The Lazy Genius

Security News & Brain Dumps from Xavier Ashe, a Bit9 Client Partner

Archive for March, 2006

Burp Suite

Posted by Xavier Ashe on March 30, 2006

Burp suite is an integrated platform for attacking web
applications. It contains all of the burp tools (proxy, spider,
intruder and repeater) with numerous interfaces between them
designed to facilitate and speed up the process of attacking a
web application. All plugins share the same robust framework for
handling HTTP requests, authentication, downstream proxies,
logging, alerting and extensibility.

Burp suite allows an attacker to combine manual and automated
techniques to enumerate, analyse, attack and exploit web
applications. The various burp tools work together effectively
to share information and allow findings identified within one
tool to form the basis of an attack using another.

Get more info at PortSwigger.net.

Advertisements

Posted in Security, Tools | Leave a Comment »

Microsoft Security Chief to Step Down

Posted by Xavier Ashe on March 28, 2006

After four years at the helm of Microsoft’s security group, Mike
Nash is taking a break. This June he will go on sabbatical after
handing over responsibilities to his replacement, Ben Fathi.

Nash
led Microsoft’s Security Technology Unit during a period in which the
security of Microsoft’s products was increasingly scrutinized following
a number of worldwide worm attacks, including Slammer and MyDoom.

The
15-year Microsoft veteran was responsible for directing Microsoft’s
response to these threats as well as for setting its overall security
strategy as the software vendor struggled against a public perception
that its products were insecure.

From CSO Online.com.

Posted in Security | Leave a Comment »

US group wants China 'spy' probe

Posted by Xavier Ashe on March 28, 2006

A US agency is calling for an official probe into
Chinese computer firm Lenovo's contract to supply 15,000 computers to
the US State Department.

The US-China Economic and Security Review Commission
(USCC) said it feared the PCs could be fitted with bugging devices to
spy on the US government.

Lenovo, which last year bought IBM's PC arm, said it had nothing to hide and would welcome the investigation.

<sigh>… Another American policital witchhunt.  Read the rest of the article on BBC News.

Posted in Security | Leave a Comment »

Little known Microsoft security utilities

Posted by Xavier Ashe on March 26, 2006

Microsoft makes a big deal about security, but
sometimes a few of the company's security resources slip under the
radar. There aren't many, but there are a few obscure Microsoft
security utilities that deserve a little more publicity. In this
article, I will briefly describe several utilities that you may not
have heard of.

  • Microsoft Office Visio 2003 Connector for the Microsoft Baseline Security Analyzer
  • Security Risk Assessment for Midsize Organizations
  • Cipher Security tool
  • Port Reporter
  • PortQry
  • Malicious Software Removal Tool

Redd more from Brien M. Posey on SearchWindowsSecurity.com.

Posted in Security | Leave a Comment »

Feds nix Check Point's Sourcefire bid

Posted by Xavier Ashe on March 24, 2006

A takeover bid by an Israeli firewall firm has become the latest
victim of US security protectionism. Check Point Software has dropped
its bid for US rival Sourcefire after objections from the FBI and
Pentagon were heard by the Treasury's Committee on Foreign Investments.

The Committee has also overseen the recent rumpus surrounding the
Dubai carve-up of P&O, which would put Arab business in control of
US ports.

Federal agency objections to the security software tie-up centre on
the implementation of Sourcefire's anti-intrusion software 'Snort' by
the Bureau and Department of Defense, AP reports. In private meetings
between the panel and Check Point, FBI and Pentagon officials took
exception to letting foreigners acquire the sensitive technology.

If the $225m deal had gone ahead as announced back in October, Check
Point would have got the rights to all patents and source code. Check
Point says the two companies will find ways round the roadblock. CEO
Gil Shwed said: “We've decided to pursue alternative ways for Check
Point and Sourcefire to partner in order to bring to market the most
comprehensive security solutions.”

From The Register.

Posted in Security | Leave a Comment »

W00t! I won!

Posted by Xavier Ashe on March 22, 2006

I started using a search engine called Blingo that's like Google or Yahoo except it gives away prizes.  Blingo uses Google for it's results, so I get the same results as usual.  I just won a movie ticket…. so it works.  Come play with me!

Posted in Personal Note | Leave a Comment »

Announcing the Atlanta Tivoli User Group

Posted by Xavier Ashe on March 22, 2006

I'm pleased to announce the inaugural meeting of the expanded Atlanta Tivoli User Group (ATUG) now including both IBM Tivoli and Micromuse Netcool customers and interested parties.  This is a technically focused special interest group that will focus on more specific topics related to the IBM Tivoli (including Micromuse Netcool) family of products. 

The Atlanta Network and Systems Management TUG (ANSMTUG) is a broader vendor-neutral user group focused on the art of all things network, systems and application management, including the operations, business, people, process focus areas.  ANSMTUG will continue to have broad based meetings on a range of topics.

Please register as a Atlanta Tivoli User Group member and RSVP for the meeting on the webpage or with me here.

Main Tivoli User Group Website: http://www.tivoli-ug.org/

Atlanta Tivoli User Group Website: http://www.tivoli-ug.org/groups.php?groupid=145

Meeting time: Tuesday April 11th, 2006  4:00 PM – 8:00 PM

Meeting location: 4111 Northside Parkway, Atlanta, GA – Auditorium.  The meeting will be held at the Auditorium (ATL-HS-03-03F23) in the IBM facility (Hillside Building) located.  The Auditorium is on the 3'rd floor, which is the same floor as the lobby in the Hillside Building.
Get a Google Map to the IBM complex.

Meeting Agenda:

4:00 PM – 4:30 PM – Introductions – David Marques, All
4:30 PM – 5:45 PM – Micromuse Roadmap – Dan Tabor – BSM Product Manager, James Mellinger, Sr. Technology Evangelist, Doug McClure, Principle Architect, BSM/ITSM
5:45 PM – 6:15 PM – Dinner (provided by IBM)
6:15 PM – 7:30 PM – ITSM Strategy and CCMDB – Vinu Sundaresan
7:30 PM – 8:00 PM – Open Discussion

I look forward to meeting other Tivoli users and answering questions about NeuSecure.

Posted in Lectures | Leave a Comment »

Useful Firefox Security Extensions

Posted by Xavier Ashe on March 21, 2006

Mozilla’s Firefox browser claims to provide a safer browsing experience
out of the box, but some of the best security features of Firefox are
only available as extensions. Here’s a roundup of some of the more useful ones I’ve found.

Get the list on Ed Finkler's Weblog.

Posted in Security, Tools | Leave a Comment »

Contemporary Approaches To Project Risk Management: Assessment & Recommendations

Posted by Xavier Ashe on March 18, 2006

In order to manage risks, we have to define what
risk is. From the OXFORD dictionary, risk is defined as 'possibility of
meeting danger or suffering harm'. With this definition, it makes us
feel that there is a need to avoid risks especially when managing
projects. But unfortunately, like what all risk managers know, risk can
never be avoided BUT it can be reduced and that is what management
wants to hear. And unfortunately again, risks are often ignored. By
abolishing constraints and reducing ambiguities, risk can be minimised
to an acceptable level. Project risks may be accidentally overlooked by
those who just do not have time to look into it or those who want to
avoid serious delays.

Read the Full Paper (PDF) by Mohamed Noordin Yusuff.

Posted in Security | Leave a Comment »

2006 FOIA Gallery

Posted by Xavier Ashe on March 17, 2006

In celebration of Freedom of Information Day,
EPIC is proud to introduce its 2006 FOIA Gallery, which contains
highlights and scanned images of some of EPIC's most interesting FOIA
disclosures from the past year. For more information about the Freedom
of Information Act, see EPIC's Open Government page.

Posted in Privacy | Leave a Comment »

Rumint – network and security visualization

Posted by Xavier Ashe on March 15, 2006

rumint
(room-int) is an open source network and security
visualization tool

  • Load pcap datasets and capture live traffic.
  • VCR/PVR interface to play back the traffic
  • Visualize packets in seven carefully designed windows
  • Extremely flexible with a total of ~20 different views.
  • Currently handles up to 30,000 packets in a high speed RAM
    buffer.

This version adds filtering and scaling based on TCP and UDP ports
(see the toolbars>filters menu) as well as filtering based on
packet length. Also, I converted all the appropriate interface elements
to eliminate the need for the fm20.dll which should make installation
cleaner. I'm hoping this will allow rumint to also work on Japanese
versions of Windows, if someone could let me know, I'd appreciate
it. I'd also like to thank the good people at astalavista for placing
rumint on their top
10 tools list
. Finally, rumint should not time out based on
the packetX library I'm using, this version should fix any problems
along this line.

Download rumit here.

Posted in Security, Tools | Leave a Comment »

An Email Worm Vaccine Architecture

Posted by Xavier Ashe on March 15, 2006

We present an architecture for detecting “zero-day” worms and viruses in incoming email. Our main idea is to intercept every incoming message, prescan it for potentially dangerous attachments, and only deliver messages that are deemed safe. Unlike traditional scanning techniques that rely on some form of pattern matching (signatures), we use behavior-based anomaly detection. Under our approach, we “open” all suspicious attachments inside an instrumented virtual machine looking for dangerous actions, such as writing to the Windows registry, and flag suspicious messages. The attachment processing can be offloaded to a cluster of ancillary machines (as many as are needed to keep up with a site's email load), thus not imposing any computational load on the mail server. Messages flagged are put in a “quarantine” area for further, more labor-intensive processing. Our implementation shows that we can use a large number of malware-checking VMs operating in parallel to cope with high loads. Finally, we show that we are able to detect the actions of all malicious software we tested, while keeping the false positive rate to under 5%.

Read the full paper (PDF) written by Stelios Sidiroglou, John Ioannidis, Angelos D. Keromytis, and Salvatore J. Stolfo from the Department of Computer Science, Columbia University.

Posted in Security | Leave a Comment »

ITIL, BS, and ISO oh my!

Posted by Xavier Ashe on March 14, 2006

I am up to my neck in best practices.  I am starting to write the best practices for NeuSecure.  To do that, I have to tell a few stories.  The first is about NOC-SOC integration.  We have linked NeuSecure with NetCool/Omnibus which opens the door to many new scenarios.  Scenarios to which I have to write up.  In addition to NOC-SOC integration, Tivol is heavy into ITIL, so I need to tell the story of how our product enables enterprise Security Management and makes it possible to complete the ITIL picture.  If you are interested in ITIL and Tivoli, take a look at the IBM Tivoli's Unified Process. There's a great tool in navigating the big picture of ITIL and ITSM.  To top it all off, there is BS7799, ISO17799, and ISO 27001.  I have dived into that mess and hopefully won't drown.

I hope to post some more security news stories, but not much has caught my attention lately.  Keep checking back, I'll post more soon!

Posted in Personal Note | Leave a Comment »

TaoSecurity Blog

Posted by Xavier Ashe on March 8, 2006

Every once in a while it's good to be reminded of certain principles. In my first book
I outlined three lessons I've learned while monitoring intruders.
Sometimes threats in nature provide examples of these lessons.

Sguil developer Bamm Visscher pointed me to these images, which I have cropped and annotated for your network security monitoring enjoyment.

Fun post from Richard Bejtlich at TaoSecurity.  I am able half way through his first book and am quickly becoming a fan, especially with my new job.

Posted in For Fun, Security | Leave a Comment »

Inphamous phreaker Captain Crunch: video podcast

Posted by Xavier Ashe on March 7, 2006

John T. Draper –aka Captain Crunch, Crunch or Crunchman — launched a hacking/security-themed video project called CRUNCHTV a few months ago. Link to the first edition, which just popped up on YouTube. (Thanks, Macki!)

From Boing Boing.

Posted in Security | Leave a Comment »

Skype 5-way Calling Limit Cracked

Posted by Xavier Ashe on March 5, 2006

“It turns out when Skype limited 10 way calling to Intel Processors only it really was arbitrary! Maxxus has a patched version
of Skype that allows 10-way calling regardless of the processor
installed. There's also info about the patch: “The patch is the result
of two phases: code analysis and design of the patch. The code
analysis, or reverse engineering, reveals the relevant code block,
which overrides Skype's limitation for Intel's dual-core CPUs. The
patch design isolates the minimal set of instructions that need to be
modified to cancel this limitation.” Windows only so far.”

From Slashdot.

Posted in Security | Leave a Comment »

WiFiSniffer for the PSP

Posted by Xavier Ashe on March 4, 2006

Battlestations! Those of you who get a kick out of wardriving will be
glad to know that Jean-Yves Lamoureux has released a new version of
WiFiSniffer for the PSP! WiFiSniffer allows you to constantly detect
and monitor the status of WiFi connections in your area. It will
display both WEP encrypted and unencrypted connections every second,
and will display the SSID, speed, capabilities and MAC address. A few
bugs have been cleaned up in the latest release, as well as getting a
new look!

Download from QJ.net. [via]

Posted in PSP Hacks, Security, Tools | Leave a Comment »

Take some time out

Posted by Xavier Ashe on March 3, 2006

Here's a deviation from normal security related posts to share a story.  Hope you're having a good Friday.  the Weather's great here in Atlanta.

A boat docked in a tiny Mexican village. An American tourist complimented the Mexican fisherman on the quality of his fish and asked how long it took him to catch them.

“Not very long,” answered the Mexican.

“But then, why didn't you stay out longer and catch more?” asked the American.

The Mexican explained that his small catch was sufficient to meet his needs and those of his family.

The American asked, “But what do you do with the rest of your time?”

“I sleep late, fish a little, play with my children, and take a siesta with my wife. In the evenings, I go into the village to see my friends, play the guitar, and sing a few songs… I have a full life.”

The American interrupted, “I have an MBA from Harvard, and I can help you! You should start by fishing longer every day. You can then sell the extra fish you catch. With the extra revenue, you can buy a bigger boat.”

“And after that?” asked the Mexican.

“With the extra money the larger boat will bring, you can buy a second one and a third one and so on until you have an entire
fleet of trawlers. Instead of selling your fish to a middle man, you can then negotiate directly with the processing plants and maybe even open your own plant. You can then leave this little village and move to Mexico City, Los Angeles, or even New York City! >From there you can direct your huge new enterprise.”

“How long would that take?” asked the Mexican.

“Twenty, perhaps twenty-five years,” replied the American.

“And after that?”

“Afterwards? Well my Friend, That's when it gets really interesting,” answered the American, laughing. “When your business gets really big, you can start selling stocks and make millions!”

“Millions? Really? And after that?” said the Mexican.

“After that you'll be able to retire, live in a tiny village near the coast, sleep late, play with your children, catch a few fish, take a siesta with your wife and spend your evenings doing what you like and enjoying your friends.”

And the moral is: Know where you're going in life… you may already be there.

Posted in Personal Note | Leave a Comment »

Donations flood in for 'guilty' security researcher

Posted by Xavier Ashe on March 2, 2006

Security expert Guillaume Tena, who was last week
ordered to pay a fine of 14,300 euros for breach of French copyright
law after publishing information about security vulnerabilities in an
anti-virus application, has already collected around half the money in
donations after appealing for help on his Web site.

On 21 February, Tena lost his appeal
in a case involving vendor Tegam and was ordered to pay a fine of
14,300 euros (around AU$23,000) for breaking French copyright laws.
Tena appealed for donations on his Web site — to buy a new anti-virus
application because asking for donations to pay a fine is also illegal
in France — and within a week he has already collected over 8,000
euros.

Tena said the generosity shows that whatever the courts think, the
Internet and security communities can recognise injustice: “It seems
that people on the Internet have an acute bull**** detector, and have
decided by themselves who is right and who is wrong.”

“I've asked for donations and have already received around 8,500
euros (AU$13,600) in a week. That is so incredibly nice, I have no
words. I hope this is what I will remember from all of this,” Tena told
ZDNet Australia.

From ZDNet Australia.

Posted in Security | Leave a Comment »

Hacker Outsmarts Kinko's ExpressPay Cards

Posted by Xavier Ashe on March 2, 2006

A security hole in a common technology used to manage prepaid store
cards could let malicious hackers and other criminal groups bilk FedEx Kinko's stores, according to a recently published report.

ExpressPay is a system developed by EnTrac Technologies, of Toronto. The system uses smart cards from Infineon, but does not secure data on the cards.

A
security hole could allow hackers to clone legitimate cards or change
the value of a card to any amount, according to Strom Carlson, a
hardware security researcher at Secure Science in San Diego.

From eWeek.

Posted in Security | Leave a Comment »

 
%d bloggers like this: