Saturday, July 31, 2004
about MetaSploit and fuzzing first. Kinda like learning "duck and
cover" prior to the ICBM warning. In any case, if you take care of any
network server, this is good theory/experience to have in your head.
what you wish for! K-otic has
posted a "Universal" IE exploit that supposedly runs on Windows and Linux and gives you a reverse shell via IE.
Advice? Keep your patches up-to-date and configure your firewalls to only allow what you need to do on the Internet. In other words, limit browsing to high-port to port 80. It's not a perfect solution, but it will cut back on exploits like the above.
Friday, July 30, 2004
used by politicians and mainstream media. It wasn't that long ago that
we saw mainstream articles which described blogging as self-referential
rantings of socially misfit narcissists. I think/hope we may see a
similar "occurrence" with the Wikipedia.
Warning to The Register: what you're not seeing is: distributed collaboration on distributed servers. Given that "it" includes current events and internal commentary, this has the potential to sneak past mainstream notice and become the next "big it". Especially if someone can figure out a way to "specialize" and come up with something similar to topics (like blogging has "flavors").
Having contributed to the Hitchhiker's Guide (back in the Usenet News days), I like the idea of having the Wikipedia (although I haven't been involved much).
Thursday, July 29, 2004
Sorry for the use of /. links, it was the
quickest way to post this.
Wednesday, July 28, 2004
World Fusion's Security
Resource link page. It has many more links to valuable and/or
entertaining security-related sources/stories since I last visited (a
long time ago).
I'm not just recommending it because I'm listed there
Picked up feeds for ATAC and OhBrian this time.
Tuesday, July 27, 2004
article, especially "The Top 5 Company Executive Mistakes". It
nails the organization that replaced me at a previous job.
that know me personally, you know who I mean. The article is almost
uncanny while remaining generic, isn't it?
(Richard Bejtlich) has contributed to. Included in the list is his
The Tao of Network Security Monitoring: Beyond Intrusion
Detection which appears to be a worthwhile book to have (see his and
the publisher's sites for sample chapters).
Monday, July 26, 2004
Sunday, July 25, 2004
is so dumb, it's almost funny. (Slashdot also posted about it.) Seems
that "security people all over the country" think it looks like a bomb.
I've got news for you, small transistor devices like PDA's and iPod's
look a bit like that too. Makes me wonder who those "security people"
are. It's probably that security "concern" is interpreted by the media
as "security panic", instead of equating to "need to inform/be
I'm not saying that there shouldn't be "concern" if someone
travels commercially with one of the cans in their luggage. It's just
that they should "declare" it as part of the check-in process. There's
a reason why the TSA people require you to remove your laptops from
luggage. I've gotten into the practice of also pulling out any other
"dense" electronics. It saves time. (via
Saturday, July 24, 2004
house at a freezing (to them) 70 degrees. (My wife understands though.
She's from Buffalo.) I'll admit that, for southeast Virginia, that's
colder than most people's houses.
What brought this on? I stumbled
across the weather forecast for where my parents live: Today - Hi: 73, Lo: 49. (Hint: the hi there for today is the lo here for the week.)
In other words, I grew up where you wear shorts in the low 60's and sweat heavily in the low 70's. If it wasn't for air conditioning, I probably wouldn't live below 1,000 feet above sea level or south of Pennsylvania.
entitled "Distributed Metastatis: Network Attack Methodology. I disagree that it's a new method of network attack as the methods it uses have already been seen in some form or other. However, it is an interesting read and even hints at the dangers of monoculture.
Friday, July 23, 2004
Thursday, July 22, 2004
I really like the idea of the service as I've used various addresses in a domain to test if my data was actually protected by those that claimed that they wouldn't sell it or release it without my permission. For the majority of those sites, the addresses I used quickly made it into spammers address books.
But back to the question... Call it a prediction if you want, but I can forsee at least a token effort to get a law passed to make this sort of thing illegal. Or you can just call me skeptical.
changed some of the URL's to site names and have added the various
search engines to the "skip" list.
So as to not anger Hormel, I
won't refer to two sites as "spammers". Instead, just feel free to not
click on "ADV" in the referrers list.
The ADV's and the search engines
should disappear from the list shortly as the database updates.
Wednesday, July 21, 2004
Dana's posted a pointer to the BleepingComputer.com
tutorial for a basic (but effective) forensics methodology for determining if you've been hacked and how to clean it up. The assumption is that this process will detect the majority of the compromises due to most of them being "done" in bulk and not in a "clean" manner.
Tuesday, July 20, 2004
Monday, July 19, 2004
Sunday, July 18, 2004
Saturday, July 17, 2004
which my house sits in the middle of. It stayed there and dumped just
under a foot of rain in a two hour period.
The following pictures were
taken hours later. I missed the storm as I was at work and my wife says
the water level was much higher. Keep in mind that the street drains
were operating normally. The police report that 3 blocks over, the
water was 3 feet deep.
Oh and no, I don't live near any bodies of
water that would overflow like this. This all came from the sky at 2
p.m. and it was all gone by 7 p.m.
Neighbor's bush, mailbox, and car
Further down the street, apologies for the fuzziness
The two kids on the left are on the sidewalk.
Friday, July 16, 2004
Don't know how useful it'll be. The intended audience is those who use some form of procmail recipe to reroute e-mail messages into their blogs. The plugin populates $future::count with the count of messages waiting with timestamps set in the future. (See the bottom of the right-hand column here.)
Grab the plugin here.
It's about time. My spam intake is starting to include a lot of messages from previously unknown banks requiring me to update my accounts.
Anyone else find it interesting that the Senator has used a "technical" term (phishing) in his legislation?
Thursday, July 15, 2004
last minute Snort signatures. Most of them have small use or are
development only. In the site's words, they "are prone to false
positives and sometimes not work as expected". However, it is a good
site to keep up with the latest sigs (and problems) and can give you a
few good ideas of your own.
issue. Yes, both IE and Mozilla (on Windows) have "shell"
problems. What makes the IE issue worse is that IE is tied into the
desktop and the operating system. In other words, Mozilla rides on top
of the OS, IE is in the OS.
Wednesday, July 14, 2004
that the FCC is handling. Unfortunately, everyone with an agenda has
responded to his first post.
How long will Mr. Powell be able to stand the usually-off-topic nattering before he closes commenting? From the looks of the replies, not long. There's a little bit of just about every movement and cause in there and a couple nut cases, too. Some of it's even FCC-related!
Policy controls and monitoring are good for security, up to a point. If the controls and monitoring are so overbearing it can have a degrading effect on corporate productivity and security as, past a certain point, it will be held in general contempt by all, including management.
Your security policies have to be enforceable and, above all, realistic. Allowing some personal use of e-mail and some surfing during break or lunch time improves the situation a great deal.
Tuesday, July 13, 2004
Bill also hinted that not using MS products reduces tax income for governments. Which do you think brings in more taxes: a one time sales tax or ongoing income tax? Better to spend that money on SA training (no matter what OS you use) or assistant SA's.
And before we have another Blue Monday incident, I'm not griping about the OS. I'm griping about the marketing practice!
Monday, July 12, 2004
It's amazing the amount of stuff that gets indexed by various search engines. Following is a list of non-standard search engines (IRC users, IRC channels, BT files, etc.) that security types might be interested in:
Warning: Some sites listed cause browser crashes.
Sunday, July 11, 2004
the blog is running without a web input, I wrote a bit of code to count
the messages pending in the near future and stuck it in an i-frame.
Let me know if anyone has problems with it or wants the code. It's a
hack, not an acutal plug-in, though I probably should rewrite it into
using a time-memory tradeoff. Basically, for certain types of
algorithms, results of hashes can be pre-calculated and stored.
Unhashing a hash becomes the result of performing a lookup in a giant
Saturday, July 10, 2004
LAYER 3 VPN'S ARE NOT SAFE TO USE IN WIRELESS ENVIRONMENTS!!!
Don't forget your wireless IDS's either.
It's scary to see that "experts" in the business world are still recommending WEP.
Friday, July 9, 2004
Professional Technical Reference has an article which discusses the author's point of view where each and every user on the Internet should be held legally responsible for their hacked systems flooding the planet with spam.
Again, I don't believe you can hold my grandmother responsible for someone hacking her Tivo.
A. Lizard likes to say things like "due diligence" but ignores the fact he may only be able to sue for those instructions in the booklet that came with the device. After he can prove that everyone consistently reads all of the directions in those multi-language documents.
Thursday, July 8, 2004
Wednesday, July 7, 2004
Tuesday, July 6, 2004
Monday, July 5, 2004
new code in the last two days.
What have I learned? Three things: 1)
a lot more people visit here than make comments, 2) someone in Japan
blogged something about my site (I cannot read/speak Japanese all that
well), and 3) I should consider switching the "make a comment" HTML link
spiders follow the "make a comment" link, even if there's no comments on
the far end. Using the alternate code might avoid the extra network
bits and might cause a few less useless pages to be stored in search
it". It's not which OS is better, it's which one is used and
Considering some of the recent news articles about
both sites, in this case it's neither. And it'll only get nasty. If
the IIS box gets hacked, the OSS purists get on the news with a "told
you so". If it's the Apache box, the MS purists start ranting about
"lack of support".
Neither group is correct. Both groups are
correct. Mostly it's the people hired to run the servers. And given
the reason for the servers existances, it's not a question of "if" but
but, in the long run, it damages Google. Basically, it's a contest to
see who can get a page up to #1 and keep it there. Some consider "by
any means possible" as justifiable.
good guideline for security: "Trust not
your users, for they will lead you into darkness.".
MS had 46, Suse had 48, Sun had 60, etc.
You should notice that they gave you numbers but didn't enumerate the vulnerabilities. What's normally done is limit MS products to just those in the default install (usually just those that MS wrote). However, Linux and Sun includes other peoples programs on their disks. See the problem?
(Chorus)It's not which one is better, it's which one is managed worse!
If you're going to compare products, do it on a case-by-case basis. Mail client vs mail client. Browser vs. browser. Core OS vs. core OS. Exploit which takes the Internet down vs. Exploit which takes the Internet down. Ad nausium.
Any report which just spouts numbers makes me think that the source of the report suddenly has additional funding from somewhere, as we've seen this before.
Sunday, July 4, 2004
Saturday, July 3, 2004
sub-blog and from there, his Security Planet, a
good pseudo-aggregator. (I use "pseudo" only because it's not the
reader that adds/deletes feeds. Barry does that.) Good site though.
is that the comment spammers are still adding junk to the old blog. The
traffic level seems to have dropped off a bit though. Could it be
related to the fact that I no longer post via MT and therefore no longer
"ping" the usual sites to indicate that the MT blog has been
Hmm... Wonder if it would be worth leaving MT running and
doing an analysis of the traffic after a month or so?
law on the books that prohibits you from holding a cell phone up to your head while driving. While it's intended to regulate those distracted idiots doing 40 in a 55 while talking long distance with their mom, I have "issues" with the law:
- cell phone use is sixth,
or first depending on who you ask. "First" is usually based on surveys
of common opinion rather than actual studies. The government studies
usually indicate cell phones having less cause than adjusting the
radio/internal temperature, eating, and yelling at the kids.
- the law is too broad as it allows for fines for ANY distraction
- the law is vaguely worded (can apply to any driver with a two-way
radio with a button-operated microphone, GPS, or radar device)(i.e., law
enforcement, cab drivers, delivery personnel, firemen, utility workers,
etc.) ("electronic device" is generic and, by definition, means just
about anything in the car)
- the law adds yet another requirement on law enforcement (must search
for the presence of cell phones at each accident) and government
(database tracking, reporting, and training). Unless the legistlators
intend on providing additional funding for yet another requirement on
law enforcement and lower government, this just adds another stress on
an already limited budget.
Unfortunately, it's one more low level law that is too expensive to
fight and will probably be ignored in the long run. In the security
world, your policies have to be realistic and enforceable for them to be
effective. Too many "silly rules" and the entire system is held in
contempt by the average user.
I've been rear ended seven times. Four of them while stopped at a
light, two while slowing for a light, and one in a parking lot. Each
and every time the driver was distracted (by sunlight, a road sign,
another person, etc.). That is, unless one or more of them did it
intentionally (road rage?).
Accidents will continue to happen, regardless of what drivers are
doing, especially inside of, or on, 495 after 3 p.m. on a workday. (too
damned many cars in narrow lanes on not enough pavement)(ignoring the
amount road construction that occurs during rush hour in DC).
We'd save more lives by making cars single person vehicles, with a
top speed of 35 mph, without radios or temperature controls and tearing
down every sign along the highway.
Friday, July 2, 2004
One, you need support from management to do ANYTHING security-related.
Two, it's next to impossible to get a gov't worker fired for waste and abuse. (Hey, the guy that did get fired probably violated a security policy about installing unauthorized software. The boss was only wasting time.)
Thursday, July 1, 2004
Hmmm.. Be the first on your block to have your toilet paper dispenser on the Internet! Seriously, if this becomes available to the garage hardware hacker, we'll probably see some interesting projects. More here.