The Lazy Genius

Security News & Brain Dumps from Xavier Ashe, a Bit9 Client Partner

Archive for September, 2006

I'm Back

Posted by Xavier Ashe on September 25, 2006

The previous project kept me away from the blog, but expect it to pick up pace now that's over.  I am taking a week of vacation to move into a new place and will have some time to catch up on all my web reading.  Just wanted to say that the blog's not dead… just asleep for a few weeks.  Here's a picture to show how hard this project was:

Yeah… this job's tough!

Posted in Personal Note | Leave a Comment »

Netcool + Tivoli: delivering service management innovation

Posted by Xavier Ashe on September 25, 2006

The acquisition of Micromuse by IBM marks a major milestone in the
growth of IBM Tivoli software because it significantly strengthens our
service management software portfolio for enterprises of any size. The
Tivoli and Netcool product integration white paper for enterprises, “Netcool + Tivoli: Delivering Service Management Innovation” is now available.

The primary audience of “Netcool + Tivoli: Delivering Service
Management Innovation” is Netcool and Tivoli enterprise customers.
Service provider customers will be addressed in a separate paper. This
paper will help clarify many questions your customers and prospects may
have about Netcool and Tivoli service management product portfolio
integration. The paper discusses the efforts in progress to deliver an
enhanced end-to-end IBM Service Management portfolio within each major
enterprise operational management category that contains Netcool
products. The white paper also addresses:

  • Benefits associated with the combined Netcool and Tivoli portfolio.
  • Safeguards in place to help protect, optimize, and extend investments in Netcool and Tivoli products.
  • Short- and long-term plans to deliver a converged product portfolio.

So the log awaited “roadmap” is publically available.  Look for another paper soon if you a service provider.  It's public confirmation that Tivoli Security Operations Manager will replace Tivoli Risk Manager.  See the PDF for details.

Posted in Other Technology | Leave a Comment »

USB Password Leecher

Posted by Xavier Ashe on September 11, 2006

In this segment we'll
overview a few of Microsoft Window's security weaknesses and show how
to build a custom USB key that will retrieve vital information from a
target computer, necessary for auditing password strength. A major flaw
in the way Windows stores password information is the use of the legacy
LM, or LAN Manager hash. While this hash is based on DES encryption it
is vulnerable to time-memory trade-off attacks due to it's poor
implementation. Our custom USB key uses new U3 technology to
automatically and invisibly retrieve these weak hashes within seconds
of being inserted into the target computer. From here the LM hashes can
be tested against a set of rainbow tables using the popular
rainbowcrack software and audited for password strength. We will also
cover password best practices and prevention methods for this type of
attack.

The beauty of our custom
password hash retrieving USB key comes from it's unique use of U3
technology. U3 is relatively new USB flash drive technology developed
by U3 LLC in cooperation with Sandisk and M-Systems. More information
about U3 can be found at the website http://www.u3.com

It basically uses a portion of the flash drive's memory as a virtual
CD-ROM drive. This allows the Windows autorun feature to work properly,
enabling us to run programs as soon as the drive is inserted into a
computer. The autorun feature does not work properly on standard USB
flash drives so a U3 enabled USB flash drive is required to make this
work.

Good stuff from Hak.5.  They've got the details on how to get it setup and payloads downloadable.

Posted in Security | Leave a Comment »

How To Prevent Windows XP Users From Writing To USB Drives

Posted by Xavier Ashe on September 7, 2006

Open the Registry Editor click on the Start button on your taskbar,
then click on Run and type “regedit” and click on OK to start the
regedit utility.

Expand HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control.

From there right click and create a new key and name it
“StorageDevicePolicies”. In the window on the right then create a new
DWORD value and label it WriteProtect, give it a value of “1” and users
can no longer write to USB drives. To re-enable this option change the
value to 0 and users are again allowed to write.

The modifications you made will be in effect after you reboot your PC.

From Tech-Recipes.com.

Posted in Security | Leave a Comment »

Labor Day fun

Posted by Xavier Ashe on September 4, 2006

I will be onsite at a client for the next few weeks, so there's no telling how much I will be able to post.  Here's a nice geeky comic to pass the time:

This is from kxcd, “A webcomic of romance, sarcasm, math and langauge”.

Posted in For Fun, Personal Note | Leave a Comment »

 
%d bloggers like this: