Thursday, August 31, 2006
Ouch!
Wednesday, August 30, 2006
I will not
Tuesday, August 29, 2006
An old, old joke
I'm also surprised that a fight didn't ensue...
"He's running Ubuntu!"
"No he's not! He's got Windows XP!"
"You're both idiots! He's got a Mac!"
It's funny, even if it turns out to be fake, though I like this version better.
Monday, August 28, 2006
wget
Cox
First Cox blocks my e-mail forwarding from the 757 account because someone complained that joat@757.org was in the "From" address. It tooks weeks of arguing with the helpdesk and the abuse desk to get it unblocked.
Then they reblock it by turning on their spam filters, which I had expressly asked that they not do. This caused me to have to set up encrypted mail on two sites and I have no option on a third.
This on top of the near-constant ARP storms and the period loss of carrier on the cable modem. How much do I pay for this?
Sunday, August 27, 2006
WORM
- Instant Messaging Worms, Analysis and Countermeasures (slides)
- Self-Stopping Worms (slides)
- Scalable Internet Threat Monitoring
- A Self-Learning Worm Using Importance Scanning (slides)
- On the Effectiveness of Automatic Patching (slides)
- An Analysis of the Witty Outbreak: Exploiting Underlying Structure for Detailed Reconstructions of an Internet-scale Event
- Worm Evolution Tracking via Timing Analysis (slides)
- The Limits of Global Scanning Worm Detectors in the Presence of Background Noise (slides)
- Defending Against Hitlist Worms Using Network Address Space Randomization (slides)
- Host-Based Detection of Worms Through Peer-to-Peer Cooperation (slides)
- The Detection of RCS Worm Epidemics (slides)
Enjoy!
Saturday, August 26, 2006
Friday, August 25, 2006
Thursday, August 24, 2006
PenTest Checklist
Wednesday, August 23, 2006
Tony Ruscoe
Tuesday, August 22, 2006
Logbook
It's that simple in that, for any business network, you need to do just that: keep a record. It's not that simple in that, for most business networks, it's not mandatory to keep a record. Personally, I don't recommend using a log book as it doesn't allow for the inclusion of external documents.
If your company lives by paper record, you should be keeping a set of folders, one for each system. Entries should be made via a set of forms (incident, maintenance, configuration change, etc.) that can be dated and signed by personnel concerned with the specific evolution. For some of the entries, management should sign.
If you take the electronic path, I recommend a Wiki or even just a set of folders in a directory on a stand-alone system (not networked!). The same idea for blank form follows: keep a set of templates handy that you can cut-and-paste from.
In either case, you want to limit the access to the logs. If they're paper-based, keep them in under lock and key. If they're electronic, restrict access and don't network the system. File or file system encryption might be useful (if not time consuming). Side note: backups are your friend.
The entire point of the exercise is to produce a legally useable record. It's a benefit for the company in that it can be used to display due care (compliance). It's a benefit for you in that it becomes a reference for keeping track of who did what to when and when. It is valuable to anyone that follows you after you've moved on, so that they don't have to repeat your mistakes (yes, you should include them too) and it'll minimize having to figure out if you did or didn't perform a specific action on a machine.
I used the phrases "mandatory" and "due care" above to denote that there are now a number of laws (GLB, SarBox, FISMA, HIPAA, etc.) in existance that require due diligence (having policy/practices/protections in place) and due care (recording the exercise of due diligence). Most of those laws (if not all) don't care how you perform these functions, just that you have them. If you (as an organization) use a well-recognized set of practices (e.g., ISO 17799), so much the better. You'll use less time having to defend them, should you end up in court.
Monday, August 21, 2006
p0f - IronGeek
More security blogs
I'm also experimenting with the Bloglines Blogroll for those same feeds. I've tacked it up over on the left and have re-enabled the Blogrolling.com blogroll for comparison.
Update: Wow, for the half-hour or so, that was horrible. Adding 348 lines to an already crowded panel caused the new blogroll to stick off of the bottom of the page for a long distance. For now, I'll leave the Blogrolling.com list on the left and the Bloglines list on the right, though it still sticks off the bottom of the page.
I promise that it'll get better as I resort the Bloglines subscriptions into folders and limit what folders can be seen.
Update: in taking a look at the Bloglines JavaScript, it should be very easy to run the external call through some PHP, strip the JavaScript, format the data and come up with a nicer menuing system. Something for the to do list, I guess.
Then again, maybe I'll just move the thing to its own page. That is a lot of links messing up the page. What do you think?
Sunday, August 20, 2006
Saturday, August 19, 2006
Unofficial
IAM what I am,
IEM what I am,
and that's both what I am.
Official confirmation in a few weeks. List me as "on pins and needles" until then.
Home
One thing that I've discovered: the DC area has a serious lack of book stores. I've got to drive into Alexandria from Herndon to find one? Geesh!
Thursday, August 17, 2006
Details, Details...
(heh)
BTW, What is the record for shortest thread preceeding Godwin's Law? This one is going to be close.
Wednesday, August 16, 2006
Perfection
Quote:
"It's not a 'right' to fly and carry whatever you like," notes David Gregory, a Dallas-based travel coordinator and former airline employee, in one of nearly 200 posts in response to a recent item on USA Today.com's Today in the Sky blog about the threat to the carry-on culture.
"Just think how wonderfully blissful it would be not to have a single carry-on aboard a plane," Gregory adds.
"I say ban all carry-on luggage. It's about time! And if you are so important that you cannot be away from your computer for a day, do us a favor and stay at your office."
Figure it out yet? How about the system admin who states that he wished there were no users on the network?
I bet Mr. Gregory runs a very successful travel business. (heh)
Tuesday, August 15, 2006
Lack of EOP by extension?
If you read the fine print in just about any TOS or contract, the account is property of the system owner and the user is allowed access to the system at the discretion of the system owner. Account termination usually can occur without warning, justification or appeal. The account (and often any data within) remains the property of the system owner. In this case, eBay.
If I were eBay, I'd be investigating the application of "accessing a system without permission" as it relates to the private investigation company.
Off site
Monday, August 14, 2006
Sunday, August 13, 2006
Saturday, August 12, 2006
Asterisk book
Friday, August 11, 2006
BlackHat presentations
Oh, and the DefCon presentations are here.
Thursday, August 10, 2006
tcpreplay
In any case, this is one of those tools that you need to know how to use if you're going to analyze traffic (though I seem to remember it not handling broken packets well).
Wednesday, August 9, 2006
Tuesday, August 8, 2006
WikiSTC
Monday, August 7, 2006
Investigating Sophisticated Security Breaches
Sunday, August 6, 2006
Bad RSS
As far as dangers go, this doesn't rate high on my list.