Wednesday, September 8, 2010
Monday, December 7, 2009
At DojoSec the mission is to spread security knowledge in all forms of delivery. Our newest effort is called DojoSec Sessions which will feature screen captures and presentations from top-notch security professionals. DojoSec presents Jeremy Brown with an excellent presentation on Finding Vulnerabilities with Static Analysis. Thanks Jeremy for your contribution!
Monday, November 30, 2009
REGISTER ASAP - The Capitol College Innovation and Leadership Institute will host the Mobile Communications Security Symposium on December 4, 2009 from 8 a.m. to 12 p.m., on campus, in the Avrum Gudelsky Memorial Auditorium. There is no cost to attend this event. To learn more about the program and the speakers, please visit http://www.capitol-college.
To register for the symposium:
Send an email to email@example.com
Subject: Register, Mobile Comm. Security Symposium
Wednesday, November 25, 2009
In the Network security field they are vendors that sell products. They claim the products will catch the bad guys, disassemble malware and save the world. All we need to do is buy their products.
Then they are those Open Source vendors that sell support of some open source tool like Clam AV or Snort all we need to do is use it right and we are safe and they sell themselves as consultants. This model for doing business is not new, In the Financial services industry you have those who claim to be financial planners and when you go and see them they do a budget workup with you and then sell you commission based products like life or medical insurance. Then you have those who claim to be fee based financial planners (much like the open source pimps) and sell you things like Term insurance or no load mutual funds you supposedly pay for their expertise.
The problem with these approaches is they are PRODUCT based. The real solution is a mindset and action to get the desired results not some product Open Source or otherwise.
Network Security is not brain surgery. You need policy, enforcement and monitoring. If those 3 are not done then things break down.
Policy that is not enforced is useless, it's just as bad as if there was no policy at all. In fact if you have a policy you are lured into a sense of false security. If there is no Policy users know they are left to fend for themselves. At [ XYZ ] we don't have a problem in areas like Europe where privacy laws demand they users not be monitored or punished for breaking policy. It's the areas where we have the strictest policies that we have problems.
Enforcement - If policies are not enforced then it is useless. Same with dealing with problem areas of the network. If management turns a blind eye towards tunneling and insists on using systems that are not locked down. Giving most users admin rights and walking on egg shells and not going after employees equally for violations you will never secure the network.
Monitoring - I know a few companies we work with and problems arise and you find out that they have a special internet connection that is not being monitoring. They have this special RESEARCH network they can surf porn on. They tether their laptops with their Blackberries or use a SSL tunnel to do whatever they want on the network. Especially in the technical companies the very ones that should be examples and protecting their networks are doing these things. I have seen individuals have their IP addresses Whitelisted so they could watch movies all day claiming they are doing company business then we all wonder how malware got on the network.
Products do not protect or defend the real network. They point out the obvious and until someone pokes their finger at the sore and lets the world know they need to change network security is a charade. Even DojoSec with it open source pimps is not making things better unless it goes after the above mentioned issues.
That's my 2 cents...
Tuesday, November 24, 2009
The rumblings suggesting that "The Cloud" and Virtualization is an enormous hindrance to digital investigations are exaggerated. These claims sound like scare tactics to me, I think virtualization makes incident response to computer crime much more efficient. The goal of incident response is to preserve as much information as possible. Software such as Live View from CERT is great because it allows investigators to boot disk images.
Virtualization is cutting out the middle man here, as an investigator I'd rather have a virtual machine instead of a disk image. Virtual machine copies provided by service providers provide a "self contained crime scene", since the virtual machine is frozen in time including the memory. At DojoCon 2009, Richard Bejtlich shared a story were investigators responded to an incident working with a Cloud Provider and were greeted with a shrink wrapped crime scene.
Anyone who as ever used a product such as VMware may have copied and moved images, this is a good thing. It seems that when some are dedicated to screaming about problems, they may be ignoring a great solution staring them right in the face.
Monday, November 23, 2009
Lately, I've been looking at tons of SQL injections and SWF login blog posts and screen captures. I notice most hackers attempt to redact the compromised URLs. However, in most cases there is enough information from the screen captures to find the sites.
The attempt to redact the information is an attempt to protect the innocent. The latest instance of this was a blog post on a Symantec SQL Injection that yielded tons of information including serials and passwords. The image below is a screen capture posted within the blog post.
Next, I visit Google and type: site:symantec.com intitle:Teacher Sima
This is just basic Google Hacking here, nothing advanced. This is something I've been instinctively doing when I see something like this.
So the question is "Why redact?"
Thursday, October 29, 2009
My friend Joshua Marpet recorded video of me doing my Metasponse talk at the Techno Forensics Conference at NIST on his iPhone. He'll be sending me the complete video so I can post it as one. Although I could take my own video equipment everywhere with me, it sometimes feels stage. This is as real as it gets. Thanks Joshua!!