Busy

Too busy to update...
I will be back in January 1st.

Kevin Mitnick's Security Advice

Here's my Top 10 list of steps you should take to protect your information and your computing resources from the bad boys and girls of cyberspace:
- Back up everything
- Choose passwords that are reasonably hard to guess
- Use an antivirus product
- Update your OS religiously
- Avoid hacker-bait apps
- Use encryption software
- Install a spyware detection app
- Use a personal firewall
- Disable any system services you're not using
- Secure your wireless networks

Read this in wired.com.

Miniature Computers That Can Break Your Network Wide Open

One aspect of information security that is often under looked is physical security... Assuming a network has implemented end to end security in the form of 802.1x or a network access control (NAC) solution they all make one major assumption: that a man in the middle attack can’t be executed once the end point has authenticated. For example 802.1x addresses this directly, if the network port detects that the connection is dropped it requires the end point to re-authenticate before it’s allowed to have network access again. If the network hasn’t implemented such a scheme then it becomes trivial to execute a man in the middle attack by physically inserting another computer in between the network equipment and the end machine...

Read this post in riskbloggers by Kurt Seifried.

The A to Z of security - 27 pages

Antivirus, Botnets, CMA, DDoS, Extradition, Federated identity, Google, Hackers, IM, Jaschan (Sven), Kids, Love Bug, Microsoft, Neologisms, Orange, Passwords, Questions, Rootkits, Spyware, Two-factor authentication, USB sticks/devices, Virus variants, Wi-fi, OS X, You and Zero-day!

Read this article by Natasha Lomas.

Computerworld's Smart Salary Tool 2006 (Online)

Is your salary on par with what your peers are making? Use our Smart Salary Tool to compare your pay with IT workers in similar jobs, from around the country. Our 2006 survey reports on salaries from nearly 15,000 IT professionals...

See the page.

New Web Application Security Survey

- Do you use commercial vulnerability scanner products during your assessments?
(Acunetix, Cenzic, Fortify, NTOBJECTives, Ounce Labs, Secure Software, SPI Dynamic, Watchfire, etc.)...
- Do you use open source tools during your assessments?
(Paros, Burp, Live HTTP headers, Web Scarab, CAL9000, Nikto, Wikto, etc.)

Read the original post by Jeremiah Grossman and an answer in ha.ckers.org blog.

Using Perl/Net::SinFP (sinfp.pl) for OS fingerprinting

SinFP is a new approach to OS fingerprinting, which bypasses limitations that nmap has... Nowadays, with the omni-presence of stateful filtering devices, PAT/NAT configurations and emerging packet normalization technologies, Nmap's approach to OS fingerprinting is becoming to be obsolete...
SinFP uses the aforementioned limitations as a basis for tests to be obsolutely avoided in used frames to identify accurately the remote operating system...

See this security tools' webpage.

MS TechNet: Windows Vista Security Guide Overview

The Windows Vista Security Guide consists of five chapters, and an appendix that you can use to reference setting descriptions, considerations, and values. The Windows Vista Security Guide Settings.xls file that accompanies this guide provides another resource that you can use to compare the setting values. The following figure shows the guide structure to help inform you how to optimally implement and deploy the prescriptive guidance.

Chapter 1: Implementing the Security Baseline
Chapter 2: Defend Against Malware
Chapter 3: Protect Sensitive Data
Chapter 4: Application Compatibility
Chapter 5: Specialized Security – Limited Functionality
Appendix A: Security Group Policy Settings

Read this useful guide in 7 pages (and the older version for WinXP).

Security threat changing, says Symantec CEO

"The attacks that we see today are more targeted and more silent and their objective is to create true financial harm as opposed to visibility for the attackers." John Thompson, chairman and CEO of Symantec said.

Read this in infoworld.com.

Hot Skills: BS 7799 opens door to security work

ISO 27001 is increasing rapidly, and employers are seeking qualified staff, or paying for their own to be trained. There is also a demand for qualified people from security companies, and the organisations that audit and certify ISO 27001 compliance... But working with these standards involves a management, rather than hands-on technical approach, and lacks the glamour of penetration testing. Much of the work consists of ticking boxes and making sure documents have been completed and filed correctly.

Read this article by Nick Langley.

Fuzzers - The ultimate list

Fuzzer: A fuzzer is a program that attempts to discover security vulnerabilities by sending random input to an application. If the program contains a vulnerability that can leads to an exception, crash or server error (in the case of web apps), it can be determined that a vulnerability has been discovered. Fuzzers are often termed Fault Injectors for this reason, they generate faults and send them to an application. Generally fuzzers are good at finding buffer overflow, DoS, SQL Injection, XSS, and Format String bugs. They do a poor job at finding vulnerabilites related to information disclosure, encryption flaws and any other vulnerability that does not cause the program to crash.

Read this post.

Google Security and Product Safety

If you are a Google user and have a security issue to report regarding your personal Google account, please visit our contact page. This includes password problems, login issues, spam reports, suspected fraud and account abuse issues... If you have discovered a vulnerability in a Google product or have a security incident to report, please email security@google.com. Please include a detailed summary of the issue including the name of the product (e.g., Gmail) and the nature of the issue you believe you've discovered... This process of notifying a vendor before publicly releasing information is an industry-standard best practice known as responsible disclosure... Working together helps make the online experience safer for everyone...

Read this in google web-site and a related article in techrepublic.

OS FingerPrinting Paper 1.0 and Satori tool

I know what you are probably thinking; this is yet another paper on Active and Passive network OS detection and Scanning Techniques OR this is a scare tactic to finally get management to listen. Well it is and it isn’t, on both cases. It started, primarily as a paper on passive fingerprinting, that dips a bit into this and that along the way trying to give you a broad enough understanding of everything that has come before so that the new stuff makes sense. Without understanding how they are doing it, or what has happened in the past, parts of the new ideas or techniques will mean little to you. Perhaps in the end they will mean little to you anyway. I won’t go into the specifics of all of the different types of active/passive OS detection techniques, but I will cover some of the major and unique ones...

Read the article (pdf) by Eric Kollmann.

Satori: Uses WinPCap 3.1 (not tested with 4 beta yet), listens on the wire for all traffic and does OS Identification based on what it sees. Main things it works to identify are: Windows Machines, HP devices (that use HP Switch Protocol), Cisco devices (that do CDP packets), IP Phones (that send out Skinny packets), plus some other things. Still early on, will make many changes and will add whatever features are requested, so just send them with packet captures if possible!

A software created by him.

'Less than zero-day' threats

The definition of zero-day exploits does not generally include unknown vulnerabilities that also exist and are already being quietly exploited. "Somewhere along the line, our definition of a zero-day attack got changed" to mean only those vulnerabilities that have been made public, Shimel said. "It's time to put the emphasis back on the unknown attacks out there."

Read the article.