NetSec

12.30.2004

Trojan horse exploits a vulnerability found in October in how Internet Explorer and Windows XP Service Pack 2 handle help files called from web pages
Symantec link: Trojan.phel.A

posted by Lance Thursday, December 30, 2004

12.28.2004

New Netcat Released Due to Netcat for NT DNS Vulnerability

posted by GeeWhiz Tuesday, December 28, 2004

12.26.2004

Unpatched Windows Flaws Discovered by Flashsky (see DCOM MS03-039) - LoadImage API, Kernel ANI File Parsing and winhlp32.exe Heap Overflow

posted by GeeWhiz Sunday, December 26, 2004

Yet Another Critical Flaw in Windows Help which Allows for Total Remote Compromise via IE

posted by GeeWhiz Sunday, December 26, 2004

New Version of Santy Worm Uses Google to Find Sites Vulnerable to PHP Flaw

posted by GeeWhiz Sunday, December 26, 2004

12.24.2004

Raptor - Security References

posted by GeeWhiz Friday, December 24, 2004

The Open Source Security Testing Methodology Manual (OSSTMM) is a peer-reviewed methodology for performing security tests and metrics. The OSSTMM test cases are divided into five channels (sections) which collectively test: information and data controls, personnel security awareness levels, fraud and social engineering control levels, computer and telecommunications networks, wireless devices, mobile devices, physical security access controls, security processes, and physical locations such as buildings, perimeters, and military bases.

posted by GeeWhiz Friday, December 24, 2004

12.22.2004

Diebold to Pay California $2.6 Million for Fraudulent E-Voting Security Claims

posted by GeeWhiz Wednesday, December 22, 2004

Cisco Default Password Vulnerabilities:

Cisco Security Advisory: Default Administrative Password in Cisco Guard and Traffic Anomaly Detector

Cisco Unity Integrated with Exchange Has Default Passwords

posted by GeeWhiz Wednesday, December 22, 2004

12.21.2004

Xprobe 2.0.2.1 Released

posted by GeeWhiz Tuesday, December 21, 2004

12.18.2004

DHS Cybersecurity Lagging

posted by GeeWhiz Saturday, December 18, 2004

WEP: Dead Again

posted by GeeWhiz Saturday, December 18, 2004

The Big Brothers and Big Sisters Organization is Looking for IT Help. Let me know if any of you feel like helping them out.

posted by GeeWhiz Saturday, December 18, 2004

DHMTL.OCX XSS Flaw (Translation: IE is Phishfood)

posted by GeeWhiz Saturday, December 18, 2004

12.17.2004

Google Print is aiming to put the library collections of Stanford, Oxford, Harvard, Michigan and the New York Public Library Online! The could be a tremendous victory for fair use. Hey... what's that? Do you hear lawyers sharpening axes?

posted by GeeWhiz Friday, December 17, 2004

Wardriver Gets 9 Years for Lowes Hack- Honestly, Lowes Should be Sued to Kingdom Come for Sending Credit Card Data Over Insecure Wireless Networks.

posted by GeeWhiz Friday, December 17, 2004

Cell Phones Used as Bugs... The Price is a Bit High Though

posted by GeeWhiz Friday, December 17, 2004

NIST 800-72 Guidlines on PDA Forensics

posted by GeeWhiz Friday, December 17, 2004

Symantec Buys Veritas, Now the 4th Largest Software Firm
Veritas Backup Exec Agent Browser Registration Request Buffer Overflow Vulnerability
Metasploit Module for Viritas Flaw

posted by GeeWhiz Friday, December 17, 2004

12.16.2004

Honeynet Security Console 1.2 Released

posted by GeeWhiz Thursday, December 16, 2004

DJB's MCS 494 Required Students to Each Discover 10 New Flaws in Open Source Software And You Thought My Courses Were Tough

posted by GeeWhiz Thursday, December 16, 2004

12.15.2004

Two Cisco Security Advisories out today related to Default Administrative Passwords
Cisco Unity Integrated with Exchange Has Default Passwords
Default Administrative Password in Cisco Guard and Traffic Anomaly Detector

posted by Brenda Wednesday, December 15, 2004

MS04-041 Malicious Wordpad File Buffer Overflow

More Information on MS04-041 from I-Defense

MS04-042 M$ DHCP Server Remote Execution (or DOS) Vulnerability

MS04-043 Hyperterminal - Malicious .ht File Buffer Overflow

MS04-044 Windows Kernel / LSASS Privilege Elevation

MS04-045 WINS Service Vulnerability (this vulnerability was exploited in the wild for at least a month before this patch was released)

posted by GeeWhiz Wednesday, December 15, 2004

12.14.2004

Symantec Live Update Local System Vulnerability

posted by GeeWhiz Tuesday, December 14, 2004

The Phishing Guide. Attack vectors and defense against

posted by Anonymous Tuesday, December 14, 2004

12.13.2004

DirecTV hacker sentenced to seven years

posted by GeeWhiz Monday, December 13, 2004

Netware Screensaver Authentication Bypass Vulnerability

posted by GeeWhiz Monday, December 13, 2004

12.12.2004

WINS Remote Root Vulnerability Info

posted by GeeWhiz Sunday, December 12, 2004

12.11.2004

Penn State Tells 80,000 Students To Chuck IE

posted by arkng Saturday, December 11, 2004

12.10.2004

Microsoft to Issue 5 Important Patches Dec. 14th

posted by GeeWhiz Friday, December 10, 2004

Cyber Security & the Cassandra Syndrome

posted by GeeWhiz Friday, December 10, 2004

Biometric Data Collected on Fallujah Residents - US forces in Iraq are attempting to tame Fallujah with biometric ID. The returning population of up to 250,000, reporter is to be allowed back in gradually, a few thousand at a time. They'll be finger printed, given a retina scan and then an ID card, which will only allow them to travel around their homes or to nearby aid centers, which are now being built. The Marines will be authorized to use deadly force against those breaking the rules.

posted by GeeWhiz Friday, December 10, 2004

12.09.2004

NetBSD 2.0 Released

posted by GeeWhiz Thursday, December 09, 2004

This is Absolutely Hilarious: Programming Language Inventor... Or Serial Killer. You Decide.

posted by GeeWhiz Thursday, December 09, 2004

Detecting Complex Viruses

posted by GeeWhiz Thursday, December 09, 2004

Fake Lycos Screensaver Hides a Keylogger

posted by GeeWhiz Thursday, December 09, 2004

Siemens Smashes Wireless Speed Record

posted by GeeWhiz Thursday, December 09, 2004

Would you hire this person?

Colby Nolan
123 Sesame St.
Sometown, VV 12345

Education -
Masters of Business Administration
Trinity Southern Univerity, Texas
3.5 GPA

Experience -
Baby-sitting
Retail management

Would it affect your decision to know that Colby is a cat?

posted by GeeWhiz Thursday, December 09, 2004

12.08.2004

Please Send Your Questions for Thursday, December 10th!

posted by GeeWhiz Wednesday, December 08, 2004

The Windows Script Encoder Allows for Trivial Scrambling of Scripts to "Prevent" Clients from Reverse Engineering The Contents While Allowing for the Script to Run. The Big Suprise? This is Apparently Being (Ab)Used for Malware AV Evasion. Here is a Script Decoder from Grey Magic

posted by GeeWhiz Wednesday, December 08, 2004

An Introduction to the OCTAVE Method: A Qualitative Model for Security Analysis

posted by GeeWhiz Wednesday, December 08, 2004

12.07.2004

MD5 To Be Considered Harmful Some Day from Dan Kaminski. Dan has made Stripwire Available as a Proof of Concept Application. Dan's work is based on that of Wang et al.

posted by GeeWhiz Tuesday, December 07, 2004

New Helix (Bootable Computer Forensics ISO) Release

posted by GeeWhiz Tuesday, December 07, 2004

12.06.2004

High School Drop Out to Become Homeland Security Czar

posted by GeeWhiz Monday, December 06, 2004

12.05.2004

Amit Yoran: Code Checking Tools 10 Years from Maturity

posted by GeeWhiz Sunday, December 05, 2004

12.04.2004

Berkeley Breach Causes Backlash

posted by GeeWhiz Saturday, December 04, 2004

Foreign Visits: What is Inappropriate? It is not uncommon for foreign agents to request visits to corporate sites that have government contracts in hopes of gleaning classified information.

posted by GeeWhiz Saturday, December 04, 2004

12.03.2004

Security Job = Job Security from Keith

posted by GeeWhiz Friday, December 03, 2004

12.02.2004

Need Stocking Stuffers for Geeks?

ThinkGeek is, of course, a Geek Gift Mecca

Bookpool has great book prices and Knoppix Hacks looks neat AND cheap.

Jinx Hackwear Makes Some Great T-Shirts

Office Dweller? Despair will help Brighten up that special someone's office environment!

Searching for Something for that Special No One? How about an 18GB Set of Rainbow Tables from Sarca Rainbow Tables?

posted by GeeWhiz Thursday, December 02, 2004

Cisco Security Advisory: Cisco CNS Network Registrar Denial of Service Vulnerability
Vulnerable Products:
Cisco CNS Network Registrar for Windows NT server and Windows 2000

posted by Brenda Thursday, December 02, 2004

Warning - Pseudohumorous Technorant: LiveShot is Aiming to Offer the Ability to Go Hunting Without Leaving Your Chair. That's right... forget the limits and go online hunting! Americanus Obesaurus can hunt exotic game from the comfort of their Hummer using little more than a PDA and cellmodem. My question is... Can hunters shoot other virtual hunters? Hunting just wouldn't be the same without hunting accidents. Have the owners thought about what might happen if someone "owns" the armed webcam? I have nothing against maintaining one's skills with various applications of weaponry but... sheese... sooner or later we should put down our various and sundry communications devices and Get Off the Couch!

posted by GeeWhiz Thursday, December 02, 2004

12.01.2004

MS04-040
Yet another Critical update for IE released today (the IFRAME patch, FINALLY)

posted by Brenda Wednesday, December 01, 2004

Supersweet HoneyPot OS - Windows XP PC's Compromised 9 Times in 15 days

Finnish Communications Regulatory Authority Urges Citizens to Not Use IE

posted by GeeWhiz Wednesday, December 01, 2004

11.29.2004

SANS Webcast - The Hacking Evolution: New Trends in Exploits and Vulnerabilities Tuesday, November 30 at 1:00 PM EST (1800 UTC)

posted by GeeWhiz Monday, November 29, 2004

11.28.2004

Found an extremely worrisome article by ZDNet UK regarding a request by the FBI to collect web server logs from insecure.org.

Luckily, our friend Fyodor has denied their requests due to a lack of proper search warrant. Good for him!

The incompetence at ZDNet is shown at the beginning of the article. "The creator of the famous hacking tool Nmap is being hounded by the FBI for copies of Web server log data from his Web site Insecure.org."

(What dorkfaces.)

Read the article...

posted by Anonymous Sunday, November 28, 2004

11.27.2004

I am deeply saddened to inform you of the sale of Illmob.org to an undisclosed party for the amount of $5,000US. Pingywon and morning_wood will continue to update the site for the next three months, until control of the domain is transferred. It is always a pity to lose an active member of the scene, and I wish nothing but the best for my friend xIllwillx, and I'm sure the rest of the community joins in my sentiments. Thanks for all you contributed, guys!

posted by Anonymous Saturday, November 27, 2004

11.24.2004

A flaw in Sun Microsystems' plug-in for running Java on a variety of browsers and operating systems could allow a virus to spread through Microsoft Windows and Linux PCs

posted by Lance Wednesday, November 24, 2004

PETCO settles Federal Trade Commission action over a security hole on it's e-commerce site that left as many as 500,000 customer credit card numbers exposed

posted by GeeWhiz Wednesday, November 24, 2004

11.23.2004

Handbook of Information Security Management

posted by GeeWhiz Tuesday, November 23, 2004

Port Reporter Parser Provides a GUI for Parsing Port Reporter Logs

posted by GeeWhiz Tuesday, November 23, 2004

11.22.2004

BlueMonger is a demo application for advanced smart phones running Java with support for the Bluetooth API. It will poll for Bluetooth devices in the near vicinity, list those devices and post their discovery to your weblog via XML-RPC. These posts will link back to BlueMonger.com so that you can see by the referrers if other people with weblogs have passed by the same device. If you don't know what that meant, you probably don't want to try this application.

posted by GeeWhiz Monday, November 22, 2004

11.21.2004

Port Reporter is a M$ Windows service that logs all port activity including PID to port mappings and a dump of all DLL's bound to a port. While this may eat up a bit of disk and CPU, this data could help track down backdoors, trojans, rootkits, etc. Here's a snippet from telnet-ing to a netcat listener on port 3333:

date,time,protocol,local port,local IP address,remote port,remote IP address,PID,module,user context
04/11/21,13:36:3,TCP,1372,127.0.0.1,3333,127.0.0.1,2648,telnet.exe,
04/11/21,13:36:3,TCP,3333,127.0.0.1,1372,127.0.0.1,4020,nc.exe,

posted by GeeWhiz Sunday, November 21, 2004

11.20.2004

Sourcefire is offering two $5000 Snort Scholarships from TimK

posted by GeeWhiz Saturday, November 20, 2004

SecurityForest.com is a collaboratively edited Forest consisting of Trees which anyone can contribute to. SecurityForest's trees are specific security repositories that are categorized for practical reasons. The technologies currently in use in these repositories are based on Wiki and CVS technology. Current trees are Exploits, Tools, Tutorials and Links.

posted by GeeWhiz Saturday, November 20, 2004

Regarding ARKNG's Post. Here is more information on "One Air Force, One Network". Smells like Monoculture. The idea of a single web based extranet for ALL Air Force functions scare the bejeezus out of me. Remember when the Army was repeatedly owned via IIS and responded by switching their public servers to OS-X? Explore this Google query for more reasons why this is probably a bad idea.

posted by GeeWhiz Saturday, November 20, 2004

tcpick is a textmode sniffer libpcap-based that can track, reassemble and reorder tcp streams. Tcpick is able to save the captured flows in different files or displays them in the terminal, and so it is useful to sniff files that are transmitted via ftp or http. It can display all the stream on the terminal, when the connection is closed in different display modes like hexdump, hexdump + ascii, only printable charachters, raw mode and so on. Available a color mode too, helpful to read and understand better the output of the program. Actually it can handle several interfaces, including ethernet cards and ppp. It is useful to keep track of what users of a network are doing, and is usable with textmode tools like grep, sed, awk.

posted by GeeWhiz Saturday, November 20, 2004

Some Good, Some Bad:

Network Security Market Continues Growth

The Anti-Fraud Alliance

AOL Focuses On Security

Air Force turns to Microsoft for network security

posted by arkng Saturday, November 20, 2004

11.19.2004

Effective Security Practice Guide for Higher Education by Eoghan Casey

posted by GeeWhiz Friday, November 19, 2004

11.18.2004

Firewalls and Internet Security: Repelling the Wily Hacker - First Edition by William R. Cheswick and Steven M. Bellovin

posted by GeeWhiz Thursday, November 18, 2004

MPAA Asks for Control of Internet2

posted by GeeWhiz Thursday, November 18, 2004

11.17.2004

Are You an AntiSpam Kook? Find Out!

DNS Blacklisting Internet Draft Published Yesterday

Server Index Query Protocol Draft

IBM Spam Research Papers:

Rigoutsos and T. Huynh, Chung-Kwei: a Pattern-discovery-based System for the Automatic Identification of Unsolicited E-mail Messages.

B. Leiba and N. Borenstein, A Multifaceted Approach to Spam Reduction.

R. Segal, J. Crawford, J. Kephart and B. Leiba, SpamGuru: An Enterprise Anti-Spam Filtering System.

From the Proceedings of the First Conference on Email and Anti-Spam, July, 2004. Coming this summer, Second CEAS

Open RBL Filtering Research

OpenRBL Prevention Research

posted by GeeWhiz Wednesday, November 17, 2004

11.16.2004

Dave Dittrich at Washington University Maintains an Excellent List of IA Resources

posted by GeeWhiz Tuesday, November 16, 2004

Local IA Job Opportunities

posted by GeeWhiz Tuesday, November 16, 2004

11.15.2004

Skype plugs hole in VoIP software

Interesting Blog at News.com regarding Homeland Security

posted by arkng Monday, November 15, 2004

E-Eye has been Sitting on a W2k 0day sicne August 2nd. There is still no patch.

posted by GeeWhiz Monday, November 15, 2004

11.12.2004

E-Mail Authentication Faces Hurdles

UN creates Internet governance working group

Microsoft probing reported flaws in Windows XP SP2

Novell sues Microsoft over WordPerfect

Is Your Domain Name Being Hijacked?

posted by arkng Friday, November 12, 2004

10 days into widespread exploitation of the unpatched, yes, unpatched Internet Explorer IFRAME vulnberability, and 4 days into the BOFRA Worm we are already into BOFRA.G

I hear that MyDoom.AH-mm is using IFRAME as well. Please stop using Interner Explorer.

posted by GeeWhiz Friday, November 12, 2004

Cisco Security Advisory: Crafted Timed Attack Evades Cisco Security Agent Protections

posted by GeeWhiz Friday, November 12, 2004

11.11.2004

Stopping hackers inside the network

Grisoft's Updated Free Version Of AVG Anti Virus

Trojan horse spies on Web banking

Police arrest phishing mob suspect

posted by arkng Thursday, November 11, 2004

Cisco Security Advisory: Crafted Timed Attack Evades Cisco Security Agent Protections

Cisco Security Agent (CSA) provides threat protection for server and desktop computing systems, also known as endpoints. It identifies and prevents malicious behavior, thereby eliminating known and unknown security risks.

A vulnerability exists in which a properly timed buffer overflow attack may evade the protections offered by CSA. The system under attack must contain an unpatched
underlying vulnerability in system software that CSA is configured to protect. Another prerequisite for the attack is that a user must be interactively logged in during the attack.

Two days, two vulnerabilities, Cisco.

posted by Brenda Thursday, November 11, 2004

Bofra worm sets trap for unwary - Internet Exploder IFRAME Worm in the Wild Posing as Webcam Pics - The worm sets up an embedded web server listening on a port between 1600/TCP and 1700/TCP. Infected PCs establish an IRC session on port 6667/TCP with a variety of public IRC servers, allowing hackers to control compromised machines - from Ronnie

posted by GeeWhiz Thursday, November 11, 2004

FBI: Hidden threat inside cybercrime

Viruses exploit Microsoft patch cycle

posted by arkng Thursday, November 11, 2004

11.10.2004

Linux kernel binfmt_elf loader vulnerabilities

posted by GeeWhiz Wednesday, November 10, 2004

Cisco Security Advisory: Cisco IOS DHCP Blocked Interface Denial-of-Service

Cisco IOS devices running branches of Cisco IOS version 12.2S that have Dynamic Host Configuration Protocol (DHCP) server or relay agent enabled, even if not configured, are vulnerable to a denial of service where the input queue becomes blocked when receiving specifically crafted DHCP packets.

This vulnerability was introduced by the fix for CSCdx46180, and was integrated in Cisco IOS 12.2(14)SZ and 12.2(18)S. This issue affects only Cisco devices running affected Cisco IOS versions 12.2(18)EW, 12.2(18)EWA, 12.2(14)SZ, 12.2(18)S, 12.2(18)SE, 12.2(18)SV, 12.2(18)SW and higher that do not have the configuration command no service dhcp.

The patch needs patching.

posted by Brenda Wednesday, November 10, 2004

DETER and EMIST Kick off Experimentation

posted by GeeWhiz Wednesday, November 10, 2004

Honeynet Scan of the Month 33 - A Malicious Binary Hardened Against Analysis "Found" On an XP System

posted by GeeWhiz Wednesday, November 10, 2004

Buffer Overflow in M$ ddeshare.exe

posted by GeeWhiz Wednesday, November 10, 2004

Smashing the stack for fun and profit

posted by Anonymous Wednesday, November 10, 2004

11.09.2004

Study: Information security field to grow steadily

posted by arkng Tuesday, November 09, 2004

Procera OptimIP Looks Interesting as a Bandwidth Management and Security Monitoring Platform. I wonder if it works?

posted by GeeWhiz Tuesday, November 09, 2004

Security group sets baseline standard for firewalls

posted by arkng Tuesday, November 09, 2004

States, artists urge top court to hear P2P case

Mozilla releases Firefox 1.0

posted by arkng Tuesday, November 09, 2004

Encase has a Computer Forensics Certification test available

http://www.guidancesoftware.com/corporate/press/2001/20011105.shtm

posted by Douglas Tuesday, November 09, 2004

Silencing Windows File Protection

posted by GeeWhiz Tuesday, November 09, 2004

11.08.2004

The Real THR34T KR3W: The Story of Hacker Connor Hansen (as told by Conner Hansen)

posted by GeeWhiz Monday, November 08, 2004

Cyber Attacks And Breaches On The Increase

posted by arkng Monday, November 08, 2004

Analysis of the Impact of Open Source Software - "There are about 60,000 viruses known for Windows, 40 or so for the Macintosh, about 5 for commercial Unix versions, and perhaps 40 for Linux. Most of the Windows viruses are not important, but many hundreds have caused widespread damage. Two or three of the Macintosh viruses were widespread enough to be of importance. None of the Unix or Linux viruses became widespread - most were confined to the laboratory."

posted by GeeWhiz Monday, November 08, 2004

European Institute for Computer Antivirus Research

posted by GeeWhiz Monday, November 08, 2004

The "Worm" Programs--Early Experience with a Distributed Computation (1982) - John Shoch and Jon Hupp - Xerox PARC

The Case for Benevolent Viruses (1991) - Fred Cohen - USC

posted by GeeWhiz Monday, November 08, 2004

Fred Cohen is Considered the "Father" of the Modern Computer Virus

posted by GeeWhiz Monday, November 08, 2004

11.07.2004

Computer Viruses - Theory and Experiments by Fred Cohen

posted by GeeWhiz Sunday, November 07, 2004

11.06.2004

SSH User Identities

posted by GeeWhiz Saturday, November 06, 2004

Bank accounts in online security scare

Ex-Austin student indicted for data theft

posted by arkng Saturday, November 06, 2004

WPA Cracker Added to tinyPEAP - Read the White Paper

posted by GeeWhiz Saturday, November 06, 2004

11.05.2004

Microsoft Set to Announce ISA Server (Firewall (Cough)) Flaw on Tuesday

posted by GeeWhiz Friday, November 05, 2004

Writing Trojans that Bypass Windows XP Service Pack 2 Firewall

posted by GeeWhiz Friday, November 05, 2004

North Carolina man sentenced to 9 years for spam

posted by arkng Friday, November 05, 2004

11.04.2004

Microsoft Loses Browser Market Share to Firefox

posted by GeeWhiz Thursday, November 04, 2004

Source Code Club Strikes Again - PIX OS 6.3.1 Source Code for Sale

posted by GeeWhiz Thursday, November 04, 2004

SING - Send Nasty ICMP Garbage - A Packet Crafting Tool from Tim

posted by GeeWhiz Thursday, November 04, 2004

Duhhh...

Microsoft: Security requires teamwork

posted by arkng Thursday, November 04, 2004

Internet Exploiter IFRAME Exploit

posted by GeeWhiz Thursday, November 04, 2004

11.02.2004

Is it too late to say vote EARLY and vote OFTEN?

posted by Brenda Tuesday, November 02, 2004

Microsoft debates spoofing as security flaw

posted by arkng Tuesday, November 02, 2004

Cisco Security Advisory: Vulnerability in Cisco Secure Access Control Server EAP-TLS Authentication

A Cisco Secure Access Control Server (ACS) that is configured to use Extensible Authentication Protocol-Transport Layer Security (EAP-TLS) to authenticate users to the network will allow access to any user that uses a cryptographically correct certificate as long as the user name is valid. Cryptographically correct means that the certificate is in the appropriate format and contains valid fields. The certificate can be expired, or come from an untrusted Certificate Authority (CA) and still be cryptographically correct.

User authentication is not impacted if EAP-TLS is configured in the Cisco Secure ACS with binary comparison of user certificates as the only comparison method and if the user entry in Lightweight Directory Access Protocol/Active Directory (LDAP/AD) contains only valid certificates.

Cisco Secure ACS for Unix and versions of Cisco Secure ACS for Windows and Cisco Secure ACS Solution Engine prior to, and later than, 3.3.1 are not affected by this vulnerability.

posted by Brenda Tuesday, November 02, 2004

Diebold Election System Video (WMV) or Quicktime

posted by GeeWhiz Tuesday, November 02, 2004

Crypto Basics - Netware 4 Client Authentication Process

posted by GeeWhiz Tuesday, November 02, 2004

11.01.2004

SANS Wednesday Webcast: How to Starve Internet Worms and Viruses Wednesday, November 03 at 1:00 PM EST (1800 UTC)

posted by GeeWhiz Monday, November 01, 2004

Second Order Code Injection Attacks White Paper from Gunter Ollmann at NGS Software

posted by GeeWhiz Monday, November 01, 2004

Honeynet Scan of the Month 32 Winners Announced

posted by GeeWhiz Monday, November 01, 2004

Tomahawk is a command line tool for testing network-based intrusion prevention systems. Here is a white paper on the techniques used by tomahawk.

posted by GeeWhiz Monday, November 01, 2004

Firewire/IEEE 1394 Considered Harmful to Physical Security

Google plugs hole exposing Gmail mail-boxes

posted by arkng Monday, November 01, 2004

E-Voting Flaws Could Give IT Black Eye

posted by GeeWhiz Monday, November 01, 2004

Hardened-PHP adds security hardening features to PHP to protect your servers on the one hand against a number of well known problems in hastily written PHP scripts and on the other hand against potential unknown vulnerabilities within the engine itself.

posted by GeeWhiz Monday, November 01, 2004

Linux Administrator's Security Guide

Firewall Piercing HOWTO

posted by GeeWhiz Monday, November 01, 2004

10.30.2004

Gmail "Wide Open" to the World

posted by GeeWhiz Saturday, October 30, 2004

Secret Service Operation Firewall nets 28 suspects allegedly involved in online fraud and conspiracy - Shadowcrew, Carderplanet, and Darkprofits

posted by GeeWhiz Saturday, October 30, 2004

10.29.2004

ATM card: Free
PIN number: Free
Deducting money from your account for that weekend gettaway (which you have already started): 5 seconds
BSOD without getting your cash: Priceless

Windows ATMs raise security concerns

ATMs in peril from computer worms?

posted by arkng Friday, October 29, 2004

10.28.2004

Ethereal

posted by GeeWhiz Thursday, October 28, 2004

Winhex

posted by GeeWhiz Thursday, October 28, 2004

Strings.exe

posted by GeeWhiz Thursday, October 28, 2004

Job Rumor: ALI is looking for CNE's locally

posted by GeeWhiz Thursday, October 28, 2004

10.27.2004

2004-10-26 ANOTHER SECURITY HOLE, fixed in PuTTY 0.56

From the release:

PuTTY 0.56, released today, fixes a serious security hole which can
allow a server to execute code of its choice on a PuTTY client
connecting to it. In SSH2, the attack can be performed before host key
verification, meaning that even if you trust the server you think you
are connecting to, a different machine could be impersonating it and
could launch the attack before you could tell the difference. We
recommend everybody upgrade to 0.56 as soon as possible.

That's two really bad holes in three months. I'd like to apologise to
all our users for the inconvenience.

posted by Brenda Wednesday, October 27, 2004

Customer Focus: Comparing Windows with Linux and UNIX

Steve Ballmer, from today's Microsoft Executive E-mail.

And yes, there is a section on security.

posted by Brenda Wednesday, October 27, 2004

Suse warns of hole in Linux kernel

posted by arkng Wednesday, October 27, 2004

10.26.2004

Hacking: the must-have business tool

posted by arkng Tuesday, October 26, 2004

10.25.2004

What two words should never appear together in print?

"Microsoft Security"

"Disabling SSID broadcasts on an access point is not considered a valid method for securing a wireless network. Microsoft does not reccomend this practice for any wireless network."

posted by GeeWhiz Monday, October 25, 2004

Entry Level Internship Opportunity: Tasks Include creation of a database of hardware / software, help desk assistance and some PC / laptop support. Contact me if interested.

posted by GeeWhiz Monday, October 25, 2004

2004 Salary Survey Snapshots

Just another reminder that I am below average...

posted by arkng Monday, October 25, 2004

10.24.2004

Beware 'Fedora-Redhat' Fake Security Alert

Red Hat warns of a bogus email about needing to update Fedora.

posted by arkng Sunday, October 24, 2004

Presidential Candidates Respond to CompTia on P2P and Cybersecurity Issues

posted by GeeWhiz Sunday, October 24, 2004

10.22.2004

http://www.milw0rm.com/ - Lots of sploits.

posted by Anonymous Friday, October 22, 2004

Windows Malformed WAV Header DoS

posted by GeeWhiz Friday, October 22, 2004

10.21.2004

"Hello, OnStar? My car just froze, the windows went blue, and they have a bunch of wierd letters and numbers on them! What do I do? "

"Reboot?!?! How do I reboot my car?"

...Car crazy: Microsoft in the driver's seat...

posted by arkng Thursday, October 21, 2004

Making a Faster Cryptanalytic Time-Memory Trade-Off by Philippe Oechslin

posted by GeeWhiz Thursday, October 21, 2004

10.20.2004

NIST 800-53 Recommended Security Controls for Federal Information Systems (Draft 2)

posted by GeeWhiz Wednesday, October 20, 2004

Microsoft Windows Metafile (.emf) Heap Overflow Exploit (MS04-032)

Microsoft IIS WebDAV XML Denial of Service Exploit (MS04-030)

Windows NNTP Service XPAT MS04-036

posted by Anonymous Wednesday, October 20, 2004

Big Day For Browser Vulnerabilities

I am posting the link to Slashdot as there are multiple links in the article.

posted by arkng Wednesday, October 20, 2004

Internet About to Collapse Says Finnish Scientist - I think we'll just break the Internet in our efforts to rectify the problems he mentions. Email is starting to break due to mail/spam/virus filtering. How many of us have experienced a silent mail failure thus far? How many of us even know it?

posted by GeeWhiz Wednesday, October 20, 2004

1.4 Million ID's may have been compromised in Univeristy of California Hack

posted by GeeWhiz Wednesday, October 20, 2004

Hacker Hits California University Computer

posted by arkng Wednesday, October 20, 2004

The Danger of Technical Sabotage from Doug J

posted by GeeWhiz Wednesday, October 20, 2004

10.19.2004

Metasploit Will Soon Have XP "Firewall" Bypasing Capabilities

posted by GeeWhiz Tuesday, October 19, 2004

10.18.2004

Coalition for Networked Information - CNI is an organization dedicated to supporting the transformative promise of networked information technology for the advancement of scholarly communication and the enrichment of intellectual productivity.

posted by GeeWhiz Monday, October 18, 2004

SANS Webcast Eliminate the SSL Blind Spot in IDS Thursday, October 21, 2004 at 1:00 PM EDT (1700 UTC)

posted by GeeWhiz Monday, October 18, 2004

Webcast Tomorrow Afternoon: "Are You the Weakest Link?" from the Multistate Information Sharing and Analysis Center featuring Allan Paller (SANS) and Patrick Gray (ISS X-Force).

posted by GeeWhiz Monday, October 18, 2004

Yet Another Microsoft JPEG Processing Vulnerability

posted by GeeWhiz Monday, October 18, 2004

10.17.2004

Free HP E-Learning Courses from Karen

posted by GeeWhiz Sunday, October 17, 2004

BlackBaerry DoS from CL

posted by GeeWhiz Sunday, October 17, 2004

10.16.2004

Microsoft Product Support Security Incident Response Team Member Robert Hensing Scribbles About Why You Shouldn't Be Using Passwords

posted by GeeWhiz Saturday, October 16, 2004

If you are not afraid to run IE for a few minutes, try this trick.

posted by GeeWhiz Saturday, October 16, 2004

10.15.2004

Cybernightmare from Forbes

posted by GeeWhiz Friday, October 15, 2004

Free CISSP Lecture from Karen

posted by GeeWhiz Friday, October 15, 2004

A Shellcoding Tutorial and Nessus / Nmap Cheat Sheet from Anomalous Coward

posted by GeeWhiz Friday, October 15, 2004

10.14.2004

"Copyright Does Not Exist" a Hacker Culture Book by Linus Walleij. Irony being lost on Linus, he states in the preface that "At the moment it is not permissible to mass-distribute the book in printed form without my prior permission." It is incredible that he wants to retain intellectual property rights even though he views them as "armed robbery".

posted by GeeWhiz Thursday, October 14, 2004

10.13.2004

Supreme Court Turns Down RIAA Appeal

posted by GeeWhiz Wednesday, October 13, 2004

Windows 2000 Warships - Threat to Humanity?

posted by GeeWhiz Wednesday, October 13, 2004

The Handbook for Information Security Management - Common Fallacies of the Computer Generation

Virus Bulletin - Independent AntiVirus Advice - Free Issue Available
Sent by cthulu

posted by GeeWhiz Wednesday, October 13, 2004

Virus Bulletin: Independent AntiVirus Advice from Tim

posted by GeeWhiz Wednesday, October 13, 2004

More Info on the Windows XP Winzip Stack Overflow Vulnerability (MS04-034) A zip archive containing a file with an 8000 character filename allows for a malicious zip to overwrite the exception handler and take control of EIP. Like the jpeg issue, this will likely be used for backdooring systems as opposed to creating the next big worm. The media gets excited about big noisy bugs. We should be more intimidated by bugs that tiptoe in the night.

posted by GeeWhiz Wednesday, October 13, 2004

10.12.2004

Colorado DMV Shut Down by Virus Infestation

posted by GeeWhiz Tuesday, October 12, 2004

CAIDA Analysis of the Slammer Worm

posted by Anonymous Tuesday, October 12, 2004

Milanese Engage in Virtual CyberActivism from Clyde

posted by GeeWhiz Tuesday, October 12, 2004

22 New flaws in M$ products (two articles to choose from):

Critical Flaws Found in Windows, Office

Microsoft warns of a score of security flaws

posted by arkng Tuesday, October 12, 2004

Hollywood Petitions Supreme Court to Overturn MGM V Grokster

posted by GeeWhiz Tuesday, October 12, 2004

Insecure Default Service DACL's in Windows 2003

posted by GeeWhiz Tuesday, October 12, 2004

9 Updates / 6 Critical / in Microsoft's October Security Bulletin

posted by GeeWhiz Tuesday, October 12, 2004

Squid Proxy Cache DOS - Flaw in ASN.1 Interpreter

posted by GeeWhiz Tuesday, October 12, 2004

10.11.2004

VirusTotal Offers a Free Malicious File Scanning Service

posted by GeeWhiz Monday, October 11, 2004

How to build detailed Network Usage Reports using RRDTool, flow-tools, FlowScan, and CUFlow from Ronnie

posted by GeeWhiz Monday, October 11, 2004

Malformed Word Doc Overflow Vlnerability

posted by GeeWhiz Monday, October 11, 2004

Details on the M$ ASP.NET Authentication Bypass Issue - More Issues Parsing "\" and "%5c". Here is a nifty summary of URL Obfuscation Techniques Used in Directory Transversal, Phishing and Auth Bypass Attacks.

posted by GeeWhiz Monday, October 11, 2004

20 Critical Flaws (Most Are Remotely Exploitable Buffer Overflows) in IBM DB2

posted by GeeWhiz Monday, October 11, 2004

DIY Phishing Kits Being Distibuted link from Ronnie. The AntiPhishing Working Group provides data reports on attack trends.

posted by GeeWhiz Monday, October 11, 2004

10.09.2004

E-LAW 4: Computer Information Systems Law and System Operator Liability

posted by GeeWhiz Saturday, October 09, 2004

Nine Questions to Ask When Evaluating a Vulnerability

posted by GeeWhiz Saturday, October 09, 2004

10.08.2004

Hint for 260 Midterm: Password Authentication Article

posted by GeeWhiz Friday, October 08, 2004

Talk to the Portscanners: Nmap-IM Bot

posted by GeeWhiz Friday, October 08, 2004

10.07.2004

Interested in Digital Rights, Laws and Rulings? Read the EFF's Monthly Newsletter

posted by GeeWhiz Thursday, October 07, 2004

Nessus Articles from SecurityFocus Part I, Part II and Part III

posted by GeeWhiz Thursday, October 07, 2004

10.06.2004

Diebold Loses Key Case to Swarthmore Students from Cthulu

posted by GeeWhiz Wednesday, October 06, 2004

Reported Vulnerability in Microsoft ASP.NET
Microsoft is currently investigating a reported vulnerability in Microsoft ASP.NET. An attacker can send specially crafted requests to the server and view secured content without providing the proper credentials.

This issue affects Web content owners who are running any version of ASP.NET on
Microsoft Windows 2000
Windows 2000 Server
Windows XP Professional
Windows Server 2003

posted by Brenda Wednesday, October 06, 2004

Spyware Bill Passes House

posted by arkng Wednesday, October 06, 2004

10.05.2004

Black Viper's OS Configuration Guides

posted by GeeWhiz Tuesday, October 05, 2004

NCSA Has Declared October "National Cybersecurity Awareness Month"

posted by GeeWhiz Tuesday, October 05, 2004

AT&T Tests Linux to Replace Microsoft's Windows on 70,000 PCs

posted by GeeWhiz Tuesday, October 05, 2004

University of Washington is Starting an NSF Funded Computer Forensics Program

posted by GeeWhiz Tuesday, October 05, 2004

Like Adding Wings to the Tiger: Chinese Information War Theory and Practice

posted by GeeWhiz Tuesday, October 05, 2004

Wardriving is being noticed. Expect to see more poorly written tech laws. PS: I didn't know Matthew Broderick introduced the term wardialing... ; - <

posted by GeeWhiz Tuesday, October 05, 2004

10.04.2004

Windows Malware Count: 4500 in the first six months of 2004

posted by GeeWhiz Monday, October 04, 2004

Genome Model Applied to Reverse Engineering Software

posted by GeeWhiz Monday, October 04, 2004

Defeating the Stack Based Buffer Overflow Prevention Mechanism of Microsoft Windows 2003 Server by David Litchfield. The Metasploit Framework Now Has a 2003 Server DCOM Exploit that Uses These Techniques

posted by GeeWhiz Monday, October 04, 2004

10.03.2004

Stanford University Has a Free Online EE Colloquium (Seminar Series) On Oct 6, 2004 Bruce Lindsay (a father of RDBMS) Presents "Peer-to-Peer Database Replication: Convergence Despite Conflicts"

posted by GeeWhiz Sunday, October 03, 2004

10.02.2004

The Mozilla Foundation releases an important security update for Firefox

posted by Lance Saturday, October 02, 2004

Pads is a signature based detection engine used to passively detect network assets. It is designed to complement IDS technology by providing context to IDS alerts.

posted by GeeWhiz Saturday, October 02, 2004

10.01.2004

More on Departure of Cybersecurity Czar Amit Yoran

posted by GeeWhiz Friday, October 01, 2004

realPlayer Heap Overflow ==> Critical Update (Tools > Check for Update)
Reported by eEye on bugtraq

posted by Brenda Friday, October 01, 2004

ContentCentral Technical Papers from Keith

posted by GeeWhiz Friday, October 01, 2004

CyberSecurity Czar Yoran Resigns from DHS Citing Disappointment in Organizational Cybersecurity Awareness

posted by GeeWhiz Friday, October 01, 2004

A Bit of History on Computer Viruses mentions John Brunner's Shockwave Rider and other works of science fiction that preceded the creation of the first wild viruses. The earliest instance of virus writing of which I am aware involved the legendary Robert Morris Sr, Doug McIlroy and Victor Vyssotsky. In 1961 they laid down the ground rules for their game Darwin. Here you can learn a bit about it in this letter to Aleph-Null (no relation I assume to Aleph-One).

posted by GeeWhiz Friday, October 01, 2004

9.30.2004

Warspammer Found Guilty Under CAN-SPAM

posted by GeeWhiz Thursday, September 30, 2004

INDUCE Act Vote Delayed Until Next Week Due to Lawmaker Reports of Stiff Consumer Oppostion Orrin Hatch, Chair of the Judiciary Committee stated in response that "If I have to, I will lock all of the key parties in a room until they come out with an acceptable bill."

posted by GeeWhiz Thursday, September 30, 2004

Cracking HOWTO by Mixter

posted by GeeWhiz Thursday, September 30, 2004

"Improving the Security of Your Site by Breaking Into It" by Dan Farmer and Wietse Venema

posted by GeeWhiz Thursday, September 30, 2004

UnicornScan was released at ToorCon last weekend. It is a distributed TCP/IP stack aimed at protocol level security research. Features include:
# Asynchronous stateless TCP scanning with all variations of TCP Flags.
# Asynchronous stateless TCP banner grabbing
# Asynchronous protocol specific UDP Scanning (sending enough of a signature to elicit a response).
# Active and Passive remote OS, application, and component identification by analyzing responses

posted by GeeWhiz Thursday, September 30, 2004

Quantum Cryptography: Privacy through Uncertainty

NEC Recently Attained a Quantum Crypto Speed Record

posted by GeeWhiz Thursday, September 30, 2004

9.29.2004

Who has Mid Level M$ Windows/Exchange Admin Skills and needs a job with a local firm? Let me know if you are interested.

posted by GeeWhiz Wednesday, September 29, 2004

Absentee Voting Via Email

posted by GeeWhiz Wednesday, September 29, 2004

New Helix ISO Released

posted by GeeWhiz Wednesday, September 29, 2004

9.28.2004

Help Stop the INDUCE Act

In 1984 the Supreme Court ruled in Sony V Universal that we have a “Fair Use” right to own home recording equipment like VCR’s, Cassette Recorders and CD-R’s. The INDUCE Act would, if passed, act to overturn the Supreme Court and discourage innovation in the development of multimedia hardware and software.

INDUCE undermines innovation, market economics and consumer rights.

The Association of Research Librarians Opposes INDUCE

The Institute for Electrical and Electronic Engineers Opposes INDUCE

The Consumers Union Opposes INDUCE

The Consumer Electronics Association Opposes INDUCE

We Should Oppose INDUCE.

Please Call Your Senators in Opposition Wednesday, September 29th between the hours of 9am and 5 pm EDT. In Virginia this is Senator George Allen (202-224-4024) and Senator John Warner (202-224-2023).

Read about the US businesses that will be undermined by INDUCE

posted by Anonymous Tuesday, September 28, 2004

Phishing IQ Test

posted by GeeWhiz Tuesday, September 28, 2004

Passive Information Gathering by Gunter Ollman

posted by GeeWhiz Tuesday, September 28, 2004

Port80Software: ServerMask Allows IIS Server Header Modification. They also have a web application for pulling server headers through their site.

posted by GeeWhiz Tuesday, September 28, 2004

NSA Information Assurance Directorate - Sponsored Events - Red/Blue Team Symposium

posted by GeeWhiz Tuesday, September 28, 2004

Japanese School Children Tracked with RFIDs

posted by GeeWhiz Tuesday, September 28, 2004

9.27.2004

Information Leakage from Optical Emanations

posted by GeeWhiz Monday, September 27, 2004

New Rose Attack

posted by GeeWhiz Monday, September 27, 2004

JPEG Virus Reported In the Wild

posted by GeeWhiz Monday, September 27, 2004

The GDIscan Tool from SANS Will Scan a system for DLL's (gdiplus.dll, sxs.dll, wsxs.dll, mso.dll) Vulnerable to the JPEG Overflow. Many applications may install their own instance so it is highly recommended systems be scanned.

posted by GeeWhiz Monday, September 27, 2004

The Case for "Ethical" Hacking by Brandt and Vines

posted by GeeWhiz Monday, September 27, 2004

Beetle's Wireless Weapons of Mass Destruction for Windows from ToorCon

BTW: You Only Have Until September 30th to get the $99 Rate for ShmooCon Registration

posted by GeeWhiz Monday, September 27, 2004

iPods Increasingly Banned from Secure Facilities

posted by GeeWhiz Monday, September 27, 2004

Symantec Firewall Hard Coded SNMP Write Community String = "public" and other great news. It's been a bad week to be a user of Symantec "firewall" products.

posted by GeeWhiz Monday, September 27, 2004

Windows XP SP2 Firewall Bypass Vulnerability

posted by GeeWhiz Monday, September 27, 2004

9.26.2004

Microsoft May Run Afoul of the Law in Cloning Radio Stations

posted by GeeWhiz Sunday, September 26, 2004

40 Tech Firms Ask for Hearing on Induce Act

posted by GeeWhiz Sunday, September 26, 2004

Activists Find More Diebold E-Voting Server Flaws

posted by GeeWhiz Sunday, September 26, 2004

Ken Thompson: Reflections on Trusting Trust

posted by GeeWhiz Sunday, September 26, 2004

"JPEG of Death" Reverse Shell Exploit

posted by GeeWhiz Sunday, September 26, 2004

9.25.2004

Talk about legal extortion..... I can see it now: "So what if Win2k has a hole in it? We're not going to fix it, you need to upgrade XP". Yup, it's the big kid demanding your lunch money for 'protection'. Hmm, 'upgrade' the wife's PC with Mr. Gates latest version of the beast of bugs, or buy that 250GB SATA drive I saw today? Let me put my Win2k CD back under my drink so my wife doesn't kill me for staining the table, and get back to 'upgrading' her machine from Win2k to kernel 2.6.5.......

'The box said 'Requires Windows 98 or better' so I installed Linux'

posted by Anonymous Saturday, September 25, 2004

News from The Register:

JPEG exploit toolkit found online....

New proof of age USB token from Verisign. Yeah, Survey says the new form of fake ID on the block will be.... Here's the official link to i-SAFE

Here's a nice one on identity theft. It's nothing new, but a nice way to prove a point to the naysayers hovering around the coffee pot.

posted by Anonymous Saturday, September 25, 2004

Study: Security measures often overlook human factor

posted by arkng Saturday, September 25, 2004

9.24.2004

History of Phreaking: the Youth International Party Line AKA TAP Started in 1971

posted by GeeWhiz Friday, September 24, 2004

9.23.2004

Defense in Depth from the NSA

posted by GeeWhiz Thursday, September 23, 2004

More on VXix Gigabyte from Billy

posted by GeeWhiz Thursday, September 23, 2004

Timeline.Textfiles.com complements a BBS documentary that is currently in preproduction. First binary coding system? 1874. First case of telco switch hijacking? 1891. First modem? 1962. First BBS? 1978.

posted by GeeWhiz Thursday, September 23, 2004

JPG Overflow PoC #3 - Local Shell Spawn

JPG Overflow PoC #4 - Add an Administrator

posted by GeeWhiz Thursday, September 23, 2004

9.22.2004

ChoicePoint AutotrackXP Allows You to "Search Billions of Records from Your Computer." "Whether you're investigating fraud, conducting criminal and civil investigations, locating witnesses, finding missing children or locating and verifying assets, AutoTrackXP can deliver comprehensive information right to your desktop."

posted by GeeWhiz Wednesday, September 22, 2004

Ben Fry at MIT Has Some Neat Ideas for Data Visualization from Dan

posted by GeeWhiz Wednesday, September 22, 2004

Symantec Enterprise Firewall UDP DoS Vulnerability

posted by GeeWhiz Wednesday, September 22, 2004

The Phishing Guide: Understanding & Preventing Phishing Attacks from NGSSoftware

posted by GeeWhiz Wednesday, September 22, 2004

Attrition's Security Charlatans List

posted by GeeWhiz Wednesday, September 22, 2004

Hackers step up e-commerce attacks

Hack Attack Gums Up Authorize.Net

Ireland blocks calls to 13 countries to thwart Net scam

posted by arkng Wednesday, September 22, 2004

EPIC Maintains a Solid Collection of Privacy (Encryption) Tools

posted by GeeWhiz Wednesday, September 22, 2004

Arrest in Cisco Source Code Theft

posted by GeeWhiz Wednesday, September 22, 2004

The Complete History of the Internet. Maybe not the complete history but a valid attempt. A complete Internet & hacker history will never be obtainable since so much of the history is fragmented, unfounded and unreported.

posted by Anonymous Wednesday, September 22, 2004

References from Andy:
DOJ list of cyber crime cases

If you do not feel sorry for computer criminals read this one.

Emmanuel Goldstein, the editor-in-chief of 2600, defines hackers as someone
seeking knowledge (asking questions) and what's illegal about that?

Not only was this Virginia Beach resident stupid, but what about his
customers?

Disgruntled employee of the month.

posted by GeeWhiz Wednesday, September 22, 2004

K-Otik Proof of Concept Code for M$ JPG Issue

posted by GeeWhiz Wednesday, September 22, 2004

For those of you that need and/or want a laugh, check out this handy bike lock up for auction on ebay:

Master U-shaped Kryptonite style lock w/ two keys

Make sure you read the description and Q & A at the bottom...

posted by arkng Wednesday, September 22, 2004

9.21.2004

Who is Kevin Poulsen Anyway?

More Bios

posted by GeeWhiz Tuesday, September 21, 2004

AOL Offers RSA Key Fob OTP Authentication

posted by GeeWhiz Tuesday, September 21, 2004

Russian Hackers Accuse FBI of Hacking and a Background Bio on Vasiliy Gorschkov from Ronnie

posted by GeeWhiz Tuesday, September 21, 2004

AOL, RSA, VeriSign push authentication services

posted by arkng Tuesday, September 21, 2004

9.20.2004

TLC: Hacker Bios from Eric

posted by GeeWhiz Monday, September 20, 2004

Symantec Releases Newest Internet Security Threat Report

posted by arkng Monday, September 20, 2004

F-Secure reports that the Sasser Author Has Been Hired by Secure Point. Here's more from the Register.

posted by GeeWhiz Monday, September 20, 2004

The Definitive Guide to Security Management - Sign up for this free e-book from Computer Associates (link from Keith)

posted by GeeWhiz Monday, September 20, 2004

Michael Zalewski has released Fakebust, a tool aimed at automated binary analysis. If anyone tries this out, let me know how it goes.

posted by GeeWhiz Monday, September 20, 2004

Paper: Social Engineering of Internet Fraud by Jonothan Rusch, US DoJ

SecurityFocus: Social Engineering Fundamentals, Part I: Hacker Tactics and Part II Combat Strategies

posted by GeeWhiz Monday, September 20, 2004

Unsafe at Any Speed (bps) from Clyde

posted by GeeWhiz Monday, September 20, 2004

9.18.2004

Steve Bellovin Presentation - Realistic Security I like the pictures of the "firewalls".

posted by GeeWhiz Saturday, September 18, 2004

9.17.2004

Achilles from Brian (two posts down)
Brian: Google is your friend

posted by Brenda Friday, September 17, 2004

FTC Report Outlines, among other things, the Good and the Bad of Offering Rewards for Turning in Spammers

posted by GeeWhiz Friday, September 17, 2004

State Of The Union: Opposing the Patriot Act from Clyde

posted by GeeWhiz Friday, September 17, 2004

Symantec to Acquire @Stake: Dave Aitel of ImmunitySec comments: "...Symantec bought @stake. NAI bought Foundstone, INS bought Global Integrity. Microsoft bought LSD. The era of consolodation is upon us."

posted by GeeWhiz Friday, September 17, 2004

9.16.2004

SC Magazine: Free Subscriptions

posted by GeeWhiz Thursday, September 16, 2004

A Common Language for Computer Security Incidents by John D. Howard, Thomas A. Longstaff

posted by GeeWhiz Thursday, September 16, 2004

The Google Hacker's Guide v1.0 from Johnny.ihackstuff.com Coming soon: Google Hacking for Penetration Testers

posted by GeeWhiz Thursday, September 16, 2004

Banner Grabbers: Mothra, Amap and Superscan

posted by GeeWhiz Thursday, September 16, 2004

IBM Workstations and Laptops Running XP Have No Password By Default on the Administrator Account and Does Not Prompt the User to Change or Set One as M$ Policy Dictates for OEM's

In Similar News, IBM Plans to Store Password and Other Autheticators in a Trusted Hardware Chip. Where will the passwords that do not exist by default be stored? ; - P

posted by GeeWhiz Thursday, September 16, 2004

Multiple Vulnerabilities in All Mozilla Versions (Ouch)

posted by GeeWhiz Thursday, September 16, 2004

Worm (SDBOT-UH) Carries Sniffer Payload - from Lance

posted by GeeWhiz Thursday, September 16, 2004

9.15.2004

MS04-028 PoC

posted by GeeWhiz Wednesday, September 15, 2004

Here is an article on NFC (Near Field Communications), soon to be included in cell phones. It touts low power and high security. I'm thinking we will see another blue rifle....

posted by arkng Wednesday, September 15, 2004

META Group: Most customer password implementations and policies are ineffective. Like we didn't know that...

posted by arkng Wednesday, September 15, 2004

So, where is the hacking capital of the world? China, Russia, US? Nope! Click here to find out...

posted by arkng Wednesday, September 15, 2004

Maryland court rejects e-voting safeguards

posted by GeeWhiz Wednesday, September 15, 2004

Lexar JumpDrive Secure(tm) Password Extraction advisory.
posted by arkng Wednesday, September 15, 2004

9.14.2004

Information on the JPEG Vulnerability in Windows
A JPEG file comment is indicated by a 0xFFFE Value followed by two bytes specifying the length of the comment (max comment size is therefore 65535-2). A Minimum Length of Two is specified in this position. When a value of 0 or 1 is specified a signedness error occurs. The comment length is interpreted as 4GB(-1 or -2) and heap corruption results since all memory (on an IA32 system) is technically allocated. Ouch.

posted by GeeWhiz Tuesday, September 14, 2004

Alpha 2: Zero Tolerance is a Shellcode to ASCII Alphanumeric Converter

posted by GeeWhiz Tuesday, September 14, 2004

Metasploit Framework Article Part III from SecurityFocus

posted by GeeWhiz Tuesday, September 14, 2004

Microsoft Security Bulletin MS04-028
Buffer Overrun in JPEG Processing (GDI+) Allows for Arbitrary Remote Code Execution. All that this requires is that you get a remote user to load a JPG. This is Classified as "Critical".

Microsoft Security Bulletin MS04-027
Vulnerability in WordPerfect Converter Could Allow Code Execution (884933)

posted by GeeWhiz Tuesday, September 14, 2004

Telenor shuts down 10,000 PC Botnet

Justice Department Plans to Expand Computer Hacking and Intellectual Piracy (CHIPs) Units from 5 to 13

posted by GeeWhiz Tuesday, September 14, 2004

Caller ID spoofing service for sale

posted by Brenda Tuesday, September 14, 2004

9.13.2004

I heard recently that two major WIndows flaws will be announced tomorrow.

posted by GeeWhiz Monday, September 13, 2004

Samba smbd ASN.1 Parsing DoS and nmbd DoS. Most ASN.1 Interpreters have severe exploitable flaws due to the complexity of the protocol. Any protocol that allows data to define it's own structure must be constructed (program specifications, error handling) and tested with misuse in mind (fuzzing).

posted by GeeWhiz Monday, September 13, 2004

200 Hours Community Service for Hacking a DoE Facility. This is clearly not the example we would like to be setting. Another article. Links from Jim.

posted by GeeWhiz Monday, September 13, 2004

Located a site with roughly 55MB of dictionary wordlists. 3y3 W1LL 0wn j00 Webster!

posted by Anonymous Monday, September 13, 2004

9.12.2004

Collective Wisdom by Brian Hayes

posted by GeeWhiz Sunday, September 12, 2004

Infowar
Asymmetrical Adversarialism in National Defense Policy, The Marketplace and Personal Privacy by Winn Schwartau

Information Warfare by Winn Schwartau

posted by GeeWhiz Sunday, September 12, 2004

9.11.2004

Updated Metasploit Article from SecurityFocus

posted by GeeWhiz Saturday, September 11, 2004

Unrestricted Warfare by Qiao Liang and Wang Xiangsui - This text by two former colonels in China's airforce caused an international furor when it was published due to it's frank discussion of INFOWAR tactics.

posted by GeeWhiz Saturday, September 11, 2004

CAUGHQ Cdrecord-suid Shell Exploit

posted by GeeWhiz Saturday, September 11, 2004

9.10.2004

Go download the WHoppiX ISO (FTP or HTTP), and mirror it!

From the site:

WhoppiX is the ultimate pen testing live CD - Kicks the living daylights out of all those "other" security distros, that were made for weaklings.

Here is a list of WHoppiX's features:

*all* sploits from Securityfocus and Packetstorm
latest sploits from k-otik
updated version of Metasploit framework 2.2
and much much more
best of all , there is no configuring, and it all fits on one CD , so you can take it anywhere

There's also updated facilities for wireless pen testing. Greets to muts for the distro and to illWill for setting up the domain.

posted by Anonymous Friday, September 10, 2004

Microsoft Calls On Hackers to Attack XP SP2 from Lance

posted by GeeWhiz Friday, September 10, 2004

Microsoft Calls On Hackers to Attack XP SP2

posted by GeeWhiz Friday, September 10, 2004

9.09.2004

One Editor's Take on Windows XP SP2

posted by Anonymous Thursday, September 09, 2004

Security - Hacking Methodology

Strategic Information Warfare: A New Face of War [summary in html]
Roger C. Molander, Andrew S. Riddile, Peter A. Wilson. Copyright © 1996 RAND

Dr Ivan Goldberg's Institute for the Advanced Study of Information Warfare

Federation of American Scientists: Information Warfare Resources

posted by GeeWhiz Thursday, September 09, 2004

RHEL 3 Update 3 Includes Non-Executable (NX) Pages Support. Here Are the Update Notes from Red Hat. Apparently RHEL 3 has supported NX on AMD64 processors for a year but this update introduces support for Itantium's NX implementation

posted by GeeWhiz Thursday, September 09, 2004

WarSpammer Cops a Plea

posted by GeeWhiz Thursday, September 09, 2004

A Night in the Life of ISC Handler Johannes Ullrich

posted by GeeWhiz Thursday, September 09, 2004

Iwar.co.uk - Security Awareness Toolbox

posted by GeeWhiz Thursday, September 09, 2004

Digital Investigation: The International Journal of Digital Forensics and Incident Response.

posted by GeeWhiz Thursday, September 09, 2004

Mitnick movie comes to the US

posted by arkng Thursday, September 09, 2004

9.08.2004

Vote online? http://www.eff.org/e-vote/

posted by Anonymous Wednesday, September 08, 2004

9.07.2004

Linux Live is a set of bash scripts for creating a Live Bootable CD from any Linux Installation

posted by GeeWhiz Tuesday, September 07, 2004

9.06.2004

Interesting article from the UK:

Investors fret about IT security

posted by arkng Monday, September 06, 2004

9.04.2004

WinXP SP2 = security placebo? Apparently M$ spent $300 MIllion Dollars to develop a bandaid.

posted by GeeWhiz Saturday, September 04, 2004

Exploitation Engines from SecurityWizardry

posted by GeeWhiz Saturday, September 04, 2004

w00w00 on heap overflows. What is a woowoo anyway?

posted by GeeWhiz Saturday, September 04, 2004

Net-Twister bills itself as an automated pen-testing tool.

Warning: some "open source" security tools have back doors.

posted by GeeWhiz Saturday, September 04, 2004

9.03.2004

Breaking into voicemail systems is a ‘trivial task’

posted by arkng Friday, September 03, 2004

ICAT

If nothing else, it's a nice little research tool.

posted by Anonymous Friday, September 03, 2004

Host-based intrusion prevention free for your home:

Prevx releases free intrusion prevention software

Available at Prevx.com

posted by arkng Friday, September 03, 2004

Cyberterrorism OR hoax?

posted by GeeWhiz Friday, September 03, 2004

SSH and CVS Possibly Prone Port Bouncing Attack

posted by GeeWhiz Friday, September 03, 2004

AIM Away Message Buffer Overflow Exploit by John Bissell A.K.A. HighT1mes (first to reserve this for the project gets it)

posted by GeeWhiz Friday, September 03, 2004

More Oracle Issues! Where is your ERP application going today?

posted by GeeWhiz Friday, September 03, 2004

9.02.2004

NmapWin3.70

posted by Anonymous Thursday, September 02, 2004

CompleteWhois

posted by Anonymous Thursday, September 02, 2004

Protocom Announces Availability Of SecureLogin Advanced Authentication 1.9

For MS Networks, this software allows companies to incorporate the latest hardware into Active Directory to create a Multifactor Authentication environment.

posted by arkng Thursday, September 02, 2004

Wi-Fi group backs brawnier security standard

posted by arkng Thursday, September 02, 2004

ShmooCon Announcement and Call for Papers

Watch the Commercials! They're going to be the subject of a contest at ToorCon on September 23rd. The event is February 4th-6th at the Wardman Park Marriot in Washington, DC. Registration will open very soon and registering ASAP is highly advised.

Call for papers. Preliminary papers will be reviewed on Septembet 15th but the CFP is open until late fall. Somebody really should try. 757.org is already listed!

Topics for the “Break It!” track may include, but are not limited to, EXPLOITATION of:
· Consumer electronic devices
· Application, host, and network security
· Telephony
· Physical security

Topics for the “Build It!” track may include, but are not limited to, inventive software & hardware
SOLUTIONS in:
· Robotics
· Distributed computing
· Community wireless networking
· Mobile personal computing

Topics for the “BoF It!” track may include, but are not limited to, open DISCUSSION of the following:
· Privacy and anonymity
· Exploit and vulnerability disclosure / databases
· DRM (Digital Rights Management), fair use, copyright infringement
· Open source software world domination strategies

This is going to be awesome.

posted by GeeWhiz Thursday, September 02, 2004

A decent PowerPoint presentation on directory transversal attacks.
Another (more detailed) PPT on directory transversal (Dot Dot) attacks on an IIS box

posted by Anonymous Thursday, September 02, 2004

44 New Buffer Overflow Conditions in Oracle Database Server!
Oracle's announcement is very short but to the point: "exposure risk is high." If you think that proprietary software is any more secure than open source, I have an enterprise application that I'd like to sell to you.

posted by GeeWhiz Thursday, September 02, 2004

Honeynet Project: Scan of the Month (32)

This month challenge purpose is to reverse engineer a malware specimen, called "RaDa", and its main goal is learning from the community the methods, tools and procedures used to do it. Submissions should be sent no later than Friday, 1 October, 2004. The three best answers will win an author-signed copy of the book, "Malware: Fighting Malicious Code" by Ed Skoudis. This months challenge image and questions are managed by Jorge Ortiz, David Perez, and Raul Siles, all from HP Spain.

posted by GeeWhiz Thursday, September 02, 2004

Shellcoding for Linux and Windows Tutorial by Steve Hanna

Writing Windows Shellcode by Skape at NoLogin.org

posted by GeeWhiz Thursday, September 02, 2004

9.01.2004

Multiple Vulnerabilities in Oracle Products
Several vulnerabilities exist in the Oracle Database Server, Application Server, and Enterprise Manager software. Oracle's Collaboration Suite and E-Business Suite 11i contain the vulnerable software and are affected as well.

posted by Brenda Wednesday, September 01, 2004

Publication of Personal Information Probed

The Secret Service is investigating the publication of personal information about GOP convention delegates on a Web site, prompting complaints from the American Civil Liberties Union that the government is infringing upon the free-speech rights of political dissidents.

Federal authorities have subpoenaed Calyx Internet Access seeking to learn the Internet address of the person who posted a spreadsheet on Aug. 18 containing the names of about 1,600 delegates, along with their home addresses, phone numbers and e-mail addresses and the hotels at which they are staying in New York City.

Consultants Deliver Politics To Voters' Inboxes, at a Price

Millions of Americans who are already trying to fight off unwanted electronic mail from direct marketers are about to get deluged by another source: politicians and lobbying groups.

For the first time, a nationwide list of registered voters has been cross-referenced with multiple lists of e-mail addresses collected from magazine subscribers, catalogue shoppers, online poll participants and the like. The result is that legislators, candidates for office and interest groups can buy more than 25 million e-mail addresses of registered voters and contact them at will.

Sounds like information leaking to me.

WinZip 9.0 SR-1 Now Available

WinZip 9.0 SR-1 is a maintenance release of WinZip 9.0 containing important security-related fixes (including a privately reported buffer overflow) and improvements to WinZip.

posted by Brenda Wednesday, September 01, 2004

Doug sent in a link to Steve Gibson's Paper on Being DDos'ed By a 13 Year Old

posted by GeeWhiz Wednesday, September 01, 2004

NetSolve Outlines New Approach To Cyber Security

posted by arkng Wednesday, September 01, 2004

Phishers successfully get a DNS transfer for Ebay Germany.

posted by Anonymous Wednesday, September 01, 2004

Due to MD5 weaknesses, Bruce Schneier is Calling for NIST to Create New Hash Standards

Hash Collision Q&A: Cryptography Research has received many inquiries about the hash collision attacks that were recently announced at the CRYPTO 2004 conference. This document attempts to address these questions.

posted by GeeWhiz Wednesday, September 01, 2004

Maybe Outsourcing Isn't Such a Good Idea?

posted by GeeWhiz Wednesday, September 01, 2004

Richard Clarke Offers 10 Recommendations to Secure Systems

posted by GeeWhiz Wednesday, September 01, 2004

Tests Reveal e-Passport Flaws

posted by GeeWhiz Wednesday, September 01, 2004

FBI busts alleged DDoS Mafia as part of Operation Web Snare

posted by GeeWhiz Wednesday, September 01, 2004

Three seperate articles:

Kerberos critical hole allows system access
Report casts doubt on IRS hacking-detection system
Sophos reveals top ten Viruses and Hoaxes

posted by arkng Wednesday, September 01, 2004

An example of posting too much info in a blog:

Friendster Fires Developer for Blog

posted by arkng Wednesday, September 01, 2004

White Paper: A Model for when Disclosure Helps Security: What Is Different About Computer and Network Security? by Peter P. Swire

posted by GeeWhiz Wednesday, September 01, 2004

8.31.2004

Star38 is Planning to Offer Caller ID Spoofing as a Service Starting Next Week

posted by GeeWhiz Tuesday, August 31, 2004

Is it cynical to be circumspect about the Direct Marketing Association (paper SPAMmers) and the Business Software Alliance (Microsoft Front) Funding Federal Law Enforcement Operations Like Operation Web Snare?

posted by GeeWhiz Tuesday, August 31, 2004

SANS First Wednesday Webcast - Trends in Malware Evolution from Ed Skoudis
Wednesday, September 1, 2004, at 1:00 PM EDT (1700 UTC)

posted by GeeWhiz Tuesday, August 31, 2004

The case of Randall Schwartz

posted by Anonymous Tuesday, August 31, 2004

Fingerprinting Port 80 Attacks, Part 1
Fingerprinting Port 80 Attacks, Part 2

posted by Anonymous Tuesday, August 31, 2004

8.29.2004

Comprehensive Information Assurance Dictionary 3rd Draft (PDF Document)

posted by GeeWhiz Sunday, August 29, 2004

RFC 2828: Internet Security Glossary

posted by GeeWhiz Sunday, August 29, 2004

8.28.2004

Cisco Security Advisory: Cisco Telnet Denial of Service Vulnerability

posted by GeeWhiz Saturday, August 28, 2004

M$ Announces 2006 Target Date for Broad Availability Of Windows "Longhorn" Client Operating System

Microsoft Corp. announced yesterday it will target broad availability of the Windows® client operating system code-named "Longhorn" in 2006, and make key elements of the Windows WinFXTM developer platform in "Longhorn" available for Windows XP and Windows ServerTM 2003.

"Longhorn" will deliver major improvements in user productivity, important new capabilities for software developers, and significant advancements in security, deployment and reliability.

M$ will deliver a Windows storage subsystem, code-named "WinFS," after the "Longhorn" release. The new storage system provides advanced data organization and management capabilities and will be in beta testing when the "Longhorn" client becomes available.

Yesterday’s announcements relate only to the "Longhorn" client operating system. Anticipated availability for the Windows "Longhorn" Server operating system continues to be 2007.

Oh goodie, another unfinished operating system rushed to market. I can't wait.

posted by Brenda Saturday, August 28, 2004

8.27.2004

Cisco Security Advisory: Cisco Telnet Denial of Service Vulnerability

A specifically crafted Transmission Control Protocol (TCP) connection to a telnet or reverse telnet port of a Cisco device running Internetwork Operating System (IOS) may block further telnet, reverse telnet, Remote Shell (RSH), Secure Shell (SSH), and in some cases Hypertext Transport Protocol (HTTP) access to the Cisco device. Telnet, reverse telnet, RSH and SSH sessions established prior to exploitation are not affected.

posted by Brenda Friday, August 27, 2004

Raw Sockets Gone in XP SP2: Why?

posted by GeeWhiz Friday, August 27, 2004

Phreaknic 8 October 22nd-24th

posted by GeeWhiz Friday, August 27, 2004

Hackers target French ISP's site

posted by arkng Friday, August 27, 2004

Chinese Virus Engaged in Exam Theft

posted by GeeWhiz Friday, August 27, 2004

Wireless Intrusion Detection and Response

posted by GeeWhiz Friday, August 27, 2004

Reg Hacks to Bypass the XP SP2 "Firewall"

posted by GeeWhiz Friday, August 27, 2004

NetworkTools.com offers Whois and other utils for infogathering (link from Keith)

posted by GeeWhiz Friday, August 27, 2004

Wanadoo.fr Hacked. The Irony Abounds. Link from Ron.

posted by GeeWhiz Friday, August 27, 2004

8.26.2004

Joe Klein's Phreaknik Presentation on InfoLeakage

posted by Anonymous Thursday, August 26, 2004

Materials for Tonight:
Distributed Metastasis: A Network Attack Methodology by Andrew Stewart
NIST 800-42 Guideline on Security Testing
GoogleHacking @ Johnny.Ihackstuff.com

You Posted What?!?!? Open Sources of Information and Public Domain "Hacking"
QuickFacts Census Data
Criminal Background Checks at USSearch
Satellite Maps at TerraServer
Internet Archive: The Wayback Machine
ARIN Whois Query
SamSpade Tools
Defult Wireless Configuration Database
IEEE OUI Assignments
CyberAlert Clipping Service
Surveillance Hardware at Search Systems

posted by GeeWhiz Thursday, August 26, 2004

Blue Sniper? More

posted by GeeWhiz Thursday, August 26, 2004

The Induce Act Could Ban I-Pods and Other Noninfringing Devices: Watch out: The PC may be next. I recommend expressing your opinions to your representatives in congress.

On another note: Duke University is Going to Give Apple iPods to First-Year Students for Educational Use (link from Keith).

posted by GeeWhiz Thursday, August 26, 2004

Remember Randall Schwartz? He was convicted of three felonies for doing what he thought was his job. Be careful. Always get authorization in writing for doing any security testing or assessment. In the authorization document, define exactly what it is that you will do and have two officers or managers of the company sign and date te declaration. Make no assumptions.

posted by GeeWhiz Thursday, August 26, 2004

Chaos Computer COnference 21C3: The Usual Suspects

posted by GeeWhiz Thursday, August 26, 2004

Multiple Vulnerabilities in Cisco Secure Access Control Server

posted by GeeWhiz Thursday, August 26, 2004

8.25.2004

US DoJ Announces Major Cybercrime Crackdown is Funded by the Direct Marketing Association

posted by GeeWhiz Wednesday, August 25, 2004

DNA Analysis Spots SPAM

posted by GeeWhiz Wednesday, August 25, 2004

Don't fall prey to such hysteria as "Electronic Jihad Live, Thursday, August 26th!!! The sky is falling... b-caawwk!!!"

posted by GeeWhiz Wednesday, August 25, 2004

The Rbot-GR Worm Can Enable Webcams to Spy on People

posted by GeeWhiz Wednesday, August 25, 2004

8.24.2004

Defacements Archive at Zone.H

posted by Anonymous Tuesday, August 24, 2004

Institute for the Advanced Study of Information Warfare

posted by Anonymous Tuesday, August 24, 2004

The Art of War

posted by Anonymous Tuesday, August 24, 2004

TCP/IP Illustrated in HTML Format

posted by Anonymous Tuesday, August 24, 2004

Astaro Linux is a Feature Rich Firewall Product Based on Linux. It now has support for FreeS/WAN VPN's and Snort in an IPS Configuration. It is free for personal use and starts at $400 for commercial applications. Link from Nick

posted by GeeWhiz Tuesday, August 24, 2004

8.21.2004

IE Drag and Drop Vulnerability Proof of Concept

posted by GeeWhiz Saturday, August 21, 2004

IDAPro4.6 Demo Version

posted by GeeWhiz Saturday, August 21, 2004

The Computer History Simulation Project is a loose Internet-based collective of people interested in restoring historically significant computer hardware and software systems by simulation. The goal of the project is to create highly portable system simulators and to publish them as freeware on the Internet, with freely available copies of significant or representative software.

SIMH implements simulators for:

* Data General Nova, Eclipse
* Digital Equipment Corporation PDP-1, PDP-4, PDP-7, PDP-8, PDP-9, PDP-10, PDP-11, PDP-15, VAX
* GRI Corporation GRI-909
* IBM 1401, 1620, 1130, System 3
* Interdata (Perkin-Elmer) 16b and 32b systems
* Hewlett-Packard 2116, 2100, 21MX
* Honeywell H316/H516
* MITS Altair 8800, with both 8080 and Z80
* Royal-Mcbee LGP-30, LGP-21
* Scientific Data Systems SDS 940

posted by GeeWhiz Saturday, August 21, 2004

The Digital Forensics Research Workshop took place earlier this month. Check out the papers and presentations.

posted by GeeWhiz Saturday, August 21, 2004

The National Software Reference Library (NSRL) provides a repository of known software, file profiles, and file signatures for use by law enforcement and other organizations in computer forensics investigations. Here is a list of the hash signatures that they maintain.

posted by GeeWhiz Saturday, August 21, 2004