Came across an article that relates to Nmap, the network scanning tool. If you haven't tried Nmap, get it and give it a whirl. Very useful and effective.

Nmap helps identify many of the pertinent details associated with a network or system, including open ports, exposed operating systems, exposed services, etc.

Searchsecurity has a "manual" that can walk you through the process of setting it up and running it.



Risks associated with USB drives...

This article by John Zyskowski in Federal Computing Weekly is pretty old (2006), but it is even more relevant, as USB drives and USB thumbdrives continue to grow in popularity and in size. The article describes a number of the risks associated with loss of data:

  • data stored on USB drives/thumb drives that get stolen or lost
  • data stolen from desktops using the storage capability of thumb drives
One issue that was hinted at, but not really discussed was the risks associated with viruses, trojans and other malware that can be transferred to a computer when you insert a USB device.



Sony Rootkits - Redux

Several years ago, Sony produced some music CDs with rootkits in them. Hackers loved it. Music purchasers hated it. Infosec practitioners appreciated the extra business cleaning up the mess. Everyone pretty much agreed that it was a major business faux pas on Sony's part. Except, apparently, Sony, since they are a pretty much at it again.

Some folks never learn.



Suspicious Scans...

Reports in the news of suspicious scans potentially related to a product called ServerProtect. The article describes how there has been some recent increased scanning activity related to TCP port 5168, which is related to a remote procedure call service in ServerProtect. Apparently, a number of machines in a wide range of IP addresses have been scanning this port.

One of the interesting quotes is this:

"Trend Micro issued a warning of its own yesterday based on the ISC scanning alert to virtually beg ServerProtect users to patch ASAP. "We implore security administrators to apply the latest ServerProtect security patch avalable from Trend Micro as soon as possible to protect against any potential attack," read the warning."
It will be very interesting to see if a viable attack is levied in the near future on this vulnerability.



Why your internet connection was really down...

This company's ability to supply service to it's customers was drastically impacted because of two factors:
* someone discharged a firearm into their fiber optic lines
* they failed to provide redundant fiber lines

In the world of information assurance...we need to keep data safe (from crackers and bad guys), but we also need to keep it accessible to legitimate users. One of the ways to provide high assurance is to provide redundant capability:
* mirrored servers
* redundant paths from point A to B
* fail-over equipment

These guys did not have such capability in place and it cost them and ultimately it cost their customers and those people's customers, on down the chain.



The next world war?

This article by Jim Melnick in the Boston Globe covers some of the salient points associated with cyberwarfare...

It is only a matter of time before the United States and other world powers begin to see the onslaught of calibrated and calculated attacks, in much the same manner as was demonstrated in Estonia.

To quote Mr. Melnick: "Though many US websites are well-protected, a massive denial of service attack could leave many commercial and other sites reeling along the lines of what occurred in Estonia, but on a larger scale. Given that more of our daily lives today depends on the Internet, financial losses could be huge and would be accompanied by a corresponding loss of consumer confidence."
The article also covers some of the issues associated with attacks on infrastructure and military and governmental institutions...
"For 10 years, the federal government's information systems and critical infrastructures have remained a "high-risk" category as assessed by the Government Accountability Office."
The worst part of the equation...as it is in so many things related to security - we have to be successful in defending ourselves 100% of the time and they (the bad guys) only have to be successful once.



Trojan software hidden on Job Search web-sites...

Very nice article by Brian Prince on a Trojan malware that has infected a number of web sites, allegedly including Monster.com and other job search web sites.

Some quotes from Brian:

"The hackers behind the attack are running ads on the sites and injecting those ads with the Trojan. When an user views or clicks on one of the malicious ads, their PC is infected..."
Moral of the story: Even reliable, trusted sites can inadvertantly host malicious material or host links to sites that do.
"...all the information entered into their browser, such as financial information entered before it reaches SSL protected sites, is captured and sent off to the hacker's server..."
Moral of the story: one of the best ways to get encrypted data is to get it before it gets encrypted...
Brian quotes Don Jackson of SecureWorks: "This Trojan uses its own packer…it compresses and changes the code around," he said. "This packer is unique to this Trojan. It was written specifically for it, and the construction kit that produces the executables is very, very good at putting instruction substitutions, giving a long string of instructions for a simple task and putting garbage code or null operations in there, so that it is hard for anti-virus. Anti-virus has not been able to pick a stub…that they can identify reliably from file to file."
No moral here...just fascinating how well the creators have considered the issue of camouflaging their presence.



Forensics on a hacked Linux box...

The Holliday cracking article (sic) shows how one guy walked through doing forensics on a box. The interesting part of this discussion is two-fold...

first - seeing what the cracker/hacker did to the Linux box
second - seeing the range of comments on Bruce Schneier's website about how the "forensics analyst" went about his analysis - i.e. what to do, what not to do
The take home message for this:
* No computer is truly safe
* When doing forensics, the techniques you use and the decisions you make are gonna be second guessed endlessly.



Digital Armaments and cash for vulnerabilities...

I came across this web-site for Digital Armaments. These folks pay researchers for vulnerabilities. Find a problem, tell them about it and they give you compensation (and your name in lights, when they forward the information on to interested parties).

Capitalism at its best...get someone to do your work for you dirt cheap, and sell the results for as much as the market will bear. I applaud them for their ingenuity.

I am not sure of the inner workings of the company (i.e. who they sell their products to...what they do with the vulnerabilities...) therefore I can't comment on whether this firm's actions are good or bad - but the business model is certainly interesting.