Suggested Blog Reading – Sunday July 29th, 2007

ReadI’m not sure where this heat wave came from but to give you an idea of what I’m living through:

  • Friday, July 27th – 33.7C (93F)
  • Saturday, July 28th – 31C (88F)
  • Sunday, July 29th – 33C (91F)


Here’s the list:
Interview with Richard Bejtlich — GE Director of Incident Response – A very good interview with Richard Bejtlich, author, blogger, and most recently GE Directory of IR.

Back in May, I attended a meeting to get a feel for the company and group I would be working for this summer as an IT Security Intern. Much to my surprise, Richard Bejtlich was in attendance and as it turned out we’d be working for the same company. Anyways, Richard agreed to do be interviewed on network security monitoring and his new role as Director of Incident Response.

Parsing XML on the Command Line – This is something I’ll have to check out.

I haven’t written about UNIX scripting in a while. It was yesterday in the afternoon that our QA guy came over and asked me some questions about VI. Among his problems was the “parsing of an XML” file. He wanted to extract elements from specific branches of an XML structure. I told him that VI was not XML aware. It treats XMLs just like any other text file; line by line. He was not happy with my answer and kept bugging me. Then he said: “You should write a tool called XMLgrep”. And that was it. I was pretty sure that someone had written a tool that would do exactly that.

Doctors Use of USB Storage Leads to Theft of Medical Data – Eye Bleeder – Adam, I hope these incidents upset when you blog about them as much as they upset me when I link to them!

A thief made off with a USB thumb drive belonging to a Nottingham University Hospitals junior doctor that contained sensitive patient medical information. After reviewing the incident, it looks like using USB drives to store patient information is a common practice among Nottingham University Hospitals junior doctors. During research for the British Medical Journal, Matthew Daunt a foundation year one doctor, recently questioned 50 junior doctors about storing patient data. Of the 20 doctors that admitted to using USB drives to store data, not one of them used encrypted USB drives, leaving patient data readable to anyone with a computer and the drive itself. Since this incident, the Nottingham University Hospitals trust plans to being offering 128-bit encrypted USB drives to all junior doctors.

PCI Progress – It’s good to see that this standard is making headway.

Level 2 merchants, those generating 1 million to 6 million annual Visa transactions, aren’t as far along, though they have a later compliance deadline, Dec. 31. According to Perez, 33% are complaint while an additional percentage in the “high 20s” is in remediation. PCI compliance is at 52% for Level 3 merchants—those generating 20,000 to 1 million Visa e-commerce transactions annually. This group currently does not have an explicit compliance deadline.

Leak-testing update revealed another Excellent anti-leak protection – Good to know.

We have finished another leak-testing update today. It revealed two firewalls that are worth of mention. The new version of Online Armor reached an Excellent score with only two failed tests. A Very good result was scored by the new version of ProSecurity with three failed tests.

Compliance and Information Security: Common Sense Confirmed – This is a very good article/interview that everyone should check out.

So many times I’ve heard business leaders complain that the data protection requirements within the multiple laws and regulations only hurt business; that they are not necessary and have no true impact on really protecting data…they are just bureaucratic hoops forced upon businesses to placate the politicians’ constituents by lawmakers who know nothing about the nuts and bolts of implementing information security…and that the cost of compliance is only hurts the business’ bottom line.

gsLaptop Security: Windows® Vista? vs. XP – from the SANS Information Security Reading Room.

Threat hierarchy: experimental hacking – I’m looking forward to the future articles in this series.

There are five levels of threats. In the next few days I will walk though each of the levels, starting with the lowest level: experimental hacking. (I will be in Reykjavik for most of next week where I assume I will have no trouble getting online but you never know.)

Experimental hacking has been with us since the first days of computers and networks. Can you remember using gopher or Archie to “surf the net”? If you found a US Air Force server in Antarctica you tried to login regardless of what the warning page said.

Marine Information Exposed by Penn State Web Site – Another Eye Bleeder!

A Marine looking for his own name on Google came across more then he expected. Personal information on 10,554 Marines was available for a 10-11 day period on a Penn State web site. The site contained information on Marines who had rifle range requalification records while attending Marine Corps Recruit Depot Parris Island, S.C., from January 2004 through December 2006 and was collected by Penn State as part of a research program. Information collected by Penn State included names and Social Security numbers. According to Penn State officials, logs indicate that the information was only accessed once by the individual Marine that reported the incident. The information was pulled from the site as soon as Penn State was aware of the problem.

UK University Identity Theft Lecturer Arrested For Identity Theft – Another Eye Bleeder…I think I’m a pint low. Time for a cookie and some orange juice.

University of Galmorgan identity theft lecturer Eni Oyegoke has been sentenced after pleaded guilty to 13 fraud, deception and theft offences. Oyegoke began at Glamorgan as a PhD student in 2005, a position he gained using a false passport. Soon after, Oyegoke began lecturing students on the topic of identity theft, a topic he apparently was very familiar with. Authorities were first made aware of the problem when Oyegoke applied for a drivers license using his fake passport information. During a raid on his house, authorities found credit cards Oyegoke had opened under other identities and a fake drivers license. Oyegoke used the two credit cards to help pay for his tuition and the fake drivers license was part of his doctoral thesis according to his lawyer. Oyegoke faces a two year jail sentence and will be deported after serving his time.

A Bit More on Log Management vs SIEM (and Semantics) – Good rant/post/explenation by Anton on the differences between SEIM and Log Management. You can tell from the tone of the article that Anton gets very upset when you refer to Log Management as SEIM…but if you really want to see him blow his top then call the LogLogic offering a syslog server — “What’s that Anton? No I’m not calling it a syslog server…I’m on your side man…what are you doing with that knife Anton?” 🙂

So, if you are looking to collect, retain, review, analyze, and otherwise deal with all your logs for various uses, go for log management. If you are looking to build a SOC, you might need a SIEM (and, actually, log management since your SOC analysts will wants to see original logs pretty often)

Babel Enterprise – Cross Platform System Auditing Tool – Another tool for your belt.

Babel Enterprise has being designed to manage security on many different systems, different technologies and versions, and different issues and requirements. It is a distributed management system, multi-user, that allows redundant installation in all its critical components. Each change occurring in the system can be watched and marked automatically each time a new audit policy is executed. Users can add, delete or modify existing elements to see exactly if the system works better or worse and why. Babel Enterprise uses a pragmatic approach, evaluating those aspects of the system the represent a security risk and that can be improved with the intervention of an administrator.

Building a Security Practice within a Mixed Product-R&D and Managed-Service Business from the SANS Information Security Reading Room.

Scroll to top