Simple

Uncomfortably close to the truth!

2011-07-24T22:05:00.000+01:00

Interesting USB Tool

2011-02-08T21:22:00.000Z

Interesting USB tool on the NirSoft website that lists all connected USB devices to your PC and also ones that have been connected. Leverages the data in the registry but presents it in a nice GUI and also allows you to do it to a remote PC if you have Admin credentials

IPv6 view from Cisco

2011-02-06T22:47:00.002Z

Interesting article on IPv6 from Cisco Blog, with more to come.

http://blogs.cisco.com/security/ipv6-whats-new/

Egypt severs Internet connection

2011-01-29T22:28:00.000Z

Article on BBC News website about how Egypt has removed itself from the Internet whilst the unrest is ongoing. Interesting to consider the implications for companies that rely on the Internet for their WAN connectivity for any offices they have in countries like this.

Bypassing Applicatio/DLL whitelisting in SRP and AppLocker

2011-01-24T11:18:00.000Z

Didier Stevens has an interesting article on the ability to bypass DLL whitelisting by making the appropriate call. Apparently the reason you can do this is to help developers, and malware writers too....

Link Here

Application whitelisting paper

2011-01-19T10:45:00.000Z

Really good paper on the effectiveness of application whitelisting and the practical implications and limitations of it.

Paper here

Wipe a disk using dd

2011-01-05T17:07:00.002Z

You may need to wipe you hard drive to clean

up partition errors, bad installations, or for privacy. This will show you howto do this

These methods use a command called dd

Wiping the entire disk

This will overwrite all partitions, master boot records, and data.

Filling the disk with all zeros (This may take a while, as it is making every bit of data 0) :

dd if=/dev/zero of=/dev/sda bs=1M

If you are wiping your hard drive for security, you should populate it with random data rather than zeros (This is going to take even longer than the first example.) :

dd if=/dev/urandom of=/dev/sda bs=1M

When's a password good or bad?

2010-12-17T23:11:00.001Z

A reasonable article on when good passwords don't matter.

Story here

Another story on the ability to crack 'good' passwords
here

NSA and compromised networks

2010-12-17T22:44:00.001Z

Apparently the NSA think that their own networks can't be considered clean and security and take the appropriate actions based on that position including increased audit, new network sensors and standardisation.

Story here

Mounting a dd image

2010-12-15T23:05:00.001Z

Interesting article on how to mount a dd image from a backup or when a hard drive is failing or copied

http://rackerhacker.com/2010/12/14/mounting-a-raw-partition-file-made-with-dd-or-dd_rescue-in-linux/

Hashing tool

2010-12-15T17:14:00.001Z

New Hashing tool http://secure1st.com/

Vmware vsphere achieves eal 4+ certification

2010-11-05T22:57:00.001Z

http://virtualization.info/en/news/2010/11/vmware-vsphere-4-0-receives-common-criteria-eal4-certification.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Virtualization_info+%28virtualization.info%29

Interesting comment at end of article on what is not included

Because the vendor itself specifies the Security Target document, it’s really interesting to know what isn’t included, especially when you want to compare the product with comparable products which are also EAL4+ certified.

For ESX/ESXi functionalities not included in the Security Target are:

Simple Network Management Protocol (SNMP), File Transfer Protocol (FTP), Telnet
The use of any authentication method on ESX(i) other than the local password database
VMware Software Development Kit (SDK) tools
The procfs interface (used to manage CPU resources) on the ESX host Service Console
VMware Scripting Application Programming Interface (API) on the ESX host.
VMware Consolidated Backup
Guest OS patch updates via Update Manager
By earning this certification VMware stays way ahead of Citrix for which XenServer 5.6. and XenDesktop 4.0 achieved EAL2 certification in September this year.

four pillars of endpoint security

2010-11-05T21:59:00.001Z

Interesting article from Microsoft technet

http://technet.microsoft.com/en-gb/magazine/gg213837.aspx

Java outstrips Adobe

2010-10-19T22:27:00.003+01:00

Apparently Java is the new Adobe when it comes to malware attacks on PC's. According to a report by Microsoft, the attacks on vulnerable are magnitudes of order greater than adobe, previous number one target of malware.

Image: microsoft.com

Increase in 'Cyber Security' Budget

2010-10-18T13:17:00.000+01:00

Taken from BBC News Website

Tenable Nessus YouTube Channel

2010-10-12T22:32:00.002+01:00

Tenable have a YouTube channel and have some good walk through's.

FDCC compliance check

Nessus XML parsing with Awk

2010-10-12T22:27:00.002+01:00

Article on the HiR blog about Nessus XML output parsing

http://www.h-i-r.net/2010/10/nessus-xml-parsing-with-awk.html

Contains a link to a script to provide a list of IP's to severity rating, here

Seems to work better than some contractors output I could mention....

Sophos articles on malicious code

2010-10-12T21:01:00.003+01:00

Couple of pdf's on malicious code.

1. Want my autograph? The use and abuse of digital signatures by malware

http://www.sophos.com/security/technical-papers/digital_signature_abuse.pdf

Interesting article on the use of stolen certificates in modern malware.

2. FINDING RULES FOR HEURISTIC DETECTION OF MALICIOUS PDFS: WITH ANALYSIS OF EMBEDDED EXPLOIT CODE

http://www.sophos.com/security/technical-papers/malicious_pdfs.pdf

What to look for in malicious pdf's

highlights of that one

Heuristic 1: If the PDF contains JavaScript look more closely

Heuristic 2: If the objects or streams are mismatched look more closely

Heuristic 3: If the Cross-Reference (XRef) Table is invalid look more closely

Heuristic 4: The presence of LZWDecode, ASCII85Decode, DCTDecode and Encrypt Filter are indictative of clean files

Heuristic 5: Hash (#) encoded tags are indictative of malicious files

These comments appear to be based on the use of Adobe Acrobat Reader as the infection vector. Sumatra PDF reader, which doesn't support Flash or Javascript, might be an interesting alternative to get away from a lot of these problems.

Team Logo

2010-10-11T22:52:00.001+01:00

My take on a team Logo!...

determining and Mounting LUKS based encrypted disk images

2010-10-07T22:39:00.002+01:00

Article on how to determine whether a disk image is LUKS based and if it is how to deal with it. It also covers LVM as well.

It does NOT cover brute forcing the password.

Adobe Flash configuration

2010-10-07T21:44:00.002+01:00

Found an article on Adobe Flash configuration and the implications of it.

http://blog.eset.com/2010/10/06/adobe-flash-the-spy-in-your-computer-%E2%80%93-part-2

It references a pdf that gives the full spec but the article covers off a few interesting things that perhaps should be considered for flash/internet facing systems.

Geo locating an IP address

2010-10-07T21:37:00.004+01:00

Found a site, http://www.infosniper.net, that allows you to simply geo locate a user based on their IP address. Other sites do this but it gives you the option to choose, Google, Microsoft or Yahoo mapping tools.

Might be worth remembering for looking up IP addresses in email headers.

Article on setting effective consumer IT security policies

2010-10-06T21:31:00.004+01:00

Good article on what to consider when allowing staff to use their own IT to undertake work away from their corporate environment, i.e. their own laptops, smart phones, use of hotel IT, etc.

Article taken from WindowSecurity.com

Some points to consider.

Security concerns.

Security threats presented by consumer applications ie webmail, social networking, by employees on company-owned computers.
Security threats presented by consumer devices (laptops, smart phones, tablets/slates) owned by employees but used to connect to the corporate network.

Security Threats

Introduction of malware into the corporate network
Leakage of company data if consumer device is lost or stolen
Leakage of company information from inside corporate network from consumer apps, i.e. webmail, social networking, instant messenger

The article had some good recommendations, including

Mandatory encryption of any company data stored on employee-owned devices.
Mandatory encryption of communications in transit between employee-owned devices and the company network via VPN, DirectAccess, etc.
Mobile devices used for business should have the capability of being remotely wiped.
Health checks of laptops connecting to the corporate network, via Network Access Protection (NAP) or Network Access Control (NAC) to ensure that they meet company standards as to virus protection, firewall, service packs/security updates and so forth.
Enforced sync parsing/protocol filtering and content filtering (DeviceLock) to control what types of data users can synchronize between their mobile devices and company computers.
A virtual desktop infrastructure whereby virtualized operating systems and/or applications are delivered to employee-owned laptops for work purposes, allowing the company to control the hosted image and isolate it from the local operating system on the laptop.
Policies that specify what consumer software can be used on corporate computers (for example, social networking web sites vs. iTunes, multi-player games or personal VoIP accounts such as Skype) and enforcement of those policies with Software Restrictions Policy.
Use of agent-based security configuration management tools to enforce usage policies.
Develop a comprehensive usage policy that addresses employee use of social networking

Well worth a read as it may cover either issues such as contractors and what they can do with their own laptops in an organisation.

How To – Digital Forensic Imaging In VMware ESXi

2010-10-05T21:13:00.002+01:00

Great article on how to forensically image a vmdk file.

https://blogs.sans.org/computer-forensics/2010/10/04/digital-forensic-imaging-vmware-esxi/

National Cyber Security Awareness Month

2010-09-29T22:20:00.007+01:00

Apparently it is National Cyber Security Awareness Month in the USA for the month of October. The they have some good banners and posters that might be of interest that could be used elsewhere.

There also appears to be a selection of Tip sheets that might be worthwhile looking at.

Tip Sheets Documents:
Gaming Tips for Kids
Gaming Tips for Parents
Internet Safety and Security Tips For Parents
Mobile Tips
Social Networking Tips