Apparently I have my own “style”. Thanks for the mention Marcin 😉

Also, there looks to be a cage match in the works between Thomas “The Animal” Ptacek of Matasano Security and Joanna “The Lovely Lady of Security” Rutkowska over how hypervisor-based rootkits are not invisible and the detector always has the fundamental advantage. The problem is that Joanna claims that hypervisor rootkits are “100% undetectable”. I wish I could get ring side seats but I don’t have the funds for Blackhat this time around.

Here’s the list:

Schools Lack Cybersecurity Training As Students Grow Cybersavvy – I’m sure this comes as no surprise to anyone. The question is…how do we fix it and not look like a bunch of lame old folks trying to bestow wisdom?

The School Safety Index indicates that while 95% of districts surveyed are blocking Web sites, only 38% have a closed network that lets them control the content students can access.

HIPAA Growing Teeth? – This is good to see.

“An audit of Atlanta’s Piedmont Hospital that was initiated by the U.S. Department of Health and Human Services in March is raising concerns in the health care industry about the prospect of more enforcement actions related to the data security requirements of the federal HIPAA legislation.”

Microsoft Product Keys & XML Fun – Good check to see if any unauthorized Microsoft software was added to a system 🙂

It’s an XML file called Product_keys.XML, the root XML tag is
and it contains a list of Product Keys for
Microsoft products.

When you have an Microsoft MSDN subscription, you have access to a
website with product keys for your subscription. There is a button on
the site to export these keys as an XML file, and the file I
discovered has exeactly the same format.

Some questions to ask yourself when assessing reported security breaches in Windows Vista – Probably not all of the questions you need to be asking but definitely some good ones.

Most anyone who has been in the security industry for a while is familiar with the term ‘security theater’. It’s a term used for security that is about show, rather than substance.

Since I became the Product Manager for Windows Vista security I have noted that the same concept seems to increasingly apply to the world of vulnerability disclosure – let’s call this ‘vulnerability theater’.

Take5 (Episode #3) – Five Questions for Jeremiah Grossman, Founder/CTO of Whitehat Security – Good interview with Jeremiah Grossman.

Jeremiah Grossman is the founder and CTO of WhiteHat Security,
considered a world-renowned expert in Web security, co-founder of the
Web Application Security Consortium, and recently named to
InfoWorld’s Top 25 CTOs for 2007. Mr. Grossman is a frequent speaker
at industry events including the BlackHat Briefings, ISACA, CSI,
OWASP, Vanguard, ISSA, OWASP, Defcon, etc. He has authored of dozens
of articles and white papers, credited with the discovery of many
cutting-edge attack and defensive techniques, and co-author of XSS
Attacks. Mr. Grossman is frequently quoted in major media publications such as InfoWorld, USA Today, PCWorld, Dark Reading, SC Magazine, SecurityFocus, C-Net, SC Magazine, CSO, and InformationWeek. Prior to WhiteHat he was an information security officer at Yahoo!

If you tell a fact in forest and you haven’t written a security book, is your fact wrong? – Looks like Michael Farnum got slammed by an angry Computerworld blog follower. Good for you Michael for not backing down. You were right by the way 😉

OK, I was going to leave this one alone, but it is just bothering me so much. A couple of weeks back, I wrote a blog post about a comment I had left on a post by Douglas Schweitzer’s at his Computerworld blog. Douglas said in his post that a bot was “essentially just another term for an infected computer.” I took issue with this and wrote a comment as such, then I posted the comment on my blog. I also noted that I wasn’t slamming Douglas in any way. I just felt the error needed to be corrected. Douglas argued on his blog that it was semantics, and that is probably true to a degree, but oh well. I let that go (actually I tried to post another comment on Douglas’ blog, but I think I put too many links in to prove my point because it never popped up – probably looked like spam).

3Com will be 2 com’s – This just in from the “a blind man could have seen it coming” department…

I guess they finally had enough at 3Com. Enough of the dual, schizophrenic personality. Or maybe it’s better described as the petulant teenager who just wouldn’t stop railing against being a part of the family. Tipping Point will get it’s way and be spun out on an IPO by years end according to an announcement from Edgar Masri, 3Com’s president and CEO.

It never was a fit. TippingPoint always saw themselves as the real acquirer in the deal, or maybe as Ty Pennington leading the Extreme Makeover – Home Edition of 3Com. The next generation to take over the company. And lets face it, the integration of 3Com and TippingPoint never did happen, starting with TippingPoint being identified as a “3Com company”.

Not a very busy day out in the blogosphere today but there were some quality posts.

Here’s the list:

The Right Way to Establish a Culture of Security – Quite the interesting concept.

After reading this article, my hat is off to Yahoo’s Arturo Bejar. Not only does he have the worlds coolest job title (“Chief Paranoid Yahoo”), but he’s taken some extremely creative measures to help build a pervasive culture of security at the Internet behemoth. I especially like the part about the t-shirts, since it not only gives people a reward to strive for, but they are also free advertising for the program. And the multiple tiers sounds like it would really spur some competition to get those coveted red shirts.

Cisco MARS Exam 642-544 – Hmmm…I wonder if the other large SEIM vendors are going to follow suit by offering certifications in their products through places like VUE and Prometric?

Cisco Security Mitigation and Response System (CS MARS) is a family of high performance, scalable appliances for threat management, monitoring and mitigation, enabling customers to make more effective use of network and security devices by combining network intelligence, context correlation, vector analysis, anomaly detection, hotspot identification and automated mitigation capabilities. CS MARS solutions empower customers to readily and accurately identify, manage and eliminate network attacks and maintain network compliance.

Worms 2.0! – The Metasploit menace inside your firewall – Good interview with Wade Alcorn.

In his research he focused on using a web browser as a beachhead to launch Metasploit-style attacks. What this means is that any Javascript enabled web browser might be used to launch an attack against a service, for example a VoIP server, and gain complete control of the box.

Generally exploits are executed inside a development framework such as Metasploit, or run directly from the code. But this time, the code would run inside the browser, using Javascript. And all of this takes palce without exploiting any bugs in the browser itself.
Your browser is now an active menace against the security of your internal network. However, the problem can’t be easily fixed, because it is not based on a bug: it simply uses “Web 2.0” technologies against you.

NBA – Can it be the star of the show? – I agree with Alan. One of the best ways to detect zero-day type of attacks is to perform behavioral analysis on your network traffic.

No, I am not talking about Kobe, Shaq, Tim Duncan and the rest of the athletes over at the National Basketball Association. I refer of course to Network Behavior Analysis. The estimable Mr. Rothman in his daily rant laments the fact that 5 years later we are still trying to explain what it is and that is pretty sad. I don’t think it is sad at all, it is just the facts. In spite of this though, I think NBA has made terrific strides. Here is why:

Memory Analysis Cheat Sheet – Might want to print this off 🙂

I’ve created a cheat sheet in order to accompany the tutorial held at the FIRST Conference 2007. On four pages it lists the most frequently used commands of Microsoft’s Debugger and some other memory analysis tools along with some structures and kernel variables. Get the cheat sheet here.