Forgot your password?

Close
typodupeerror
Security

Windows blue screen may be rootkit infection->

Submitted by L3sPau1
L3sPau1 writes "A rootkit infection may be the cause of a Windows Blue Screen of Death issue experienced by people who applied the latest round of Microsoft patches. It appears that the affected Windows PCs had the rootkit infection prior to deploying the Microsoft patches. Researchers investigating the issue have isolated the infection to the Windows atapi.sys file, a driver used by Windows to connect hard drives and other components. An expert identified the infection as the Tdss-rootkit, which surfaced last November and has been spreading quickly, creating zombie machines for botnet activity."
Link to Original Source
Security

Interview with Bruce Schneier->

Submitted by L3sPau1
L3sPau1 writes "Security expert Bruce Schneier answers questions on a variety of information security topics, including: how security will respond to economic recovery; the move toward security services and which make the most sense for IT; the risks posed by social media; the effectiveness of user awareness programs; security metrics that make the most sense to collect; and third-party security."
Link to Original Source
Security

How to create a bit-image copy of a live server->

Submitted by
L3sPau1
L3sPau1 writes "If you think a critical server has been tampered with, part of your incident response plan should include creating a a bit-image copy before shutting that system down. A bit-image copy is a copy of every bit on the hard drive regardless of how the operating system sees it, rather than a copy of every file. A bit-image is preferred over a file-level copy of the image since it will include fragments of deleted files or data that is otherwise hidden. Free and open source tools are available to simplify this process."
Link to Original Source
Security

PCI Council GM Responds to critics of standard->

Submitted by
L3sPau1
L3sPau1 writes "PCI Security Standards Council GM Bob Russo writes a column for SearchSecurity.com lashing back at criticism of the PCI Data Security Standard and defends his assertion that everyone in the payment chain, from (point-of-sale) POS manufacturers to e-shopping cart vendors, merchants to financial institutions, should play a role to keep payment information secure. There are many links in this chain — and each link must do their part to remain strong, Russo says."
Link to Original Source
Wireless Networking

The dangers of the Free Public Wi-Fi ad hoc->

Submitted by
L3sPau1
L3sPau1 writes "It can be tough to convince users — especially those challenged by shrinking travel budgets — to avoid the allure of free wireless Internet. When employers can't or won't pay for unlimited wireless Internet, employees get creative. Why should they waste thankless hours waiting for planes and trains when they could be using Free Public WiFi to catch up on mail, download iTunes, or watch a little Slingbox? Unfortunately, Free Public WiFi isn't what it sounds like. In most cases, this unsecured wireless network is actually being offered by a nearby laptop or smartphone. Any naive user who tries to connect may well succeed, but the ad hoc node (wireless peer) at the far end isn't an on-ramp to the Internet. At best, it's a wireless cul-de-sac; a dead end for IP packets. At worst, it's a thief using KARMA to spoof destination servers, launch man-in-the-middle attacks and steal personal and business identities."
Link to Original Source
Security

Anti-binary diffing tool released at Black Hat->

Submitted by
L3sPau1
L3sPau1 writes "At the recent Black Hat USA 2009 conference, Jeongwook Oh, a researcher with eEye Digital Security, unveiled an anti binary-diffing tool called Hondon (which translates to chaos in Korean). Hondon, Oh said, obfuscates binaries so that patched elements are essentially invisible to diffing tools without impacting the stability and usability of the patches. The idea behind anti-binary diffing is to extend the time it takes for an attacker to analyze patches and create a working exploit. Oh says all Windows patch binaries have either been manually or automatically diffed; he estimates some can be analyzed in as few as 30 minutes and a working exploit can be developed within a day."
Link to Original Source
Security

MMS messaging spoof hack could have global ramific->

Submitted by
L3sPau1
L3sPau1 writes "You won't be able to trust MMS messages today the same way you did yesterday. Researchers Zane Lackey and Luis Miras presented their work this week at Black Hat, demonstrating attacks in which they spoofed sender numbers and exploited flaws in GSM carriers' networks to bypass them in a MMS message loop. The researchers are able to trick the victim's phone to request content from their servers as opposed to the carrier's server. The attack potentially makes any mobile device on a GSM network anywhere in the world capable of sending media files vulnerable to spoofing, phishing attacks and other scams."
Link to Original Source
Security

DNSSEC deployments gain momentum since Kaminsky DN->

Submitted by
L3sPau1
L3sPau1 writes "DNSSEC won't fix all the security woes in DNS, but it does check cache poisoning, one of the biggest threats to ecommerce and trust on the Internet. Implementing DNSSEC, however, is another matter. Not only does it require a significant infrastructure overhaul for large enterprises and service providers running DNS servers, but a host of political battles are keeping DNSSEC from reaching critical mass."
Link to Original Source
Security

New EV SSL MiTM attacks to be demoed at Black Hat->

Submitted by
L3sPau1
L3sPau1 writes "Alexander Sotirov and Mike Zusman are expected to demonstrate new man in the middle attacks on Extended Validation SSL certificates at the upcoming Black Hat Briefings, including an offline hack that poisons a site protected by an EV certificate. Sotirov and Zusman said they can attack an EV SSL-protected site using a traditional and easy-to-obtain SSL certificate. Zusman explained that an attacker could intercept wireless traffic at a free and public Wi-Fi hotspot and poison the client's cache of an EV site using the non-EV certificate. Once the victim browses an EV-protected site, the browser, unable to differentiate between the two, will load the content from the poisoned cache as well. The victim will continue to see the green bar, but the EV session is nonetheless compromised."
Link to Original Source
Security

Kaminsky interview: DNS bug a year later, DNSSEC->

Submitted by
L3sPau1
L3sPau1 writes "Network security researcher Dan Kaminsky has had a year to reflect on the impact of the cache poisoning vulnerability he discovered in the Domain Name System (DNS). In the time since, Kaminsky has become an advocate for improving security in DNS, and ultimately, trust on the Internet. One way to do this is with the widespread use of DNSSEC (DNS Security Extensions), which essentially brings PKI to website requests. In this interview, Kaminsky talks about how the implementation of DNSSEC would enable greater security and trust on the Net and provide a platform for the development of new security products and services."
Link to Original Source
Security

How to write a risk methodology->

Submitted by
L3sPau1
L3sPau1 writes "Learn how to write a risk methodology that helps security meet business and compliance needs, and reduce residual risk. The risk methodology described here and written by Cris Ewell of the University of Washington must be rooted in the principles of security and integrated into a security program that blends business needs, due care, current attack vectors as well as addressing the requirements of regulations and contractual requirements."
Link to Original Source
Security

Risk management and physical-logical convergence->

Submitted by
L3sPau1
L3sPau1 writes "Converging physical security with IT security inside the enterprise isn't easy, but it's worth the bother, especially for large companies branching out globally with new services. Convergence affords organizations the opportunity to align security with overall business goals, streamline business processes such as provisioning and investigations, and centralize security operations and policies under one office. There are significant barriers to these unions; political and cultural disputes are often the tallest to hurdle, and companies cannot ignore the integration required to get a central view of physical and logical systems."
Link to Original Source

System going down at 1:45 this afternoon for disk crashing.