Rodney Campbell's Blog

Subliminal Spam Using an Animated GIF

Everyone's noticed the recent flood of image spam (including the SpamAssassin developers who are working on an OCR-extension to beat it), but take a look at this spam containing a subliminal message flashed every 17 seconds to try to entice you to buy the stock being pumped.

Google developing eavesdropping software

The first thing that came out of our mouths when we heard that Google is working on a system that listens to what's on your TV playing in the background, and then serves you relevant adverts, was "that's cool, but dangerous".

zCodec Video Codec Is a Trojan

There's a new video codec out there that claims to offer 'up to 40 percent better video quality' but that resets your computer's DNS settings — opening the way for Trojans, rootkits, or whatever. Techworld warns that zCodec looks professional enough, is widely available, and comes in at 100KB. 

Growing Phishing Threats And Critical Vulnerabilities

MessageLabs has announced the results of its MessageLabs Intelligence Report for August 2006. In this month’s findings, MessageLabs observed the continuing trend for online criminals to develop sophisticated new phishing attacks and trojans that exploit widespread vulnerabilities, such as the publicised MS06-040 and prey on the popularity of instant messaging software, social networks and ecommerce sites.

Top Ten viruses most frequently detected in August

August has witnessed the same trend observed over the last few months with regard to computer threats. The current apparent calm in malware activity is simply due to a new strategy from malware creators, who are now trying to avoid massive epidemics that draw the attention of users and the media, while simultaneously launching a large amount of new malicious code.

INFOSEC Year In Review (IYIR)

Professor Mich Kabay collects, absracts and classifies news reports into annual databases and provides them online for research purposes. Here is an Aggregate Report of 1997~2006 as a 14MB PDF of the entire (2000+ page) database. These may prove tremendously useful for those seeking anecdotal reference material. Here is the entire IYIR Access Database for the Years 1997~2006.

Privacy Web Browser 'Browzar' Branded Adware

I reported on this browser late last week – however Browzar has been branded "adware" by many because it directs web searches to online adverts. Some technical experts also say Browzar, which claims to leave no trail of webpages visited, does not work. Browzar's developers say they are examining the feedback but strongly deny that it is adware.

Q&A: ISS founder on IBM and beyond

Internet Security Systems (ISS) last week entered an agreement to be acquired by IBM for $1.3 billion in cash, a deal expected to close by the end of the year. Network World Senior Editor Ellen Messmer recently talked with Chris Klaus, founder and chief security advisor at ISS, about what he plans to do next – and it could involve an online virtual world he hopes you’ll visit, too.

Spam Numbers Rise, Although Porn Is Down

A survey shows that while emails pushing porn are down, 70 percent of all email received is spam, compared to 62 percent the previous quarter. Phishing is also on the rise.

Anti-Virus Testing and Consumer Reports

Consumer Reports recently came under heavy fire from some in the anti-virus industry for creating some 5,500 new virus variants.

Penetration Testing – A Systematic Approach

The question most commonly asked by any organization is “Why would I ever need a penetration test?” after all it costs a lot of money in hiring an external consulting firm or to invest in expensive tools to perform a penetration test. You must realize that it is very important for any organization to justify the cost involved for such an activity.

This is a 60 second helicopter view of these appliances…

I have just completed a four day training course and hands on with the BlueCoat Web Proxy Appliances and I thought I'd give my quick impressions of the technology; based on what I've seen and played with – with particular emphasis on comparing to the Network Appliance NetCaches (which I'm already very familiar with) – I'll put those items I think are probably the most important near the top of the lists.

Note: this doesn't of course factor in any real world things like how these features perform under load, actual capacity with relevant features turned on, dealing with our specific bizarre configuration requirements, finding any particular flaw or bugs our real world users/traffic might toss up or how the support stacks up.

BlueCoat Pro's (stuff which NetCache doesn't have?):

• Supports more built-in "features"
• Content Policy Language and Visual Policy Manager – modeled on Checkpoint GUI – multiple rules in multiple layers – seems pretty extensive and powerful and VPM is obviously way easier to manage rules than text NetCache ACL rule sets
• BlueCoat Director (Centralised Management Console – central policy and config, automate device management (backups, etc))
• IM protocol support (MSN, Yahoo & AOL) (it does even seem to "recognise" this when it is tunnelled over the HTTP or SOCKS5 proxies) allowing you to specify policies on what is and isn't allowed, etc – doesn't fully support new MSN and Yahoo yet
• SSL Proxy (man-in-the-middle SSL intercept – requires SSL hardware card) – this is destination, etc configurable via policy, categorisation, etc – requires CA cert be installed on all client browsers for warning free use
• P2P protocol support (BitTorrent, eDonkey, Gnutella & FastTrack) (I expect it should also "recognise" this when it is tunelled over the HTTP or SOCKS5 proxies) allowing you to specify policies on what is and isn't allowed, etc
• Onbox Web/Content Filtering/Categorisation (BlueCoat, Smartfilter, others) + Local database (with hashed lookups – could be significant performance boost for ACLs here)
• ProxyAV – BlueCoat have their own ICAP based AV appliance (Kaspersky, Sophos, McAfee, Panda)
• Spyware Prevention (some portions require ProxyAV)
• Cisco IOS like CLI
• Role based security
• User Notifications – Exception Pages, Splash pages (show once – e.g. a daily AUP), Coaching Pages (option to continue)
• Bandwidth Management – could be especially useful for our inbound streaming events (reserving streaming bandwidth and/or limiting users)
• HTTP Compression (server side and/or client side including storing multiple variants (gzip, deflate & text) in cache)
• Able to eject/flush "sites/tree's" from the cache – unlike NetCache which can only do individual objects
• Native FTP Proxy and a generic TCP tunnel proxy
• File type matching based on (File Extensions, MIME Types and Apparent Data Type (magic headers))
• Supports more Authentication Realms including multiples of the same type (Win NT, AD, LDAP, Radius, Cert, Siteminder, COREid, Local, etc)
• Reporter – centralised reporting software (probably not capable enough to cope with our log load) 

BlueCoat Con's:

• The Java applet filled Web based GUI is a big turnoff. I absolutely hate the single Java applet in the NetCache web GUI which loads as part of the default web page and invariably doesn't work in most browsers but the BlueCoat takes this to the extreme with a separate applet which has to download and run for EVERY freakin' page in the web GUI – they cannot get rid of this fast enough for me
• Still not sure if all of our existing NetCache ACL functions will translate
• Win NT/AD authentication integration seems a bit messier than with NetCache (requires installation of agent software on windows boxes in the domain)
• doesn't have equivalent of ACLstat (for optimising rule ordering)

Mitigating the Security Risks of SSH

This article is a follow-up to my earlier article on SSH security considerations, in which I discussed some very real risks with SSH—risks created by how SSH is rolled out in many organizations. Large organizations with many production platforms are especially at risk.

Quack Hackers

Hoax hacks. Rigged demos of make-believe security holes. Those, it appears, are the real big news that came out of the Black Hat USA security conference earlier this month. Two of the headline-grabbingest claims by independent security researchers at the show have since turned out to be bogus.

Security Engineering – The Book

Ross Anderson, author of 'Security Engineering', just got permission from Wiley to let anyone download the full content of his book for free. This is one of the best books on computer security and it is used as textbook in many University course.

The six worst security mistakes

A Buyer's Guide: The six worst security mistakes, and how to avoid making them.

Fugitive CEO Caught Via Skype – Tracking Anonymous Peer-to-Peer VoIP Calls on the Internet

Reference books for the CISSP CBK domains

This list is provided as a reference, and it is divided by the CBK domains so that you can get help with specific topics where you feel you need more information. The books are linked back to detailed reviews: it is intended that you can quickly find a domain you need help with, and then can quickly go through the reviews in order to find the book that will give you the help with your specific need for information.

Research shows SSL VPNs gaining inroads over IPSec VPNs

People who use VPNs continue to move toward devices that do more than just provide a VPN gateway in conjunction with a firewall, according to a new study by Synergy Research.

Study – Many believe data thefts can't be prevented

Lack of resources cited for difficulties in stopping data breaches.

Crypto browser plug-in aims for simplicity

German coders have developed a free encryption plug-in for webmail accounts.

New Web Browser Leaves No Footprints

A new web browser designed to protect users privacy is available for download. Called Browzar, it 'automatically deletes Internet caches, histories, cookies and auto-complete forms.' It also boasts a search engine, which the company will use to generate income. The 264KB application is the brainchild of Ajaz Ahmen, known for creating the U.K.'s first ISP Freeserve.