Suggested Blog Reading – Tuesday April 17th, 2007

ReadStupid rain!

Here’s the list for today:

WFA Sample Chapter

I wanted to point out to the readers of this blog that Syngress/Elsevier has a sample chapter of my book available online for free download. The sample chapter is chapter 3, Windows Memory Analysis.

Deterrent Safeguards… They can’t prevent anything, so why bother?

Did you ever wonder why businesses put up silly signs that say “If we do not offer you a receipt, your purchase is free” at the checkout counter? There’s a very good reason for this, and many other seemingly useless signs. Have you noticed the sign that says “There is never more than $50 in the safe”, which tells thieves that it’s not likely to be worth robbing the convenience store? It’s a lot cheaper than trying to implement technology to prevent every possible attack with “Preventative Safeguards”. These signs, and other types of warnings, are called “Deterrent Safeguards”.

Chocolate the key to uncovering PC passwords

A train station survey of 300 office workers carried out by Infosecurity Europe researchers in London revealed the disturbing statistic that 64 per cent would hand over their office computer passwords for a bar of chocolate “and a smile”.

Forensic tools 2007

This month we looked at a wide variety of digital forensic tools. This category has been growing rapidly, diversifying and maturing in the past two years. However, there are some interesting aspects to those growth phenomena. First, we are beginning to see real innovation in tool sets, but virtually none of it is in traditional computer forensics tools. In that class, we saw, essentially, nothing new since we reviewed them last year. If anything, they are becoming more alike.

Should Apple secure its iPods?

Few corporations are likely to ban iPods in the workplace, but whether Apple and other manufacturers of MP3 players shoulder some responsibility to add security to their devices — and how effective that security would be – is a growing debate.

Watchfire online community shares vulnerability testing knowledge

Watchfire is opening up its Web application-vulnerability software so customers can create their own security tests of corporate applications.

Spam-Bot Intrusion Caught — Now What?

“I’ve recently detected and halted an intrusion on my home computer, taken some actions to prevent further intrusions, and located the software that was running a bot agent. Cursory examination showed that the bot software is intended for acting as an agent for spamming. Configuration files distinctly point at the user/host/domain of several bot-herders — damning evidence. Nothing would please me more than to see this botnet to be caught and disassembled, I’m sure much of the internet-using community would support this. Thanks in advance for your suggestions. So, to whom should I disclose this information for appropriate investigation, follow up, and countermeasures? “

Damn Vulnerable Linux – DVL – IT-Security Attack and Defense

Damn Vulnerable Linux (DVL) is a Linux-based (modified Damn Small Linux) tool for IT-Security & IT-Anti-Security and Attack & Defense. It was initiated for training tasks during university lessons by the IITAC (International Institute for Training, Assessment, and Certification) and S²e – Secure Software Engineering in cooperation with the French Reverse Engineering Team.

Researchers: Botnets Getting Beefier

A select group of some 40 security researchers gathered on April 10 in the first Usenix event devoted to these networks of infected machines. The invitation-only event, called HotBots, was held in Cambridge, Mass. At the event, researchers warned that botnets—which can contain tens or even hundreds of thousands of zombie PCs that have been taken over for use in spamming and thievery of financial and identity-related data—are on the brink of a technological leap to more resilient architectures and more sophisticated encryption that will make it that much harder to track, monitor and disable them.

How do I change the default port that OpenSSH server uses?

OpenSSH by default listens to port 22 of all local addresses. To provide additional security to the OpenSSH server, the ListenAdress and Port directives in /etc/ssh/sshd_config file can be used.

New Rinbot scanning for port 1025 DNS/RPC

We are currently tracking a new version of the Rinbot worm that in addition to its regular scans, is also scanning for port 1025/tcp. Once connected, it attempts to do a Windows 2000 DnsservQuery, attempting to exploit the recent Microsoft DNS RPC vulnerability.

New blog on event log management

Dorian Software and Andy Milford over there has started a new blog just on event log management. You can see it at If you’re into event log management or analysis, it’s worth putting the site into your RSS feed.

New DShield Feature: Highly Predictive Blacklists.

The algorithm compares your submissions to others and finds groups of similar submitters. Next, it will generate blacklists based on how close you are to these other submitters.

Nirbot’s Latest Move: MS DNS Exploits

The latest turn in the Nirbot saga is that they’ve gone and incorporated the MS Windows DNS RPC interface exploit into their bot. We started seeing this in ATLAS starting Sunday evening GMT and it appears that this flood of MS DNS RPC exploits was seeded into an existing botnet. It appears that one of the public exploits was rolled into the bot over the weekend.

Secure Socket Tunneling Protocol

The article will give a clear understanding of SSTP and compare standard VPN vs SSTP VPN. The article will also cover the advantages of utilizing both SSTP and VPN simultaneously and what the benefits of using SSTP will be.

Scroll to top