: 02:23:00 10 Mar 2004 |
|
|
|
|
Here's a quick article on bluesnarfing, an act that amounts to data theft from a cell phone. joat: 02:23:00 10 Mar 2004 |
|
|
Tue, 09 Mar 2004
|
|
(via /.) Here's one person's account of how he backtracked an attempted e-card hijacking of his system. joat: 02:34:00 9 Mar 2004 |
|
|
|
|
SilverStr has a pointer to an interesting paper on passive information gathering. joat: 02:16:00 9 Mar 2004 |
|
|
|
|
Simon Willison has a piece about the dangers of PageRank. It's the entertaining side of what the comment spammers are exploiting to "get ahead". joat: 01:54:00 9 Mar 2004 |
|
|
Sun, 07 Mar 2004
|
|
The Network Administrator has an interesting mix of stories about security and network administration. Interesting icon for identity theft.
joat: 10:07:00 7 Mar 2004 |
|
|
|
|
Go here for instructions for getting on the Cyber Alerts mailing lists from the US-CERT. joat: 10:06:00 7 Mar 2004 |
|
|
|
|
(From the Penetration Testing mailing list) Compass Security has published a proof-of-concept tool to support the reason for running a split-DNS configuration. Basically the tool allows for tunneling data through your firewall via the DNS protocol. Note: the tool is offered for a limited time but I wouldn't be surprised if it's available elsewhere.
This is similar to the problems you risk if you allow wide-open ICMP through your firewalls. joat: 04:11:00 7 Mar 2004 |
|
|
|
|
Here's a tutorial for creating custom CSS underlines. joat: 04:05:00 7 Mar 2004 |
|
|
Sat, 06 Mar 2004
|
|
|
The wiki managed to drop one of its sessions tables (and therefore screwed up the entire schemas). Not sure how it happened but it's a good excuse to try a few other wikis. Bear with me while I get the content back online. joat: 17:09:00 6 Mar 2004 |
|
|
|
|
Computer World has an article which discusses the "lessons learned" from the recent MyDoom DDoS.
Unfortunately, the protections described is nothing new. ISP ingress/egress filtering and changing IP's has been around for years. The filtering is considered a "best practice".
The article also describes adding server capacity, which is what Microsoft did to survive its own DDoS attack. They actually moved their website to Akamai. joat: 04:57:00 6 Mar 2004 |
|
|
|
|
(From Bugtraq): Here's the announcement of a new mailing list devoted to discussions about application security research. joat: 04:45:00 6 Mar 2004 |
|
|
|
|
Robin Good has a listing of services to publish your RSS feeds to. joat: 04:34:00 6 Mar 2004 |
|
|
|
|
Local Area Security has a PDF-based tutoral for NBTScan.
This is one of those need-to-have tools if you have anything to do with network security. Not only can you view various NMB/SMB data for a remote machine, it's not that hard to tie it to MySQL via Perl and keep a database to find rogue systems on your network. joat: 04:05:00 6 Mar 2004 |
|
|
Fri, 05 Mar 2004
|
|
Here's a SANS paper that should be read by anyone involved with security for telecommuters. joat: 04:45:00 5 Mar 2004 |
|
|
|
|
|
joat: 04:30:00 5 Mar 2004 |
|
|
|
|
(heh), flash games on 404 pages. What a serious (but fun) waste of time! How long before someone does something evil, or good, with this. joat: 04:11:00 5 Mar 2004 |
|
|
Thu, 04 Mar 2004
|
|
Xatrix.org has an article about the GhettoHackers. (These are the guys that are hosting/winning CTF at DEFCON lately.)
joat: 02:06:00 |
| |
