Rodney Campbell's Blog

Archive for September, 2006

2006.09.18 Daily Security Reading

by on Sep.18, 2006, under Security

Six Tips to Protect Your Online Search Privacy

Google, MSN Search, Yahoo!, AOL, and most other search engines collect and store records of your search queries. If these records are revealed to others, they can be embarrassing or even cause great harm. Would you want strangers to see searches that reference your online reading habits, medical history, finances, sexual orientation, or political affiliation?

DVD chips ‘to kill illegal copying’

Embedded radio transmitter chips to track movie, music and software.

Exploit Posted for New IE Zero-Day

Security researchers in China have published detailed exploit code for a previously unknown code execution hole in Microsoft’s Internet Explorer browser.

Tracking Users Via the Browser’s Cache

A demonstration shows that tracking can remain continuous if you clear only cookies or only the cache, but not both. (Firefox’s Clear Private Data tool can be set to clear both when closing the browser.)

How spammers identify their targets

Brent Huston writes about research he did to get inside the minds of spammers and expose some of the processes they use to identify potential targets. Huston says that among the four common ways that spam is spread, the most common method that spammers use is via open relays. Huston’s research also revealed that ‘they were doing much more server analysis’ than he had expected and that they take a multi-step approach: ‘They scan the server for proper RFC compliance, and then they send a test message to a disposable address. Only after these are complete did they adopt the tool to dump their spam’.

Comments Off on 2006.09.18 Daily Security Reading more...

The IT Security PodCasts Roundup

by on Sep.15, 2006, under Security

The world of IT Security is changing so rapidly – it’s often just too hard to keep up. In an attempt to soak in just that little bit more general information I’ve recently started listening to various IT/Computer/Network Security podcasts. I listen to these in any ‘spare time’ I might have in my day (like travelling to and from work). Some of the PodCasts are quite professionally produced and perhaps have as much to do with entertainment as they do about content and security but that isn’t necessarily a bad thing if it helps make you listen to the PodCast and come back for more.

The following is my pick of the best ones that I’ve found so far and if you have any suggestions for others I should be listening to then please give me some feedback. With most of these PodCasts you can use iTunes to subscribe, however as I am not using an iPod I just download the MP3 file and load them onto my PocketPC phone.

Steve Gibson and TechTV’s Leo Laporte take 30 to 60 minutes near the end of each week to discuss important issues of personal computer security. This stuff is fairly light on and is pitched at the general user with security in mind and as such is a good introduction to the space. Steve tends to talk way too much 🙂 but Leo tends to try and keep him on track. Currently up to Episode 56.

Martin spends half-an-hour (or so) each week talking about the computer security issues that are relevant today. Currently up to Episode 42.

Larry Pesce, Paul Asadoorian, Nick "Twitchy" Depetrillo, Joe Conlin bring you a podcast in a much more laid back youthful style. If you enjoy kicking back with a bunch of young techo guys having fun and chatting about all manner of stuff then this podcast is for you. Currently up to Episode 43.

Crypto-Gram is a monthly e-mail newsletter from security expert Bruce Schneier. For more than seven years Crypto-Gram has become one of the most widely read forums for free-wheeling discussions, pointed critiques, and serious debate about security. If you prefer to listen to Schneier’s newsletter rather than reading it then this is for you.

SploitCast is a podcast for hackers, geeks, and the security paranoid. Run by a group of students and IT professionals SploitCast discusses a wide variety of topics; including new vulnerabilities, exploit code, security and technology news roughly every two weeks. If you want dry technical discussions this is the podcast for you. Currently up to Episode 14.

Michael Santarcangelo is a lead instructor for the CISSP exam and will take you on a 20-50 minute tour of the business and policy side of security rather than a techies view of the world. Currently up to Episode 35.

Two former federal agents speak each week about computer forensics, network security and computer crime. This is down-to-earth with a focus on forensics and investigation. They have over 40 podcasts in the can already. If you are really interested in this field then the Liveammo: Digital Forensics & Hacking Investigations series may also be up your alley.

TechTargets Security Wire Weekly podcast provides a short summary of the week’s top news in the world of information security, plus features interviews with newsmakers, experts and people like you.

If VoIP security is your interest, this podcast is right up your alley. Blue Box is a 60-minute podcast  from Dan York and Jonathan Zar with news and commentary about security issues for Voice Over IP and IP Telephony. Currently up to Episode 37.

1 Comment more...

1st Illaroo Scout Group Reunion

by on Sep.15, 2006, under Life

On the 26th of August 2006 I attended the 30 (31) year reunion and celebration of the formation of the 1st Illaroo Scout Group.

I initially joined the Cub Scouts at around 6 years of age (1st Bomaderry Scout Troop) and soon joined the 1st Illaroo Scout Group when it was first formed. I was an active member of the group for many years – first as a Cub, then a Scout, a Venturer and finally a Rover and it was a real pleasure to meet up with old friends during the day and even more at the dinner in the evening. My parents were also heavily involved with the scouting movement – my mother as part of the ladies auxilliary and my father in various leadership roles.

I hadn’t really been back to the scout hall for perhaps fifteen years and I spent the afternoon pooring over memorabilia and chatting with past scouting friends. My daughters got a real kick out of finding very old photos of me as a kid taken during many of my scouting activities (hiking, camping, abseiling, caving and so on). I was involved with the scouts for perhaps 15 or more years and I have very fond memories of my scouting experiences and think perhaps they were some of the best times of our lives and I have no doubt that my experience with scouts has dramatically shaped my life.

In the photo below – thats me about to walk over the rope suspension bridge (I remember we used to build these sorts of things all the time when we were young). 

 

Some photos from the day.

 

Comments Off on 1st Illaroo Scout Group Reunion more...

2006.09.14 Daily Security Reading

by on Sep.14, 2006, under Uncategorized

Passwords Overwhelming End Users

RSA Security has announced results of the company’s second annual password management survey, which polled businesses on issues pertaining to password management. More than 1,300 business professionals participated in this global study, which confirmed that the burden of multiple passwords continues to pose significant security risks, and encourages end-user behavior that endangers compliance initiatives.

China’s Cyberwarriors

Many cybersecurity experts in the United States and Taiwan worried when Microsoft provided the Chinese government with access to the source code of its Windows operating system in 2003. “Those fears now appear justified,” says a Taiwanese intelligence officer.

September Patch Tuesday misses zero-day exploit in MS Word

Microsoft delivered three bulletins this Microsoft September Patch Tuesday. The code relates to a critical bulletin for Microsoft Publisher, an important bulletin for the pragmatic general multicast (PGM) networking communications and a moderate severity bulletin for the Indexing service.

Internet Explorer Compressed Content URL Heap Overflow Vulnerability #2

eEye Digital Security has discovered a second heap overflow vulnerability in the MS06-042 cumulative Internet Explorer update that would allow an attacker to execute arbitrary code on the system of a victim who attempts to access a malicious URL. Windows 2000, Windows XP SP1, and Windows 2003 SP0 systems running Internet Explorer 5 SP4 or Internet Explorer 6 SP1, with the MS06-042 patch applied, are vulnerable; unpatched and more recent versions of Internet Explorer are not affected.

Survey Reveals Security Risks Of Extended Enterprise

Nearly three quarters of organizations worldwide feel that business partners increase their levels of information security risk, and 13 per cent of organizations have terminated a business partnership due to information security concerns, according to a recent survey of more than 200 organizations worldwide by Cybertrust.

10 Security Problems Unique to IT

Organizations face a host of security concerns driven by the power of technology and the vulnerabilities inherent in its use. IT pros have to be vigilant about all these issues, from system penetration threats to hardware portability to employee turnover.

QTFairUse6 Updated Hours After iTunes7 Release

Mere hours after iTunes 7’s release, QTFairUse6 has received an update which enables it to continue stripping iTunes songs of their ‘FairPlay’ DRM

Comments Off on 2006.09.14 Daily Security Reading more...

2006.09.12 Daily Security Reading

by on Sep.12, 2006, under Security

The World of Botnets (pdf)

With a Trojan horse on one compromised computer, you would be able to do whatever you wanted. That computer would be as good as your own. You would own it. Now imagine that you owned 100,000 such computers, scattered all over the world, each one running and being looked after in someone’s home, office, or school. Imagine that with just one command, you could tell all of these computers to do whatever you wanted.

When relationships end, so does security

When "Lucy" and "Ricky" exchanged wedding vows, they said nothing about email privacy. During their marriage, Lucy found it easy to guess Ricky’s email password. One day Lucy began to suspect that Ricky was being unfaithful to her, and reading his email confirmed her suspicion. She never told him that she was intercepting his email, and he never suspected that’s how she discovered his infidelity. Even after their divorce, she still keeps tabs on him by reading his email: he still doesn’t know.

Disclosure survey

Federico Biancuzzi surveys statements from some of the world’s largest software companies about vulnerability disclosure, interviews two security companies who pay for vulnerabilities, and then talks with three prominent, independent researchers about their thoughts on choosing a responsible disclosure process.

Comments Off on 2006.09.12 Daily Security Reading more...

Looking for something?

Use the form below to search the site:

Still not finding what you're looking for? Drop a comment on a post or contact us so we can take care of it!

Copyright © 2015 Rodney Campbell

Images contained on this web site may not be used or reproduced in any way without prior permission.