never-ever-****-with-my.net

Processing Whois Output Automatically With Perl

2007-05-14T18:01:58Z

I found myself in the situation where I had to whois a large number of IP addresses and play with the output in Excel. Thanks to Ben Schmitz's Net::Whois::IP Perl extension for looking up the whois information for IP addresses and some Google searching to locate some decent usage example (found in the whois.snortalog file in Jérémy Chartier's SnortAlog), I could put together the following lame script:

#!/usr/bin/perl
require "whois.snortalog";
use Net::Whois::IP;
$k = $ARGV[0];
whois();
print $ARGV[0] . "\t" . $inetnum . "\t" . $netname . "\n";

It expects an IP address in argument and outputs it along with its NetRange and NetName separated by tabulations. Please post a comment if you improve it (e.g., adding error handling, etc.).

Windows Vista Security Guide

2006-11-11T11:29:31Z

Last Wednesday, Microsoft published Windows Vista Security Guide, which provides recommendations to harden computers that use specific security baselines for the following two environments:

Enterprise Client (EC)--client computers in this environment are located in a domain that uses Active Directory and only need to communicate with systems running Windows Server 2003--implementation of this security baseline is described in Chapter 1;
Specialized Security--Limited Functionality (SSLF)--concern for security in this environment is so great that a significant loss of functionality and manageability is acceptable--implementation of this security baseline is described in Chapter 5.

Also, three additional chapters provide recommendations to take advantage of new or enhanced security features:

Defend Against Malware--Chapter 2 includes information about how to most effectively use User Account Control (UAC), Windows Defender, Windows Firewall, Windows Security Center, Malicious Software Removal Tool, Software Restriction Policies, and Internet Explorer 7 security features (e.g., Protected Mode, ActiveX Opt-in, Cross-domain scripting attack protection, Security Status Bar, Phishing Filter, etc.);
Protect Sensitive Data--Chapter 3 focuses on encryption and access control technologies that help protect mobile computing environments from potential loss and theft: BitLocker Drive Encryption, Encrypting File System (EFS), Rights Management Services (RMS) and Device control;
Application Compatibility--Chapter 4 provides guidelines to preserve functionality of existing applications when using the new and enhanced security features of Windows Vista.

The complete guide can be downloaded along with the GPOAccelerator tool, which automatically creates all the Group Policy objects (GPOs) needed to apply this security guidance.

NIST on Several Things

2006-09-06T16:56:09Z

End of last week, NIST published four Draft Special Publications on e-mail security, intrusion detection and prevention, web services security, and cell phone forensics.]]> 800-45A Guidelines on Electronic Mail Security (Acrobat PDF)--these revised guidelines intend to aid organizations in the installation, configuration, and maintenance of secure mail servers and mail clients. 800-94 Guide to Intrusion Detection and Prevention (IDP) Systems (Acrobat PDF)--this new guide seeks to assist organizations in understanding Intrusion Detection System (IDS) and Intrusion Prevention System (IPS) technologies and in designing, implementing, configuring, securing, monitoring, and maintaining Intrusion Detection and Prevention (IDP) solutions. 800-95 Guide to Secure Web Services (Acrobat PDF)--this new guide provides detailed information on standards for web services security. This document explains the security features of XML, SOAP, UDDI, and related open standards in the area of Web services. It also provides specific recommendations to ensure the security of Web services-based applications. 800-101 Guidelines on Cell Phone Forensics (Acrobat PDF)--this new guide outlines general principles and provides technical information intended to aid organizations evolve appropriate policies and procedures for preserving, acquiring, and examining digital evidence found on cell phones.

Errors in spreadsheets are pandemic

2006-06-06T22:33:44Z

Just as Google releases Spreadsheets (a total non-event for serious Excel users), an interesting discussion surfaced on Slashdot. The article links to an interesting paper by Raymond R. Panko at University of Hawai'i about what is known about spreadsheet errors. The conclusion says:

"All in all, the research done to date in spreadsheet development presents a very disturbing picture. Every study that has attempted to measure errors, without exception, has found them at rates that would be unacceptable in any organization. These error rates, furthermore, are completely consistent with error rates found in other human activities. With such high cell error rates, most large spreadsheets will have multiple errors, and even relatively small "scratch pad" spreadsheets will have a significant probability of error."

Also, the article links to the European Spreadsheet Risks Interest Group (EuSpRIG) and its collection of public reports of spreadsheet errors.

Implementing least privilege in Windows applications

2006-05-26T22:47:25Z

As pointed out by the ISC's Handler's Diary, and further to the ZDNet article reporting that Microsoft considers taking admin rights from employees (link posted last Wednesday), Microsoft published Standard User Analyzer, a tool that "helps developers and IT professionals diagnose issues that would prevent a program from running properly without administrator privileges. On Windows Vista, even administrators run most programs with standard user privileges by default, so it is important to ensure that your application does not have administrator access as a dependency.

Using the Standard User Analyzer to test your application can identify the following administrator dependencies and return the results in a graphical interface:

File access
Registry access
INI files
Token issues
Security privileges
Name space issues
Other issues"

Standard User Analyzer runs on Windows XP, Windows Vista and Windows Server 2003, and requires
Microsoft Application Verifier, which "helps developers identify potential application compatibility, stability, and security issues."

Deep packet-inspection technology used by NSA

2006-05-17T18:41:03Z

Wired published an interesting article on Narus' deep packet-inspection technology said to be the basis of the NSA's internet surveillance:

"Narus' product, the Semantic Traffic Analyzer, is a software application that runs on standard IBM or Dell servers using the Linux operating system. It's renowned within certain circles for its ability to inspect traffic in real time on high-bandwidth pipes, identifying packets of interest as they race by at up to 10 gigabits per second.
Internet companies can install the analyzers at every entrance and exit point of their networks, at their "cores" or centers, or both. The analyzers communicate with centralized "logic servers" running specialized applications. The combination can keep track of, analyze and record nearly every form of internet communication, whether e-mail, instant message, video streams or VOIP phone calls that cross the network.
Brasil Telecom and several other Brazilian phone companies are using Narus products to charge each other for VOIP calls they send over one another's IP networks. Internet companies in China and the Middle East use them to block VOIP calls altogether."

Google releases AJAX framework

2006-05-17T15:18:12Z

Yesterday, Google released its Web Toolkit (GWT):

"(...) a Java software development framework that makes writing AJAX applications easy. With GWT, you can develop and debug AJAX applications in the Java language using the Java development tools of your choice. When you deploy your application to production, the GWT compiler translates your Java application to browser-compliant JavaScript and HTML. (...)
Google Web Toolkit ships with a Java-to-JavaScript compiler and a special web browser that helps you debug your GWT applications. For details on how they work, check out the GWT product overview."

Update: running examples are available here (with source code).

Update 2006/6/6: an assortment of interesting links is available on the GWT blog.

Multiboot DVD with security live CD's

2006-05-15T22:36:31Z

As outlined by Darknet, a multiboot DVD with security-related live CD's has been published. SecureDVD features 10 security distributions (e.g. for intrusion tests, forensics or recovery):

BackTrack
Operator
PHLAK
Auditor
L.A.S. Linux - Local Area Security
Knoppix-STD
Helix
F.I.R.E.
nUbuntu
INSERT Rescue Security Toolkit

It is available for download through BitTorrent.

Security Risks of Airline Passenger Data

2006-05-15T22:01:11Z

The Guardian published an interesting article where their reporter investigated how much information an identity fraudster could get about you from a simple airline stub, picked out of a bin near Heathrow:

"We logged on to the BA website, bought a ticket in Broer's name and then, using the frequent flyer number on his boarding pass stub, without typing in a password, were given full access to all his personal details - including his passport number, the date it expired, his nationality (he is Dutch, living in the UK) and his date of birth. The system even allowed us to change the information.
Using this information and surfing publicly available databases, we were able - within 15 minutes - to find out where Broer lived, who lived there with him, where he worked, which universities he had attended and even how much his house was worth when he bought it two years ago. (This was particularly easy given his unusual name, but it would have been possible even if his name had been John Smith. We now had his date of birth and passport number, so we would have known exactly which John Smith.)"

Actually, as outlined in comments on Bruce Schneier's posting about this article, you could practice using Google Images.

Bookmarklet to create Movable Type entries

2006-05-05T19:29:25Z

One thing I badly miss since my migration to Movable Type is the lack of compatibility with Google Toolbar's functionalities that facilitate the posting of an article in a single click (e.g. the Send To feature).

I searched the web for Google Toolbar Custom buttons, Firefox extensions, etc. but could not find anything. It looks like Google Toolbar's API is only intended to create custom searches, and a quick look to the documentation to craft Firefox extensions gave me a headache.

Hence, I quickly hacked a bookmarklet to emulate Google Toolbar's Send To feature (inspiration taken here). It works fine with Opera and Firefox, except that window focus does not work nicely in Firefox.

To work with your Movable Type blog, you will need to edit the path to mt.cgi and the number of your blog_id (see bold sections in the HTML code below).

Update 2006/5/7: I figured I could have used MT's built-in Quickpost bookmarklet, but it is not compatible with the EnhancedEntryEditing plugin I use to edit my posts.

]]> MT this!

The easiest is to drag this link: MT this! up to your Bookmarks Toolbar, and then right-click on it to edit its properties.

NIST on Security Log Management

2006-04-25T22:39:56Z

As noted in the loganalysis mailing list, NIST published Draft Special Publication 800-92 Guide to Computer Security Log Management (Acrobat PDF):

"This document provides detailed information on developing, implementing, and maintaining effective log management practices throughout an enterprise. It includes guidance on establishing a centralized log management infrastructure, which includes hardware, software, networks, and media. It also discusses the log management processes that should be put in place at an organization-wide level, including the definition of roles and responsibilities, the creation of feasible logging policies, and the division of responsibilities between system-level and organization-level administrators. Guidance is also provided on log management at the individual system level, such as configuring log generating sources, supporting logging operations, performing log data analysis, and managing long-term data storage."

Making search engines' life easier with Sitemaps

2006-04-23T15:32:20Z

Sitemaps allow you to inform search engines about your web site's URLs that are available for crawling. Google developed its own Sitemap Protocol, which can be very easily generated from Movable Type using Cameron Bulock's template. This template adds the main index page, all individual archives as well as monthly and category archive links to a sitemap. For other search engines, I found out a SEO firm developed ROR, a search engine independent format, which can be used to generate sitemaps, but also product catalogues, etc. The format is described here. Several thousands web sites use it. As I was not happy with the results of ROR's free sitemap generator, I thought I would adapt Cameron's Movable Type template to ROR format.]]> ROR Sitemap for <$MTBlogURL encode_xml="1"$> <$MTBlogURL encode_xml="1"$> ROR Sitemap for <$MTBlogURL encode_xml="1"$> <$MTBlogURL encode_xml="1"$> sitemap SiteMap <$MTBlogURL encode_xml="1"$> day 0 sitemap <$MTArchiveLink encode_xml="1"$> Article <$MTArchiveDate format="%Y-%m-%d"$> 1 sitemap <$MTArchiveLink encode_xml="1"$> week 2 sitemap <$MTArchiveLink encode_xml="1"$> week 3 sitemap To set this up on your Movable Type blog, simply copy the code into a new index template, set it to output as ror.xml, and add the following line in the of your main page:

Update 2006/10/26: Yahoo! Search introduced Site Explorer, which "allows you to explore all the web pages indexed by Yahoo! Search. View the most popular pages from any site, dive into a comprehensive site map, and find pages that link to that site or any page." The tool is pretty similar to Google's Webmaster tools. More information is available in online help pages. Once you have registered your web site with Yahoo! Search, you will be able to submit a site feed (or sitemap). Yahoo! supports RSS and Atom feeds, as well as "a text file containing a list of URLs, each URL at the start of a new line. The filename of the URL list file must be urllist.txt." Generating that text file with a Movable Type template is straightforward:

<$MTBlogURL encode_xml="1"$>

<$MTArchiveLink encode_xml="1"$>

<$MTArchiveLink encode_xml="1"$>

<$MTArchiveLink encode_xml="1"$>

To set this up on your Movable Type blog, simply copy the code into a new index template, set it to output as urllist.txt, and submit it to Yahoo! Search Site Explorer.

Security incidents in web-based applications

2006-04-20T17:34:00Z

According to the Web Application Security Consortium (WASC), XSS and SQL injection remain the most popular attack vectors being exploited in public incidents. Further details can be found in the Web Hacking Incidents Database (WHID), which was updated today.

The chart below illustrates the number of public incidents registered per year:

A broader list of vulnerabilities is listed in OWASP Top Ten, which ranks the most critical web application security flaws.

Security incident investigations within banks

2006-04-20T12:56:00Z

BankInfoSecurity.com published the first part of an article (free registration required) which provides a general overview of the security investigation process, how it fits within the incident response process, the required preparation process, specific issues in banks that need to be considered and the relationship between this process and security intelligence activities. Update 2006/4/27: Part two has been published.

MS extends life of Visual Studio freebie

2006-04-20T12:42:00Z

As reported by Computerworld, Microsoft said that: "an entry-level edition of its Visual Studio tools will remain free and available for use without restrictions for developers." Microsoft also announced "it has worked with partners to create add-ons to Visual Studio Express to lure both young developers that are just learning how to code and hobbyist developers that code for fun at home." (i.e. Lego and eBay).