Suggested Blog Reading – Tuesday June 12th, 2007

ReadWaking up at 3am for no good reason is like getting punched in the face when you’re not looking. Those are my words of wisdom for the day. Talk amongst yourselves.

Here’s the list:

Why IT doesn’t really get security – Teach them a lesson. When they hand you their thumb drive kindly thank them and put it in your pocket 🙂

Since I’ve started my new job I’ve there have been four (4) different occasions where members of the IT staff have given me their USB thumb drives to transfer data to. These are guys that I work with daily but I don’t know them and they don’t really know me. One guy even gave me a U3 drive.

Teaching Viruses and Worms – I think this would be a very good class to teach in parallel with a course on ethics in IT.

Computer science students should learn to recognize, analyze, disable, and remove malware. To do so, they must study currently circulating viruses and worms, and program their own. Programming is to computer science what field training is to police work and clinical experience is to surgery. Reading a book is not enough. Why does industry hire convicted hackers as security consultants? Because we have failed to educate our majors.

Google Ranked Worst In Privacy – For a company that prides itself on a “do no evil” motto they don’t understand the concept of protecting their user base.

This is a non-technical post and completely my own opinion (as if you asked). I’m sure you all have seen this by now, in the news, on blogs, or even on Google’s employees’ sites but it’s time for me to discuss my view on Google’s recent ranking of the absolute worst privacy of the top 23 companies chosen for scrutiny by Privacy International in their latest report. They ranked lower than anyone else looked at, and the list included companies like Microsoft, eBay, Yahoo and MySpace.

Security Education Conference – Toronto (November 20-21, 2007) – I wonder if I’ll be able to get away to attend?

The Security Education Conference is unique to central Canada and provides an opportunity for IT professionals to collaborate with their peers and learn from their mentors. Held this year at the Metro Toronto Center in downtown Toronto, this conference runs two days and features Keynotes from North America’s most respected and trusted experts. Speakers are security professionals with depth of understanding on topics that matter. This conference is a must attend for every IT professional.

NY man pleads guilty to spamming AOL subscribers – Good…now change the venue to Texas and give him the chair.

Adam Vitale, 26, pleaded guilty in federal court in Manhattan to breaking anti-spam laws. He was caught making a deal with a government informant that sent spam e-mails advertising a computer security program in return for 50 percent of the product’s profits, prosecutors said.

“Defeating” Whole Disk Encryption, Part 3 – Part 3 in the series.

In Part One, we reviewed obtaining the last 16 characters of the PGP password from a computer that was live. In Part Two, we reviewed how to set up your VMware box so you can boot the image. In this post we will review the options for imaging the computer, be forewarned, neither is a perfect solution.

Citrix buys Caymas NAC assets – Golden rule in the networking business…don’t be the only company at the buzzword party without the latest buzzword solution as your date.

Citrix is buying the assets of NAC vendor Caymas Systems, which is out of business and whose products have some overlap with the Citrix’s SSL VPN products.

A spokesman for Caymas says the company’s assets have been bought by Citrix, but did not reveal the price. Citrix spokespeople could not be reached this morning for comment.

Router’s responses to port scans – Just in case you forget what it looks like 🙂

Recently I was trying to figure out what the various port states reported by Nmap really mean. This is what’s actually going on:

  • If a packet is intercepted by a router’s access-list, the router sends back an ICMP administratively prohibited packet. This is reported as filtered port by Nmap (and probably as stealth port by some other scanners).
  • If you do a TCP SYN scan of a router and the scanned port is not active, the router sends back TCP RST packet. This is reported as closed port.
  • If you perform a UDP scan of a router, the router sends back ICMP port unreachable message if the UDP application is not active. This is reported by Nmap as filtered port (even though in most cases it should be equivalent to closed TCP port).
  • In some cases, the router simply doesn’t reply to UDP scans (for example, if you scan the discard service). This is reported as Open¦Filtered (as the scanner cannot reliably determine whether the probe was dropped due to a filter or simply not replied to).
Scroll to top