It appears that someone has already added me to his group of “Anti-Mircosoft Fanboys” based on my earlier post. Let’s get one thing straight. I am, and have never been, anti-Microsoft. Anyone who claims that Microsoft is evil and bad are uninformed morons. The computing industry would not be where it is today if it wasn’t for the Microsoft. They changed the way we think about personal computers and server deployments. That’s my rant for the day.
Here’s the list:
Nessus 3.0.6 Available – Good to see the users and watchers of these tools driving change.
Tenable Network Security has released version 3.0.6 of the Nessus Vulnerability Scanner which fixes a variety of performance issues and bugs.
Israeli researchers map the whole Internet. Boy are they tired. – You should have seen the size of the paper they used!
Israeli researchers have created a topographical map of the Internet by enlisting more than 5,600 volunteers across 97 countries who agreed to download a program that tracks how Internet nodes interact with each other.
IT Security Warfare, part deux – This is the first time I’ve seen Carl von Clausewitz mentioned in our industry. When asked on the Security Catalyst Community what is the one security book I could not live without I didn’t even have to think about it: On War – Carl von Clausewitz. This is a must have book for anyone involved in any aspect of security.
Culminating Point Of The Offensive
One of his areas of interest was the inherit superior strength of defense versus offense. For example, he was impressed with the strength of entrenchments and fixed fortifications. Both represent established, fortified points of contact with the enemy and can be compared to firewalls, HIPS, VLAN ACLS, etc. Typically in battle there are stages of trenches to fall back to if the threat of being over-run becomes real. In network security we do the same; firewalls are the outermost point of contact, then we fall back to the IPS, then the VLAN ACLS and so on.
Article on DDoS Tarpitting – I like the idea and plan to implement this for security research purposes.
I just wrote up an article about using tarpits to fight off HTTP-based DDoS attacks. Since I myself have been a victim of DDoS, I thought I’d throw out an idea to help those who might find themselves at the mercy of some anonymous attacker.
ExtractScripts – Another tool to check out.
ExtractScripts is another one of my little tools I use to analyze malware. Extractscripts.py takes an HTML file as argument and generates a separate file for each script in the input file. I use it to extract (potentially) malicious scripts from a webpage and execute them with my patched spidermonkey.
Extractscipts is written in Python to be portable across multiple platforms.
Blocking Bots By HTAccess – Not a bad idea either.
While doing a little research into some random stuff for a client I ran into a bot that was spidering in a bad way. Within a few search results pages I found my way to a blog entry by BrontoBytes talking about blocking spiders by HTAccess. This is a pretty interesting pro-active approach to stopping request level attacks, and something used commonly by mod_security, for instance. You can check out the blog entry which shows how to set up an .htaccess file to block some modern robots.