The Lazy Genius

Security News & Brain Dumps from Xavier Ashe, a Bit9 Client Partner

Archive for May, 2006

Canada Panorama.jpg

Posted by Xavier Ashe on May 30, 2006

Posted in Random Pics | Leave a Comment »

Panoramic of Edmonton, Canada

Posted by Xavier Ashe on May 30, 2006

I posted a new photo to RandomPics.

Posted in Main Page | Leave a Comment »

Audrey 001.jpg

Posted by Xavier Ashe on May 28, 2006

Posted in Audrey | Leave a Comment »

Audrey in a Bikini

Posted by Xavier Ashe on May 28, 2006

I posted a new photo to Audrey.

Posted in Main Page | Leave a Comment »

First Georgia, now the UK

Posted by Xavier Ashe on May 25, 2006

It looks like the United Kingdom is weighing a law that could possibly criminalise the practices of Computer Security Pros.
From the article at ZDNet:

The
Police and Justice Bill will update the UK's existing Computer Misuse
Act (CMA), bringing in new powers to address the rise of organised
cybercriminals and offences such as denial-of-service attacks. It was
passed by the House of Commons earlier this month, and will be
considered by the House Of Lords over the next couple of months.

Sounds pretty harmless, right?

WRONG!

Read the whole article by Security Monkey.  The Georgia bill did get vetoed, so lets support our friends in the UK and help block this bill.

Posted in Security | Leave a Comment »

The end of Trackbacks

Posted by Xavier Ashe on May 24, 2006

I have decide to turn off trackbacks on The Lazy Genius.  I get about 10-30 a day and they are all spam.  Sorry guys, but it's very annoying.  If you want a shout out or a link on my main page, shoot me an email at xavier at ashe d0t com.

Posted in Personal Note | Leave a Comment »

Microsoft considers taking admin rights from employees

Posted by Xavier Ashe on May 24, 2006

Microsoft “eats its own dog food”, which means it deploys early
builds of its software internally to ensure the products are thoroughly
tested in a real world environment.

Currently, the majority of Microsoft's employees enjoy full admin
rights on their desktop PCs, which is an unusual practice in the
enterprise space as it makes possible for users to install unauthorised
software and introduce unwanted pests — such as spyware.

On the second day of the AusCERT conference on the Gold Coast, the director of Microsoft's internal security, Mark Estberg, told ZDNet Australia
that a security feature in Vista called User Access Control (UAC) could
mean less employees have full admin rights over their PCs.

Read the full article ZDnet Australia.

Posted in Security | Leave a Comment »

Guide to Computer Security Log Management

Posted by Xavier Ashe on May 24, 2006

This publication seeks to assist organizations in understanding the need for sound computer security log management. It provides practical, real-world guidance on developing, implementing, and maintaining effective log management practices throughout an enterprise. The guidance in this document covers several topics, including establishing a centralized log management infrastructure, and developing and performing robust log management processes at both the organization level and the individual system level. The document presents logging technologies from a high-level viewpoint, and it is not a step-by-step guide to implementing or using logging technologies.

New publication by NIST.  Download the full PDF.

Posted in Security | Leave a Comment »

5 Computer Security Experts' Latest Tips and Techniques

Posted by Xavier Ashe on May 24, 2006

Matthew M. Speare
M&T Bank's corporate security officer says customers will have to “speak with their wallets” before software vendors to build security into applications.

Bruce Schneier
Counterpane Internet Security's founder says corporations are spending the right amount of money on security—they are just spending it badly.

Bruce Forman
Genesis HealthCare's information security director outlines the top three security measures enterprises should take.

Gary McGraw
Cigital's chief technology officer weighs in on Trusted Computing's impact on computer security and privacy.

Scott K. Davis
T. Rowe Price Investment Technologies' network security manager discusses why companies today have a better awareness about computer security—and what still needs to be done.

Posted in Security | Leave a Comment »

Get your claim in against Sony/BMG

Posted by Xavier Ashe on May 23, 2006

Listen up anyone who “purchased, received, came into possession of or
otherwise used” music CDs containing Sony's flawed DRM software anytime
after August 1, 2003. Under the terms of the class action
settlement approved Monday, you are entitled to file a claim for a
replacement CD, free downloads of music from that CD (with Apple's
iTunes named as one of the three download services, ironically), and
even “additional cash payments” which we presume are likely to amount
to a stack of Abes not Benjamins, folks. Pretty much what Sony BMG was already offering to their customers
when this whole fiasco hit back in November. Additionally, Sony BMG
definitively agreed to halt manufacture or distribution of that XCP and MediaMax nastiness masked by the rootkit. Now be sure to get your claim in now consumers, so that Sony BMG hears loud and clear that you do know what a rootkit is, and yes, you care.
Afterall, the settlement only lasts until the end of 2007 at which
point Sony BMG is free to introduce copy protection software once
again. Click for a PDF copy of the settlement.

From Engadget.

Posted in Privacy | Leave a Comment »

2006 Australian Computer Crime and Security Survey

Posted by Xavier Ashe on May 23, 2006

All of Australia's law enforcement agencies – the Australian High
Tech Crime Centre, the Australian Federal Police, Queensland Police,
NSW Police, Victoria Police, Tasmania Police, South Australia Police,
Northern Territory Police and Western Australia Police – and AusCERT
produced the 2006 Australian Computer Crime and Security Survey.

The survey provides the most up to date and authoritative analysis of
computer network attack and computer misuse trends in Australia over
the last 12 months. The survey aims to raise awareness of the complex
nature of computer security issues, identify areas of concern and,
where appropriate, to motivate organisations to take a more active role
in protecting their systems.

Get the full PDF here.  Published by the Australian CERT.  It looks and feels a while lot like the US Computer Crime Survey published by the FBI.  Here are some interesting highlights:

  • Total average annual losses for electronic attack, computer crime, and computer access misuse or abuse increased by 63% to $241,150 per organisation compared to 2005.
  • About 1 in 5 reported trojan or rootkit infections, which is considered to be high given that such malware cannot self-propagate. The volume, therefore, is assessed to be a reflection of attacker activity.
  • Of those that suffered trojan or rootkit infections, most were from public sector organisations (60%) compared to the private sector (40%).
  • Across most categories, there was a reduction in the reported use of security technologies, security policies and procedures, IT security standards and IT qualifications and training compared to 2004 and 2005.

Posted in Security | Leave a Comment »

Online scams create "Yahoo! millionaires"

Posted by Xavier Ashe on May 23, 2006

Akin is, like many things in cyberspace, an alias. In real life he's
14. He wears Adidas sneakers, a Rolex Submariner watch, and a kilo of
gold around his neck.

Akin, who lives in Lagos, is one of a new generation of
entrepreneurs that has emerged in this city of 15 million, Nigeria's
largest. His mother makes $30 a month as a cleaner, his father about
the same hustling at bus stations. But Akin has made it big working
long days at Internet cafes and is now the main provider for his family
and legions of relatives.

Call him a “Yahoo! millionaire.”

Akin buys things online – laptops, BlackBerries, cameras,
flat-screen TVs – using stolen credit cards and aliases. He has the
loot shipped via FedEx or DHL to safe houses in Europe, where it is
received by friends, then shipped on to Lagos to be sold on the black
market. (He figures Americans are too smart to sell a camera on eBay to
a buyer with an address in Nigeria.)

Interesting Story on CNN Money.

Posted in Security | Leave a Comment »

"Anti-Phishing" bill goes to Gov. George Pataki

Posted by Xavier Ashe on May 22, 2006

The New York State Senate Wednesday gave final legislative approval
to a bill that would combat the Internet scams known as “phishing.”

The “Anti-Phishing Act of 2006” would allow the state's attorney
general, industries and nonprofits to bring civil actions against the
perpetrators of Internet phishing.

According to the Anti-Phishing Working Group, a national association of
law enforcement and industry members, some 150 million phishing emails
are sent to people daily. They typically involve fraudulent electronic
mails designed to get people to divulge personally identifying
information that can subject them to identity theft.

Read the full article in The Business Review.

Posted in Security | Leave a Comment »

Whistle-Blower's Evidence, Uncut

Posted by Xavier Ashe on May 22, 2006

Former AT&T technician Mark Klein is the key witness in the
Electronic Frontier Foundation's class-action lawsuit against the
telecommunications company, which alleges that AT&T cooperated in
an illegal National Security Agency domestic surveillance program.

In a public statement
Klein issued last month, he described the NSA's visit to an AT&T
office. In an older, less-public statement recently acquired by Wired
News, Klein goes into additional details of his discovery of an alleged
surveillance operation in an AT&T building in San Francisco.

Klein supports his claim by attaching excerpts of three internal company documents: a Dec. 10, 2002, manual titled “Study Group 3, LGX/Splitter Wiring, San Francisco,” a Jan. 13, 2003, document titled “SIMS, Splitter Cut-In and Test Procedure” and a secondCut-In and Test Procedure” dated Jan. 24, 2003.

Here we present Klein's statement in its entirety, with inline links
to all of the document excerpts where he cited them. You can also
download the complete file here (pdf). The full AT&T documents are filed under seal in federal court in San Francisco.

From Wired News.

Posted in Security | Leave a Comment »

Forensic Examination of Digital Evidence: A Guide for Law Enforcement

Posted by Xavier Ashe on May 22, 2006

To assist law enforcement agencies and prosecutorial offices, a series of guides dealing with digital evidence has been selected to address the complete investigation process. This process expands from the crime scene through analysis and finally into the courtroom. The guides summarize information from a select group of practitioners who are knowledgeable about the subject matter. These groups are more commonly known as technical working groups.

This guide is the second in a series. The first guide, Electronic Crime Scene Investigation: A Guide for First Responders, is available through the National Institute of Justice Web site at http://www.ojp.usdoj.gov/nij/pubs-sum/187736.htm.

Read the full PDF.  Published by the US Department of Justice.

Posted in Security | Leave a Comment »

Windows Forensic Toolchest

Posted by Xavier Ashe on May 22, 2006

The Windows Forensic
Toolchest (WFT) was written to provide an automated incident response
[or even an audit] on a Windows system and collect security-relevant
information from the system. It is essentially a forensically enhanced
batch processing shell capable of running other security tools and
producing HTML based reports in a forensically sound manner. A
knowledgeable security person can use it to help look for signs of an
incident (when used in conjunction with the appropriate tools). WFT is
designed to produce output that is useful to the user, but is also
appropriate for use in court proceedings. It provides extensive logging
of all its actions along with computing the MD5 checksums along the way
to ensure that its output is verifiable. The primary benefit of using
WFT to perform incident responses is that it provides a simplified way
of scripting such responses using a sound methodology for data
collection. Click here for a screen capture of WFT's main screen.

The
Windows Forensic Toolchest (WFT) was written to be forensically sound
and has been validated through my efforts to complete the SANS GIAC Certified Forensic Analyst (GCFA) practical assignment. If you have ever seen Incident Response Collection Report (IRCR), then Windows Forensic Toolchest is substantially equivalent in base functionality. IRCR claims to be “similar to The Coroner's Toolkit (TCT)
by Dan Farmer & Wietse Venema”, but it essentially serves as a
wrapper program to automate the running of several other command line
programs for the purpose of taking a “snapshot of the system in the
past”. The Windows Forensic Toolchest (WFT) was born based on my desire
to have a tool that surpassed IRCR in flexibility, while being
forensically sound in its implementation. Click here for a screen capture of WFT running.

Download WFT from Fool Moon Software and Security.

Posted in Security, Tools | Leave a Comment »

How-to Backup Your Original XBOX 360 Games

Posted by Xavier Ashe on May 21, 2006

Now that you've flashed your Xbox 360's firmware
to enable the playing of backup discs, you probably want to start
actually backing up those expensive games you bought in case they get
scratched or perhaps even melted by your toasty 360. And luckily for
you, CleverMod has posted just the step-by-step instructions you need
for ripping your games and then burning the images onto dual-layer DVDs
— but keep in mind, you're voiding about a million warranties with all
of this flashing and ripping and such. Basically, CleverMod's method
involves disassembling a DVD drive so that you can switch discs without
hitting the eject button, and then installing a program called WxRipper
that finds a so-called “magic number” from any regular 8+GB dual-layer
DVD. The program then uses that data to unlock a substituted 360 disc
and dump a RAW copy onto your hard drive, which can be burned onto a
blank disc and presumably played using the Commodore4Eva hack on
Toshiba-Samsung drive-sporting 360s. And just to be super clear, if you
don't own a copy of the game you're ripping, then you're not allowed to
do this (i.e. Blockbuster, GameFly games are off-limits).

From Engadget.

Posted in XBox Hacks | Leave a Comment »

IT'S ALIVE!

Posted by Xavier Ashe on May 19, 2006

The blog has been saved from Digg death.  I have bumped up the quota, thanks to the increased ad revenue generated from the Digg.  Thanks to all the new visitors and I hope you keep coming by!

Posted in Main Page | Leave a Comment »

Cryptography Rap

Posted by Xavier Ashe on May 5, 2006

The rapper MC Plus+ has written a song about cryptography, “Alice and Bob.” It mentions DES, AES, Blowfish, RSA, SHA-1, and more. And me!

From Bruce Schneier's Blog.

Posted in For Fun, Security | Leave a Comment »

Gone in 20 Minutes: using laptops to steal cars

Posted by Xavier Ashe on May 4, 2006

High-tech thieves are becoming increasingly savvy when it comes to
stealing automobiles equipped with keyless entry and ignition systems.
While many computer-based security systems on automobiles require some
type of key — mechanical or otherwise — to start the engine, so-called
‘keyless’ setups require only the presence of a key fob to start the
engine.

The expert gang suspected of stealing two of David Beckham’s BMW X5
SUVs in the last six months did so by using software programs on a
laptop to wirelessly break into the car’s computer, open the doors, and
start the engine.

“It’s difficult to steal cars with complex security, but not
impossible. There are weaknesses in any system,” Tim Hart of the Auto
Locksmith Association told the U.K.’s Auto Express magazine.
“At key steps the car’s software can halt progress for up to 20 minutes
as part of its in-built protection,” said Hart.

HAHAHA!  I glad that it slows them down 20 minutes.  Read the full article on Left Lane News.

Posted in Security | Leave a Comment »

 
%d bloggers like this: