• My Tweats

    • Flickr Photos

    Weekend Information Security Links, Part 1

    So many links, so little time.

    Botnet Directory http://www.botsvsbrowsers.com/

    Time Zone Changes: here and here

    TaoSecurity thinks the CISSP is good for its code of ethics (but perhaps not much else). I’ll try not to think of that at renewel time.

    Safe Cracking demo

    Cicleid asks: More than 99% of Email is Spam?

    GLBA Online

    SANS: Enhancing IDS using Tiny Honeypots

    IT Security incident at the DHS

    The details say nothing about the technical details of the computer systems, and only point to the incompetence of the DHS in handling the incident.

    PurpleSlog Porn Stories: Note: This is not Porn by or including PurpleSlog. Do not be afraid.

    ISC on Home AV Protection

    For home use, I like the free GriSoft AVG for home use with ZoneAlarm as the firewall.

    ISC on Comment Form Spam:

    Instead, one or more fake form fields are added to the form. But style sheets are used to make them “invisible”. To further confuse the attacker, the fake form fields are given names like “subject” and such suggesting to the bot that these are the form fields they are looking for. However, whenever a form is submitted with content in a “hidden” field, it is discarded.

    Physical security and the human psyche

    Dark Reading on Hacker Profiling:

    But some white-hat hackers don’t like the idea of hacker profiling. “I think it is a horribly flawed idea. It is going to paint the wrong picture and in no way will it be helpful in the tracking of attackers

    Many in the IT Security community have a left-libertarian PoV, so it is common to see them react this way when there techno-skills bump up against their left-libertarian mindset. Hence the the reaction against profiling, good ID cards, NSA anti-terrorist measures etc.

    The dirty secret of the security world, is that alot of security vendors have links to the bad guys. You here of this every once in awhile. Some of the anti-profile reaction is sourced by this.

    Profiling would be useful. It is called inetl or cultural intel. Know your enemy. Read Mindhunter on how the FBI built up a serial killer profile databases. It will be a long slog of grunt work, but it will be worth it.

    Unix Date Bug: here, here and here

    Jeff Hayes on Storage Firewalls:

    tried this product. I uninstalled it after trying it for 15 minutes. It was the pest of all pests. I like the concept but not the implementation.

    I have never worked with this class of application firewall, but I should look into it.

    Schneier on Covert Keyboard Channels

    USA Today via Shloky on Space Shuttle Computer Date Problem:

    The worry is that shuttle computers aren’t designed to make the change from the 365th day of the old year to the first day of the new year while in flight. NASA has never had a shuttle in space Dec. 31 or Jan. 1.

    SecuriTeam on Security Testing / Fuzzing:

    If someone discovers a new type of security flaw a-la format string – for example, that the character “^” leads to code execution – most fuzzers will totally miss out on that, since the recorded history (and common sense) does not have “^” as an attack vector. Does this make the testing approach better? It’s hard for me to say – I haven’t seen an actual tool or product that implements this theory. I haven’t even seen a product design or an explanation of a tool that can work that way. On the other hand, fuzzing tools can practically find vulnerabilities here and now, and nobody has discovered that slippery new attack vector that may theoretically make fuzzers obsolete.

    Schneier links to an article on Data minings

    ISC on Job-Seeker targeted phishing:

    The download software link pulls the download from monster-freesoftware.com. Of course, what is downloaded is not something monster.com would approve of.

    Ajax Malware Discussion

    ISC on Malware (now new and improved)

    The newly released SANS Top 20

    ISC on Bots using port 80 for C&C

    It was just a matter of time. Outbound application proxy servers for http and https traffic (that include a an anti-bot RBL) should mitigate this though.

    DataSecurity on Phishing

    Dark Reading on Email Survelliance:

    But Khalid Kark, senior analyst with Forrester Research, says email surveillance isn’t necessarily effective. There’s always a way around these filters and surveillance tools, Kark says, such as a bad guy or employee sending out social security numbers piecemeal in a message so it doesn’t get flagged. “It really doesn’t help in changing the behavior of the organization,” Kark says. “It gives you false sense that you are protecting and blocking [things] and that no one can circumvent it.”
    The key, he believes, is getting employees on board with email and communications policies rather than filtering and reading their messages. “Do a softer approach with education and training,” he says, adding that, if one does decide to conduct email surveillance, one still needs to create an awareness among employees about it.

    He admits email surveillance is costly, especially in the man-hours it takes to review the flagged messages. According to the survey, respondents are spending a median of 12 hours per week for every 100 employees to review 10 percent of their emails. “Even with the technology in place, that’s a substantial amount of time,” Plotkin says. So for those organizations not required by law to conduct email surveillance, it’s a matter of figuring out your risk versus reward, he says.

    Duh. use tools (content analysis and statistical analysis to flag problem and outliers.

    One Response

    1. Thanks for the link. I enjoyed reading the (lengthy) weekend roundup of infosec links.

    Leave a Reply

    Fill in your details below or click an icon to log in:

    WordPress.com Logo

    You are commenting using your WordPress.com account. Log Out /  Change )

    Google photo

    You are commenting using your Google account. Log Out /  Change )

    Twitter picture

    You are commenting using your Twitter account. Log Out /  Change )

    Facebook photo

    You are commenting using your Facebook account. Log Out /  Change )

    Connecting to %s

    %d bloggers like this: