Suggested Blog Reading – Thursday June 14th, 2007

ReadFinally got a good nights sleep and does it ever make a difference.

Here’s the list:

FBI May Have Broken the Law 1,000 Times in Surveilling Americans – Only those who broke the law have to worry though right? 🙂

The FBI egregiously violated privacy laws and bureau rules to obtain telephone, e-mail and financial records on scores of Americans, according to an internal audit obtained by the Washington Post and reported today.

Is a merger or acquisition in Sourcefire’s future? – Interesting interview with Marty Roesch. I’m very interested in who might be in the market, and have the capital, to merge with a company like Sourcefire.

It’s been a busy year for Sourcefire Inc. founder and Chief Technology Officer Martin Roesch, creator of the widely popular Snort open source IDS tool. In November he announced that Sourcefire had filed with the U.S. Securities and Exchange Commission to raise up to $75 million in an initial public offering (IPO) of stock. Seven months earlier, Check Point had dropped plans to acquire the company amid concerns that foreign ownership of Snort would threaten U.S. national security. In the wake of the IPO, Roesch remains reluctant to go into greater detail on his company’s future direction. But at the Gartner IT Security Summit in Washington D.C., he told how Sourcefire fit into Gartner’s Security 3.0 theme. In the process, he suggested that the war chest Sourcefire has developed as a newly public company could be used in a future merger or acquisition.

Determining the version of XP – Another good post from Harlan on how to discover the version of XP (Home or Pro).

I received an interesting comment to one of my recent blog posts…the poster was musing that he wished he could determine the version of XP (Home or Pro), presumably during a post-mortem examination. As this struck my interest, I began to research this…and most of what I found applies to a live running system. For example, MS has a KB article that tells you how to determine the version of XP you’ve got. Also, the WMI class Win32_OperatingSystem has a value called “SuiteMask” which will let you determine the version of the operating system; to see if you’re on the Home version of XP, perform a logical AND operation with the SuiteMask value and 0x0200 (the “Personal” bit) – if it succeeds, you’re on XP Home. You can also use the Win32::GetOSVersion() function in Perl, or implement the WMI Win32_OperatingSystem class in Perl.

TSK 2.09 Released – New version of The Sleuth Kit ready for your downloading pleasure.

Version 2.09 is now available. This release fixes some bugs for large files and hash databases on Windows, some stability bugs with corrupt file systems, some ‘ils’ flag bugs, and some updates to internal libraries. All users should apply this update.

Security Views Case Study #1 – Unauthorized P2P Software on Company Laptop – I’m sure a lot of system/network/security people can relate to this story.

This is the first in what unfortunately could be many posts I’ll call “Case Studies”. It’s unfortunate, because breaches are now publicized on such a regular basis, I could make a blog entirely about them, as SC Magazine now does. It’s called the Breach Blog. In my case, I was thinking it may be helpful to add some value to some of their entries by doing a bit of analysis and guidance on what you can do to avoid them.

Fuzzled – PERL Fuzzing Framework – Another fuzzing tool for you to try out.

Fuzzled is a powerful fuzzing framework. Fuzzled includes helper functions, namespaces, factories which allow a wide variety of fuzzing tools to be developed. Fuzzled comes with several example protocols and drivers for them.

Port number not shown in access-list log output – This one is more for my reference so I don’t forget it in the future 😉

The reason for this behavior is very simple: unless a line in the IP ACL matches on the layer-4 port numbers, the router does not inspect them; the log action thus has no port number to show in the syslog printout.

To fix the printout, you have to force the router to inspect the layer-4 port numbers. – Hacking Illustrated Videos – Something tells me that I’ve mentioned this site before but I can’t find the post. This is a great site with some great instructional security videos.

If you’re interested in learning how to test the security of your network by attacking it, has a number of flash/AVI videos that walk you through the mechanics of specific attacks.

Notable entries:
Using Cain and the AirPcap USB adapter to crack WPA/WPA2
Cracking Windows Vista Passwords With Ophcrack And Cain
Passive OS Fingerprinting With P0f And Ettercap
SSH Dynamic Port Forwarding
Basic Nmap Usage
Boot from Phlak and run Chkrootkit to detect a compromise
Cain to ARP poison and sniff passwords

Scroll to top