Apparently Java is the new Adobe when it comes to malware attacks on PC's. According to a report by Microsoft, the attacks on vulnerable are magnitudes of order greater than adobe, previous number one target of malware.
Tuesday, October 19, 2010
Java outstrips Adobe
Apparently Java is the new Adobe when it comes to malware attacks on PC's. According to a report by Microsoft, the attacks on vulnerable are magnitudes of order greater than adobe, previous number one target of malware.
Monday, October 18, 2010
Tuesday, October 12, 2010
Tenable Nessus YouTube Channel
Tenable have a YouTube channel and have some good walk through's.
FDCC compliance check
FDCC compliance check
Nessus XML parsing with Awk
Article on the HiR blog about Nessus XML output parsing
http://www.h-i-r.net/2010/10/nessus-xml-parsing-with-awk.html
Contains a link to a script to provide a list of IP's to severity rating, here
Seems to work better than some contractors output I could mention....
http://www.h-i-r.net/2010/10/nessus-xml-parsing-with-awk.html
Contains a link to a script to provide a list of IP's to severity rating, here
Seems to work better than some contractors output I could mention....
Sophos articles on malicious code
Couple of pdf's on malicious code.
1. Want my autograph? The use and abuse of digital signatures by malware
http://www.sophos.com/security/technical-papers/digital_signature_abuse.pdf
Interesting article on the use of stolen certificates in modern malware.
2. FINDING RULES FOR HEURISTIC DETECTION OF MALICIOUS PDFS: WITH ANALYSIS OF EMBEDDED EXPLOIT CODE
http://www.sophos.com/security/technical-papers/malicious_pdfs.pdf
What to look for in malicious pdf's
highlights of that one
Heuristic 1: If the PDF contains JavaScript look more closely
Heuristic 2: If the objects or streams are mismatched look more closely
Heuristic 3: If the Cross-Reference (XRef) Table is invalid look more closely
Heuristic 4: The presence of LZWDecode, ASCII85Decode, DCTDecode and Encrypt Filter are indictative of clean files
Heuristic 5: Hash (#) encoded tags are indictative of malicious files
These comments appear to be based on the use of Adobe Acrobat Reader as the infection vector. Sumatra PDF reader, which doesn't support Flash or Javascript, might be an interesting alternative to get away from a lot of these problems.
1. Want my autograph? The use and abuse of digital signatures by malware
http://www.sophos.com/security/technical-papers/digital_signature_abuse.pdf
Interesting article on the use of stolen certificates in modern malware.
2. FINDING RULES FOR HEURISTIC DETECTION OF MALICIOUS PDFS: WITH ANALYSIS OF EMBEDDED EXPLOIT CODE
http://www.sophos.com/security/technical-papers/malicious_pdfs.pdf
What to look for in malicious pdf's
highlights of that one
Heuristic 1: If the PDF contains JavaScript look more closely
Heuristic 2: If the objects or streams are mismatched look more closely
Heuristic 3: If the Cross-Reference (XRef) Table is invalid look more closely
Heuristic 4: The presence of LZWDecode, ASCII85Decode, DCTDecode and Encrypt Filter are indictative of clean files
Heuristic 5: Hash (#) encoded tags are indictative of malicious files
These comments appear to be based on the use of Adobe Acrobat Reader as the infection vector. Sumatra PDF reader, which doesn't support Flash or Javascript, might be an interesting alternative to get away from a lot of these problems.
Monday, October 11, 2010
Thursday, October 7, 2010
determining and Mounting LUKS based encrypted disk images
Article on how to determine whether a disk image is LUKS based and if it is how to deal with it. It also covers LVM as well.
It does NOT cover brute forcing the password.
Adobe Flash configuration
Found an article on Adobe Flash configuration and the implications of it.
It references a pdf that gives the full spec but the article covers off a few interesting things that perhaps should be considered for flash/internet facing systems.
Geo locating an IP address
Found a site, http://www.infosniper.net, that allows you to simply geo locate a user based on their IP address. Other sites do this but it gives you the option to choose, Google, Microsoft or Yahoo mapping tools.
Might be worth remembering for looking up IP addresses in email headers.
Wednesday, October 6, 2010
Article on setting effective consumer IT security policies
Good article on what to consider when allowing staff to use their own IT to undertake work away from their corporate environment, i.e. their own laptops, smart phones, use of hotel IT, etc.
Article taken from WindowSecurity.com
Some points to consider.
Security concerns.
- Security threats presented by consumer applications ie webmail, social networking, by employees on company-owned computers.
- Security threats presented by consumer devices (laptops, smart phones, tablets/slates) owned by employees but used to connect to the corporate network.
Security Threats
- Introduction of malware into the corporate network
- Leakage of company data if consumer device is lost or stolen
- Leakage of company information from inside corporate network from consumer apps, i.e. webmail, social networking, instant messenger
The article had some good recommendations, including
- Mandatory encryption of any company data stored on employee-owned devices.
- Mandatory encryption of communications in transit between employee-owned devices and the company network via VPN, DirectAccess, etc.
- Mobile devices used for business should have the capability of being remotely wiped.
- Health checks of laptops connecting to the corporate network, via Network Access Protection (NAP) or Network Access Control (NAC) to ensure that they meet company standards as to virus protection, firewall, service packs/security updates and so forth.
- Enforced sync parsing/protocol filtering and content filtering (DeviceLock) to control what types of data users can synchronize between their mobile devices and company computers.
- A virtual desktop infrastructure whereby virtualized operating systems and/or applications are delivered to employee-owned laptops for work purposes, allowing the company to control the hosted image and isolate it from the local operating system on the laptop.
- Policies that specify what consumer software can be used on corporate computers (for example, social networking web sites vs. iTunes, multi-player games or personal VoIP accounts such as Skype) and enforcement of those policies with Software Restrictions Policy.
- Use of agent-based security configuration management tools to enforce usage policies.
- Develop a comprehensive usage policy that addresses employee use of social networking
Well worth a read as it may cover either issues such as contractors and what they can do with their own laptops in an organisation.
Tuesday, October 5, 2010
How To – Digital Forensic Imaging In VMware ESXi
Great article on how to forensically image a vmdk file.