Andrew Hay

the man, the myth, the blog

Suggested Blog Reading – Thursday April 26th, 2007

| 0 comments

ReadI’ve got another new CoOp student starting today. That brings my team up to 8 people in total (including two CoOp students). Everything at work is finally starting to fall into place :)

Here’s the list for today:

Intro to hackernomics – I wonder if this term will make it into the next Webster’s version?

Hackernomics (noun, singular or plural): A social science concerned with description and analysis of attacker motivations, economics and business risk. It is characterized by five fundamental laws and eight corollaries.

New approaches to malware detection coming into view – Good idea of what’s coming down the pipe.

The traditional signature-based method to detect viruses and other malware is increasingly seen as an insufficient defense given the rapid pace at which attackers are churning out virus and spyware variants. All of which raises the question: What’s next?

SSA 1.5.1 Released – Security System Analyzer an OVAL Based Scanner – Something to test out.

SSA is a scanner based on OVAL, the command line tool provided by MITRE is not very easy to use so the guys at Security Database decided to write a GUI to make it simple to use and understand and then free the security testers community to take advantage of it.

Spam Attack: RARed Trojan – More details on this piece of malware.

Symantec Security Response has seen an increasing number of submissions of Trojan.Peacomm and related malware arriving in emails containing password-protected RAR archives.

White House Task Force Proposes Criminalizing Harmless Hacks – I can’t wait to see who the first person to burn at the stake for this is.

The Identity Theft Task Force appointed by President Bush and headed by embattled attorney general Alberto Gonzales wants to close a loophole in a federal computer crime law that’s letting slick computer intruders escape federal prosecution merely by doing no harm.

Perfect Setup Of Snort + Base + PostgreSQL On Ubuntu 6.06 LTS – Good reference article if you don’t have a Snort sensor and analysis station up and running.

This tutorial describes how you can install and configure the Snort IDS (intrusion detection system) and BASE (Basic Analysis and Security Engine) on an Ubuntu 6.06 (Dapper Drake) system. With the help of Snort and BASE, you can monitor your system – with BASE you can perform analysis of intrusions that Snort has detected on your network. Snort will use a PostgreSQL database to store/log the data it gathers.

Cisco Security Advisory: Default Passwords in NetFlow Collection Engine – “The upgrade to NFC version 6.0 is not a free upgrade” – ya…that makes sense.

Versions of Cisco Network Services (CNS) NetFlow Collection Engine (NFC) prior to 6.0 create and use default accounts with identical usernames and passwords. An attacker with knowledge of these accounts can modify the application configuration and, in certain instances, gain user access to the host operating system.

The upgrade to NFC version 6.0 is not a free upgrade. This default password issue does not require a software upgrade and can be changed by a configuration command for all affected customers. The workaround detailed in this document demonstrates how to change the passwords in 5.0.

Asking Vista for its list of network interfaces

Tenable’s research group recently released plugin ID #24904 which speaks with the Link Layer Topology Discovery protocol. This is an Ethernet “layer 2″ scan, so it is something you need to perform against a server within the collision domain of a Nessus scanner. LLTD allows you to enumerate a wide variety of information about the remote host.

Why Risk Management Fails (Or At Least Is Really, Really, Hard For Us) – Everyone has their opinion. I, however, think Risk must be able to be measured. It’s usually a question of “if” not “how” risk can be measured.

What really gets me, though, is when I see folks online and in mailing lists come up with all sorts of nonsense about how risk can’t be measured, or, even worse, that it’s too difficult and should be discarded in favor of their version of witchcraft.

Be Prepared – Just as you’re always prepared for Ninja’s to spring into attack….so should you be prepared for security problems :)

As security professionals, shouldn’t we also “Be Prepared?” We need to have a “tool bag of knowledge” that we can open whenever an event occurs. This is a set of resources, instructions or processes that you can use when responding to a security event. An organized and careful reaction to an incident can mean the difference between complete recovery and total disaster.

Battle of the Colored Boxes (part 1 of 2) – Good overview of the “colored box” methods of testing.

Lets look at Black, White, and Gray Box software testing from a high-level as it relates to a website security standpoint and highlight their strong points. I realize that not everyone will agree with my conclusions. So as always, feel free to comment and let me know if anything has been overlooked and should be considered. Also for perspective I’m of the opinion that all three methodologies require tools (scanners) and experienced personnel as part of the process. No exceptions.

Universities highlight IT forensics boom – Where was this kind of stuff when I was in school?

Universities offering postgraduate courses for IT professionals claim to be seeing increasing interest in computer forensics skills, both from employers and from applicants.

Peacomm RARs Its Ugly Head

Just like last time, a lot of this seems to be getting by traditional signature-based AV detection routines.

Security Leadership – I couldn’t agree more.

In my opinion the security industry is in need of leadership. It is a industry that is widely varied in scope and objective. You have many different disciplines that often doesn’t communicate with each other and often even openly criticizes or looks down on each other. If we are all fighting against a common enemy then why can’t and don’t we work together. Why should we each fight our own battles also fight each other?

URGENT: Unconfirmed Reports QuickTime Exploit Capture Is Circulating – UhOh…..

Remember what I said about “living dangerously”? Stop living dangerously, right now. Turn Java off in your browser. Watch this space for more details.

Default Deny All Applications (Part 1) – Good article on on SRP.

Software Restriction Policy (SRP) was introduced in October 2001 with the launch of Microsoft Windows XP Professional. Since then it has lived a pretty silent life – much too silent you could say. The purpose of this article series is to bring SRP ‘back to life’ out there in the real world, to encourage administrators around the world to re-think their software policies and maybe even implement SRP in its strongest setup: by the use of Whitelisting.

Hardware Key Logging Part 2: A Review Of Products From KeeLog and KeyGhost – A good review of some products out there.

As stated in the first article, installation of these sorts of devices is simple. Just plug the keylogger inline with the keyboard. From there it should start logging key strokes. Retrieval and configuration, on the other hand, varies somewhat from model to model.

Leave a Reply

Required fields are marked *.