Clipmarks | barrett778's clips

Virtual PCs Add New Layer of Security

Sat, 05 Jan 2008 00:07:44 GMT

clipped by: barrett778
clipper's remarks: 1. Can't wait to try it
2. Wonder if there is a threat to this that we need to block

Clip Source: www.eweek.com

MojoPac turns most flash memory sticks, hard drives or iPods into "virtual" PCs that can run most programs working on Windows XP.

The device cannot be bought. You have to make it by downloading free software onto a computer drive such as the thumb-sized USB flash memory drives that were so popular as gifts this Christmas. It also works with iPods, many other digital music players and regular external hard drives.

MojoPac is available for free on the company's Web site, www.MojoPac.com.

Tags: virtual pcs; portable applications, security

Nato secrets USB stick lost in Swedish library

Fri, 04 Jan 2008 22:42:22 GMT

clipped by: barrett778
clipper's remarks: Encryption, encryption, encryption

Clip Source: www.theregister.co.uk

The discovery of a USB memory stick containing classified NATO information in a library in Stockholm has prompted a meeting between the Swedish Military Intelligence and Security Service and foreign defence officials.

According to Swedish daily Aftonbladet, the stick contained material on NATO's ISAF peace-keeping force in Afghanistan, as well as an intelligence report on the attempted assassination of Lebanon's defense minister and the murder of Sri Lanka's foreign minister.

Tags: data loss, security

Fast Flux DNS Wiki

Tue, 01 Jan 2008 16:44:25 GMT

clipped by: barrett778
clipper's remarks: Technique used to mask attacker's true identity and to avoid countermeasures such as IP ACLs

Clip Source: en.wikipedia.org

Fast flux is a DNS technique used by botnets to hide phishing and malware delivery sites behind an ever-changing network of compromised hosts acting as proxies. It can also refer to the combination of peer-to-peer networking, distributed command and control, web-based load-balancing and proxy redirection used to make malware networks more resistant to discovery and counter-measures. The Storm Worm is one of the recent malware variants to make use of this technique.

Tags: malware, security

Storm, Nugache lead dangerous new botnet barrage

Thu, 20 Dec 2007 02:54:34 GMT

clipped by: barrett778
clipper's remarks: The future will continue to hold significant challenges.

Clip Source: searchsecurity.techtarget.com

But with this network, in lieu of one C&C server, there were a number of peers around the network that were sending out commands and serving as download sites for various pieces of the network. So if one of the peers in the network that the attacker is using to issue commands to the rest of the network is shut down, the attacker could simply begin sending orders through another peer. This made the entire network of compromised PCs equal partners and made the prospect of disabling the network incredibly daunting.

Dittrich, one of the top botnet researchers in the world, has been tracking botnets for close to a decade and has seen it all. But this new piece of malware, which came to be known as Nugache, was a game-changer. With no C&C server to target, bots capable of sending encrypted packets and the possibility of any peer on the network suddenly becoming the de facto leader of the botnet, Nugache, Dittrich knew, would be virtually impossible to stop.

Tags: botnets, storm trojan, malware, security

Adobe ships ‘critical’ patch for Flash Player

Thu, 20 Dec 2007 02:24:52 GMT

clipped by: barrett778
clipper's remarks: More Zero Day stuff, just in time for the holidays

Clip Source: blogs.zdnet.com

Adobe said Thursday that it is shipping a highly critical patch to address multiple vulnerabilities that could affect Windows, Mac and Linux machines.

The update addresses at least nine flaws–CVE-2007-6242, CVE-2007- 4768, CVE-2007-5275, CVE-2007- 6243, CVE-2007- 6244, CVE-2007- 6245, CVE-2007-4324, CVE-2007- 6246, CVE-2007-5476–across all platforms. Versions affected include Adobe Flash Player 9.0.48.0 and earlier, 8.0.35.0 and earlier, and 7.0.70.0 and earlier.

Two of the nine vulnerabilities are “input validation errors” that could “lead to the potential execution of arbitrary code.” Adobe adds:

“These vulnerabilities could be accessed through content delivered from a remote location via the user’s web browser, email client, or other applications that include or reference the Flash Player.”

Tags: zero day, vulnerability, patch, security

Hot: Real-time security monitoring

Tue, 18 Dec 2007 03:04:11 GMT

clipped by: barrett778
clipper's remarks: Risk Management Framework from NIST and Cyber Defence capabilities under the Einstein gateway monitoring program.

Clip Source: www.fcw.com

Agencies began to grasp the idea that security risk is a changing, dynamic condition that makes it difficult to use traditional security certification and accreditation procedures to comply with the Federal Information Security Management Act. The National Institute of Standards and Technology published a Risk Management Framework to help agencies deploy security controls and assess the risk to systems that support their missions.

Ross said real-time, continuous monitoring of security controls equips agencies with an effective defense against sophisticated cyberthreats.

Real-time monitoring makes agencies aware of information security risks as hardware and software changes.

The Bush administration called on Congress to transfer $115 million to the Homeland Security Department’s Einstein gateway monitoring program. OMB issued a policy mandating the program’s use.

Swatting

Tue, 18 Dec 2007 02:16:43 GMT

clipped by: barrett778
clipper's remarks: This is a new one... Get someone to provide you some personal information, their address, and their phone number, phreak the phone number, and send the SWAT team to their house.

Clip Source: www.theregister.co.uk

Swatting uses a combination of social engineering, phone phreaking and computer hacking to harass individuals. In many cases, the swatter will trick the victim into divulging a physical address and then use a VoIP system to make it look like the victim has initiated an emergency call from his address. This often prompts a response from SWAT teams who conduct emergency raids on the homes of people whose numbers were spoofed.

Windows Vista Service Pack 1 RC Public Availability Program

Tue, 18 Dec 2007 01:13:10 GMT

clipped by: barrett778
clipper's remarks: Installing SP1 RC1 now. You must run the script, then download the RC and the prereq's through Windows Update. Only install on non-critical machines. You will have to uninstall the RC before installing the final version. But hey, can installing the RC be any worse right now?

Clip Source: www.microsoft.com

There are two ways to install the service pack, first, as a pop-up notification that the service pack is ready to be installed (this is the method in which most users will install the service pack) and using multiple manual installations from Windows Update. The first method is the simplest, but may take up to four days for the Windows Update Automatic Update feature to deliver each of the 3 prerequisites and the service pack. Windows Vista SP1 distributed through Windows Update will be applicable to Windows Vista machines that are running on any of the 36 languages supported by Windows Vista RTM.

Did NSA Put a Secret Backdoor in New Encryption Standard?

Tue, 18 Dec 2007 00:57:40 GMT

clipped by: barrett778
clipper's remarks: Not sure how easy it is to force the use of another random number generator, but I guess I will be learning how to shortly.

Clip Source: www.schneier.com

By Bruce Schneier
Wired News
November 15, 2007

But today there's an even bigger stink brewing around Dual_EC_DRBG. In an informal presentation (.pdf) at the CRYPTO 2007 conference in August, Dan Shumow and Niels Ferguson showed that the algorithm contains a weakness that can only be described a backdoor.

GAO praises TSA for its handling of sensitive info

Wed, 05 Dec 2007 16:33:10 GMT

clipped by: barrett778
clipper's remarks: Good news stories are few and far between. Nice to highlight them when they happen.

Clip Source: www.fcw.com

GAO said TSA’s SSI Office, which was established in 2005, is mainly responsible for the agency doing everything Congress requested and meeting additional recommendations GAO specified in a 2005 report. Notably, the SSI Office has been providing training to all TSA employees and contractors.

Tags: government, security, tsa

How to Track Down Anyone Online

Wed, 05 Dec 2007 16:30:14 GMT

clipped by: barrett778
clipper's remarks: items to help you 'profile' yourself to ensure you aren't coughing up too much information.

Clip Source: lifehacker.com

While there's still no killer, one-stop people search, there are more ways than ever to track down a long-lost friend, stalk an ex, or screen a potential date or employee. The next time you wonder, "What ever happened to so-and-so?" you've got a few power people search tools to turn to.

Tags: identity, security

ThreatCon Level is 1

Wed, 05 Dec 2007 06:05:10 GMT

clipped by: barrett778
clipper's remarks: Back to '1'

Clip Source: 100.gmodules.com

he ThreatCon is at level 1. On November 23, 2007, a vulnerability for QuickTime's RTSP response header was disclosed. The issue allows an attacker to execute arbitrary code remotely. On December 1, 2007, the DeepSight honeynet captured active exploitation of the vulnerability and issued a Threat Alert. Although the vendor has not yet released a patch for the vulnerability, workarounds are available:

Tags: threatcon level, security

Schneier on the SANS Top 20 Vulnerabilities

Wed, 05 Dec 2007 04:19:17 GMT

clipped by: barrett778
clipper's remarks: Need to proxy connections to the Internet and STRICTLY limit where people can go. Unfortunately, there is very little desire to do this and many are willing to accept living in a compromised environment. At home, I have been modifying each machine's 'HOSTS' files ('There's no place like 127.0.0.1'), using K9 Web Content filtering, and recently been using OpenDNS to limit where my users (family) can go. Also, I have killed MSIE and have forced all users to use Firefox with the NoScript enabled. I have played with a virtual proxy that works well (especially when configured with 'Hosts', K9, OpenDNS, Antivirus, and FW blocking of all other hosts besides the proxy. When I figure out how to do the failover piece to keep the availability at 99%, I will implement it for good. Nothing is full-proof, but I sleep better at nights! (Thanks to RF-NCNF for the OpenDNS and NoScript tips!).

Clip Source: www.schneier.com

Users who are allowed by their employers to browse the Internet have become a source of major security risk for their organizations. A few years back securing servers and services was seen as the primary task for securing an organization. Today it is equally important, perhaps even more important, to prevent users having their computers compromised via malicious web pages or other client-targeting attacks.

Web application vulnerabilities in open-source as well as custom-built applications account for almost half the total number of vulnerabilities being discovered in the past year. These vulnerabilities are being exploited widely to convert trusted web sites into malicious servers serving client-side exploits and phishing scams.

Attackers are finding more creative ways to obtain sensitive data from organizations. Therefore, it is now critical to check the nature of any data leaving an organization's boundary.

Tags: vulnerabilities, security

Microsoft Security Advisory (945713)

Wed, 05 Dec 2007 03:46:47 GMT

clipped by: barrett778
clipper's remarks: Should not affect home users who are not part of a domain and also should not affect corps with a second-level domain (affects third-level or more). Proxy servers, WPAD servers, and those who disable the IE 'Automatically Detect Settings' mitigate this vulnerability. Most flavors of Windows/Vista affected when using MSIE (unclear whether or not other browsers have the same vulnerability, but I would assume they do if they depend on Windows/Vista to automatically detect settings).

Clip Source: www.microsoft.com

Microsoft is investigating new public reports of a vulnerability in the way Windows resolves hostnames that do not include a fully-qualified domain name (FQDN). The technology that the vulnerability affects is Web Proxy Auto-Discovery (WPAD). Microsoft has not received any information to indicate that this vulnerability has been publicly used to attack customers, and Microsoft is not aware of any customer impact at this time. Microsoft is aggressively investigating the public reports. Customers whose domain name begins in a third-level or deeper domain, such as “contoso.co.us”, or for whom the following mitigating factors do not apply, are at risk from this vulnerability.

Tags: ms security advisory, msa, security, wpad

Bruce Schneier Q&A

Wed, 05 Dec 2007 01:48:14 GMT

clipped by: barrett778
clipper's remarks: This is a MUST read for all computer users. Bruce does us all a favour and links back to his pertinent articles.

Clip Source: freakonomics.blogs.nytimes.com

Yes. Identity theft is a problem for two reasons. One, personal identifying information is incredibly easy to get; and two, personal identifying information is incredibly easy to use.

Q: Considering the carelessness with which the government (state and federal) and commercial enterprises treat our confidential information, is it essentially a waste of effort for us as individuals to worry about securing our data?

It’s an economic problem: because these parties don’t feel the pain when they lose our data, they have no incentive to secure it. I wrote about this two years ago, stating that if we want to fix the problem, we must make these organizations liable for their data losses. Another problem is the law; our Fourth Amendment protections protect our data under our control — which means in our homes, in our cars, and on our computers. We don’t have nearly the same protection when we give our data to some other organization for use or safekeeping.

Tags: schneier, security, q&a