DVD of the weekend - The Lone Gunmen

The Lone Gunmen on two double-sided discs, pure classic! In one of my chats with Roman Polesek, from Hakin9, he was wise enough to state the you cannot be a prophet in your own industry, simple, but powerful statement you should take into consideration.

Initiatives such as The Lone Gunmen, the X-files, and The Outer Limits have already proven useful, given someone listens! For instance :



"In a foreshadowing of the September 11, 2001 attacks, subsequent conspiracy theories, and the 2003 invasion of Iraq, the plot of the March 4, 2001 pilot episode of the series depicts a secret U.S. government agency plotting to crash a Boeing 727 into the World Trade Center via remote control for the purpose of increasing the military defence budget and blaming the attack on foreign "tin-pot dictators" who are "begging to be smart-bombed." This episode aired in Australia less than two weeks before the 9/11 attacks, on August 30."



Conspiracy theorists do have a lot to say, so don't ignore them, find the balance, and enjoy the series :)



You can also browse through some transcripts as well.



Technorati tags :
conspiracy

Smoking emails

I just came across this, "Morgan Stanley offers $15M fine for e-mail violations" - from the article :





"US investment bank Morgan Stanley will offer a settlement to the Securities and Exchange Commission (SEC), agreeing in principle to pay a $15 million fine for failing to preserve e-mail messages. The e-mail messages could have provided useful evidence in several cases brought against the company. In one case, resulting in a $1.58 billion judgement against the bank, a judge turned the burden of proof on Morgan Stanley after learning they had deleted e-mails related to the case. However, Morgan Stanley has not yet presented the offer to the SEC nor is there a guarantee the SEC will accept. The investment bank says it is fixing the problems that led to the erasure and is pleading for leniency."



He, He, He!





You see, the email archiving market is about to top $310M for 2005 according to the IDC, still one of the world's most powerful investment banks cannot seem to be able to comply with the requirements.




Lack of financial power - nope, lack of incentives - yep! The case reminds me of KPMG's tax shelters, McAfee's fine for accounting scam between 1998-2000, and the "Smoking Emails" Admissible In $1 Billion Enron-Related Chase Case".





Quit smoking emails, and take advantage of MailArchiva - Open Source Email Archiving and Compliance.





Techorati tags :
smoking gun, investment banking, compliance, mailarchiva

How to win 10,000 bucks until the end of March?

I feel that, in response to the recent event of how the WMF vulnerability got purchased/sold for $4000 (an interesting timeframe as well), iDefense are actively working on strengthening their market positioning - that is the maintain their pioneering position as a perhaps the first company to start paying vulnerability researchers for their discoveries.


The company recently offered $10,000 for the submission or a vulnerability that gets categorized as critical in any of Microsoft's Security Bulletins. In the long-term, would vulnerability researchers be able to handle the pressure put on them through such financial incentives, and keep their clear vision instead of sell their souls/skills? What if someone naturally offers more, would money be the incentive that can truly close the deal, and is it just me realizing how bad is it to commercialize the not so mature vuln research market, namely how this would leak all of its current weaknesses?



Consider going through some of my previous thoughts on the emerging market for software/0day vulnerabilities as well and stay tuned for another recent discovery a dude tipped me on, thanks as a matter of fact!



Technorati tags:
idefense, vulnerabilities

The end of passwords - for sure, but when?

My first blog post "How to create better passwords - why bother?!" back in December, 2005, tried to briefly summarize my thoughts and comments I've been making on the most commonly accepted way of identifying yourself - passwords.

Bill Gates did a commentary on the issue, note where, at the RSA Conference, perhaps the company that's most actively building awareness on the potential/need for two-factor authentication, or anything else but using static passwords for various access control purposes. Moreover, it was again Bill Gates who wanted to integrate the Belgian eID card with MSN Messenger (Anonymity or Privacy on the Internet?) Microsoft are always reinventing the wheel, be it with antivirus, or their Passport service, and while they have the financial obligations to any of their stakeholders, I feel it's a wrong approach on the majority of occasions.

What I wonder is, are they forgetting the fact that over 95% of the PCs out there, run Microsoft Windows, and not Vista, and how many would continue to do so polluting the Internet at the bottom line. My point is that MS's constant rush towards "the next big thing" doesn't actually provides them with the resources to tackle some of the current problems, at least in a timely manner. What do you think? What could Microsoft do to actually influence the acceptance of two-factor authentication, and moreover, how feasible is the concept at the bottom line?

Technorati tags :
security, microsoft, authentication, passwords

A timeframe on the purchased/sold WMF vulnerability

The WMF vulnerability and how it got purchased/sold for $4000 was a major event during January, at least for me as for quite some time the industry was in the twilight zone by not going through a recently released report. But does this fact matters next to figuring out how to safeguard the security of your network/PC given the time it took the vendor to first, realize that it's real, than to actually patch it? Something else that made me an impression is that compared to the media articles and my post, was I the only one interested in who bought, instead of who sold it?

So here's a short timeframe on how it made it to to the mainstream media :

January 27 - Kaspersky are the first to mention the "purchase" in their research

January 30 I've started blowing the whistle and friends picked it up (even the guy that got so upset about it!)

January 31 Meanwhile, someone eventually breached AMD's forums and started infecting its visitors!

February 2 Microsoft Switzerland's Security blog featured it

February 2 LinuxSecurity.com republished it

February 2 DSLReports.com picked it up

February 2 Appeared at Slashdot

February 3 OSIS.gov(an unclassified network serving the intelligence community with open source intelligence) picked it up :)

What's the conclusion? Take your time and read the reports thoroughly, cheer Kaspersky's team for their research? For sure, but keep an eye on the Blogosphere as well!

Technorati tags :

security, information security, wmf vulnerability, vulnerabilities, Kaspersky

Detecting intruders and where to look for

CERT, just released their "Windows Intruder Detection Checklist" from the article :

"This document outlines suggested steps for determining whether your Windows system has been compromised. System administrators can use this information to look for several types of break-ins. We also encourage you to review all sections of this document and modify your systems to address potential weaknesses."

I find it a well summarized checklist, perhaps the first thing that I looked up when going through it was the rootkits section given the topic. It does provide links to free tools, but I feel they could have extended to topic a little bit. Overall, consider going through it. Another checklist I recently came across is the "11 things to do after a hack" and another quick summary on "10 threats you probably didn't make plans for".

Rootkits are gaining popularity, and with a reason -- it takes more efforts to infect new victims instead of keeping the current ones, at least from the way I see it. In one of my previous post "Personal Data Security Breaches - 2000/2005" I mentioned about a rootkit placed on a server at the University of Connecticut on October 26, 2003, but wasn't detected until July 20, 2005, enough for auditing, detecting attackers and forensics? Well, not exactly, still something else worth mentioning is the interaction between auditing, rootkits and forensics. There's also been another reported event of using rootkit technologies for DRM(Digital Right Management) purposes, not on CDs, but DVDs this time, so it's not enough that malware authors are utilizing the rootkit concept, but flawed approaches from companies where we purchase our CDs and DVDs from, are resulting in more threats to deal with!

Check CERT's "Windows Intruder Detection Checklist" and if interested, also go though the following resources on rootkits and digital forensics :

Windows rootkits of 2005, part one
Windows rootkits of 2005, part two
Windows rootkits of 2005, part three
Malware Profiling and Rootkit Detection on Windows
Timing Rootkits
Shadow Walker - Raising The Bar For Windows Rootkit Detection - slides
When Malware Meets Rootkits
Leave no trace - book excerpt
Database Rootkits
Rootkits and how to combat them
Rootkits Analysis and Detection
Concepts for the Stealth Windows Rootkit
Avoiding Windows Rootkit Detection
Checking Microsoft Windows Systems for Signs of Compromise
Implementing and Detecting Implementing and Detecting an ACPI BIOS Rootkit

Host-based Intrusion Detection Systems
Forensics Tools and Processes for Windows XP Clients
F.I.R.E - Forensic and Incident Response Environment Bootable CD
Forensic Acquisition Utilities
FCCU GNU/Linux Forensic Bootable CD 10.0
iPod Forensics :)
Forensics of a Windows system
First Responders Guide to Computer Forensics
Computer Forensics for Lawyers

Technorati tags:
security, information security, forensics, rootkit, security breach, CERT