Articles
Vulnerability Life Cycle - threat modelling
Web Hacking 2.0
Why Exploit Markets are Bad
Ettercap-NG Workings and Defence
The Zotob Summary
How-To's
Linux SSH Jail with pam_chroot
Firefox Privacy & Security Extensions
Papers
Managing Patching, my MSc Thesis
Risk Analysis of Monthly Patch Schedules
Tools
Automated Vodacom SMS (VodaSMS)
RSS 2 SMS
DShield Hack Detection
Neologisms
Encryption principles
Zoolander's Law
Certificate fingerprints:
SHA1: 61 13 45 4B 4C F9 89 9B B7 87 C8 78 F7 38 12 CB 07 E2 60 BF
MD5 : DA 53 7B 50 E4 3A 2C 6C A1 17 53 C1 A0 5E CB 89
HTTPS version.
You can find an explanation here.
We loved every moment, if only there was more time. Some photos are up courtesy of our photographers. Our informal engagement shoot, and photos from the wedding.
In the meantime, we're off on honeymoon!
Conficker has claimed it's first victim, this time a live one. Conficker, a computer virus that security researchers have warned will do severe damage to computing systems from April 1st, has claimed millions of computer victims to date. However, Harry Hermulen's computer was luckier than he was.
Continue reading "Conficker Claims its First Human"
Thanks to the Department of Home Affairs, it is now possibly to get a bit more creepy. If you know someone's ID number (not a hard task) you can now find out if they are dead/alive, in the process of obtaining a new ID book or married (and when).
While these would make a great addition to Maltego as new transforms, given how poorly protected our ID numbers are, I'm reluctant for the DHA to be making this info available. While this information certainly isn't a deep invasion of privacy, I am worried about them expanding the service. Additionally, the existence of these services implies that there is a DB full of juicy ID data connected to the internet, and I'm not sure they've secured it very well.
ClassicFM just phoned me for comment on this story. I did some quick research and was rather dismayed to find that this appears to be an attempt to drum up some press references for marketing rather than a responsible informing of the public.
Update: ClassicFM has put up the story with a soundbite.
Continue reading "SA AV Vendor Recycling News for FUD Marketing"
I've previously, spoken about Paterva's awesome data mining tool Maltego in 2007. I've recently had cause to start playing with it again as part of the Privacy work I'm currently doing, and it's come a long way baby.
Update: Verashni has since written a story on the matter.
Many non-technical people don't realise how easy it is to manipulate many of the core internet protocols. 2008 Was a particularly bad year for it with some key weaknesses being pointed out in critical protocols such as DNS, SSL and BGP (again) which have joined the ranks of SMTP, Ethernet and in-line SQL as broken. However, with all the technofeats, I forget how easy it is to do something simple that appears to be manipulation to the general public. A journo friend of mine, Verashni, noticed (amoung others) that visiting www.malema.co.za will take you to the DA's website. For any forein readers, this is funny as I'm sure Julius Malema has a dartboard with, opposing political party leader, Hellen Zille's face on it. I did a quick check of who had registered the domain and it was fairly obvious this was a prank:
2f. billingaccount : The ANC
2g. billingemail : neveranc@gmail.com
2i. invoiceaddress : Not 54 Sauer Street, Johannesburg, 2001
2j. registrantphone : +2774 115 9505
2k. registrantfax :
2l. registrantemail : neveranc@gmail.com
Continue reading "Cybersquatting and Prank Redirects - Malema and the DA"
Five years ago I started this blog to keep my then supervisor up to date on my academic progress. It's interesting that at the same time five years ago Facebook was launched, and I think the last five years have been particularly interesting for computer security, and it's been fun. I've also grown a lot over the years, and it's funny to read my early entries with hindsight.
I've never had a massive readership except for the odd case of big blogs linking to me (SANS, F-Secure and Washington Post were my most memorable). Although, the feedback I've received over the years has really helped to refine some of my stances and ideas, and hopefully a few of yours dear reader. For example Ben Nagy once scared me into a whole new tack leading from this to this. Last year was particularly fun with Roberto Preatoni and Dan Kaminsky both getting involved in some discussion. It also marked a return to more active blogging for me, after a drop off in the move from academia to consulting. I hope to keep it up.
To my regular readers, thanks for reading, to any new readers welcome. My goal has always been to encourage debate and discussion, so if you've never argued with me before but always wanted to, know that I welcome the chance.
Richard Bejtlich just posted an entry entitle "Data Leakage Protection Thoughts." In it he argues that Data Leak Prevention products will just lead to a new barrage of alerts for someone to ignore (ala IPS/IDS), or blocking a too-small-set of data for which a significant amount of time would need to be invested to understand how to block. I'm paraphrasing, but I think it provides the gist.
I've been saying to anyone who would listen, that many advertisers (such as Google and DoubleClick - owned by Google) don't let you opt-out of their profiling. Essentially, many advertisers set a cookie and use it to track you across sites. This is useful to add state to stateless HTTP, but often lots of third-party cookies are set by advertisers which have no function other than to help profile you, i.e. it's possible to have a perfectly functional site without these cookies.
Continue reading "Opt-Out of Online Advertiser's Profiling"
Viruses using the autorun.inf file of removable media such as flash sticks and iPods to automatically execute and install themselves whenever they are plugged into a machine can now be thwarted by Ariad. This is a big vector at the moment.
It's a file system filter (I didn't know about these, they're cool) that blocks access to autorun.inf and effectively stops windows from automatically installing viruses for you (aka a design flaw). Group Policy should allow you to do the same thing, but if you have either incompetent domain admins, some inheritance complexity of multiple policy applications have self-imploded, or a family member who uses their USB without protection, this can help fill the gap.
Courtesy DiderStevens - Ariad
Dider asked me to add that at the time of writing this is beta software, so test it first.
As part of my ongoing attempt to not use Windows this year, I have been struggling to find a way to get OCS/LCS working in Linux. Due to some recent work on the SIPE/SIPLCS Pidgin plugin, it is now working.
Sorry for the server instability. There appear to have been some problems with the kernel, which I think are now sorted. We'll see.
Not only does BASH cure cancer, but it can stop you from wasting time on the intertubes. While lying on the grass today I realised that I have a few 'jumping off' sites for non-work meanders; gateway drugs of sorts. By blocking these sites, I can stop myself from getting sidetracked most of the time and prevent Work Avoidance Behaviour (WABbing). If you're one of those people who can stick to a schedule, you could even cron it. Read the crufty-4am-produced shell script yourself, or the English below.
Continue reading "WorkTime Script to Prevent Innapropriate Web Surfing"
A discussion with haroon yesterday revived some of my interest in my MSc thesis topic. Then serendipity brought Eric Schultze commentary/apology on the MS09-001 patch to my attention.
(Page 1 of 55, totaling 816 entries)
SensePost
singe: How Atari violated the GPL, got litigious and why Nintendo may be dumb (no Open Source Software, seriously?) http://is.gd/1jjBC
Schneier on Security: The Pros and Cons of Password Masking