Apr 1

Conficker Claims its First Human

Security 1 Comment »
Security Conficker has claimed it's first victim, this time a live one. Conficker, a computer virus that security researchers have warned will do severe damage to computing systems from April 1st, has claimed millions of computer victims to date. However, Harry Hermulen's computer was luckier than he was.

Continue reading "Conficker Claims its First Human"

Posted by Dominic White

Last modified on 2009-04-01 09:38
Mar 24

Department of Home Affairs Snooping Tools

Security No comments »
Security

Thanks to the Department of Home Affairs, it is now possibly to get a bit more creepy. If you know someone's ID number (not a hard task) you can now find out if they are dead/alive, in the process of obtaining a new ID book or married (and when).

While these would make a great addition to Maltego as new transforms, given how poorly protected our ID numbers are, I'm reluctant for the DHA to be making this info available. While this information certainly isn't a deep invasion of privacy, I am worried about them expanding the service. Additionally, the existence of these services implies that there is a DB full of juicy ID data connected to the internet, and I'm not sure they've secured it very well.

Posted by Dominic White

Mar 17

SA AV Vendor Recycling News for FUD Marketing

Security 2 Comments »
Security

ClassicFM just phoned me for comment on this story. I did some quick research and was rather dismayed to find that this appears to be an attempt to drum up some press references for marketing rather than a responsible informing of the public.

Update: ClassicFM has put up the story with a soundbite.

Continue reading "SA AV Vendor Recycling News for FUD Marketing"

Posted by Dominic White

Last modified on 2009-03-18 10:44
Mar 11

Using Maltego to Data Mine Twitter

Security 1 Comment »
Security I've previously, spoken about Paterva's awesome data mining tool Maltego in 2007. I've recently had cause to start playing with it again as part of the Privacy work I'm currently doing, and it's come a long way baby. 

Continue reading "Using Maltego to Data Mine Twitter"

Posted by Dominic White

Feb 26

Cybersquatting and Prank Redirects - Malema and the DA

Security No comments »
Security

Update: Verashni has since written a story on the matter.

Many non-technical people don't realise how easy it is to manipulate many of the core internet protocols. 2008 Was a particularly bad year for it with some key weaknesses being pointed out in critical protocols such as DNS, SSL and BGP (again) which have joined the ranks of SMTP, Ethernet and in-line SQL as broken. However, with all the technofeats, I forget how easy it is to do something simple that appears to be manipulation to the general public. A journo friend of mine, Verashni, noticed (amoung others) that visiting www.malema.co.za will take you to the DA's website. For any forein readers, this is funny as I'm sure Julius Malema has a dartboard with, opposing political party leader, Hellen Zille's face on it. I did a quick check of who had registered the domain and it was fairly obvious this was a prank:

2f. billingaccount : The ANC
2g. billingemail : neveranc@gmail.com
2i. invoiceaddress : Not 54 Sauer Street, Johannesburg, 2001
2j. registrantphone : +2774 115 9505
2k. registrantfax :
2l. registrantemail : neveranc@gmail.com

Continue reading "Cybersquatting and Prank Redirects - Malema and the DA"

Posted by Dominic White

Last modified on 2009-02-27 15:19
Feb 5

Happy 5th Blogbirth Day

Life 1 Comment »

Five years ago I started this blog to keep my then supervisor up to date on my academic progress. It's interesting that at the same time five years ago Facebook was launched, and I think the last five years have been particularly interesting for computer security, and it's been fun. I've also grown a lot over the years, and it's funny to read my early entries with hindsight.

I've never had a massive readership except for the odd case of big blogs linking to me (SANS, F-Secure and Washington Post were my most memorable). Although, the feedback I've received over the years has really helped to refine some of my stances and ideas, and hopefully a few of yours dear reader. For example Ben Nagy once scared me into a whole new tack leading from this to this. Last year was particularly fun with Roberto Preatoni and Dan Kaminsky both getting involved in some discussion. It also marked a return to more active blogging for me, after a drop off in the move from academia to consulting. I hope to keep it up.

To my regular readers, thanks for reading, to any new readers welcome. My goal has always been to encourage debate and discussion, so if you've never argued with me before  but always wanted to, know that I welcome the chance.

Posted by Dominic White

Last modified on 2009-02-06 08:58
Feb 4

A Response to Bejtlich on DLP

Security No comments »
Security Richard Bejtlich just posted an entry entitle "Data Leakage Protection Thoughts." In it he argues that Data Leak Prevention products will just lead to a new barrage of alerts for someone to ignore (ala IPS/IDS), or blocking a too-small-set of data for which a significant amount of time would need to be invested to understand how to block. I'm paraphrasing, but I think it provides the gist.

Continue reading "A Response to Bejtlich on DLP"

Posted by Dominic White

Feb 2

Opt-Out of Online Advertiser's Profiling

Security 1 Comment »
Security I've been saying to anyone who would listen, that many advertisers (such as Google and DoubleClick - owned by Google) don't let you opt-out of their profiling. Essentially, many advertisers set a cookie and use it to track you across sites. This is useful to add state to stateless HTTP, but often lots of third-party cookies are set by advertisers which have no function other than to help profile you, i.e. it's possible to have a perfectly functional site without these cookies.

Continue reading "Opt-Out of Online Advertiser's Profiling"

Posted by Dominic White

Last modified on 2009-02-05 11:10
Jan 25

ARIAD - AutoRun.Inf Access Denied

Security 2 Comments »
Security

Viruses using the autorun.inf file of removable media such as flash sticks and iPods to automatically execute and install themselves whenever they are plugged into a machine can now be thwarted by Ariad. This is a big vector at the moment.

It's a file system filter (I didn't know about these, they're cool) that blocks access to autorun.inf and effectively stops windows from automatically installing viruses for you (aka a design flaw). Group Policy should allow you to do the same thing, but if you have either incompetent domain admins, some inheritance complexity of multiple policy applications have self-imploded, or a family member who uses their USB without protection, this can help fill the gap.

Courtesy DiderStevens - Ariad

Dider asked me to add that at the time of writing this is beta software, so test it first.

Posted by Dominic White

Last modified on 2009-01-26 11:07
Jan 20

Connecting to a Microsoft Office Communicator or Live Office Communicator Server in Ubuntu

Geek 1 Comment »
Geek As part of my ongoing attempt to not use Windows this year, I have been struggling to find a way to get OCS/LCS working in Linux. Due to some recent work on the SIPE/SIPLCS Pidgin plugin, it is now working.

Continue reading "Connecting to a Microsoft Office Communicator or Live Office Communicator Server in Ubuntu"

Posted by Dominic White

Jan 20

Server Instability

Geek No comments »
Geek Sorry for the server instability. There appear to have been some problems with the kernel, which I think are now sorted. We'll see.

Posted by Dominic White

Jan 18

WorkTime Script to Prevent Innapropriate Web Surfing

Geek No comments »
Geek Not only does BASH cure cancer, but it can stop you from wasting time on the intertubes. While lying on the grass today I realised that I have a few 'jumping off' sites for non-work meanders; gateway drugs of sorts. By blocking these sites, I can stop myself from getting sidetracked most of the time and prevent Work Avoidance Behaviour (WABbing). If you're one of those people who can stick to a schedule, you could even cron it. Read the crufty-4am-produced shell script yourself, or the English below.

Continue reading "WorkTime Script to Prevent Innapropriate Web Surfing"

Posted by Dominic White

Last modified on 2009-01-18 04:27
Jan 17

Why Patch Management will Remain Hard

Security 1 Comment »
Security A discussion with haroon yesterday revived some of my interest in my MSc thesis topic. Then serendipity brought Eric Schultze commentary/apology on the MS09-001 patch to my attention.

Continue reading "Why Patch Management will Remain Hard"

Posted by Dominic White

Dec 31

Initial Ideas on How to Detect a Rogue CA Cert

Security No comments »
Security Based on Verisign's response here and here (in the comments), they have prevented future attacks, but seem to find the undermining of their PKI for the next several years an acceptable risk versus revoking thousands of certificates at great expense. However, Tim did mention that if they can find a unique characteristic of the bad certs, that would help, here's my attempt. 

Continue reading "Initial Ideas on How to Detect a Rogue CA Cert"

Posted by Dominic White

Last modified on 2008-12-31 12:43
Dec 30

Using MD5 Collision to Create a Fake CA Certificate

Security No comments »
Security The presentation by Alexander Sotirov, Marc Stevens, Jacob Appelbaum, Arjen Lenstra, David Molnar, Dag Arne Osvik and Benne de Weger is done. I am busy reading up on it and will post a summary and my thoughts here a bit later. Those are happening real-time on my twitter feed or on the right panel of my blog.

There's already a lot of coverage on this. I'm going to dig into laying blame, and potential geeky solutions for the end user.

Continue reading "Using MD5 Collision to Create a Fake CA Certificate"

Posted by Dominic White

Last modified on 2008-12-30 21:36
previous page next page

(Page 2 of 56, totaling 829 entries)