Again I let the post slip to noon. Must be the nice weather outside 🙂

Here’s the list for today:

Bots on the Corporate LAN I agree with his comment in the article: “So it’s obvious that there are bots on corporate networks, but it’s not obvious how serious a problem it is.” Until a massive outbreak happens to your organization most will continue to consider a bot infestation something that happens on “other organizations” networks.

Opinion: Of course bots exist on corporate networks, but how big a problem are they? It could be that nobody knows.

People like me, who write about security, are flooded with reports on the state of malware. They’re often valuable enough and say interesting things, but on certain points they are invariably, and infuriatingly, vague.

Retailers haven’t learned from TJX – still running WEP – I guess my above statement applies to this as well 🙂

When I blogged earlier this week about TJX’s failure to secure their wireless LAN and how it may end up costing TJX a billion dollars, I knew that it was merely the tip of the iceberg with so many retailers still running WEP encryption. As if WEP wasn’t already broken enough, WEP is now about 20 times faster to crack than in mid-2005 when TJX’s WEP-based wireless LAN was broken and I knew from experience that most retailers were still running WEP. I decided to stroll through town and check on some of the largest retail stores in the country to see how they’re doing today. The reason I looked at the large retailers is because they’re the big juicy targets with millions of credit card transactions that the TJX hackers love. What I found was truly disturbing and I’m going to tell you what I found.

More on Snort 3.0, GPL and derivatives – Word on the street is that Marty was saying some things in the IRC channel that a man in his position shouldn’t have been saying.

In response to my post yesterday a few comments (you can click on the right column to see them) have responded that as GPL, there is nothing really changing with Snort 3.0, Sourcefire in order to “avoid misunderstandings” is defining what they consider to be a derivative work. I think therein lies the rub. What Sourcefire is saying is that if you want to do a front end for Snort, you can do so and just point people to snort.org to download Snort which will run separate and apart from the front end (lets not even talk about rules for the moment).

Forensics in the Enterprise – I was sent an demo copy of EnCase v5 but I never got around to playing with it.

I had the opportunity last night to attend a demo of Guidance Software’s EnCase Enterprise product. I use the standalone version of their product, EnCase Forensic already, and the Enterprise edition looks like an interesting extension.

EnCase Forensic runs on a single Windows workstation and allows you to image suspect hard drives and conduct detailed analysis on their contents. It’s got a number of handy features built in, like the ability to do keyword searches, extract web viewing history and identify email messages. Pretty nice, and it makes most common forensic tasks a breeze.

How To Back Up MySQL Databases Without Interrupting MySQL – Good bit of information to have.

This article describes how you can back up MySQL databases without interrupting the MySQL service. Normally, when you want to create a MySQL backup, you either have to stop MySQL or issue a read lock on your MySQL tables in order to get a correct backup; if you don’t do it this way, you can end up with an inconsistent backup. To get consistent backups without interrupting MySQL, I use a little trick: I repplicate my MySQL database to a second MySQL server, and on the second MySQL server I use a cron job that creates regular backups of the replicated database.