INSERT (the Inside Security Rescue Toolkit) aims to be a multi-functional, multi-purpose disaster recovery and network analysis system. It boots from a credit card-sized CD-ROM and is basically a stripped-down version of Knoppix. It features good hardware detection, fluxbox, emelfm, links-hacked, ssh, tcpdump, nmap, chntpwd, and much more. It provides full read-write support for NTFS partitions (using captive), and the ClamAV virus scanner (including a fairly recent signature database and a GUI). It also has a network boot facility.
- full read-write support for NTFS-partitions using captive and linux-ntfs
- support for various file system types:
- locally: EXT2, EXT3, EISERFS, REISER4, JFS, XFS, NTFS, FAT, MSDOS, MINIX, UDF, HFS, HFS+, HPFS, UFS, UNIONFS
- net based: NFS, SMBFS, CIFS, NCPFS, SSHFS, AFS
- support for linux software RAID and LVM2
- support for WLAN adapters
- network analysis (e.g. nmap, tcpdump)
- disaster recovery (e.g. gparted, gpart, partimage, testdisk, recover)
- virus scanning (Clam Antivirus with GUI avscan)
- computer forensics (e.g. chkrootkit, foremost, rootkit hunter)
- surf the internet (e.g. the web browser dillo [enhanced version], the graphical FTP client gFTP)
- network boot server to boot network boot enabled clients that cannot boot from the CD (insert-remote)
- installation on a USB memory stick (usb-install)
based on Linux kernel 220.127.116.11 and Knoppix 4.0.2
Get it from Inside Security.
Should we use password generators?
…Now, this may sound like there's almost no way for an average person to
pick secure passwords and for a system administrator to enforce the use
of strong passwords (or passphrases). Luckily, there's a tool I wrote
to help the situation. It's
pam_passwdqc, a password
strength checking module for the PAM (Pluggable Authentication Modules) framework.
pam_passwdqc works on Linux, FreeBSD 5+ (in fact, it's been integrated
into FreeBSD), Solaris, HP-UX 11+, and reportedly on recent versions of
IRIX. Additionally, Damien Miller has developed a
strength checker for OpenBSD's /usr/bin/passwd that uses the password
complexity checking code from pam_passwdqc.
What new features does the latest version 1.7 of
John the Ripper include?
The new “features” this time are primarily performance improvements
possible due to the use of better algorithms (bringing more inherent
parallelism of trying multiple candidate passwords down to processor
instruction level), better optimized code, and new hardware capabilities
(such as AltiVec available on PowerPC G4 and G5 processors).
Read the full interview on SecurityFocus.
The official study guide
for the CISSP Exam, created by (ISC)² appears to plagiarise several other works.
The plagiarism was first noted by Dr Michael Workman, from the College of Information at Florida State University.
In page 406 from the guide it states, “One of the main problems with
simple substitution ciphers is that they are so vulnerable to frequency
analysis…” It now appears this material was taken directly from the
paper, “The Vigenere Cipher”
Security Dump has the scoop.
SURFnet is looking for technologies to expand the ways they can detect network traffic anomalies like botnets. Since bots started using domain names for connection with their controller, tracking and removing them has become a hard task. This research is a first glance at the usability of DNS traffic and logs for detection of this malicious network activity. Detection of bots is possible by DNS information gathered from the network by placing counters and triggers on specific events in the data analysis. In combination with NetFlow information and IP addresses of known infected systems, detection of bots of network anomalies can be made visible. Also the behavior of a bot can be documented and additional information can be gathering about the bot. Using DNS data as a supplement to the existing detection systems can give more insight in< the suspicious network traffic. With some future research, this information can be used to compile a case against particular types of bot or spyware and help dismantling a remote controlled infrastructure as a whole.
Read the full paper (PDF)by Antoine Schonewille and Dirk-Jan van Helmond from the University of Amsterdam. This is the second research paper I have seen in the last month dealing with DNS's role is detecting malware. This is the kind of reasearch that helps products like NeuSecure become more accurate.
AirDefense, the innovator that launched the wireless LAN security
market, today announced it has invoked an interference action against a
patent application accelerated by AirTight Networks related to
“Monitoring a selected region of an air space associated with local
area networks of computing devices” (U.S. patent No. 7,002,943).
AirDefense has several pending patent applications which claim the same
subject matter in the area of wireless intrusion protection. The
AirDefense patents were filed in June 2002, predating the AirTight
patent application which was filed in October 2004.
This AirDefense press release, that was released today, comes one day after AirTight announced winning the patent:
AirTight Networks™, the leading provider of wireless
perimeter security solutions, today announced that the
U.S. PTO (Patent and Trademarks Office) has issued U.S.
patent No. 7,002,943 to AirTight Networks for a “METHOD
AND SYSTEM FOR MONITORING A SELECTED REGION OF AN AIRSPACE
ASSOCIATED WITH LOCAL AREA NETWORKS OF COMPUTING DEVICES”.
This patent granted by the US PTO covers technologies that
are key elements of wireless intrusion detection or
This should be interesting. I evaluated the technologies about a year ago and found AirTight to be a good step ahead of AirDefense as it came to technology and ease of use. I was Director of Security Solutions at Microtek Systems, Inc at the time and we decided to partner with AirTight. I was very happy with both the product and the company as a VAR. I will rattle the cage over at AirTight and see if I can get an inside scoop. From the looks of it, AirTight has won and AirDefense is crying foul. I'll keep you posted.