Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror

Comment Re:Not sure what author of article is going for (Score 1) 233

It is a fact that the largest US defense contractors had *thousands* of workstations and servers backdoored for *years* before anyone wised up to it. These are networks managed by professionals who really do take security seriously.

I don't think it's unreasonable to believe that tons of machines are trojaned prior to sale.

Comment Re:Like tripwire? (Score 1) 41

It's like tripwire, except it works on code in memory. It has an online database where hashes of known code are stored in various sizes... so the client will hash 4k and ask the server if this is known. If so, move on we know what it is. If not, split it into 2 blocks of 2k. Can we positively identify that? Anything not identified continues to be split into smaller and smaller pieces.

The software understands how processes are laid out so it's not going to hash your user data as that can't possibly provide a useful result.

The idea is that we need to be able to ask, "Is this really Microsoft Word 2010 patchlevel X running on my system? Has it been modified in anyway, even via hotpatching memory? If so, show me exactly where it has been modified so I can focus my analysis on that"

When you visit the site in Firefox for some reason it just tries to download something. I didn't try with other browsers. That's why I said use IE. Visit in IE and you see a little blurb about it with a couple different options for installing. It uses some Microsoft 1click installer framework... and yeah, this needs some serious release engineering work.

It's alpha code. It seems to work better on HyperV than VMWare too... In VMWare I have to close the target VM (run in background) in order to get it to work. Some kind of locking issue I guess.

Anyway, I think it's a really cool concept. I'm sure there will soon be a proper page put up to describe it, running on a standard port and everything.

Comment First credible way to detect real 0day on your box (Score 4, Informative) 41

http://blockwatch.ioactive.com:8888/

It's pretty alpha, and you will need to use IE to install it. This tool compares software in memory against known signatures, allowing you to confirm what's running on the system is really what you think it is. It works with HyperV and VMWare.

It's free. Thanks IO Active!

Comment Re:I don't like the sound of this (Score 1) 155

Yeah, registration expiry info is only available in WHOIS, not in the zone itself.

Dealing with other TLDs that allow second-level requires knowledge of their structures. Some of them have wildcards too, and that is detectable. Anyone doing this kind of automation can figure it out. It's not hard, it just sucks.

Comment Re:I don't like the sound of this (Score 5, Insightful) 155

You don't have to answer all of them. You don't have to directly answer their questions either. You could just say things like:

- I don't want this. This system is not in my best interest.
- I don't want to register with anyone to query this data.
- Abuse mitigation should be handled by each registrar, this is a good way for them to differentiate themselves.
- I don't want to pay for this system at all
- Law enforcement should be given no special access at all. Nobody should accredit them.

You could also contact your registrar if you own a lot of domains and let them know you don't support this move at all. Ask them to oppose it.

Slashdot Top Deals

This is clearly another case of too many mad scientists, and not enough hunchbacks.

Working...