The Lazy Genius

Security News & Brain Dumps from Xavier Ashe, a Bit9 Client Partner

Archive for January, 2008

Tivoli Security Information and Event Manager

Posted by Xavier Ashe on January 29, 2008

This product offering is the next evolution of what I've been doing at IBM.  Finally, a public announcement!!

IBM Tivoli Security Information and Event Manager V1.0 helps IT security organizations obtain valuable security insights that your organization can act on, by:

    * Facilitating compliance by using centralized dashboard and reporting capabilities.
    * Helping to protect intellectual property and privacy by auditing the behavior of all users — privileged and nonprivileged.
    * Managing security operations effectively and efficiently with centralized security event correlation, prioritization, investigation, and response.

IBM Tivoli Security Information and Event Manager V1.0 offers:

    * Integration and exchange of events between IBM Tivoli Security Operations Manager and IBM Tivoli Compliance Insight Manager correlation engines.
    * New endpoint pricing for both security incident and audit log collection.

Security information and event management (SIEM) is a primary concern of CIOs and CSOs in many enterprises and organizations. There is a need to centralize security-relevant events and analyze the consolidated data to obtain valuable security and compliance insights.

IBM offers two complementary perspectives on SIEM:

    * A real-time, network event-oriented management dashboard that facilitates attack recognition and security incident management.
    * An information analysis dashboard to monitor how well an organization adheres to its security and governance policies.

IBM Tivoli® Security Information and Event Manager V1.0 is comprised of two products that work closely together to help realize the full promise of enterprise SIEM: IBM Tivoli Security Operations Manager V4.1 and IBM Tivoli Compliance Insight Manager V8.5. Now you can centralize log collection and event correlation across the enterprise, and can leverage an advanced compliance dashboard and regulatory compliant reports to link security events and user behavior to corporate policies.

Tivoli Security Information and Event Manager V1.0 delivers a foundation from which to address your SIEM requirements — now and into the future. As a result, IT organizations can lower their exposure to security breaches; control the costs of collecting, analyzing, and reporting on compliance related events; and manage the complexity of heterogeneous technologies and infrastructures. IBM Tivoli Security Information and Event Manager offers end-to-end capabilities including:

    * Security compliance dashboard.
    * Security operations dashboard for security incident management.
    * Real-time log aggregation, correlation, and analysis of security incidents.
    * IT operations integration.
          o Recognize, investigate, and respond to security incidents automatically.
          o Streamline incident tracking, handling, and resolution.
    * Mainframe, operating system, application, and database audit analysis.
    * Privileged user monitoring and auditing (PUMA).
    * Log management reporting.

Posted in IBM, Security | Leave a Comment »

Hackers Hit Scientology With Online Attack

Posted by Xavier Ashe on January 28, 2008

A group of hackers calling itself “Anonymous” has hit the Church of Scientology’s Web site with an online attack.

The attack was launched Jan. 19 by Anonymous, which is seeking media
attention to help “save people from Scientology by reversing the
brainwashing,” according to a Web page maintained by Anonymous.

Anonymous claims to have knocked the Church’s Web site offline with
a distributed denial-of-service attack, in which many computers bombard
the victim’s server with requests, overwhelming it with data in the
hope of ultimately knocking the system offline. True to its name,
Anonymous does not disclose the true identities of its members.

The attacks were spurred by the Church’s efforts to remove video of
movie star Tom Cruise professing his admiration for the religion,
according to an Anonymous video manifesto posted to Youtube.

Heh.  Awesome.  I mean…. HACKING IS BAD.  You shouldn't do this.  Even to people who had it coming.  Read more.

Posted in Security | Leave a Comment »

Metasploit Project Releases version 3.1

Posted by Xavier Ashe on January 28, 2008

The Metasploit Project announced today the free, world-wide
availability of version 3.1 of their exploit development and attack
framework. The latest version features a graphical user interface, full
support for the Windows platform, and over 450 modules, including 265
remote exploits. “Metasploit 3.1 consolidates a year of research and
development, integrating ideas and code from some of the sharpest and
most innovative folks in the security research community” said H D
Moore, project manager. Moore is referring the numerous research
projects that have lent code to the framework.

These projects
include the METASM pure-ruby assembler developed by Yoann Guillot and
Julien Tinnes, the “Hacking the iPhone” effort outlined in the
Metasploit Blog, the Windows kernel-land payload staging system
developed by Matt Miller, the heapLib browser exploitation library
written by Alexander Sotirov, the Lorcon 802.11 raw transmit library
created by Joshua Wright and Mike Kershaw, Scruby, the Ruby port of
Philippe Biondi's Scapy project, developed by Sylvain Sarmejeanne, and
a contextual encoding system for Metasploit payloads. “Contextual
encoding breaks most forms of shellcode analysis by encoding a payload
with a target-specific key” said I)ruid, author of the Uninformed
Journal (volume 9) article and developer of the contextual encoding
system included with Metasploit 3.1.

Read the full announcement here.  The new GUI is pretty slick.  This is my most common tool when testing my security implementations.   I use Cain & Abel a lot also.  Anyway, I am  glad to see the project is still moving forward nicely.

Posted in Security | Leave a Comment »

Bill Gates’ last day at Microsoft (spoof)

Posted by Xavier Ashe on January 10, 2008

A video spoof shown during the CES 2008 keynote by Bill Gates about his last full day at Microsoft in July starring himself, Brian Williams, Steve Ballmer, Matthew McConaugheyr, Robbie Bach, Jay-Z, Bono, Steven Spielberg, George Clooney, Jon Stewart, Kevin Turner, Hillary Clinton, Barack Obama, Al Gore, Ray Ozzie and Craig Mundie,

[Javascript required to view Flash movie, please turn it on and refresh this page]

document.getElementById(“player1”).style.display = “”; var s1 = new SWFObject(“http://www.istartedsomething.com/wp-content/plugins/flv-embed/flvplayer.swf”,”player1″,”670″,”397″,”7″); s1.addParam(“allowfullscreen”,”true”); s1.addVariable(“height”,”397″); s1.addVariable(“width”,”670″); s1.addVariable(“file”,”http://www.istartedsomething.com.nyud.net/uploads/bill_gates_leave.flv”); s1.addVariable(“image”,”/uploads/bill_gates_leave.jpg”); s1.addVariable(“fsbuttonlink”,”http://www.istartedsomething.com/wp-content/plugins/flv-embed/fullscreen.php?f=http://www.istartedsomething.com.nyud.net/uploads/bill_gates_leave.flv%26r=http://www.istartedsomething.com/20080107/bill-gates-last-day-microsoft-video/”); s1.write(“player1”);

Amazing who they can call for a guest appearance in the name of Bill Gates.

Posted in For Fun | Leave a Comment »

IBM digs into security management

Posted by Xavier Ashe on January 10, 2008

IBM is aggressively expanding its security
portfolio in hopes of becoming the de facto source of advice and
technology for businesses looking to adopt high-level IT governance and
risk management strategies — a transformation among customers that
officials at Big Blue cite as both ongoing and inevitable.

As the waves of
security threats and data management regulations have washed ashore and
left organizations struggling to balance perimeter and internal
security concerns with mounting obligations to protect highly-valuable
data, companies are being forced to take more of a top-down approach
that addresses broad sets of IT-oriented risks, versus individual
problems, IBM officials maintain.

And
while a host of players ranging from security software makers to
massive IT consultants have begun marketing themselves as those best
suited to help customers embrace a governance and risk management
approach, IBM executives claim that their firm's mix of technology,
services and partnerships place it at the top of any list of providers
capable of helping organizations prepare their security operations for
the future.

“We feel that we're ahead of the curve and driving forward our ability to meet these needs, some of which that might not yet
have emerged from a broad perspective,” said Kris Lovejoy, IBM's director of corporate security strategy.

“We
feel that we are creating security risk management capabilities and
have an opportunity to commoditize them in a way that can be leveraged
at large,” she said. “From an overall strategic perspective, that
doesn't mean that customers are ready to stand up en masse right now
and require everything we've built, but we're actively trying to extend
the portfolio in advance of that trend.”

Great article over at InfoWorld.


Posted in Security | Leave a Comment »

FAA: Boeing's New 787 May Be Vulnerable to Hacker Attack

Posted by Xavier Ashe on January 10, 2008

Boeing's new 787 Dreamliner passenger jet may have a serious security
vulnerability in its onboard computer networks that could allow
passengers to access the plane's control systems, according to the U.S.
Federal Aviation Administration.

The computer network in the Dreamliner's passenger compartment,
designed to give passengers in-flight internet access, is connected to
the plane's control, navigation and communication systems, an FAA
report reveals.

The revelation is causing concern in security circles because the
physical connection of the networks makes the plane's control systems
vulnerable to hackers. A more secure design would physically separate
the two computer networks. Boeing said it's aware of the issue and has
designed a solution it will test shortly.

“This is serious,” said Mark Loveless, a network security analyst with Autonomic Networks, a company in stealth mode, who presented a conference talk last year on Hacking the Friendly Skies
(PowerPoint). “This isn’t a desktop computer. It's controlling the
systems that are keeping people from plunging to their deaths. So I
hope they are really thinking about how to get this right.”

Read more on wired.

Posted in Security | Leave a Comment »

 
%d bloggers like this: