Month: August 2007

Suggested Blog Reading – Sunday August 19th, 2007

ReadIn laws are in town this week, which tends to cut down on computer time. On the plus side we did get some good work done in the garage this weekend as well as install a filter in the basement for the water (still a bit leaky but my father-in-law is going to take care of that Monday)

Here is the list:

The Magical “Human Security Layer” – I’d say the “Human Layer” is by far the most important, and most likely to be exploited, layer in your enterprise.

One thing that many managers overlook is that, while login banners are necessary from a legal point of view to show some amount of due diligence, the fact is many people ignore the same message that pops up every day. That doesn’t make the employees less responsible, just less effective.

How To Configure Apt Sources.List – For Complete Newbies – With more and more people switching to Ubuntu, it’s critical that you have the proper sources for updates (and cool stuff).

So you were playing with your Apt sources.list and somehow ruined it. No matter how hard you try you cannot get it back. Every time you try to install a package you get error messages. Now what?

Don’t despair … I’ve been there and found an easy answer: The Aptitude Source-O-Matic: http://www.ubuntu-nl.org/source-o-matic/

August SRT: Security Career Success – I haven’t had time to listen to this yet but I do plan on it.

We had an excellent panel together to talk about how you can build a successful security career, with Michael Santarcangelo, Mike Murray, Dan Sweet and Ron Vereggen. Any one of these gentlemen would be an outstanding career coach by themselves, but having them all together on one phone call made for an exceptionally enlightening session. I add a little flavor as someone who’s in the middle of a job search right now. There’s a lot of good information here, whether you’ve already got a career in security or are contemplating one.

BlackHat Encore Webinar Presentation – I’ll have to see if I can make it.

A lot of people were unable to make it to Black Hat this year and asked how else they might see the presentation RSnake and I gave, “Hacking Intranet Websites from the Outside (Take 2)–”Fun with and without JavaScript Malware”. So we decided to do an encore performance webinar style. This means wherever you are in the world (relatively speaking), you can participate and perhaps ask a question of either RSnake or myself live. If you already well-familiar with all the latest and greatest attack techniques discussed here, on RSnake’s blog, and elsewhere… you won’t see much “new”. But maybe if you have an hour to kill and want to see a few demos, why not… it’s free!

How to make a website harder to hack – Jeremiah brings up a good point. When speaking with a vendor about any proposed security solution make sure you ask them “What does your product do to protect me and my network.” If you want to see them sweat while doing it ask them to explain it without using any buzzwords 🙂

I mean, that’s what web application security is all about. We know websites will never be 100% secure just like software never be 100% bug free. We also know web application hacks are targeted. All we have to do is look at CardSystems, the U.N., MySpace, CNBC, UC Davis, Microsoft UK, Google, Dolphin Stadium, Circuit City, T-Mobile, and many other incidents to figure that out. Bad guys don’t hammer away at eComSiteA then mistakenly hack into WebBankB. It doesn’t work like that. The victim is the one they’re targeting in the browser URL bar. So instead we should approach website security in terms of time and difficulty just like they’ve done for decades in physical security–with burglary resistance, fire resistance, alarm systems, etc.

IR “Best Practices” – Harlan’s back….Harlan’s back!

So, I’ve been talking to a number of different folks recently, having discussions during my travels to and fro about incident response and computer forensics. Many times, the issue of “best practices” has come up and that got me thinking…with no specific standards body governing computer forensics or incident response, who decides what “best practices” are? Is it FIRST? After all, they have “IR” in their name, and it does stand for “incident response”. Is it the ACPO Guidelines that specify “best practices”?

TJX reports a loss due to cardholder data breach – Maybe we should send them a card….or maybe some flowers? That’s really too bad 🙂

TJX is back in the news and reporting over a hundred million dollar loss due to the massive cardholder data breach.

People continually ask why they got off so easy, but as the losses continue to pile up I’m sure the CEO is asking, “why weren’t we compliant?”

Immunity Debugger v1.0 (immdbg) Release – Download it Now! – Cool. This is a great tool. Glad to see there is a 1.0 release finally.

After almost a year of intensive development and internal use, Immunity (The guys who bought us CANVAS) has announced the public release of Immunity Debugger v1.0. The main objective for this tool was to combine the best of commandline based and GUI based debuggers.

Enterprise Log Management for Incident Handlers at SANS Network Security 2007 — Caesars Palace, Las Vegas, Nevada

sansLooks like I’ll be making the trip to SANS Network Security 2007 to present a Q1 Labs sponsored lunch & learn on Thursday, September 27th in LAS VEGAS, NEVADA!

The topic of the lunch & learn is Enterprise Log Management for Incident Handlers. Email me if you’d like more information on the lunch & learn abstract.

For more information on the conference please see the following link: http://www.sans.org/ns2007/
For more details on the lunch & learn please keep checking here: http://www.sans.org/ns2007/vendor.php

I hope to see some of my readers and colleagues there. Drop me a line and let me know if you’ll be attending.

Sourcefire Aquires ClamAV™ Project

clamavLooks like Marty and Co. have acquired ClamAV. I’m a huge fan of ClamAV on Windows, Linux, and OSX. From the press release:

“ClamAV is one of the most successful technologies in the open source security arena. This acquisition not only broadens Sourcefire’s open source footprint, but allows us to support, develop and incorporate the ClamAV technology throughout our commercial offerings,” said Martin Roesch, Founder and CTO of Sourcefire and Creator of Snort. “The success of the ClamAV project is a direct reflection of the talent and dedication of the founding team and the project community. Sourcefire is committed to investing in and advancing the ClamAV technology, just as we have with Snort and Snort.org.”

This is my favorite AV scanner these days. Congratulations to the ClamAV team!

Scroll to top