| 28/01/07 || Botnets || Vint Cerf: Up to a quarter of all computers are part of a botnet|
[ JG ] In a recent panel which included Vinton Cerf (one of the fathers of the Internet), Michael Dell (yep, that Dell), Hamadoun Toure (Sec. Gral. of the Intnl. Telecommunication Union), John Markoff (New York Times technology writer) and Jon Zittrain (prof. for internet governance at Oxford Univ.), Vinton said that up to a quarter of all computers are part of a botnet. Scary, isn't it? Is the Internet doomed?
| 27/01/07 || Data Protection || Time to Secure the Data Layer |
[ JG ] Many of us have being preaching in the desert for years, but at last reality comes crashing and people are starting to realize that Defense In-Depth is the only way to go, now that perimeters start to vanish and attackers (insiders and outsiders) are targeting the Data itself. More than a year ago Bryan Robinson described the situation in Emerging threats spur technology updates and a new class of security devices. Today this applies more than ever.
| 26/01/07 || Malware || P. Bueno's Malware Analysis Quiz VII - Results|
[ JG ] The results of the 7th edition of Pedro Bueno's Malware Quiz at the SANS ISC are out.
| 25/01/07 || Forensics || Forensics Conference & Training List|
[ JG ] Dave Baker has updated his Forensics Conference & Training List at the Forensics Wiki. Remember that we also maintain a more general Conference & Training List.
| 24/01/07 || Privacy || How to leak a secret and not get caught|
[ JG ] Take a look at this article describing a new interesting initiative, WikiLeaks, which aims to preserve freedom of speech in highly Internet-censored regimes and similar situations. According to the creators of the site, the targets are China, Russia, and oppressive regimes in Eurasia, the Middle East and sub-Saharan Africa.
| 23/01/07 || Forensics || Internet Resources for Computer Forensics |
[ JG ] Take a look at this HUGE collection of forensics-related links to resources of all types, collected by Dr. Tom O'Connor. He also maintains this other site at the Austin Peay State University. Very Impressive Dr. O'Connor!
| 22/01/07 || Forensics || Investigations Involving the Internet and Computer Networks|
[ JG ] The Investigations Involving the Internet and Computer Networks publication, recently published by the U.S. Dept. of Justice, covers investigative fundamentals in different Internet technologies such as E-Mail, Chat, News, File Sharing, etc. While pretty basic in content and scope it can serve as a nice introduction to those of you new to Internet investigations. Chapter 9 provides an interesting introduction to US Legislation. The Annexes contain document templates for Subpoenas, Reports & Information Requests.
| 21/01/07 || Incident Response || SANS Incident Response Contact Page|
[ JG ] SANS is developing an Incident Response Contact Page. If you have any suggestion you can submit it through their contact form.
| 20/01/07 || Forensics || Write Blockers Evaluation|
[ JG ] I discovered today that the National Institute of Justice is carrying out evaluations of Write Blocker products, both hardware and software, as part of their Computer Forensic Tool Testing (CFTT) program.
| 19/01/07 || Malware || Review: Six Rootkit Detectors Protect Your System|
[ JG ] This very interesting article reviews the most popular Rootkit Detectors today.
| 16/01/07 || Malware || Introductory Rootkits presentation|
[ JG ] This presentation, Rootkits: The Basics by Tim Shelton, provides an excellent overview about the different types of Rootkits in Windows, Linux and OS X, and their history.
| 15/01/07 || RE / Exploits || Uninformed Journal vol.6 is out |
[ JG ] Volume 6 of the Uninformed Journal is out.
| 14/01/07 || Forensics || EnCase v6 is out|
[ JG ] The latest version of the most popular commercial Forensics software is out.
| 13/01/07 || IDS || Current Status of IDS Research|
[ JG ] Maarten Van Horenbeeck provides an excellent overview of the current status of IDS research in this post to the focus-ids @ securityfocus mailing list. He fails to mention the integration of IDS with Forensics Analysis and Response tools, like EnCase AIRS.
| 12/01/07 || Forensics || Wireless Forensics: Tapping the Air|
[ JG ] My SANS colleague Raul Siles published a few days ago an excellent two-part article about Wireless Forensics: Wireless Forensics: Tapping the Air - Part 1 - Part 2
| 11/01/07 || Malware || Advanced Malware Cleaning|
[ JG ] Checking the Security Matters blog, the blog space of my good friend Johnny Foo, I found this interesting webcast: Advanced Malware Cleaning by Mark Russinovich.
| 10/01/07 || Vulnerabilities || [ JG ] The iDefense Q-1 2007 Challenge is out, this time focusing on Remote Arbitrary Code Execution Vulnerabilities in Vista & IE 7.0 |
| 09/01/07 || Malware || [ JG ] Looking around I also found this other paper: Trojan.Downloader Analysis by Stephan Chenette from Websense Security Labs, about a specimen that downloads a trojan into the system. |
| 09/01/07 || Malware || [ JG ] Check this paper, Anatomy of a Malware, by Nicolas Falliere. It's an easy to follow analysis on a FSG-packed password stealer written in C. |
| 05/01/07 || Encryption || [ JG ] Data at rest encryption seems to be around the corner pushed by things like the US Data Accountability and Trust Act. Peter Giannoulis describes the risk and impact of such a move at the enterprise level in his article The Pitfalls of Full Disk Encryption |
| 04/01/07 || Legal || [ JG ] US Companies are now required to retain more data by the recently approved (Dec 1) Federal Rules of Civil Procedure. Related references: Obligations For Email, Key Amendments to the FRCP for Electronic Discovery |
| 01/01/07 || Vulnerabilities || [ JG ] The Month of Apple Bugs has begun. |
| 01/01/07 || Hacking || [ JG ] NGSEC has announced its new Hacking Challenge: NGSEC's Security Game #3 - BrainStorming |