I’m not sure how recent this is but Daniel Cid brought it to my attention.
Description: Microsoft Windows Vista (SP0) dumps interfaces when it receives this ARP packet. This DoS is useful for an internet cafe, wireless venue, or legitimate local attack. The victim will need to manually refresh their network interface. OK, sure it’s a dumb local attack, but why does Vista disable iface!?!??
The python code can be found here: http://www.milw0rm.com/exploits/3926
Try it out, it’s kind of…well…disturbing.
I’m quite happy that the golf courses are starting to open up. In fact I think I’ll go tonight for 9 holes 🙂
Here’s the list for today:
Social Engineering & the Need for Awareness & Training: Fraudsters Are Calling Businesses Pretending to Be SEC Staff Members – Good angle of attack.
On May 10th the U.S. Securities and Exchange Commission (SEC) issued a press release warning that imposters were calling companies, claiming to be SEC examiners, and demanding “immediate access to confidential records.”
New Release of Libewf – Will have to give it a whirl…
The program library libewf supports the SMART and EnCase data formats which are widely used in disk imaging. The library compiles under Linux, *BSD, OS-X and Microsoft Windows. The latest version was released on May 12, 2007 by its authors Robert-Jan Mora and Joachim Metz.
Filipino Cybersleuth Named World’s Best For 2007 – That’s quite the honor. I wonder if he’ll be talked into leaving for a position in North America?
A Filipino cybersleuth was awarded the world’s best computer investigator for 2007 by an international organization of computer forensics experts.
Alexander Ramos, a computer forensics analyst with the Philippine National Police, was awarded the 2007 Timothy Fidel Memorial Award by organizers of the Computer Enterprise Investigations Conference for his work in cracking down a hacking group that preyed on telecommunications networks worldwide.
VoIP Security Testing Tools List from VoIPSA – I find it funny how big VoIP testing is these days. I wonder if consultants are starting to see an influx of requests for VoIP related security engagements.
This list was developed to address the current void of VoIP security testing resources and sites, for vendors and VoIP users alike. It is separated into the following seven broad categories:
* VoIP Sniffing Tools
* VoIP Scanning and Enumeration Tools
* VoIP Packet Creation and Flooding Tools
* VoIP Fuzzing Tools
* VoIP Signaling Manipulation Tools
* VoIP Media Manipulation Tools
* Miscellaneous Tools
The key objectives of the list are as follows:
1. Provide links to tools that help test the efficacy of implemented best practices outlined by VOIPSA’s Best Practices Project.
2. Facilitate the open discussion of VoIP security tool information to help users better audit and defend their VoIP devices and deployments.
3. Provide vendors the information needed to proactively test their VoIP devices’ ability to function and withstand real-world attacks.
Forensic Laws – Quite a few comments materialized from this post.
I mentioned a concept or idea in my book, but I wanted to follow up on it a bit…I believe to be a theorem. Okay, maybe not a theorem (there’s no math involved), so how about a law. Let’s call it the First Law of Computer Forensics. Yeah, yeah…that’s the ticket! Kind of like “Murphy’s Law”.
Using Rootkits to Defeat Digital Rights Management – Well written article.
The Sony rootkit debacle highlighted the use of rootkits to prevent pirates and authors of CD burning, ripping, and emulation utilities from circumventing Digital Rights Management (DRM) restrictions on access to copyrighted content. It’s therefore ironic, though not surprising, that several CD burning and disc emulation utilities are also using rootkits, though the technology is being used in the opposite way: to prevent DRM software from enforcing copy restrictions.
Because PC game CDs and DVDs do not need to be compatible with set-top players software vendors can store data on media in unorthodox ways that require software support to read it. Attempts to make a copy of such media without the aid of the software results in a scrambled version and the software has DRM measures to detect and foil unauthorized copying.
Introduction to Identity Management – Part III – The third, and final part, in the Identity Management series.
Mergers and acquisitions tend to grow IT organizations horizontally. Companies such as Johnson and Johnson or Proctor and Gamble may have dozens of divisions that developed as the result of such activity. The challenge of integrating processes and personnel is big enough without trying to force a common directory environment. In these cases, the Meta Directory shines. As we mentioned early, today’s LDAP products are incredibly flexible in their ability to synchronize with AD, Novell, and other LDAP directories. By leveraging this capability, an organization can maintain a common Meta Directory that contains information from every business unit, without ever changing the way that business unit operates. Something as simple as a company Whitepages can scale very easily to include new divisions using this method.
F.R.I.D.A.Yay!!!!!
Here’s the list for today:
Do we need 100Gbps IPS? – I don’t see why we wouldn’t but it sounds like Alan’s main problem is the profitability of the company, not the product itself.
To me this is just a classic case of my marbles are bigger than your marbles. This boys and their toys mentality may be great for NASCAR racing, but this kind of folly will I think continue to drag down the bottom line over at 3Com. Who are they going to sell a 100Gbps IPS to and how many can they buy. I disagree with Masri that 100Gbps is at the core of enterprise networks. I can understand being out in front of a market, but when you haven’t been profitable for 6 years and as the article points out because of the financial structure involved in the H3C partnership buyout, allocations of expenses make it harder to show profitability, can you afford to chase white elephants.
PPT Metadata – Sounds like a good script. I haven’t quite made it to chapter 5 yet 🙂
I received an email recently asking if I had any tools to extract metadata from PowerPoint presentations. Chapter 5 of my book includes the oledmp.pl Perl script, which grabs OLE information from Office files; this includes Word documents, Excel spreadsheets, and PowerPoint presentations. I’ve run some tests using this script, and pulled out things like revision number, created and last saved dates, author name, etc.
Why Security Pros Use Macs – Interesting points. I purchased my MacBook so that I could have the power of Unix with the usability of Windows (without the frequent crashing).
Laptops are tools. You use them to provide a service to a vast array of clients. What tool is going to enable you to multi-task the best, save you time, and serve the broadest possible customer base?
Snort 3.0 licensing – Marty chimes in on the recent Snort 3.0 licensing.
If you want to know what Snort 3.0’s licensing language is going to be, try reading it. It’s available in the first Snort 3.0 pre-alpha release I did last month and we’re using the GPL. Apparently it was hard to locate because it was in a file called COPYING instead of one called LICENSE. The origin of naming the license file COPYING comes from the FSF as I recall and is typical of most GPL projects. Anyway, to avoid further confusion (and so I can tell people to look at my blog if it comes up!) I’ll post the preamble that we added to the COPYING file before the GPL license language in Snort 3.0 right here
Blogging on corporate laptops is risky business – …..as I blog this from my work laptop during my lunch break 🙂
When employees fire up their company-issued mobile devices at home or at the airport, they often use the technology for both business and personal pursuits like blogging. According to one industry expert, it’s a very dangerous trend.
Hardware Security Modules: part I – the basics – The quality of articles from these guys never cease to amaze me.
HSMs and PKI are pretty big subjects, and putting every piece of information about them into a blog post would make it fairly unreadable. What follows is therefore a basic primer of information you will need to understand before I go any further with the meat of the issue, which I hope will be expanded on arising from any questions that people may have. If you know this already, great stuff, we’ll pick up on the actual HSMs tomorrow.
Removal Instructions for Trojan.Kardphisher – Tuck this one away in case you get infected.
In the blog entry MS Needs Your Credit Card Details?, we detailed the behavior of the Kardphisher Trojan, which “attempts to steal credit card numbers by tricking the user into entering their credit card details to activate Windows.” This entry explains how to remove the Trojan.