| 04/07/07 || Awareness || US Schools Need to Improve Security Education |
[ JG ] Training our kids on the dangers of cyberspace should be one of our priorities, not only to prevent them to become cyber-criminals, but also to protect them from them and avoid abuses to them that are becoming more and more current such as Child Pornography.
| 03/03/07 || Firewalls || Modsecurity rule developers have kicked off the Cool Rules project |
[ CF ] '' As many of you will already know, modsecurity is one of the most well-known web application firewalls out there. Cool Rules project aims to provide a high-quality ruleset for the community in order to help on common web security issues.
| 13/02/07 || Forensics || The DFRWS 2007 File Carving Challenge has been posted |
[ JG ] This years challenge builds upon last years and adds more file types and scenarios. File carving is the process of extracting files from data using file type specific knowledge, such as header and footer values or internal data structures. Different approaches to file carving result in different error rates and the goal of this challenge is to develop AUTOMATED file carving programs that are efficient and have low false positive rates.
| 12/02/07 || Malware || 'Ransomware' on the rise |
[ JG ] Eugene Kaspersky at last week's RSA Conference: Online criminals are turning away from threatening companies with massive cyberattacks in favor of encrypting a victim's data and then demanding money to decrypt it. See the article.
| 09/02/07 || Cryptography || A New Secure Hash Standard|
[ JG ] Bruce Schneier discusses in A New Secure Hash Standard the new competition put up by the NIST for a new hash standard that supersedes md5 and sha1, due to the serious cryptographic weaknesses found on them during the last year.
| 08/02/07 || Layer 2 || Essential lockdowns for Layer 2 switch security |
[ JG ] In our pentests I often realize that Layer 2 is one of the big forgotten in terms of hardening. This is specially serious when organizations use VLANs and switch-centric security approches: switch takeover implies a complete collapse of the security architecture... and to be honest, that's typically not too difficult. This article, Essential lockdowns for Layer 2 switch security by George Ou, covers the most important things you should be doing to harden your infrastructure at Layer 2 (a bit Cisco-centric, be warned).
| 07/02/07 || Privacy || Google search history and privacy |
[ JG ] I've never been a big fan of public online services, I'm probably a little too paranoid to trust my personal or professional information to a third party and a) trust they will make good use of it, b) trust it will not be stolen by anyone else. That's why I don't use gmail, yahoo or similar things. I have this weird feeling that one day this would bite me in the ankle. Sometimes you don't even realize they are tracking you. Take a look at this article, Google search history and privacy, and you'll understand (and maybe share) my paranoia.
| 06/02/07 || General || Announcing a global view on the Internet: ATLAS |
[ JG ] Today Jose Nazario announced the availability of ATLAS, a very cool project led Jose and hosted by Arbor Networks: The ATLAS (Active Threat Level Analysis System) portal is a public resource that delivers a sub-set of the intelligence derived from the ATLAS sensor network on host/port scanning activity, zero-day exploits and worm propagation, security events, vulnerability disclosures and dynamic botnet and phishing infrastructures.
| 05/02/07 || Antivirus || The Extraordinary Failure of Anti-Virus Technology |
[ JG ] We all keep hearing about how Anti-Virus are not delivering the security we expect from them, but ... can you tell me a single security product that is? I came across this paper today, The Extraordinary Failure of Anti-Virus Technology. The paper includes some interesting statistics and case studies, but it's obviously highly biased because it has been written by SecureWave, a company that commercializes Sanctuary, a product that uses application whitelisting for computer prevention in substitution of Anti-Virus technology. I welcome every new technology that may help us, but I hate to see a vendor selling you Silver Bullets. I'm certain that whitelisting is useful in many environments, but I don't want to think about the administrative nightmare it can be in less controlled environments. So once more, I see how this technology can help some of our clients but others will still benefit from good old anti-virus products.
| 02/02/07 || Phising || Phishing Evolution Report Released |
[ JG ] The report about a new phishing technique being employed on a professional networking site (late last week) which was covered in this article at The Register is available.
| 31/01/07 || Forensics || Computer Forensics for Lawyers |
[ JG ] I don't think we have many lawyers among our readers (who knows!) but I came across this cool paper, Computer Forensics for Lawyers Who Canít Set the Clock on their VCR by Craig Ball, which explains in normal words (sometimes in attorney's jargon) the most important concepts in Digital Investigations. Some of the sections (specially at the end of the paper) can be enlightening for Forensics Technical Personnel, as they provide insight in some of the issues that attorneys are worried about and techies typically don't know about.
| 30/01/07 || Forensics || One Big File is Not Enough |
[ JG ] I just found a reference to a very interesting paper / presentation, by Simson Garfinkel and David Malan discussing the effectiveness of wiping media through the creation of a big file, and an evaluation of the different tools that use this technique. You have more information about wiping in our JISK: Forensics > Areas > Disks and Filesystems
| 29/01/07 || Forensics || Fundamental Computer Investigation Guide For Windows |
[ JG ] Microsoft published recently the Fundamental Computer Investigation Guide For Windows, and online guide that provides assistance in performing a Windows computer investigation. The guide is quite useful in providing a good overview of the Incident Response and Forensics tools and processes but due to its extension it obviously lacks the in-depth level of detail required by a real-life case. The worksheets and tool references are quite useful as well. If you want references that provide greater level of detail, check the Forensics Books section at our JISK.
| || || |
| >> See the Security News Archive << || |