Half way to the weekend…..here’s the list for today:

Digital forensics lack standards

Court cases involving digital evidence are at risk of collapsing because some police forces fail to check the security of computer forensics suppliers.

At long last, IPv6

Tim Winters, software managing engineer with the University of New Hampshire Interoperability Lab, predicts that the move to secure granular bits of data will finally mean the emergence of IPv6.

Corporate data slips out via Google calendar

It’s not clear what gets discussed during McKinsey & Co.’s weekly internal communication meeting, but the dial-in number and passcode for the event can be easily found by searching with Google.

Blackberry / RIM Outage?

We are experiencing technical difficulties with BlackBerry services affecting sending and receiving of emails. You will also experience issues using the BlackBerry Browser and sending and receiving of PIN to PIN messages. We are taking all necessary actions to restore regular service levels.

Where Do You Get Your Security Policies From?

Is there a good outline for a security policy out on the web or that you have?

I am the Sys Admin for a company that designs communications solutions for government agencies. I started here 6 months ago and I have not found any security practices! There are no computer policies at all!

I have been trying to get some put in place but have been over ruled until recently so I am looking for a good baseline to start.

Microsoft Urges Workaround as Worm Hits Unpatched DNS Flaw

With a worm exploiting the unpatched zero-day vulnerability in Microsoft’s Domain Name System Service mere days after it was discovered, Microsoft on Monday urged customers to apply workarounds the company had provided in its earlier security advisory.

Free Information Security Training Workshops from FISSEA

I hope information security and privacy pros know about the U.S. Federal Information Systems Security Educators’ Association (FISSEA).

Readers’ Choice Awards

Information Security and SearchSecurity.com recognize the best security technology with the Readers’ Choice awards. Security products in 15 categories, including emerging technologies, were voted on by more than 800 Information Security readers.

The Evolution of Peacomm to “all-in-one” Trojan

What we saw in the first Trojan.Peacomm outbreak during January was only the beginning of the “storm-worm” war. The initial outbreak seemed to be an experiment in setting up a peer-to-peer (P2P) bot network, and to test the potential of the Trojan. The bad guys who were behind those criminal activities used the first variant of Peacomm to distribute a set of single-module Trojans that were programmed to send spam, perform DDoS attacks, gather mail addresses, and distribute new versions of the Trojan.

Jim Rapoza’s 12 Ways to Be A Security Idiot

Are you a security idiot? In a popular column from 2003, Jim Rapoza ranted about how most viruses and computer security problems are made possible by stupid people doing stupid things with their computers. Unfortunately, things haven’t changed much since then. So if you’re feeling left out, read Jim’s list of 12 ways to join the ranks of the attachment-opening, virus-downloading masses.

SSDL rides the unicycle so you don’t have to

Many ambitious moons ago, in a bygone life since relinquished, I was an analyst. On those days I reminisce and smile warmly with a pocket or three bulging with priceless war stories, an agenda of clearly expressed nuisances that “someone should fix else I wear my frowny face again,” and a clear reverence for the analyst in their daily adventures in the Wonderland of Surprises that is the Internet I’ve come to know… and begrudgingly adore. Resistance is futile, apparently.

103 Free Security Tools + a Few

Rich McIver sent over an article on itsecurity.com entitled 103 Free Security Tools. It’s actually a pretty thorough list. Of course it’s not everything, but it actually covered quite a few programs that I personally have used.

Security Remains a Challenge for Browser Developers

The panelists, who were tasked with addressing the topic titled “The Arrival of Web 2.0: The State of the Union on Browser Technology,” hailed from the open-source community all the way to the most proprietary of companies, Microsoft, and those in between.

Stupid rain!

Here’s the list for today:

WFA Sample Chapter

I wanted to point out to the readers of this blog that Syngress/Elsevier has a sample chapter of my book available online for free download. The sample chapter is chapter 3, Windows Memory Analysis.

Deterrent Safeguards… They can’t prevent anything, so why bother?

Did you ever wonder why businesses put up silly signs that say “If we do not offer you a receipt, your purchase is free” at the checkout counter? There’s a very good reason for this, and many other seemingly useless signs. Have you noticed the sign that says “There is never more than $50 in the safe”, which tells thieves that it’s not likely to be worth robbing the convenience store? It’s a lot cheaper than trying to implement technology to prevent every possible attack with “Preventative Safeguards”. These signs, and other types of warnings, are called “Deterrent Safeguards”.

Chocolate the key to uncovering PC passwords

A train station survey of 300 office workers carried out by Infosecurity Europe researchers in London revealed the disturbing statistic that 64 per cent would hand over their office computer passwords for a bar of chocolate “and a smile”.

Forensic tools 2007

This month we looked at a wide variety of digital forensic tools. This category has been growing rapidly, diversifying and maturing in the past two years. However, there are some interesting aspects to those growth phenomena. First, we are beginning to see real innovation in tool sets, but virtually none of it is in traditional computer forensics tools. In that class, we saw, essentially, nothing new since we reviewed them last year. If anything, they are becoming more alike.

Should Apple secure its iPods?

Few corporations are likely to ban iPods in the workplace, but whether Apple and other manufacturers of MP3 players shoulder some responsibility to add security to their devices — and how effective that security would be – is a growing debate.

Watchfire online community shares vulnerability testing knowledge

Watchfire is opening up its Web application-vulnerability software so customers can create their own security tests of corporate applications.

Spam-Bot Intrusion Caught — Now What?

“I’ve recently detected and halted an intrusion on my home computer, taken some actions to prevent further intrusions, and located the software that was running a bot agent. Cursory examination showed that the bot software is intended for acting as an agent for spamming. Configuration files distinctly point at the user/host/domain of several bot-herders — damning evidence. Nothing would please me more than to see this botnet to be caught and disassembled, I’m sure much of the internet-using community would support this. Thanks in advance for your suggestions. So, to whom should I disclose this information for appropriate investigation, follow up, and countermeasures? “

Damn Vulnerable Linux – DVL – IT-Security Attack and Defense

Damn Vulnerable Linux (DVL) is a Linux-based (modified Damn Small Linux) tool for IT-Security & IT-Anti-Security and Attack & Defense. It was initiated for training tasks during university lessons by the IITAC (International Institute for Training, Assessment, and Certification) and S²e – Secure Software Engineering in cooperation with the French Reverse Engineering Team.

Researchers: Botnets Getting Beefier

A select group of some 40 security researchers gathered on April 10 in the first Usenix event devoted to these networks of infected machines. The invitation-only event, called HotBots, was held in Cambridge, Mass. At the event, researchers warned that botnets—which can contain tens or even hundreds of thousands of zombie PCs that have been taken over for use in spamming and thievery of financial and identity-related data—are on the brink of a technological leap to more resilient architectures and more sophisticated encryption that will make it that much harder to track, monitor and disable them.

How do I change the default port that OpenSSH server uses?

OpenSSH by default listens to port 22 of all local addresses. To provide additional security to the OpenSSH server, the ListenAdress and Port directives in /etc/ssh/sshd_config file can be used.

New Rinbot scanning for port 1025 DNS/RPC

We are currently tracking a new version of the Rinbot worm that in addition to its regular scans, is also scanning for port 1025/tcp. Once connected, it attempts to do a Windows 2000 DnsservQuery, attempting to exploit the recent Microsoft DNS RPC vulnerability.

New blog on event log management

Dorian Software and Andy Milford over there has started a new blog just on event log management. You can see it at http://eventlogs.blogspot.com/. If you’re into event log management or analysis, it’s worth putting the site into your RSS feed.

New DShield Feature: Highly Predictive Blacklists.

The algorithm compares your submissions to others and finds groups of similar submitters. Next, it will generate blacklists based on how close you are to these other submitters.

Nirbot’s Latest Move: MS DNS Exploits

The latest turn in the Nirbot saga is that they’ve gone and incorporated the MS Windows DNS RPC interface exploit into their bot. We started seeing this in ATLAS starting Sunday evening GMT and it appears that this flood of MS DNS RPC exploits was seeded into an existing botnet. It appears that one of the public exploits was rolled into the bot over the weekend.

Secure Socket Tunneling Protocol

The article will give a clear understanding of SSTP and compare standard VPN vs SSTP VPN. The article will also cover the advantages of utilizing both SSTP and VPN simultaneously and what the benefits of using SSTP will be.

Looks like a slow day around the blogosphere (I hate that word). Could partially be due to the bad weather moving up the eastern US or simply because it’s a Monday. Anyway, here is the list…

Identity Management and You

Having multiple online identities for different types of web sites is a good idea. I’m afraid that it’s not a common practice among mom and pop though.

We Have to Make Mistakes

Security and IT are tough these days. While we keep getting an influx of people with their MCSE and A+ certs that can do fun things with desktop support, it is all those other more specific areas of IT that still are not getting the love they should be getting. Maybe it is because they’re a layer or two out of the eyes of most normal users (and managers). Too often, us techs can do a lot of good things, but sometimes don’t get a chance to try things out when we’re already swamped with an overload of work, not enough money, and too many fires to put out.

About the strategy I followed during my CISSP exam

In a previous CISSP exam post I promised to blog about the exam-taking strategy I followed.

Face-off: Certifications are not important for career enhancement

IT career advancement has become like a jigsaw puzzle. Certification is only one piece, giving way to clusters of critical attributes that define the modern IT role.

Update on Microsoft DNS vulnerability

We received a couple of e-mails over the weekend asking us why this vulnerability was significant. Most public DNS servers should not be listening on the RPC ports, after all. Indeed, networks obliging to basic secure perimeter design would only allow port 53 UDP/TCP to the authorative DNS servers, and definitely not the additional RPC ports required for exploitation.

Free Lunch :: OSSEC

OSSEC is an open source host based intrusion detection system. The website states, “It performs log analysis, integrity checking, Windows registry monitoring, rootkit detection, time-based alerting and active response.” That is a mouthful.

Nessus 3.2 BETA – IPv6 Scanning

More and more operating systems are shipping with IPv6 enabled by default. Both Vista and OS X ship with IPv6 stacks. The presence of IPv6 on your network may dramatically alter how computers communicate with each other and connect to the Internet. Communication that occurs over IPv6 may not be blocked by local or network firewalls, observed by network IDS or even correctly logged by your SIM.

Zombies infiltrate US military networks

Security researchers have traced spam-sending botnet clients back to networks run by the US military.

DHS No Longer Gets Failing Cybersecurity Grade

They got a D.

William Jackson | For virus detection, don’t write off signatures

So just because a vendor talks up the advanced heuristics capabilities of your latest antivirus tool, do not fall prey to the temptation to ignore the signature updates. They still are your first and best line of defense.