Running a little late on the book but trying to push through to get it done. Might not be many updates to the blog this coming week.

Here is the list:

New resource for Reverse Engineering – Something to check out.

dELTA wrote to tell us about the release of “The Collaborative RCE Tool Library” which he explains as:
“In very few words, the design goal of this project is to leverage the advantages of the wiki architecture, where everybody can contribute, while at the same time ditching all the disadvantages of the wiki architecture, add just enough moderation, and finally bring the world one step closer to the nirvana of the semantic web.”

http://www.woodmann.com/collaborative/tools

The site is very cool and worth checking out. We’re also looking forward to the library of infosec tools that he says is going to be his project for 2008.

Ethical Conflict in the Webappsec Domain – Would you consider this a case of “the best defense is a good offense” or just a bad idea?

yes, folks… robert hansen (aka rsnake), the founder and ceo of sectheory, felt it would be a good idea to hold a contest to see who could create the smallest xss worm… ok, so there’s no money changing hands this time, but that doesn’t mean the winner isn’t getting rewarded – there are absolutely rewards to be had for the winner of a contest like this and that’s a big problem because lots of people want rewards and this kind of contest will make people think about and create xss worms when they wouldn’t have before…

dumpcrack1.2.py.txt – New version of the dumpcrack utility has been released.

dumpcrack is a utility that will take in a list of MD5 checksums from a database dump and attempts to crack them using a wordlist or milw0rm’s database.

Your InfoSec Dream Job? – I think I may have to participate in this little experiment 🙂

Assuming you were going to stay in the “Information Security” industry, what would you do if you could pack up your office tomorrow and move into shiny new digs in your dream job? What would that be? With whom? Doing what?

New articles from the SANS Information Security Reading Room:

• Web Based Attacks
• Analysis of a Browser Exploitation Attempt
• Configuring and Tuning Cisco CS-MARS
• Exploitation Kits Revealed – Mpack

Privacy: Comedian Tom Green Reveals Internals of House through Published Camera Test – I still remember the time I had the opportunity to push him down the stairs while drinking in a bar in Ottawa. One of my biggest regrets was not going through with it 😉

Here’s where we get to the fine line of privacy and what is considered private. Many people consider the inside of their home to be a private space. In fact in the US we often question the extent to which the law can or cannot dictate the actions we do in our homes. So is intentionally publishing this video a leakage of data? My vote is ‘Yes’ because the intent of the video was to demonstrate the wireless capabilities, not an internal view of his house. I admit that both sides may be argued convincingly.

chkrootkit-0.48.tar.gz – New version of chrootkit released.

This version includes new tests: common SSH brute force scanners, suspicious PHP files; enhanced tests: login, netstat, top, backdoor; and some minor bug fixes

The Case of the Missing AutoPlay – This was a cool and very informative post. I suggest you take a read through.

I’ve been presenting talks on Windows Vista kernel changes since TechEd US in the summer of 2006 and one of the features I cover in the session is ReadyBoost, a write-through disk caching technology that can potentially improve system performance by leveraging flash media as a disk cache. I explain ReadyBoost in depth in my TechNet Magazine article, “Inside the Windows Vista Kernel: Part 2”, but the basic idea is that, since flash has significantly better random access latency than disk, ReadyBoost intercepts disk accesses and directs random-access reads to its cache when the cache holds the data, but sends sequential access to directly to the disk. During my presentation, I insert a USB key, whereupon Windows displays an AutoPlay dialog that includes an option to configure the device for ReadyBoost caching…

Top 10 security headlines of 2007 – Good reference in case you need to put a presentation together on past threats.

IT professionals worried about new attack techniques in 2007 as well as potential data breaches and the growing likelihood that their most valuable security tools would pass from the management of one vendor to another. Here is an unscientific look at what we considered the biggest stories of 2007…

Unrealistic Uber-Hackers now portrayed as murders – I’ll probably go see the movie but the technology behind it couldn’t be as bad as the movie Hackers. On a side note I do believe that Hollywood is starting to hire better consultants to inject some “reality” into the technology that they’re trying to convey in their movies. The real question is…how does one get a gig like that? 🙂

The movie Untraceable is hinged upon a computer savvy hacker who murders people online using technology. Watch the trailer below for multiple “hacker” and cyber-crime references. It’s my belief that the evil computer hacker character is a trend we will see continue to multiply in frequency within Hollywood films however unrealistic.

openstego-0.3.0.zip – A new version of openstego has been released.

OpenStego v0.3.0 includes support for password-based encryption of the data. GUI also includes the corresponding changes. OpenStego is now more or less complete. Main thing remaining is addition of support for other file formats like JPG, BMP.

now….back to the book 🙂

Alright Mother Nature. You and I have an issue that we need to work out. I’m not sure what I did to you but I don’t think dumping 60cm (~24in) of snow on my house is an appropriate response.

Here is the list:
iptables-1.4.0 – I can’t remember the last time that I saw an update to iptables.

The netfilter core team has released iptables-1.4.0. This is the first final release of the new iptables branch 1.4. This release contains lots of bugfixes and improvements for the previous release candidate which strongly improves IPv6 support. Please, upgrade!

wsScanner – Web Services Footprinting, Discovery, Enumeration, Scanning and Fuzzing tool – Another tool for you to try out.

wsScanner is a toolkit for Web Services scanning and vulnerability detection.

Tools to help protect your internet anonymity – Some good tools to help with your pen tests.

Ever need a disposable phone number or temporary login in credentials to stop receiving spam?

Here is a link to a number of websites that have potentially useful privacy tools.

The Visibility of Information Risk Management – I don’t anticipate this changing any time soon. Breaches don’t have the “sexy” factor that a political assassination or the US dollar falling would have. Sad times we live in.

I picked up today’s WSJ and got a cold, hard dose of reality. In it, is an article called “Data Security Breaches Reach a Record in 2007″. It’s a fairly retrospective article that discusses the four to eight-fold increase in compromised records for EOY 2007 vs. EOY 2006 (the discrepancy in increase estimates is due to Attrition.org using deposition information from Visa & Mastercard in the TJX case, vs. the “only” 46 million number used by TJX).

What is most disturbing to me is not the increase from 2006. It’s not that the AP article is inaccurate, or that I see how others report on our industry from afar and I find it lacking. What is disturbing is that it’s buried at the back of section B – right next to the page and a half or so of legal notices.

World’s Top Surveillance Societies — Updated with link – Interesting read. Apparently Big Brother is watching quite a few people 🙂

Privacy International, a UK privacy group, and the U.S.-based Electronic Privacy Information Center have put together a world map of surveillance societies, rating various nations for their civil liberties records.

Both the U.S. and the UK are colored black for “endemic surveillance,” as are Thailand, Taiwan, Singapore, Russia, China and Malaysia.

sshutout-1.0.5.tar.gz – Nifty.

sshutout is a daemon that periodically monitors log files, looking for multiple failed login attempts via the Secure Shell daemon. The daemon is meant to mitigate what are commonly known as “dictionary attacks,” i.e. scripted brute force attacks that use lists of user IDs and passwords to effect unauthorized intrusions. The sshutout daemon blunts such attacks by creating firewall rules to block individual offenders from accessing the system. These rules are created when an attack signature is detected, and after a configurable expiry interval has elapsed, the rules are deleted.

WebGoat 5.0 on Ubuntu – Take a read in case you’ve run into this problem.

Some days I love Ubuntu, some I friggin hate it. today I hate it.

WebGoat comes with a nifty little .sh script to check to make sure you have sun java 1.5x installed.

well, after installing sun java 1.5.x with synaptic finding the nifty directory its in “/usr/lib/jvm/java-1.5.0-sun” then pasting that in the script it still took a dump giving me

Please set JAVA_HOME to a Java 1.5 JDK install or JVM Is not 1.5 errors.

so I just deleted all that check code, put export JAVA_HOME=/usr/lib/jvm/java-1.5.0-sun/ at the top of the script and it now works…

Where to submit malware samples – If you’ve ever wondered where you submit malware that you find/discover/experience then check out these links.

Some of you might want to know where to submit virus/malware samples to security companies. This blog post might help.

First, each vendor has their own submission process. For example, Symantec has this page, McAfee has this page, Sunbelt has this page — and so on. However, email addresses are available — you can package your malware sample into a zip or RAR file, password protect it (common practice is to use the password ”infected”) and send off the sample. A full list of submission addresses is here.

Now, if you’re feeling lazy (or just plain too busy), you can always submit a sample to Virustotal. All the vendors that are part of VirusTotal receive samples, so it’s an easy way to get a sample to a lots of companies. I’m not particularly sure if it’s the fastest way to get samples out there to the security companies, but the samples do ultimately get to all of us. (Clarification — VirusTotal gets us the samples immediately. But it’s up to the vendors to get these samples into their threat signatures. For some, this takes a bit of time.)

Best Book Bejtlich Read in 2007 – It’s a good thing that Richard is such an avid reader. It’s an even better thing that he doesn’t pull any punches when it comes to his reviews. Of course, I saw that knowing that he wants to review my book when it’s released….gulp!

Last year I posted my first year-end ranking of books I had read and reviewed in 2006, titled Favorite Books I Read and Reviewed in 2006. I decided to continue the tradition this year by posting my 2007 rankings, and awarding Best Book Bejtlich Read in 2007 (B3R07).

2007 was not my most productive year in terms of reading and reviewing books. I read 17 in 2000, 42 in 2001, 24 in 2002, 33 in 2003, 33 in 2004, 26 in 2005, and 52 in 2006. This year I read and reviewed 25 books, several during the last week.

Phone-Shield set to increase police prosecution rates – Sounds interesting.

A new mobile phone faraday bag called the ‘Phone-Shield’ has been launched by Tamworth-based Disklabs, is set to increase the ability of the police to successfully and cost-effectively prosecute in cases where mobile phone data comprises an essential element of evidence. The new Phone-Shield has been designed by Disklabs to ensure that data on a suspect’s mobile phone can be investigated without that data being compromised when the phone connects to its relevant network…

Navy offers scholarships for IT pros – I think this is a great idea.

To help meet its demand for IT security specialists, the Office of the Navy’s Chief Information Officer will offer scholarships to civilian Navy and military personnel for postgraduate studies in the field of information assurance.

The scholarships are available from the of Defense Department’s Information Assurance Scholarship Program, and will pay for tuition, fees and books for master’s- and doctorate-level studies in biometrics, computer science, information systems, telecommunications, business management and administration, as well as other areas with a focus on information assurance, according to the Navy CIO’s office.