Mujahideen Secrets Encryption Tool

Remember Mujahideen Secrets, the jihadist themed encryption tool released by the Global Islamic Media Front (GIMF) to aid cyber jihadists about to convert to cyber terrorists in encrypting their communications? See the attached screenshot -- if only could jihadists see through the eyes of the multilingual crawler or knew I violate their OPSEC on a daily basis. The interesting part from a PSYOPS perspective is how they've realized that using PGP no longer means improved and sustained self-esteem for the average jihadists, so coming up with their very own encryption tool and file shredder is a logical step. Encryption, even steganography has been used by terrorists for years, and despite that no one is feeling comfortable with the idea, it's an unspoken fact. There's also something else to keep in mind, terrorists are putting more efforts into recruiting knowledgeable individuals than trying to educate them from day one. And while coding the mujahideen secrets software requires nothing more than a simple GUI and publicly obtained encryption libraries, I wonder did the people behind it on purposely knew who they're compiling the tool for, or was it a part time project on a "need to know basis"?

Encryption algorithms' sophistication in respect to the key's size shouldn't really be of any concern in this case, but how come? Simple, the lack of quality passphrases, even implementation of the algorithms into the software, combined with client side attacks seeking to obtain the passphrase compared to perhaps futile bruteforcing, speak for themselves. One thing remains for sure - they're encrypting and generating more noise than originally thought. Go through an analysis of the Technical Mujahid Issue One as well. Continue reading →

Shots from the Malicious Wild West - Sample Four

My previous "shots" related to various pieces of malware, packers, or on the fly malicious URL analysis will continue to expand with the idea to provide you with screenshots of things you only read about, but never get the chance to actually see. In the first shot I discussed ms-counter.com, in the second the Pohernah crypter, and in the third The Rat! Keylogger. You may also find a recent post related to the dynamics of the underground's economy, as well as the related screenshots very informative.

In this virtual shot I'll discuss the High Speed Verifier, a commercial application spammers use to filter out the fake and non-existent emails in their spam databases in order to not only achieve a faster speed while sending their message out, but also improve the quality of their databases which I love poisoning so much. What the High Speed Verifier all about? As its authors state :

"HSV detects about 20-30% of invalid addresses in a mailing list, though theoretically it is possible to detect up to 60-70% using a software product. This figure seems relatively small, but actually it might make 10% of a list. Besides, HSV provides for optimal checking mode in terms of time and data traffic. More thorough checking (with which the rest 40% of invalid addresses could be detected) takes 10 times longer and requires 5 times greater traffic for each address, hence it's not that advisable with huge lists."

So once emails are harvested, they have to be verified and then abused for anything starting from phishing attacks to good old fashioned social engineering tricks decepting users into executing malware or visiting a site for them to do so. Don't get too excited, the advanced version has even more interesting features :

"The program works on the same algorithm as ISP mail systems do. Mail servers addresses for specified address are extracted from DNS. The program tries to connect with found SMTP-servers and simulates the sending of message. It does not come to the message sending — AMV disconnect as soon as mail server informs does this address exist or not."

The old dillema is still place - direct online marketing VS spam or what's the difference these days if any? Marketed as tools to assist online marketers these programs are logically abused by spammers, phishers and everyone in between. Continue reading →

Month of Malware Bugs Coming

This will prove to be interesting as it's directly related with a previous discussion on hijacking or shutting down someone else's botnet through exploiting vulnerabilities in their code :

"During each day of the Month of Bug Bugs McAfee Avert Labs will provide analysis of flawed malicious code (aka bugs). These are viruses that don’t spread, password stealing Trojans that can’t leave the stable, drive-by attacks that crash and burn, phishing attacks that phlop, denial of service attacks that are denied, etc. Our analysis will highlight the errors made by authors, and show how these threats can be fixed and in most cases optimized for maximum potency."

Have you ever imagined that as a pen tester or security consultant you'll have to exploit XSS vulnerabilities in a botnet's web C&C in order to take a peek inside? Botnet polymorphism in order for the botnet to limit the possibility of establishing a communication pattern -- an easily detectable one -- is just as important as is the constant diversification towards different communication platforms. Despite that malware authors are consistently creative, and efficiently excelling at being a step ahead of the security measures in place, they're anything but outstanding programmers, or at least don't put as much efforts into Q&A as they could. Aren't malware coders logically interested in benchmarking and optimizing their "releases", do they have the test bed in terms of a virtual playground to evaluate the effectiveness of their code, or are they actually enjoying a "release it and improve it on the fly" mentality? It's all a question of who the coders are, and how serious are their intentions.

In a very well structured paper courtesy of Symantec, the author John Canavan looks are various bugs in popular malware such as the Morris worm, Sobig, Nyxem, OSx.Leap, as well as Code Red Worm, W32.Lovgate.A@mm, W32.Logitall.A@mm, VBS.SST@mm, VBS.Pet_Tick.N, W32.Beagle.BH@mm, W32.Mytob.MK@mm. Rather interesting fact about the much hyped Nyxem :

"However something that was overlooked in a lot of reports at the time was this bug in the code, which meant that the worm would not overwrite files on the first available drive found. For example if the first available drive is the C drive, the worm will overwrite files in available drives from D to Z."

Looking forward to seeing the bugs due to be highlighted in the MoBB. Continue reading →

Lie Detecting Software for Text Communications

The art of money wasting when there's a surplus of research grants and no one to pick them, or a product concept myopia? $680,000 have been awarded by the U.S National Science Foundation to software developers to come up with a lie detecting software for email, IM and SMS messages :

"There's still an open question of whether that is actually possible or not," said Jeff Hancock, a communications professor and information science faculty member at Cornell. "Our research suggests that it is." Passive voice, verb tense changes, and even noun or verb selection can suggest a person is lying, he said. Hancock said another indicator of written deception is the decreased use of the word "I," which is most likely an attempt to create distance. "One of the reasons we think that works as an indicator is that pronoun use is subconscious," he said. In interactive speech, like instant messaging and some dialogues, liars go into a "persuasive mode" and increase the length of their message by 30% to describe and explain situations, he said. Other factors -- such as individual beliefs about behavior, whether someone is accused of something or interacting with an accuser -- can complicate the proces."

Lies are creative even in a written form compared to the favorable body jestures that speak for themselves. And I don't really think an alert such as "the suspect's talking too much on a one sentence question" would do any good. It's all about doing your homework, having experience, not being naive and the power to remain silent when someone's lying to you -- lying pattern intelligence gathering. On the other hand, the product concept myopia is a situation where a company falls in love with their product or service and establish the "build it and they'll come" mentality even without bothering to assess whether or not the market's environment is willing to embrace it, can afford it, or actually need it. The less market transparency, the better for the company, the better the market transprancy the better the puchasing decision of the customer who'll realize that the solution doesn't have to be in the form of the offered product. My point is that, despite the need for the detection of lies of text communications, the solution may not come in the form of talk pattern detection, for instance, your overhyped lover tells you he's in Paris, but geolocating your communicating with him you see he's in Frankfurt, and what a coincidence that is since his ex also lives there.

Using Enron, the infamous case study that'll be discussed in business school for years to come is a good analogy. But just because you think you've established a pattern of communication -- lies -- in conversations that are fake by default, doesn't mean you'll be able to build the dynamics of lying into a detectable pattern. Detecting lies on the fly remains futile for the time being, and you really don't need a program to tell you if someone's lying to you especially in a written form. Outsmart them, act like you don't know to get intelligence on their lying pattern, remain silent for a short timeframe, they'll lie again, be prepared and hopefully you'll recognize a new pattern. Enron's past communication shouldn't be the benchmark in this case, try some Fool's day press releases like this PirateBay announcement for finding a permanent hosting solution - in North Korea! Average people's patterns are the same, therefore pretend to be a moron when you're most knowledgeable, and pretend to be weak when you're most strong and I guarantee you a quick reboot of your relationships.

The lines between sarcasm and a lie are getting even more blurred these days.
Continue reading →

Hijacking Your Fear

Have no fear, the toxoplasma gondii parasite is here. Just like a decent piece of malware exploiting a zero day vulnerability in an anti virus software, shutting it down or making sure it cannot obtain the latest signatures while totally ignoring the host's firewall, this parasite controls the fate of rats and mice in a targeted nature :

"by hijacking the part of the brain that makes the rodents naturally fear cats, a new study show. The exquisite precision leaves intact all other neurological mechanisms for learning to avoid danger, so the rodents learn to survive all hazards except being eaten by cats – the only form of death beneficial to the parasite."

Very interesting example of targeted attacks on a rat's brain courtesy of mother Nature's ghost-hacking capabilities. Just a whisper in my ghost - hope the parasite doesn't become cats-compatible and have them fear the mice. Continue reading →

Interacting with Spam Emails

Unbelievable, and you wonder why is spam on the verge of destroying email as the once so powerful communication medium. What I don't like about survey's like these is that they barely report their findings without providing further clues on the big picture and actually assess the findings in the way they should. The ultimate question thefore always is - So What?! Interacting with spam in any way, be it clicking on a link inside the email, loading the bugged with remote images emails, and the most moronic of them all - unsubcribing from the spammer's URL will only result in verifying that your email is active. What follows is a syndication of this email by different spammers and a flood of advertisements in languages you'll probably never speak :

"Bombarded by spam, e-mail users are eager for tools like a "report fraud" button that would help weed out unwanted messages that litter inboxes, according to a survey by the Email Sender and Provider Coalition released on Tuesday. More than 80 percent of e-mailers already use tools such as "report spam" and the "unsubscribe" button to manage their in-boxes, the survey found. The survey, which was also conducted by marketing research firm Ispos, polled 2,252 Internet users who access e-mail through service providers such as AOL, MSN/Hotmail, Yahoo! and Gmail."

Having a report spam button means the technological measures in place to prevent the spam from reaching a mailbox have failed, a very bad sign by itself. Before asking for a report spam button understand how spammers obtain your email at the first place and try to prevent it. Standardizing the "report spam" button on multi-vendor level would never happen. That's mainly because vendors actually compete on spam detection results, just like they should do with the idea that competition not only keeps them in a good business shape, but has the potential to best serve the customer.

There's also the mean wisdom of crowds to keep in mind. Remember when Hotmail was blocking Gmail invites? Was it an undercover corporate policy, or Hotmail fans were clicking the report spam button on received Gmail invites to make sure Hotmail subscribers never get the chance to receive them? Empowering the massess in a Web 2.0 windom of crowds style is tricky, as the way competitors click on each other's AdSense ads during lunch breaks, the very same way they'd subscribe to a competitor's email notifications and have them reported as spam. Contribute to Project Honeypot if your infrastructure allows you to and see them crawling. Cartoon courtesy of Bill Holbrook. Continue reading →

Taking Down Phishing Sites - A Business Model?

Processing orders for taking down malicious or fraudulent web sites is gaining grounds with not just RSA providing the service, but also, with Netcraft joining the process :

"Netcraft will identify, contact and liaise with the company responsible for hosting the fraudulent content. Netcraft enjoys excellent relations with the hosting community, and many of the world’s largest hosting companies are Netcraft customers. Netcraft can exercise its existing relationships with these companies to provide a swift and smooth response to the detection of the site. If the hosting company is reputable, this may be sufficient to ensure a prompt end to the fraudulent activity. However, some hosting companies offer fraud hosting as a service whereby they are incentivized to keep the site up as long as possible, and this necessitates more extensive action."

How does Netcraft differentiate its value proposition compared to RSA's? Netcraft's core competency is monitoring of web sites and providing historical perforce reports regarding various server variables, and they've been doing it for quite some time. Moreover, the company directly relies on the success of its anti-phishing toolbar in respect to gathering raw data on new phishing sites, thus, a future customer in the face of company whose brand is attacked. While the business models seem sound to some, it's worth discussing their pros and cons. Will ISP implement an in-house phishing sites monitor to compete with the services offered by third-party vendors -- they could definitely delay their actions given the huge infrastructures they monitor and the lack of financial incentives for the timely shut down -- or will ISPs and vendors figure out a way to build an ecosystem between themselves? The pioneer advantage is an important despite the common wisdom that even if you have an innovative idea and a market that's not ready to embrace it it wouldn't get commercialized.

In the past, there were futile attempts by banks to utilize the most commonly abused phishing medium - the email - to build awareness among their customers on the threats of phishing which isn't the way to solve the problem. You've got many options in respect to your customers - either educate them, enforce E-banking best practices or deny them the service if they don't comply, be a paper tiger and forward the responsibility for fraudulent transactions to their gullibility, or improve the entire authentication process. As we have seen two-factor authentication may improve consumer's confidence, but we're also seeing malware authors getting pragmatic and adapting to the process as well. Flexibility also stands for better transparency of the process - respect to the banks providing me with the opportunity to receive an SMS each and every time money come and go out of the account.

OPIE and multiple factor authentication are inevitable, but a customer's awareness of the threat is worth more than another keychain of OPIE generators. The rest are unmaterialized E-commerce revenues due to customers still fearing the risks are not worth the benefits. Continue reading →

Cyberpunk is Dead!

Yeah sure, on the 1st of April only! Enjoy this marvelous cyberpunk compilation with Juno Reactor as a background music. A group whose works such as Pistolero and Rotor Blade continue reminding me of the good old school psychedelic vortexes we used to spin in -- that's of course in a previous life.

Continue reading →

Cyber Traps for Wannabe Jihadists

I guess that's what happens when you don't have a single clue on where the real conversation and recruitment is happening, so you decide to create your own controlled jihadi communities to monitor. A case study on false feeling of effectiveness in Australia :

"FEDERAL police are setting up bogus jihadist websites to track extremists who use cyberspace to recruit followers and plan attacks. The undercover operation, disclosed yesterday by Australian Federal Police Commissioner Mick Keelty, is an assault on arguably the most powerful weapon of the global jihadist movement, the internet. Mr Keelty said police were working closely with foreign governments and the military's Defence Signals Directorate. "We have worked with some foreign countries through our undercover program, establishing our own websites, to capture some of the activities that are going on on the internet," he told a security conference in Sydney."

"Some of the activities" will have absolutely nothing to do with the real situation, and even if someone bothers to open up a discussion on your second hand jihadi site, it'll be a classic example of a moron. Fighting for a share of the online jihadi traffic is so unpragmatic, unnecessary, time and resource consuming that you'd better rethink the entire idea, emphasize on intelligence data sharing with other countries in case you cannot monitor the emergence of local communications, and keep an eye on them.

Meanwhile, a talk on the street is heating up :
- Hello underaged kids, I see you're having trouble getting hold of some quality Russian vodka over here in front of that store, I can probably give you hand with this?
- Yes, please, please!!!
- Aha! Agent Temptation from the Thought Police here, you're busted for desiring to drink alcohol even without drinking it! Put your tongues on your head so I can see them!

In the long term we may actually have a real-life bomber confessing of visiting online jihad community before the plot took place, that, ooops, happens to be one of the fake ones. Now we have double ooops. Many other related posts to provide you with an overview of the big picture and a countless number of budget allocation myopia failures that emphasize on technological approaches to detecting radical jihadi propaganda, whereas cyber jihadists and future terrorists are getting efficient in generating "noise sites", ones your crawlers are so good at picking up. Continue reading →

IMSafer Now MySpace Compatible

MySpace, the world's most popular social networking site, and an online predator's dream come true has been actively discussed since the very beginning in respect to the measures News Corp's property takes to prevent child abuse through the site. Let's face the facts, of course underaged kids will confirm they're over 18/21 in order to use the site, and of course online predators will continue finding ways to socially engineer a online contact with the ultimate idea to meet in the physical world. Why? Because children provide way too much sensitive information in order to virtually socialize and meet new buddies, thus indirectly helping pedophiles pinpoint key "contact points" in the future. If you as a parent start paranoia-ing around, you'll end up with the wrong conclusion that the risks are not worth the benefits, totally forgetting that forbidden fruits taste much better and it's children we're talking about -- they break the established rules in principle. No matter the registration procedures in place, you cannot stop an online predator registering and communicating with children at the site, what you can do however is educating your children, and emphasizing on filtering not spying activities in order to protect them.

The team behind IMSafer, a service which I covered in a previous post, have realized the potential benefits of introducting a MySpace compatibility, and so it recently became a reality :

"IMSafer's updated language-analysis engine can scan individual MySpace postings for potentially dangerous, threatening or sexually explicit content, the company said. Users can download the tool from the company's Web site, said Brandon Watson, CEO and founder of the company. Traditional parental control software generally can filter and block Web sites but can't identify possible dangerous interactions on increasingly popular social networking sites such as MySpace, he said. While most sexual solicitations of children still come through instant messaging software, online predators are increasingly using MySpace to initiate contact with potential victims, Watson added."

Don't forget the bottom line, if you're in a fragile relationship with your kids, pretty much anyone online could take advantage of their vulnerable condition. The irony goes that people you've never met will show more respect to you than the people you actually fight to get respect from. From a children's perspective that's you parents! Here are several more articles worth going through, especially this post-event response to what's an internal problem to me. Continue reading →

Real Time Spam Shredding

Wednesday's portion of hahaha-ing. This is the work of a pragmatic genious, the revenge of the nerds or call it whatever you want the idea is simple - what gets detected as spam gets printed and shred in real-time for interactivity. How much would it cost for a Fortune 500 organization to implement such a feature, a "fortune" by itself for sure, but an anti-spam vendor looking to differentiate its headquarters might be interested in implementing such a system for their corporate clients to see while walking around.

"Spamtrap" is an interactive installation piece the prints, shreds and blacklists spam email. It interacts with spammers by monitoring several email addresses I have created specifically to lure in spam. I do not use these email addresses for any other communication. I post individual email addresses on websites and online bulletin boards that cause them to be harvested by spambots and then to start receiving spam. Because I know that all email sent to these email addresses are spam, I have set the installation to print and then shred each email as it arrives."

Read more about the Spamtrap in this blog. There's simply so much spam these days, you can even create large data sets in order to render surrealistic spam art paintings, no kidding. Continue reading →

You've Got Something in Your Eye

Or that's what the always getting bigger, Big Brother says :

"Avigilon's 16 megapixel cameras are the first surveillance cameras that can continuously monitor large fields of view while maintaining high levels of detail. In the past, security professionals have had to rely on opto-mechanical PTZ cameras for wide field of view surveillance and were forced to make a tradeoff between field of view and image detail. Avigilon's 16 megapixel cameras provide a superior solution for post incident investigation because they provide detailed images of the entire field of view, without the requirement of an operator to control the camera."

I like the press release debunking the idea of real-time incident prevention due to CCTV surveillance compared to historical performance and analyzing past events. Not that's it's not possible, but the investments are not worth the ROI, and if self-regulation is the single most visible return on investment here, that's a bad deal. But in reality, keep on living in a CCTV myopia world, where covering the "blind spot" of one camera gets covered by installing another one, and the "blind spot" of the second one gets covered by a third one. It's about time your CCTV expenditures start declining given reasonable metrics defining a successful investment appear soon.

Now let's hope these cameras never get installed in public restrooms, shall we? Continue reading →

Ghosts in the Keyboard

KeyGhost is a nasty type of hardware keylogger that if ignored as a concept can truly expose a lot of data, with one downsize - the logged data has to be retrieved physically in the very same fashion the keylogger got installed. Here's how the six-year-olds do it :

"A six-year-old girl has successfully hacked into the UK Parliament's computer system, installing a keylogger onto an MPs machine. Guildford MP Anne Milton agreed to leave her computer unattended for 60 seconds as part of a test of House of Commons IT security by the BBC's Inside Out programme. Brianagh, a schoolgirl from Winchester, took just a quarter of that time to install the keylogging software without being noticed. Such easily available applications record all the keystrokes made on a machine and can therefore be used to steal passwords, financial data and personal information."

The article starts by mentioning the software and ends up with a quote on the "device" itself. The story is a great wake up call, especially the six-year-old girl part, as it will position the computer system's security as an extremely weak one in the minds of the masses, no wait the tax payers. But age doesn't really matter here, it's the idea that the majority of insecurities have an outside-towards-inside trend, namely they come from the Internet, not from within as we see in this case. In case you're interested, there're already various business development activities in releasing a laptop based PCI card keylogger given the obvious incompatibilities with a PC.

Related posts:
USB Surveillance Sticks
Espionage Ghost Busters
Continue reading →

Take this Malicious Site Down - Processing Order..

Yet another pay-pal-secure-login.tld domain gets registered, and even more ironic in its directory listings you'll be able to digg out several other financial institutions and online companies logins, even competitors. Financial institutions cannot cope with the level of such registered domains and some -- even after reported to the usual abuse account -- remain active for weeks to come. So how do you protect these businesses and cash in between for doing so? Looks like RSA are diversifying their service from phishing hosting sites to malware hosting ones :

"EMC's RSA division plans to launch a new service next month that will help financial institutions take down Web sites associated with malicious Trojan Horse software. The service is planned as an extension to the FraudAction phishing takedown service already offered by RSA, said Louie Gasparini, co-chief technical officer with RSA's Consumer Solutions unit. "We're leveraging the same infrastructure we already have in place... and now we're focusing our attention on how Trojans work," he said. Gasparini said he expects financial services companies, auction sites, and online merchants to use the service. "It's really allowing the institution to better protect its customers," he said."

Can RSA really cash in by re-intermediating the current communication model, and most importantly do a better job? It can sure allow the targeted companies to focus on innovation and growth, not on online impersonation attacks so I find this a sound product line extension, but need more performance stats to offer valuable recommendations.

According to the latest Anti-Phishing.org report, the threatscape looks very favorable in respect to communicating with the major country hosting phishing sites - the U.S, followed by China and South Korea. In between companies diversifying their portfolios of services and products, there's one other thing to keep in mind and that's how can you achieve the same results in more cost effective way than the commercial propositions? And can you actually? Do you even have to dedicate financial resources to shut down these sites compared to educating your customers on how to use their brains? Ask yourself these questions before losing it in a budget allocation myopia. Something else to keep in mind - ISPs will also start getting interested in the idea of equal distribution of revenues given the sound business model.

Related posts:
The Phishing Ecosystem
Anti-phishing Toolbars - Can You Trust Them?
Google's Anti-phishing Black and White Lists
Continue reading →

Tricking an UAV's Thermal Imagery

Give me a hug so that we become "thermally one" for the thermal paparazi to see. When you know how it works you can either improve, abuse or destroy it. Very interesting abuse of technology by the people knowing how it works :

"The Marines cuffed Awad and took him to a nearby bomb crater. At this point the drone approached for its first pass overhead. One of the group moved forward and dug a hole at the crater, while the others posed with Awad behind a wall. The recorded thermal imagery from the aircraft seemed to show troops watching an insurgent digging by the road, perhaps to place a bomb. After the drone had passed, the group moved Awad forward to the hole. But at this point the surveillance platform returned, so one of the Marines wrapped himself around Awad so as to create a single thermal signature, disguising the captive's presence."

If you're under thermal surveillance a cold shower's your invisibility coat if one's available. Wired has some photos on this story. Continue reading →

Zoom Zoom Zoom - Boom!

If you could only eradicate the radicalization of immature islamic youth over the Internet with the push of a button. Great surgical shot!

Continue reading →

A Documentary on CCTVs in the U.K

Every breath you take, every move you make, I'll be watching you. Used to be a great song, but has a disturbing context these days. Nino Leitner's EveryStepYouTake documentary on the state of surveillance in the U.K will premier this month, and I suspect the full version will be made available for the world to see too :

"Trying to answer questions like these, Nino Leitner’s one-hour documentary “EVERY STEP YOU TAKE” digs deep into an entirely British phenomenon: nation-wide video surveillance. It features formal interviews with the surveillance researcher Professor Clive Norris, Deputy Chief Constable Andy Trotter from the British Transport Police, a representative of Britain’s largest civil rights group Liberty, a CCTV manager from a public local CCTV scheme, experts in the field of transport policing and many more. The surveillance reality in Britain is compared with another member of the E.U., Austria. Compared to the UK, it can be seen as a developing country in terms of CCTV, but just as elsewhere all over the world, politicians are eager to extend the surveillance gaze."

Here's an animation to help you explain what surveillance means to your cat, another one fully loaded with attitude, and let's not exclude the big picture.

Related posts:
London's Police Experimenting with Head-Mounted Surveillance Cameras
Head Mounted Surveillance System
Eyes in London's Sky - Surveillance Poster
External links
Continue reading →

Unsigned Code Execution in Windows Vista

Nitin Kumar and Vipin Kumar are about to present the Vbootkit at the upcoming Blackhat and HITB cons :

"We have been recently researching on Vista. Meanwhile, our research for fun lead us to some important findings. Vista is still vulnerable to unsigned code execution.vbootkit is the name we have chosen ( V stands for Vista and boot kit is just a termed coined which is a kit which lets you doctor boot process).vbootkit concept presents how to insert arbitrary code into RC1 and RC2, thus effectively bypassing the famous Vista policy for allowing only digitally signed code to be loaded into kernel. The presented attack works using the custom boot sectors.Custom boot sector are modified boot sectors which hook booting process of the system & thus, gains control of the system. Meanwhile, the OS continues to boot and goes on with normal execution."

Vulnerabilities are an inevitable commodity, they will always appear and instead of counting them on an OS or software basis, consider a vendor's response time while following the life of the security threat. I never actually liked the idea of an insecure OS, to me there're well configured and badly configured OSs in respect to security, but then again if you're a monocultural target the way Microsoft is, you'll always be in the zero day spotlight. A security breach will sooner or later hit your organization, don't talk, act and pretend you're 100% secure because you cannot be. Instead a little bit of proactive measures balanced with contingency planning to minimize the impact is what should get a high priority in your strategy. Here's a related post.

Cartoon courtesy of Userfriendly.org Continue reading →

A Fortune 500 Blogosphere? Not Yet

Enterprise 2.0 is slowly gaining grounds and you cannot deny it despite top management's neutral position on yet another major "Reengineering of the Corporation". Supply chain management was perhaps among the first departments to really utilize the power of real-time information, and interoperable data standarts -- a mashup-ed ecosystem -- but improving your employees productivity through Web 2.0 tools such as intranet blogs and wikis remains just as unpopular as actual Fortune 500 companies blogging? But how come? Lack of evangelists? Not at all. There's one minor obstacle, you cannot teach an old dog new tricks, unless of course you dedicate extra investments into training him, which is exactly what I feel is happening at the corporate stage - everyone's patiently waiting for the concepts to mature before training and implementation happen for real. What's the current attitude towards external Web 2.0 activities? A Fortune 500 blogosphere isn't emerging as fast as the mainstream one is according to the Fortune 500 Business Blogging Wiki :

"a directory of Fortune 500 companies that have business blogs, defined as: active public blogs by company employees about the company and/or its products. According to our research, 40 (8%) of the Fortune 500 are blogging as of 10/05/06. The navigation sidebar to the right lists all the Fortune 500 companies. The list below are the ones that we've found so far that have public blogs as defined above. Please help us by entering data on those we've missed. ONLY Fortune 500 companies, please. If you're not sure if it's on the F500 list (it includes US companies only), check the sidebar. If it's not there, consider adding it to the Global 1,000 Business Blogging page instead."

I think the main reason behind this are the inevitable channel conflicts that will arise from let's say Pfizer's blogging compared to using the services of their traditional advertising and PR agencies -- I also imagine a links density analysis of their blog indicating the highest % of links pointing to Erowid.org. But ask yourself the following, what if these very same agencies start offering bloggers-for-hire in their portfolio of services, would the big guys get interested then? Or when will they start understanding the ROI of blogging? Continue reading →

Video on Analyzing and Removing Rootkits

Courtesy of WatchGuard part three of their malware analysis series walks you through various commercial and free utilities for detecting and removing rootkits :

"In this episode, Corey and his Magic White Board show how kernel mode rootkits work. Also covered: recommended tools and techniques for detecting and removing rootkits."

Continue reading →