Wednesday, March 31, 2004
Law Enforcement Conference Presentations
Tuesday, March 30, 2004
Sarbanes-Oxley
Monday, March 29, 2004
The next three months
The following has priority over blogging when it comes to my remaining waking hours: a day job, trying to get a business up and running, attending meetings of various professional orgs, and attending college. I'm not saying that I won't stop blogging, just that it may be short, sparse and/or sporadic.
CRN
Sunday, March 28, 2004
The HIPAA Security Rule
Protecting against 0-day's
The PIRATE Act
Bruce Sterling Online Works
Friday, March 26, 2004
NANOG presentations
USB security
Appliances are better?
In reading the article, it appears that the main argument is the usual standardization, one-size-fits-all approach to network security. Sorry, but I don't buy it. While using the best technologies is a good idea, you also have to take into account what you're protecting. Just like IDS's, anti-spam devices have to be "tuned" to work properly.
Guess that means that I agree with Ken Schneider.
Why they attack
Thursday, March 25, 2004
More point and click ranting
Steve Friedl has a post about exploiting the ability to quickly block new worms, in this case the NetSky worm. This is a support for my ongoing argument that, if you're running an Exchange server, you should have a Unix/Linux-based mail handler immediately upstream from it to filter viruses, score/filter spam, and gather various metrics. Why? If you know Perl (or some other just as capable scripting language), you can quickly adapt to an outbreak, in as little as fifteen minutes, without having to wait for the anti-virus vendors to issue a signature update (which can take up to two days).
For Steve's example, it would look something like:
if($source_domain eq $dest_domain) {
move_to_quarantine($msg_ID);
}
This design exploits the assumption that anything meant to remain within the domain would remain on the Exchange box. The mail handler would filter only traffic entering or leaving the network. The idea is to add an additional level of security, invisible to the users. For that matter, even MS can be used for this as long as it's not running the same MTA software as the main mail server.
Traffic Analysis
Overview of SSH
Wednesday, March 24, 2004
Spy ware tools
Monday, March 22, 2004
SCRE
Sunday, March 21, 2004
Wireless VoIP on a lanyard around your neck!
The only drawbacks that I could come up with is that this is not a phone. Other people in the room get to hear both sides of the conversation. Also, the size of the battery probably doesn't lend to extended conversations.
Obvious uses? Hospitals and warehouses where the user is normally mobile.
Stop using it! It's mine!
Note: this is one of the problems with ".NET". (Why should I pay a penny for a weather forecast when I can get it for free elsewhere?) Most .NET services are subscription based and are already available via SOAP, XMLRPC, or some other technology.
Phishing commentary
The Hitchhikers Guide to Security
Saturday, March 20, 2004
Friday, March 19, 2004
One of the problems with warning networks....
The problem with these networks is that they are somewhat elitist and/or restrictive (to the point that many that could benefit from participation in these networks are excluded). Justifications include signal-to-noise ratio, disclosure risks, and/or lack of peer recognition. I was a member of a well-used mailing list for network security types for almost two years until it was decided that I didn't pass the weeding out process (the two times I actually interacted with others from the list involved law enforcement and disclosure restrictions). Two attempts to rejoin the list (required peer "vouching") were only temporarily succussful.
I've since switched jobs but may be qualified to rejoin the list in the near future (Yeah, I'm frustrated by being excluded. I miss the "edge" on various inter-network problems.)
Another online security guide
Thursday, March 18, 2004
Wednesday, March 17, 2004
Tuesday, March 16, 2004
HIDS
Sunday, March 14, 2004
Working with TWiki
In other news, I've managed to wedge TWiki into MT (on another site), thanks to this link from DECAFBAD. It's something that I've been searching for over the last few weeks. It was a bit hard to find as some of DECAFBAD's wiki is broken. I'm hoping I can talk the powers-that-be here into adding a Perl module and an MT plugin to the site.
It's an awesome tool (better than the PHPWiki I'm using now).
Vi templates
Saturday, March 13, 2004
Another spam solution
Friday, March 12, 2004
Stupid security
Wednesday, March 10, 2004
Scary stuff
Update: /. has an additional article about Symbiot's product.
PBX Bridge Hijacking
Bluesnarfing
Clueless few?
Anyone want to explain to the reporters that being able to point-and-click does NOT amount to "clue". If it was actually just a few, we could go over to their house and either teach them or have their Internet disconnected.
Tuesday, March 9, 2004
Tracking a hijacker
Monday, March 8, 2004
PageRank
Sunday, March 7, 2004
The Network Administrator
US CyberCERT Alerts
Why split?
This is similar to the problems you risk if you allow wide-open ICMP through your firewalls.
Saturday, March 6, 2004
Wiki gone bad
Lessons Learned
Unfortunately, the protections described is nothing new. ISP ingress/egress filtering and changing IP's has been around for years. The filtering is considered a "best practice".
The article also describes adding server capacity, which is what Microsoft did to survive its own DDoS attack. They actually moved their website to Akamai.
Application Security List
NBTScan
This is one of those need-to-have tools if you have anything to do with network security. Not only can you view various NMB/SMB data for a remote machine, it's not that hard to tie it to MySQL via Perl and keep a database to find rogue systems on your network.
Friday, March 5, 2004
Telecommuting Security
404 Research
Thursday, March 4, 2004
The GhettoHackers
Wednesday, March 3, 2004
SSH Overview
Hackers are really idea theives?
Port Knocking
Tuesday, March 2, 2004
Nessus
Here's the articles:
Bootdisk.com
Monday, March 1, 2004
GoogleDorks??
Searching for this kind of thing is a weekly routine for me (I work for a very large organization and there's a need to keep various information "internal"). Understanding how to narrow searches is a must if you use a search engine on more than a passing basis. Learning how only involves a few minutes of reading (this too). Sorry, for those of you old enough to remember, I was the AV geek in middle school (yeah, I'm old enough to have operated a mimeograph too).
Yes, it can be used for evil but it's the responsibility of the data owner to secure their data. And before you say anything, that is NOT a justification for anyone to exploit exposed data. If you discover exposed data, the only thing you should do is report it to the owner. Using it for any other purpose is, at best, unethical unless that data endangers others or is illegal. In that case, there are other organizations to report to.
In any case, GoogleDorks is a Google listing of various sites that are interesting/educational to read, evil not withstanding.