Suggested Blog Reading – Wednesday June 27th, 2007

ReadNot a very busy day out in the blogosphere today but there were some quality posts.

Here’s the list:

The Right Way to Establish a Culture of Security – Quite the interesting concept.

After reading this article, my hat is off to Yahoo’s Arturo Bejar. Not only does he have the worlds coolest job title (“Chief Paranoid Yahoo”), but he’s taken some extremely creative measures to help build a pervasive culture of security at the Internet behemoth. I especially like the part about the t-shirts, since it not only gives people a reward to strive for, but they are also free advertising for the program. And the multiple tiers sounds like it would really spur some competition to get those coveted red shirts.

Cisco MARS Exam 642-544 – Hmmm…I wonder if the other large SEIM vendors are going to follow suit by offering certifications in their products through places like VUE and Prometric?

Cisco Security Mitigation and Response System (CS MARS) is a family of high performance, scalable appliances for threat management, monitoring and mitigation, enabling customers to make more effective use of network and security devices by combining network intelligence, context correlation, vector analysis, anomaly detection, hotspot identification and automated mitigation capabilities. CS MARS solutions empower customers to readily and accurately identify, manage and eliminate network attacks and maintain network compliance.

Worms 2.0! – The Metasploit menace inside your firewall – Good interview with Wade Alcorn.

In his research he focused on using a web browser as a beachhead to launch Metasploit-style attacks. What this means is that any Javascript enabled web browser might be used to launch an attack against a service, for example a VoIP server, and gain complete control of the box.

Generally exploits are executed inside a development framework such as Metasploit, or run directly from the code. But this time, the code would run inside the browser, using Javascript. And all of this takes palce without exploiting any bugs in the browser itself.
Your browser is now an active menace against the security of your internal network. However, the problem can’t be easily fixed, because it is not based on a bug: it simply uses “Web 2.0” technologies against you.

NBA – Can it be the star of the show? – I agree with Alan. One of the best ways to detect zero-day type of attacks is to perform behavioral analysis on your network traffic.

No, I am not talking about Kobe, Shaq, Tim Duncan and the rest of the athletes over at the National Basketball Association. I refer of course to Network Behavior Analysis. The estimable Mr. Rothman in his daily rant laments the fact that 5 years later we are still trying to explain what it is and that is pretty sad. I don’t think it is sad at all, it is just the facts. In spite of this though, I think NBA has made terrific strides. Here is why:

Memory Analysis Cheat Sheet – Might want to print this off 🙂

I’ve created a cheat sheet in order to accompany the tutorial held at the FIRST Conference 2007. On four pages it lists the most frequently used commands of Microsoft’s Debugger and some other memory analysis tools along with some structures and kernel variables. Get the cheat sheet here.

Scroll to top