« December 2008 | Main | February 2009 »

Posts from January 2009

30 January 2009

In-Session Phishing

The in-session phishing attack is a game-changer. This attack exploits the trust of a trusted site (e.g. shopping, banking) by jumping in mid-session in the form of a pop-up. "Your session has timed out, please log on again" or "please reset your password" is what it might state. Since it appears to be originating from the trusted site, the victim complies, sending login credentials not to the trusted server but to the bad guys. More information can be found here. Consider the analogy that a trusted site is like your home. You protect your credentials like you do the keys... Read more →

Posted by on 30 January 2009 at 11:48 PM | | Comments (4) | TrackBack (0)

| |

27 January 2009

What Determines an "Excellent" Security Model?

I was reading a recent article on Infoworld.com about a review of the Google's Chrome Browser. The article from January 26, 2009 is entitled Test Center: How secure is Google Chrome? and written by Roger A. Grimes. Grimes provides some good analysis and commentary regarding the latest browser, but what strikes me as odd and begs the question "What Determines an 'Excellent' Security Model?" Grimes makes the following comment: "The security model Chrome follows is excellent. Chrome separates the main browser program, called the browser kernel, from the rendering processes, which are based upon the open source WebKit engine, also... Read more →

Posted by on 27 January 2009 at 01:58 PM in IT Security, Network Security, Operations Security, Privacy, Risk | | Comments (2) | TrackBack (0)

| |

A Mistaken Conviction Based on Digital Forensics – Part 2 – The Trial, Day 1

Department of Homeland Security Daily Open Source Infrastructure Report

During the pretrial examination we learned that there appeared to be sufficient basis to have excluded the forensic evidence yet that did not happen. Let us see what happened during the trial which allowed the forensic evidence for the prosecution to be presented to the court and considered by the jury during its deliberations which resulted in Julie Amero’s conviction on all counts. Before we do however, let us take a brief look at the community’s perspective of the crime and how that might have influenced their deliberation to some degree.... Read more →

Posted by on 27 January 2009 at 10:16 AM in Digital Forensics, IT Security, Legal, Malware, Network Security | | Comments (0) | TrackBack (0)

| |

26 January 2009

Common sense and separation of systems

Somebody recently asked, on the CISSPforum, for some kind of reference supporting the concept that it was a good idea not to do development or testing on production systems. I think Mim Britt said it best: "Separation of test and production environments is one of those things that is such basic common sense that it wouldn't occur to me to have to point to something that says to do it. The first time you test something on your production network and it breaks something else which breaks something else, etc etc etc is the LAST time they will ask you... Read more →

Posted by on 26 January 2009 at 08:49 PM in Cybersecurity Training, IT Security, Operations Security, Risk | | Comments (0) | TrackBack (0)

| |

24 January 2009

A Mistaken Conviction Based on Digital Forensics – Part 1.5 – On Good Morning America

The dilemma of Julie Amero will be told on Good Morning America, ABC, on Tuesday, January 27th, 2009 between 8-9am EST I am told. Julie and the lead forensic analyst Alex Eckelberry were interviewed as well, I believe, as others. Some interesting events occurred during the taping and the Julie Amero team agreed that they would not be discussed until after the showing. Watch it with me and let us see what is being told by the mass media. I am working on Part 2 - The Trial and plan to have it ready to post that same day. Read more →

Posted by on 24 January 2009 at 06:52 AM in Digital Forensics, IT Security, Malware, Network Security | | Comments (0) | TrackBack (0)

| |

22 January 2009

Fighting Against Phishing Scams

In last few days I noticed a huge spike in the number of phishing e-mails in my inbox. Most of them came disguised as e-mails from Microsoft Live support team regarding a possible account closure or reactivation. I have seen similar kind of phishing scams in past but this time the number of such e-mails were very huge. In a single day I got more than 100 such e-mails. None of them went to my junk folder but directly came to my inbox though I have good phishing/spam filters in place. I even received 2-3 follow-up e-mails from few e-mail... Read more →

Posted by on 22 January 2009 at 08:09 AM in IT Security, Malware | | Comments (2) | TrackBack (0)

| |

21 January 2009

Using SIEM tools for Fraud Detection

Some time ago I was assigned for a project in a Telecom in South America to design, build and deploy a SOC Infrastructure. The customer objective was to monitor the network against attacks (vulnerable devices, brute force attacks, etc) and correlate events in order to identify hidden treats (DDOS, scanning, worms) and to identify business and operational frauds. I meet the audit team and then I got able to understand where their main frauds happen, some examples were: ADSL and Dial users sharing username/password; ADSL Subscribers connecting with higher speeds than they had hired; Operators accessing the system outside of... Read more →

Posted by on 21 January 2009 at 10:38 AM in Insider Risk, IT Security | | Comments (1) | TrackBack (0)

| |

20 January 2009

Where is the Security in Depth?

A recent article from Linux Journal is rather disconcerting. The article discusses the fact that the United Kingdom's Royal Submarine Fleet and overall Navy is 75% compromised by computer viruses. The systems associated with the submarines should be relatively secure, regardless of the fact that they are running Windows XP. The real question is how they were infected? Could this incident be a result of unauthorized USB devices? Or a phishing incident that infected a system through an email? The fact remains that this incident re-iterates the potential issues faced by the United States Military at the end of 2008... Read more →

Posted by on 20 January 2009 at 02:11 PM in Insider Risk, IT Security, Malware, Operations Security, Risk | | Comments (0) | TrackBack (0)

| |

Phishing attack disguised as message from FDIC

See today’s DHS Daily Open Source Infrastructure Report (DOSIR) for information regarding a phishing attack disguised as a message from the FDIC. It is impacting the Fedwire. Will it impact your business? The report is available at http://www.dhs.gov/xlibrary/assets/DHS_Daily_Report_2009-01-20.pdf for the next two weeks. Later, it can be found at http://www.hspig.org/phpbb/viewforum.php?f=20. Read more →

Posted by on 20 January 2009 at 08:50 AM in IT Security, Malware, Network Security | | Comments (0) | TrackBack (0)

| |

19 January 2009

More resources ...

A bit of catchup with some useful resources. The SecLists.Org Security Mailing List Archive is a list of a number of information security and related mailing lists. The Top 100 Network Security Tools is not a vendor site as such, but a (briefly) annotated list of the most highly regarded (and used) security tools and utilities. An awful lot of these are free. Unfortunately, this is currently based on a 2006 survey, but has been updated in terms of individual tools. For those teaching, or even seeking to understand, TCP/IP packet headers, a lovely collection of TCP/IP Header Drawings which... Read more →

Posted by on 19 January 2009 at 03:45 PM in Cybersecurity Training, IT Security, Operations Security | | Comments (0) | TrackBack (0)

| |

16 January 2009

Laughter - the best medicine

Ben Rothke wrote a cute tongue-in-cheek blog-like piece for Network World about using laughter as a security metric, referring to the gales of laughter from managers that occasionally greet our serious security project/funding requests and equating the degree of mirth with the manager's cluelessness. Unfortunately, even clued-up managers don't always take us seriously, especially in a funding crisis, but anyway, it's a nice idea Ben, if a somewhat negative or cynical metric. Actually, it set me thinking about the value of laughter in security awareness and training activities. I would argue that laughter can also be a positive metric. Let... Read more →

Posted by on 16 January 2009 at 05:38 PM in IT Security | | Comments (0) | TrackBack (0)

| |

Interview with an adware author

I'm usually not too impressed with interviews with the blackhat side: they tend to be long on self-justification and short on actual information or thought. However, this one is fairly decent, with some interesting perspectives on "the road to hell" as well as some insights on spam and adware protection. Read more →

Posted by on 16 January 2009 at 05:20 PM in Cybersecurity Training, Ethics, Insider Risk, IT Security, Legal, Malware, Operations Security, Privacy | | Comments (0) | TrackBack (0)

| |

15 January 2009

A Mistaken Conviction Based on Digital Forensics – Part 1 – Pretrial

Most of us watch criminal cases in movies and on television where forensic evidence ices a conviction and exonerates the innocent. How is it possible that someone can be convicted based on forensic evidence when they were not guilty? Let’s examine a modern day case where this occurred: · The event took place on October 19th, 2004 · The accused was tried and convicted on January 3-5, 2007 · The sentencing was scheduled for eight weeks later, March 2nd, 2007, then delayed until o March 29th, 2007 which was postponed on March 28th, 2007 until o April 26th, 2007 and... Read more →

Posted by on 15 January 2009 at 06:40 AM in Digital Forensics, IT Security, Legal, Malware, Risk | | Comments (0) | TrackBack (0)

| |

14 January 2009

Disk encryption driver hole exposes encryption key

See today’s DHS Daily Open Source Infrastructure Report (DOSIR) for information regarding potential disk encryption compromise as well as a countermeasure which has already been installed in one product. Is it the one which you are using? The report is available at http://www.dhs.gov/xlibrary/assets/DHS_Daily_Report_2009-01-14.pdf for the next two weeks. Later, it can be found at http://www.hspig.org/phpbb/viewforum.php?f=20. Read more →

Posted by on 14 January 2009 at 08:54 AM in IT Security, Malware, Risk | | Comments (1) | TrackBack (0)

| |

Keeping Up-to-Date on a Daily Basis

When I started in information security we nearly danced with joy when an article in one of the trade journals focused upon infosec or contingency planning. Today there are so many, as well as blogs, that it is virtually impossible to identify all of the sources, never mind read them all. Add to that, so many are not appropriate to your specific perspective, configuration or enterprise. However, there is one source that may help and perhaps help a great deal. You see, the Department of Homeland Security (DHS) publishes a daily report of relevant articles which DHS views as threats... Read more →

Posted by on 14 January 2009 at 08:34 AM in Insider Risk, IT Security, Malware, Privacy, Risk | | Comments (0) | TrackBack (0)

| |

13 January 2009

Mitre/SANS Top 25 Programming Errors

The OWASP Top Ten has some more competition. Based on the SANS Top 20 attack vectors and MITRE's Common Weakness Enumeration (CWE), this document presents detailed descriptions of the top 25 programming errors along with guidance for mitigation. The errors are also cross referenced against related CWE items, as well as the Common Attack Pattern Enumeration and Classification (CAPEC) structure. Read more →

Posted by on 13 January 2009 at 06:22 PM in Cybersecurity Training, Digital Forensics, IT Security, Malware, Operations Security, Software Development | | Comments (0) | TrackBack (0)

| |

11 January 2009

Rootkit detection and protection products and sites

The term "rootkit" is a difficult one to define, or at least fix a definition on. Originally it referred to a script, set of scripts, or package of modified system programs (thus "kit") used for gaining or keeping unauthorized root permissions (or equivalent supervisory powers) on a compromised system. Recently, media usage has expanded this definition to include any software that can hide software or processes on a system, but this usage is vague and likely to lead to confusion. Antirootkit.com doesn't have an awful lot of information on the site, but it does have a list of rootkit detection... Read more →

Posted by on 11 January 2009 at 02:57 PM in Cybersecurity Training, Digital Forensics, IT Security, Malware | | Comments (0) | TrackBack (0)

| |

10 January 2009

Mailing lists, news feeds, and similar resources

In maintaining the Vancouver Security SIG links page, I realized that I hadn't created a category for mailing lists and similar sources of information. So, here goes with a few to start. The RISKS Forum Digest, moderated by Peter G. Neumann, is the pre-eminent security-related mailing list on the Internet, and probably the oldest as well. This site, courtesy of the University of Newcastle upon Tyne, maintains a complete archive, and provides directions on how to subscribe at the RISKS Info Page. The material is also summarized, by Neumann, in the Illustrative Risks site. This provides coded, on-line descriptions of... Read more →

Posted by on 10 January 2009 at 04:24 PM in Cybersecurity Training, IT Security, Operations Security, Risk | | Comments (0) | TrackBack (0)

| |

08 January 2009

Shouting at hard disks

Shhh, be wewwy, wewwy, quiet! We'we hunting disk latency. Who knew that yelling at your hard disks, far from getting them to work faster, would only make things worse? Well, when you think about it in terms of vibration, it makes a lot of sense. Read more →

Posted by on 08 January 2009 at 05:36 PM in Cybersecurity Training, Insider Risk, Operations Security | | Comments (0) | TrackBack (0)

| |

Software Security Top 10 Surprises

Gary McGraw, Brian Chess, and Sammy Migues interviewed nine executives running top software security programs, and wrote an article for InformIT. Some results showed that we are still not doing enough, even at our best. Some showed that some of the things we stress most heavily are actually wrong. The article is summarized in a bullet list. Read more →

Posted by on 08 January 2009 at 03:15 PM in Cybersecurity Training, IT Security, Software Development | | Comments (0) | TrackBack (0)

| |

Next »