Suggested Blog Reading – Thursday April 19th, 2007

ReadFinally the sun is out! I’m looking forward to my weekend of warm weather, BBQ meat, and studying for my CISSP exam…

Well two out of three ain’t bad…

Here’s the list for today:

NAC all-in-one test on the horizon

We’ve provided comprehensive information on ways the available NAC architectures have been outfitted by a host of vendors to provide authorization tactics, end point security measures, enforcement points and management wares that tie all the necessary NAC pieces together.

Attackers improve on JavaScript trickery

As JavaScript becomes an increasingly key component of online attacks, attackers are investing more energy in obfuscation and other techniques to make defenders’ attempts at reverse engineering more difficult, a security researcher told attendees at the annual CanSecWest conference on Wednesday.

PRIAMOS – SQL Injection and Vulnerability Scanner

PRIAMOS is a powerful SQL Injector & Scanner, it allows you to search for SQL Injection vulnerabilities and execute the code injection using vulnerable strings to get all possible Databases, Table and Column data with the PRIAMOS SQL Injection Module.

War in the Third Domain

Recently I wrote Taking the Fight to the Enemy Revisited that mentioned air power concepts as they relate to information warfare. The Air Force Association just published a story by Hampton Stephens titled War in the Third Domain. I found several points quoteworthy.

Anonymous Posting on the Internet: Privacy vs. Defamation vs. Information Security

Over the past few months I’ve discussed with several different organizations the issue of their personnel posting on Internet sites, to blogs, within Internet communities, and various other locations. The issues are many, but few organizations have really thought about them all; the implications of employees posting from the corporate network, using their corporate email address within online postings, the time used while at work to post, the possibility of libelous statements being made that the corporation may have to ultimately end up paying for, and many assorted other issues.

Analogies Keep Failing

One of the most often used, and later debated, analogies used for actions in the security/hacker industry is that of comparing port scanning to walking down a road checking doors and windows to see which are unlocked. This is fundamentally flawed because port scanning looks for open services that your computer is offering other people on the network. There is no expectation of ’services’ offered when walking down a neighborhood street, regardless of checking doors and windows. A slightly better analogy would be walking down a street full of shops that have no power (no lights, no neon open signs) checking doors to see which are open.

Why UTM Will Win

We know how many words a picture is worth. The figure above, from Boxed In by Information Security magazine, shows why Unified Threat Management appliances are going to replace all the middleboxes in the modern enterprise. At some point the UTM will be the firewall, so the gold UTM box above will also disappear. In some places even the firewall will disappear and all network security functions will collapse into switches and/or routers.

Hackers get free reign to develop techniques says Microsoft security chief

“Part of the picture is bleak. In the online world, cyber criminals can do their research for as long as they want in absolute security and secrecy then when they’re done they can take their exploit, find a way to automate it and post it on a Web site where thousands or millions of other criminals can download it,” said Scott Charney, vice president of Trustworthy Computing at Microsoft, in Redmond, Wash. “That doesn’t happen in the real world. One burglar, no matter how good he is, can’t breed hundreds or thousands of others just like him. The laws of physics kick in.”

Finally, Common Event Expression (CEE) is Out!!!

CEE standardizes the way computer events are described, logged, and exchanged. By utilizing a common language and syntax, CEE takes the guesswork out of even the most menial of event- or log-related tasks. Tasks including log correlation and aggregation, enterprise-wide log management, auditing, and incident handling which once required expensive, specialized analysts or equipment can now be performed more efficiently and produce better results.

On Value and Loss

Andy Jaquith’s new excellent book, Security Metrics is a must-read for any anyone even slightly interested in getting more scientific about the Art of Security or perhaps even looking to rise up in unison against subjective, biased, sometimes excellent, oft-times not, auditors and other security reviewers that second guess everything you do (no offense to you good auditors out there ;-)).

Lying with statistics

This release from EMC/RSA makes compelling reading, but needs some careful analysis. (Please bear in mind I am not knocking RSA here, some of my best friends are algorithms. I think that Messrs Rivest, Shamir and Adleman would want this to be analysed in a logical way however.)

Pitfalls of a Home Based Ethical Hacking Business

Self-employed security professionals, or those who are involved with small businesses, will invariably find themselves conducting security assessments and penetration tests of Internet facing systems and services. These activities will happen through resources that are generally not as robust as those supplied to security professionals in medium and large organizations. The following is a list of a few items that a security team should take into consideration before performing security related activities under these conditions.

Top 10 Internet Crimes of 2006

The Internet Crime Complaint Center filed its annual report last month, but didn’t get the attention it deserved. A look inside offers some revealing statistics on the darker side of the Web.

Windows Event Logging

The decision on what method to use, depends on a few factors, namely whether to install an agent on the host, the desired load on the MARS appliance, and how near real-time we want the event data that MARS will process.


In an interesting email that was sent to me I was asked to take a peek at a new software tool, not yet released to the public called Vidoop (there is an interesting article on it here). While I was unable to actually take a look at the software, I’ve got a pretty good idea of how it works from the Wired article. After downloading a software certificate that allows you to use their software basically you say, “I like animals” and it shows you pictures of horses and cats and dogs all mixed in with a bunch of non-animal photos. You choose the the correct photos (a la kittenauth CAPTCHA) and you are granted access.

Generating Sguil Reports

To be honest, many Sguil analysts feel the need for more sophisticated reporting. Paul Halliday’s excellent Squert package fills part of this void, providing a nice LAMP platform for interactive reports based on Sguil alert information. I use it, and it’s great for providing some on-the-fly exploration of my recent alerts.

A simple defense against Google hacking techniques

“If you have company secrets, you have to take steps to make sure it doesn’t get into the public domain,” said Daniel Pinto, a Stewartsville, N.J.-based security consultant whose company is called RAC Partners LLC. “Google isn’t reaching into your company, it’s just making available what’s already out there. Sensitive information gets out if someone inside a company or one of its partners makes it available.”

Is it a bot or a worm? Neither, its a BOTWORM!

This is the first I’ve heard someone mash bot and worm together and dub it ‘botworm.’ dubbed the latest variant of Rinbot a botworm because a worm propagates a bot payload. Nothing new here except (I think) the term botworm.

Scroll to top