Archive for October, 2006
Thirteen malevolent spirits may haunt the halls and cubicles of your company, and if you’re going to scare them into security compliance you may need to get a little bit spooky yourself.
The Metasploit Framework is an advanced open-source platform for developing, testing, and using exploit code. This project initially started off as a portable network game and has evolved into a powerful tool for penetration testing, exploit development, and vulnerability research.
The USB Hacksaw is an evolution of the popular USB Switchblade that uses a modified version of USBDumper, Blat, Stunnel, and Gmail to automatically infect Windows PCs with a payload that will retrieve documents from USB drives plugged into the target machine and securely transmit them to an email account.
Small, targeted incursions are the next wave of attacks compromising enterprise networks.
A Case Study for Improving Your Control System Security.
By now we know that OS X uses encrypted binaries for some critical apps like Dock, Finder and LoginWindow. Amit Singh explains the implementation of this protection scheme which makes use of the AES crypto algorithm and a special memory pager in Mach. The so called Do Not Steal Mac OS X (DSMOS) kernel extension helps along the way by decrypting things for the special pager when apps get executed. A funny thing is that if you print the pointer at address 0xFFFF1600 in your own app you get as output Apple’s karma poem for crackers! According to the article there are 8 protected binaries in OSX including Rosetta and Spotlight meta data demon. Interestingly Apple’s window server is NOT one of those.
and from what I hear, just about every other SSL VPN. This would not be so bad if M$ was not planning to push out IE7 as an automatic update on November 1st. Current advice: Don’t update/use IE7. Fortunately, M$ released a tool that will automatically block the IE7 auto update.
Help needed… A website set up to help spread information about alleged scammers is suffering so many denial of service attacks that its current host has asked the site to find a new home.
Bots and bot nets have rapidly emerged as one of the major threats on the Internet.
End users — god bless ‘em. You can’t live with ‘em — but without them, you wouldn’t have a job. They’re the reason you have an IT infrastructure; they’re also the single greatest threat to the security of that infrastructure. Because, in the end, most users have no idea how dangerous their online behavior is.
Netcraft has discovered that the social networking site MySpace appears to have been compromised by phishers who have presented a spoof login form on the main site. This modified login form submits the victim’s username and password to a remote server hosted in France.
Ars Technica and The Register are reporting the Apple Kernel 10.4.8 has been cracked using Apple’s publicly available source trees. This is the first time Apple was hit by hackers again since Maxxuss silently left the scene. The funny thing about this is the hacker who cracked OSx has released his sources according to APSL. He told Ars Technica in an interview that he did this because he believes in freedom of information, but will this now harm Apple’s opensourceness?
A Perth company and it’s director have been issued a A$5.5 million (approx. US$4 million) fine for breaching anti-spam laws. Australian IT watchers may be familiar with the director, Robert Mansfield — he’s been personally fined A$1 million for the offenses. The Company, Clarity1, sent 280 million unsolicited emails of which 74 million hit mailboxes between 4/2004 and 4/2006.
Inqtanad is a proof-of-concept exploit, which has not yet been seen in the wild, that is installed on a Mac OS X computer via Bluetooth from a computer or PDA running a Linux system.
BT has announced that it has acquired Counterpane (Bruce Schneier) Internet Security, a provider of managed networked security services, as part of its strategy to expand and develop its global professional services capabilities.
Authentium contends that it wasn’t hard to create a product that defies Vista’s kernel protection program, but said it will continue to work with Microsoft to find alternative development techniques.
Without even removing their cards from wallets or pockets, consumers can potentially see their privacy and security compromised.
One of the latest trends in information security is Unified Threat Management (UTM). In a nutshell UTM is the combining of security functionality (i.e. anti-virus and network traffic scanning, alerting, firewalling, etc.) into a single appliance or software suite. Many articles cover aspects in favor of UTM but fail to consider any of the risks.
The open source project already offers penetration testing tools and exploit code. Now it’s going further, offering eVade-o-Matic, a tool to make it harder to detect exploit code aimed at Web browsers. Has the group gone too far?
Microsoft released its long-awaited Internet Explorer 7.0 browser on Oct. 19. The free download allows Windows users to replace IE 6.0, which hasn’t had a serious feature update since it first came out in 2002.
Jon Johansen became a geek hero by breaking the DVD code. Now he’s liberating iTunes – whether Apple likes it or not.
Windows Defender is a free program that helps you stay productive by protecting your computer against pop-ups, slow performance and security threats caused by spyware and other potentially unwanted software.
Malicious code that turns computers into zombies is wreaking all kinds of havoc.
The majority of telecommuters are aware of the security dangers that go along with using mobile devices and remotely logging onto their employers’ networks, yet their behavior for the most part contradicts this awareness, according to a study by Cisco Systems and research firm InsightExpress.
The security industry and trade press have directed a lot of attention toward the ‘Zero-day attack,’ promoting it as THE threat to guard against. According to the marketing hype, the Zero-Day attack is the one that you should most fear, so you must put in place measures to defend your organization from it.
In part 1, we introduced the idea of a Less-Than-Zero threat and defined it relative to a Zero-Day threat. Now, I’ll go a little deeper on each and discuss ways to protect your organization from them.
Metasploit is working on a module to transition kernel mode exploits into user mode.
Get it while it’s hot Updated Firefox 2.0 was due to be released on Tuesday in the US but the final version of the source browser was available from Mozilla FTP site early on Monday. Firefox 2.0 boasts a raft of new features including an integrated in-line spell checker, as well as an anti-phishing tool, tightly-integrated search, and improvements in tabbed browsing.
H.D. Moore, head researcher of hacker organization Metasploit, talks about why it’s important to publish security exploits.
eEye Digital Security, the developer of endpoint security and vulnerability management software solutions, has announced the release of Blink Personal, a free version of its award-winning Blink endpoint security technology, developed for non-commercial users.