Wednesday, June 30, 2004
IPv6 Transition Cookbook
A joke gone awry
Spyware sites
Even more apologies
== I was troubleshooting a video distribution system (cables!!!) and was
faced with the choice of editing text or five hours sleep. Guess which
one I chose.
As for the cause of the text problems, blame Microsoft.
Seems that even when you tell Outlook to use straight text to compose
messages, it still encodes things like equal signs (=). One more
support for my rant against claiming compliance with industry standards.
Tuesday, June 29, 2004
D'oh!
mail-based delivery and it seems that Outlook is a horrible source for
it and OWA is even worse. I will delete/correct the mess this evening.
Location Aware WiFi
Do-Not-Call List Popular
Remember Nimda?
Scob stats
which discusses various statistics about the Scob Trojan which users
were recently contracting from compromised web sites via JavaScript.
The other thing that still needs to be determined was how the
JavaScript got onto the web sites in the first place.
Monday, June 28, 2004
Securing Your Windows Laptop
Sunday, June 27, 2004
No op
DNS Tunneling
The Induce Act
It should be noteworthy that while Mr. Hatch's 8-page argument for passing the bill talks about P2P and "protecting the children", the actual Bill does not. Various people have taken it upon themselves to rebut Mr. Hatch's arguments.
This one is going to be interesting to watch.
Interview With the Bloodsucker
Saturday, June 26, 2004
Referers credit
Skype VoIP
Stupid (WiFi) news
RSS Feeds
I still need to get the other feeds online, get them all validated and tweak out all of the other kruft from the old blog. Repairing the wiki is much further down the road. Wish me luck.
XSS hole in writeback patched
I'm still new to Blosxom so if anyone knows of any other problems I should fix, please let me know. I'm also considering switching over to static files also. Due to the number of entries already in the blog, it takes a bit to do all the background work to build a dynamic page.
Centralized logging
Welcome to the new blog!
Friday, June 25, 2004
ILookup Trojan Analysis
Thursday, June 24, 2004
Yet another form of blog spam
MS zombies to blame for most of spam
The Register has an articlein which Philippe Gerard, a senior EU official, berates the anti-spam industry for lack of co-operation. Basically, he states the legislation exists, it's now up to the industry to enforce them.
Err.. how? How do I, as a lowly SA or NSO, enforce those laws? Do I now have a federal charter to kick doors in and incarcerate miscreats? (I'm exaggerating but you get my point?) My response to Mr. Gerrard is: we need to go back to the drawing board on this one.
Network Troubleshooting
A new use for malicious code?
Malicious code?
Prevention tools include: content filtering for web and mail traffic, pop-up blockers, anti-virus software (those that include spyware scanning), and active systems adminstration and network monitoring. A good portion of the problem can be prevented by blocking specific sites. Unlike worms/viruses, the sources of spyware do not move around much.
Detection/clean-up tools include: spyware scanners or anti-virus scanners with spyware detection capabilities, active systems administration and network monitoring.
Spyware gets in (mostly) via user interaction. It also is included in legitimate software and can even be installed via RPC. People noticed the Blaster worm because it was noisy and infected other systems. How many people have noticed spyware that was quietly installed and only occasionally connects to a website?
Anyone want to convince me otherwise?
No op
802.11i about to be signed
CIRT functions
Tuesday, June 22, 2004
Moving
HIPAA's coming
Fill/clear forms
Sunday, June 20, 2004
No op.
InfoSec Mgmt Handbook
Scanrand
They've posted an analysis of one of my favorite port scanning tools: scanrand, part of the Paketto Kieretsu project.
Certification shakedown?
I only agree up to a point. They will lose their value as employers go through a period "realization", (that hiring Bob at the NOC really was a mistake). However, this will also be a shakedown period as the employers figure out what the truly valuable certifications are. (There's a reason why CCIE's get salaries which are in the 6-figure range.) In other words, the valuable security certifications are going to be the ones that are HARD to get.
Live system forensics
Shellcoding basics
Friday, June 18, 2004
Spammer tracking
The trailer park overtakes the town
What really ticks me off is that Comcast seems to think we watched out of hero worship: "Shane described the cancellation of Call for Help as "just a programming decision." He added that Laporte can be seen on segments of The Screen Savers... Err... yeah, that's it, right...
I wonder if James Burke would consider doing "Connections4"? (My wife calls that cocaine for history geeks.)
Bayesian PHP
Thursday, June 17, 2004
Security training reasons
Current user count
Linux Security
Wednesday, June 16, 2004
Kuang2 honeyd script
WInning friends and influencing people
Tuesday, June 15, 2004
The Rose Attack
Sunday, June 13, 2004
Mail bugs for sale
Tracking changes
SANS Papers
- Building a More Secure Network
- A Company in Chapter Eleven Doesn't Have to Eat Spam
- Algorithm-based Approaches to Intrusion Detection and Response
- Cyber Risk Insurance
- Worm Propogation and Countermeasures
- Psychology: A Precious Security Tool
- Security and Vulnerability Analysis of an Ethernet-based Attack on Cisco IOS
- An Ettercap Primer
- Securing Your Wireless Access Point: What Do All Those Settings Mean Anyways?
- CIRT, Through Conception Labor and Delivery
- Defeating Overflow Attacks
- Utilizing Open Source Software to Build a (Relatively) Secure, Spam- and Virus-free Mail Service
- Developing & Implementing an Information Secuirty Policy and Standard Framework
- Design and Devolopment of a Rapid Response Security Vulnerability Scanning Infrastructure
- Overview of Security Issues Facing Computer Users
- Designing and Implementing an Effective Information Security Program: Protecting The Data Assets of Individuals, Small and Large Businesses
- The Next Internet Privacy in Internet Protocol Version 6 (IPv6)
- Budget File and System Integrity Verification for Windows
- The Shift to Security Implementation in a Healthcare Facility
- Eradicating Spam Through a Hybrid Sender-Pays Model
- Printing the Paper and Sending the News After a Localized Disaster
Keep in mind that some are technical, others are highly opinionated. (I have issues with any anti-spam scheme that includes specialized technology or money.) If you're willing to argue an issue, I'm sure that many of the authors are willing to discuss points. Give 'em a few weeks or so though. Speaking from experience, their brains are probably feeling a bit bruised at the moment.
Saturday, June 12, 2004
SSH Keys
Wiping MS disks
Smaller wireless
Friday, June 11, 2004
MS DNS racing
Windows Forensics
Comparing corporate fraud to network security
A real-world example of this was the Blaster worm. Until that incident, the majority did not filter/block ports 135-139.
Stop using NTLM
The problem is if the database exists. We already knew that this would be a problem eventually.
Smart Cards
The DarkNet Project
More darknet
Pay me for your honey-do list
Thursday, June 10, 2004
MyDoom.A backdoor
Tuesday, June 8, 2004
Analysis of the Exploitation Process
Your cell phone attacked my mom
Sunday, June 6, 2004
Initial infections
To compound the headache
Hmm... based on that logic, I'll bet that I can patent the process of operating a car door to gain entry into motorized vehicles. Anyone want to help?
Keep saying it until you believe it!
The clue: it depends on the definition of "national security"?
To quote them, "If catastrophic failure of the network is the threshold by which national security threats are defined, Microsoft wouldn't qualify, simply because their monoculture is not at the core of the network," says the George Mason report. "No matter how many Windows operating sytems are infected or fail, the core of the network will still run, even if there is nobody left to send traffic."
Err... I have a headache now.
Complaints
Catch-up
I'll be leaning into it over the next few weeks.
Link Prefetching
Basic lockdown steps
Saturday, June 5, 2004
What do I need to do?
One of the common questions was about how to get into the field. Here's some of the answer(s) to that type of question (I try not to blather on in person about it but, here, it's a brain dump):
- Don't do it unless you're really interested in it. The money's good but unless you really like your job, it can be a real ball-buster (not in those words)
- When you're first starting out, don't try to specialize. Learn as much as you can about the underlying theory. Ex: you want to know as much as possible about TCP/IP before you work on Foundry or Cisco equipment. (Doctors learn general medicine before they specialize.) Learn as much as you can about DNS before you work with just *nix or MS implementations. (Don't be a point-and-click administrator.) Specialization comes naturally as you find favorite topics/areas to learn more about.
- Leave the "which OS is better/more secure" argument behind. It's a religious argument which will never be settled. Your job will be to protect the castle, not just the chapel in the north-east tower. The actual question isn't "which one is better". It's "which one is worse". The answer is "all of them". OS's are only as secure as the people managing them.
- Plan on spending a good portion of the rest of your life in school (something most teenagers find painful). It doesn't have to be formal though. The idea is to keep current in technology or to learn more of what you're interested in. If you're focused enough, this leads to a Masters or a PHD. If not, (like me) it, at least, adds up a lot of college credits in varied curriculums, a decent GPA, and working relationship with a LOT of the people you need to know in your local neighborhood. (Hint: the people "in power" are doing the same thing: continuing/broadening their education to keep ahead.) Or, at least, you make a lot of friends.
- To go along with that, read. The Internet makes it easy. Current developments with RSS make the process even easier. (Heck, borrow/steal from my blog feeds if you're that desparate.) Learn about the advanced features on your favorite search engines (an invaluable skill!!).
- To get ahead of the rest of the pack, keep yourself busy. During the week, find something you're interested in. Spend the weekend learning more about it. Set up a DNS/mail/web server. Learn about all of the switches in tcpdump (or whatever utility strikes your fancy). Barring any projects, read up on the bleeding-edge technologies.
- No matter how painful it is, be polite and honest. Your career in the technology field depends on three inter-related things: your knowledge/experience, your ability to interact, and the amount of trust your employer has in you. The first two may offset lack of the third to some degree but trust and integrity are large parts of the package that your employer is "buying".
- As part of that, "keep your nose clean". Contrary to popular myth, very few organizations hire hackers to to protect their systems. Nowadays, the big-money positions require a LOT of talent and a LOT of integrity (both of which you'll be selling to your employers).
- Pay attention in English Composition (at least). To be recognized "within the community", you're going to have to research and talk about new (or new twists to old) developments. This means "publishing", either in trade journals or magazines. (Or even blathering periodically in a blog.)
Not that I'm the fount of wisdom here, but the main points are: only "do it" if you really like it, plan on working to staying current, and remember the Boy Scout creed.
To be honest, we had aimed at a slightly different audience but, due to layers 8 and 9 of the OSI model, other groups were invited to "fill in" for the missing attendees.
TechTV Goes Ghetto
Thursday, June 3, 2004
E-mail disclaimers
- they ignore the fact that, if you futz up the recipient's address, one or more postmasters automatically receive a copy of your message and
- people are generally lazy. They are more likely to forward or copy the message (to someone else) without deleting anything, not even the obnoxious signature blocks or silly disclaimers.