The Lazy Genius

Security News & Brain Dumps from Xavier Ashe, a Bit9 Client Partner

Archive for June, 2006

VA laptop recovered; FBI says data not accessed

Posted by Xavier Ashe on June 29, 2006

The government has recovered a stolen
laptop computer and hard drive with sensitive data on up to 26.5
million veterans and military personnel.

The FBI said Thursday there is no evidence that anyone accessed Social Security numbers and other data on the equipment.

Veterans
Affairs Secretary Jim Nicholson, in announcing the recovery of the
computer, said there have been no reports of identity theft stemming
from the May 3 burglary at a VA employee's Maryland home.

The
FBI, in a statement from its Baltimore field office, said a preliminary
review of the equipment by its computer forensic teams “has determined
that the data base remains intact and has not been accessed since it
was stolen.” More tests were planned, however.

Nicholson said the laptop and hard drive were turned in to the FBI. No suspects were in custody.

From CNN.  So some punk kid who broke into his house finally watched the news and figured he better turn it in.  Good move.  I know this will make many veterens very happy.

Advertisements

Posted in Privacy | Leave a Comment »

Fyodor updates Top 100 Security Tools

Posted by Xavier Ashe on June 27, 2006

After the tremendously successful 2000 and 2003
security tools surveys, Insecure.Org is delighted to
release this 2006 survey. I (Fyodor) asked users
from the nmap-hackers
mailing list to share their favorite tools, and 3,243 people
responded. This allowed me to expand the list to 100 tools, and even
subdivide them into categories. Anyone in the security field
would be well advised to go over the list and investigate tools they
are unfamiliar with. I discovered several powerful new tools this
way. I also will be pointing newbies to this site whenever they write
me saying “I don't know where to start”.

Respondents were allowed to list open source or commercial tools on
any platform. Commercial tools are noted as such in the list below.
No votes for the Nmap Security
Scanner
were counted because the survey was taken on a Nmap
mailing list. This audience also means that the list is slightly
biased toward “attack” tools rather than defensive ones.

Nessus, Wireshark, Snort, Netcat and Metasploit Framwork hit the top 5.  Google is #34.  Tor is #59.

See the Top 100 Security Tools.

Posted in Security, Tools | Leave a Comment »

Nessus for Windows Public Beta

Posted by Xavier Ashe on June 27, 2006

Tenable Network Security, Inc. is proud to announce the immediate availability of Nessus 3.0.3 (build 180).

Nessus 3.0.3 fixes several bugs and adds some enhancements over Nessus
3.0.2 and adds support for the Microsoft Windows and Sun Solaris
operating systems.

This release contains the following fixes and improvements :

– nessusd would stop in a middle of a scan if the log file is bigger than 2 gigabytes
– nessusd would stop in a middle of a scan due to a hard to trigger one-byte memory overwrite issue
– ping/packet forgery would fail when scanning a network over a NIC which was not enabled when nessusd initially started up
– performance problems would arise when reading/writing KB files when scanning big networks
nasl -T – script.nasl now makes script debugging easier
– Slightly faster initial plugins processing
– More robust plugins database backend
– On Mac OS X, users can be managed graphically thru the Nessus Server Manager program
– Updated the plugins distributed with the archive

Nessus 3.0.3 is available immediately for Linux, FreeBSD, Mac OS X, Solaris and as a public beta for Microsoft Windows.   More Information

Posted in Security, Tools | Leave a Comment »

Sourcefire thinks that no one else uses whois

Posted by Xavier Ashe on June 22, 2006

When security vendor Countersnipe launched its latest product, it
expected a few bogus enquiries from its rivals. But a request from an
outfit calling themselves Ychange seemed genuine enough.

'Jeff' from Ychange saw a demo and was so impressed he promised to show
the product to Superluminal, his financial services client, which was
just gagging to place a multi-million dollar order.

But a quick Whois check revealed that Superluminal’s web site was owned
by one of Countersnipe’s rivals, Sourcefire. Perhaps Sourcefire didn't
think anyone else would know about this new-fangled Internet thing.

“This has to be the least sophisticated attempt at spying I’ve ever
seen,” laughed Countersnipe’s Amar Rathore, “I wouldn’t mind, but
they’re a security firm, for God’s sake. You’d think they’d know some
cleverer tricks than that.”

TeeHeHe… From The Inquirer.

Posted in Security | Leave a Comment »

After lawsuit, Cisco embraces Black Hat

Posted by Xavier Ashe on June 15, 2006

One year after
suing the hacker conference for allowing security researcher Michael
Lynn to disclose a security vulnerability, Cisco is returning to Black
Hat — this time as one of the show's top sponsors. Black Hat USA will
be July 29 to Aug. 3 in Las Vegas.

“Despite what happened last year we wanted to show our commitment and show our openness to working with the security research
community,” said John Noh, a Cisco spokesman.

Cisco
has sponsored Black Hat in the past, but this is the first time it has
shelled out for the show's most expensive “platinum” sponsor status,
Noh said. This means that Cisco's name will be prominently displayed on
conference materials and that the company will be given sponsorship
credit for some of the show events such as coffee breaks.

Ha… looks like this is to cover their ass… er… I mean image.  Read the full article on InfoWorld.

Posted in Security | Leave a Comment »

Ethereal changes name to Wireshark

Posted by Xavier Ashe on June 15, 2006

Gerald Combs, founder of the Ethereal
project — billed as the world's most popular network protocol analyzer
— caused a flurry of excitement among users and developers Wednesday
when he announced on the Ethereal developers mailing list that he was changing jobs, moving to a new location, and taking the project and its core developers with him as he leaves.

His initial announcement to the list provided some explanation:

I recently accepted a job
with CACE Technologies, best known for WinPcap. This means that I get
to work with Loris Degioanni and Gianluca Varenni, and that my wife and
I get to raise our daughter in Davis, CA.

The move also means a major change for the project. We're continuing development under the name “Wireshark”, at http://www.wireshark.org/.
The web site, mailing lists, bug tracker, SVN repository, buildbot, and
other resources are already in place. All recent source code
submissions have been checked into the new repository, and automated
builds are available at http://www.wireshark.org/download/automated/.

The next version of Wireshark will be 0.99.1. A prerelease version, 0.99.1pre1, is available for download right now at http://www.wireshark.org/download/.

Read the full Article on NewsForge.  It goes into further explaination an what happened to the ethereal name.

Posted in Security, Tools | Leave a Comment »

Still Alive

Posted by Xavier Ashe on June 15, 2006

Hey everyone out there.  Sorry about the silence on the blog, but the traveling has kept me busy.  I had alot of fun in Barcelona at the NetCool User's Conference.  The plan was to present the NOC-SOC integration story, but made a last minute change to present the information I wrote a white paper about, Building a Security Framework in the Next Generation Networks.  Click the link for the preso I presented.  I also had the chance to present the main demo to everyone.  Thanks to everyone who came by.

Look forward to the standard stream of posts to resume shortly.

Posted in Lectures, Personal Note | Leave a Comment »

Dead Air

Posted by Xavier Ashe on June 3, 2006

The Lazy Genius has been quiet this week.  I have been in Edmonton, Alberta, Canada training more consultants at a partner, ARC Business Solutions, on NeuSecure.  It went well, and I enjoyed my time in the great north.  The folks in Edmonton are real nice, similar to the mid-west in their demeanor.  The weather was absolutely perfect, and with the 17 hour days, I enjoyed several parks like the Elk Island National Park and the largest mall in the world, the West Edmonton Mall.  For the exception of working every day, it was like a vacation.  Right now, I am on my way to Barcelona, Spain for the NetCool User's Conference.  I will be giving a presentation on Security Framework in Next Generation Networks (NGN).  I am looking forward to meeting many of you that I have only spoken with on the phone.

I might find some time to a bit of blogging, but it will probably be another week before you see any new posts.

Posted in Lectures, Personal Note | Leave a Comment »

 
%d bloggers like this: