Suggested Blog Reading – Friday December 14th, 2007

ReadI really apologize to my readers for not updating my blog in a while but I’ve been trying to focus all of my time and effort on my book. I’ll do my best to try and keep-on-postin’ 😉

Here is the list:
Regulatory Compliance Q&A – This is very interesting. I plan on checking this out since regulatory compliance has such a large impact on my day to day work.

We just opened a new topic area in our online forum. Dr. Heather Mark, who did her PhD work in Public Administration and Public Policy, will be leading the Regulatory Compliance track.

Cyber-crime–More Lucrative Than Drugs?? – I believe it. With drug trafficking, based on what I see in movies and read in the media, there are too many middlemen to make it truly profitable unless you are at the top of the food chain. With cyber-crime there tends to be very few people between the attacker and the target and, I would imagine, even less outsourcing of work. Plus, cyber-crime, when compared to drug trafficking, is a relatively new concept in the world of crime. That being said, there are far less people dedicated to the apprehension of the cyber-criminal than there are for drug traffickers.

Recently, the assistant secretary for Cyber-security at the Dept. of Homeland Security made some startling comments about the dangers of online crime. “We’re all at risk of attack,” he announced, and added that Cyber-crime is threatening our infrastructures. He also said it exceeds the drug trade.

Scanning those other wireless technologies beyond 802.11abg – Great post by Michael Dickey with some very good information about some powerful tools.

Josh Wright earlier this year posted a couple wireless security papers which are quite valuable. First he talks about wireless framing; basically a blitz through how wireless 802.11 works. There is also a paper about 5 wireless threats we may not know about. In the list, Wright mentions 802.11n (Greenfield mode) and Bluetooth rogue APs. I think scanning for rogue APs using kismet is becoming fairly common in concerned organizations (or by concerned geeks anyway). But how does one begin to scan to find these other wireless technologies?

Windows Remote Desktop Heroes and Villains from the SANS Information Security Reading Room.

Announcing – Microsoft Bloggers Network! – Excellent idea from Mitchell Ashley to bring Microsoft bloggers together under one banner.

I’ve started reading many more blogs related to Microsoft since joining Network World where I now blog about topics related to Microsoft and the broader industry. So, it naturally made sense to create a network for blogs covering Microsoft topics.

Botnets linked to political hacking in Russia – Yep…well…I’m not surprised 🙂

Botnets orchestrated by Russian hackers are reckoned to have been used to fire up the Estonian attacks. Involvement of elements from the Russian government is suspected by some, though there’s nothing by way of evidence that the Kremlin had a hand in the assaults.

Nazario, a senior security researcher at Arbor Networks, has documented how botnets have featured in more recent politically motivated DDoS events. Attacks on the Ukrainian pro-Russian site of the Party of Regions, a party led by the Ukrainian Prime Minister Viktor Yanukovych, over the last three months were traced by Nazario back to networks of compromised machines.

BackTrack 3 Beta out! – I’ve been waiting for this for quite some time. I can’t wait for the final revision.

Max Martin and I are ecstatically happy to announce that Backtrack 3 Beta is available for download.

We are all suffering from lack of sleep – we will make a public announcement about this tomorrow.

nmap-4.50.tgz is out – Time to update your nmap version 🙂

This is the first stable release since 4.20 (more than a year ago), and the first major release since 4.00 almost two years ago. Dozens of development releases led up to this. Major new features since 4.00 include the Zenmap cross-platform GUI, 2nd Generation OS Detection, the Nmap Scripting Engine, a rewritten host discovery system, performance optimization, advanced traceroute functionality, TCP and IP options support, and and nearly 1,500 new version detection signatures. More than 300 other improvements were made as well.

Breaking News: Successful SCADA Attack Confirmed – Mogull Is pwned! – Great story! This is what happens when security geeks get bored. Note to self – Don’t “Hassle The Hoff (C)”

Rich and I are always IM’ing and emailing one another, so a few days ago before Rich left town for an international junket, I sent him a little email asking him to review something I was working on. The email contained a link to my “trusted” website.

The page I sent him to was actually trojaned with the 0day POC code for the QT RTSP vulnerability from a couple of weeks ago. I guess Rich’s Leopard ipfw rules need to be modified because right after he opened it, the trojan executed and then phoned home (to me) and I was able to open a remote shell on TCP/554 right to his Mac which incidentally controls his home automation system. I totally pwn his house.

How to Do Database Logging/Monitoring “Right”? – Great post Anton. With compliance requirements on everyones minds these days, database security has jumped to the forefront as a primary security concern.

So, people sometimes ask me about how to do database logging/auditing/monitoring and log analysis right. The key choice many seem to struggle with for database auditing and monitoring is reviewing database logs vs sniffing SQL traffic off the wire. Before proceeding, please look for more background on database log management, auditing and monitoring in my database log management papers (longer, more detailed – shorter)

NIST working on new method for finding software bugs It’s worth a shot since reviewing code and following common sense programming practices doesn’t appear to be cutting it.

Researchers a the National Institute of Standards and Technology and the University of Texas at Arlington hope to release for beta testing next month a tool to help spot possible problems in complex software.

FireEye will generate tables of tests to look for adverse reactions that can cause applications to crash. Because crashes can be caused by unexpected interactions between large numbers of configurations, testing possible configurations can be prohibitively costly and time consuming. The project has reduced the number of parameters that need to be tested to a manageable level, and FireEye will calculate which possible combinations need to be tested for an application.

Scroll to top