Suggested Blog Reading – Tuesday December 25th, 2007

ReadI hope everyone is enjoying their holidays. I decided to take some time off from my guests to post another SBR.

Here is the list:
How to Spy Using Van Eck Phreaking – Great video showing Van Eck Phreaking. If you’re unfamiliar with the concept it looks like something out of a James Bond movie. A description of Van Eck Phreaking can be found at the related Wikipedia entry:

Van Eck phreaking is the process of eavesdropping on the contents of a CRT display by detecting its electromagnetic emissions. It is named after Dutch computer researcher Wim van Eck, who in 1985 published the first paper on it, including proof of concept.

Four new papers from the SANS Information Security Reading Room:

A Christmas Packet Challenge – In case you need a break from your guests you can take some time away and rip through some packets.

There is no better Christmas gift, that I can think of to give, than one that involved packets. Its been awhile since I posted a packet challenge, but I couldn’t let Christmas go by without posting one. So for all you fellow packet heads out there, here is one for you to spend your holidays pondering. This challenge is different from last year, so let me tell you the rules for solving this one.

From description to exploit – Great explanation of the work flow used to discover and categorize an exploit.

Every once in awhile I get an opportunity to work on a “known” vulnerability, but with very little or even no available technical details. These known vulnerabilities tend to be “known” just to their finder and to the vendor that fixed the vulnerability. We know they exist because an advisory is published, but not much more than that.
From the point where the vulnerability got fixed, no one (researcher or vendor) has any interest in disclosing the vulnerability details – as it is no longer interesting – leaving security researchers with insufficient information to confirm whether this vulnerability affects anyone else beside the specific vendor – and specific vendor version.

Perl Scripting Book – Harlan just released his latest book on Perl Scripting for IT Security. Check it out! 🙂

Perl Scripting for IT Security is not a follow-on or companion to my previous book, Windows Forensic Analysis. Rather, it goes more into showing what can be done, and how it can be done, in the world of Incident Response and Computer Forensics Analysis using an open-source solution such as Perl. The book, in part, shows that with a little bit of knowledge and skill, we are no longer limited to viewing only what our commercial forensic analysis tools show us.

Nikto 2 Released – Web Server Scanning Tool – Cool!

Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 3500 potentially dangerous files/CGIs, versions on over 900 servers, and version specific problems on over 250 servers. Scan items and plugins are frequently updated and can be automatically updated (if desired).

Nikto is not designed as an overly stealthy tool. It will test a web server in the shortest timespan possible, and it’s fairly obvious in log files. However, there is support for LibWhisker’s anti-IDS methods in case you want to give it a try (or test your IDS system).

Here are a few security papers for you to check out:

VizSEC 2008 Call For Participation – Work with the visualization of security? Why not check out the CFP?

As a result of previous VizSEC workshops, we have seen both the application of existing visualization techniques to security problems and the development of novel security visualization approaches. However, VizSEC research has focused on helping human analysts to detect anomalies and patterns, particularly in computer network defense. Other communities, led by researchers from the RAID Symposia, have researched automated methods for detecting anomalies and malicious activity.

The theme for this year’s workshop, which will be held in conjunction with RAID 2008, will be on bridging the gap between visualization and automation, such as leveraging the power of visualization to create rules for intrusion detection and defense systems. We hope that VizSEC participants will stay for the RAID Symposium and RAID participants will consider coming a day early to participate in VizSEC.

Fierce 1.0 – I haven’t checked it out yet but I plan on it 😉

Okay, it’s about time. I am finally releasing Fierce 1.0 as a production ready DNS enumeration tool. What does that mean? It means it works. We have now gotten rid of all the kinks that made me think that it was crippled in a way that made me not want to rely on it. So what was fixed? Well, thanks to Jabra we have now patched fierce so that when it does a zone transfer it continues working, in the off chance that someone messes with the zone transfer to fool fierce into stopping before it sees the real output. Alas, it was a small but important issue to fix.

Enabling NetFlow on Virtual Switches – Use VMWare? What about an NBAD solution? Ever wanted to collect flow information from your virtual switches? Well now you can.

NetFlow is a general networking tool with multiple uses, including network monitoring and profiling, billing, intrusion detection and prevention, networking forensics, and SOX compliance. NetFlow sends aggregated networking flow data to a third‐party collector (an appliance or server). The collector and analyzer report on various information such as the current top flows consuming the most bandwidth in a particular virtual switch, which IP addresses are behaving irregularly, and the number of bytes a particular virtual machine has sent and received in the past 24 hours.

Scroll to top