Dominic White

Eugene Spafford has a warning for us in his latest entry that I thought worth remembering:

Generally, hackers who specialize in the latest attacks dismiss anyone not versed in their tools as ignorant, so I have heard this kind of criticism before. It is still the case that the "elite" hackers who specialize in the latest penetration tools think that they are the most informed about all things security. Sadly, some decision-makers believe this too, much to their later regret, usually because they depend on penetration analysis as their primary security mechanism.

In many ways, I worry that mechanisms like RSS & twitter and the associated behaviour help us to be up to date, but not knowledgeable, and that the implied arrogance of being up to date stops us from realising it.

I'm quite excited and honoured to host a guest entry from Yusuf Moosa Motara covering his talk at ZaCon (a video of which can be found here, and the slides here).

Update: Haroon's talk "Why ZaCon" at the con provides more of an overview. Including some aspects I didn't consider.

Our first South Africa fledgling unconference-like security conference, ZaCon, takes place this Saturday (21 Nov). Our intention was to have something which fits in the gap between corporate conferences like the ITWeb security summit and academic conferences like ISSA. The former is huge and can afford to bring over some of the big names, but also has plenty of "paid for" opinions and a sometimes less meaty content. The latter is peer-reviewed and requires more than a slide deck and a grin to present at, but also sometimes values theory over pragmatism and places a large burden on people already holding down a job.

As someone who uses a lot of web apps, I run into the problem of trying to remember multiple passwords. Most people resolve this by just using the same password across all the sites. However, as numerous, examples, have, demonstrated, that's not a good idea. The knee-jerk counter is to use a different password (or groups of passwords) across the sites, but that becomes difficult to remember. If you want the quick solution I'm proposing then check out SuperGenPass (or my customised version). The security geek details follow after the jump.

Boy do I have news for you security people out there; I have a 100% reliable way of breaking all encryption! I call it the "Evil Thug" attack. I provide this service for a small fee. The entry level service will get me or an employee for a hour, this is all it will take to break any encryption in the world (and no we don't need a prostitute, even for 2048bit RSA encryption).

This weekend was rather eventful, and we learned a valuable lesson about viruses, security software, and professional scepticism in IT environments. I've briefly documented it below so you can learn from our mistakes.

Last week Wednesday a virus was detected on a client's network. The anti-virus (AV) host intrusion prevention system (HIPS) was updated to block access to the URLs the virus was using to fetch its payload and other control instruction.. However, the domain lookups[1] to these URLs increased massively by Friday, so much so, they caused the internal firewalls to fail due to the load from trying to inspect this traffic. Domain lookups were then blocked at the firewall, but the source of the lookups persisted. However, network access was restored and outwardly there was nothing wrong.

I really love twitter, and use it more than I should. The only problem is, like most conversation, the signal to noise ratio isn't wonderful. However, unlike most conversation, this is digitial and "we can make it better". This is where my idea for "twilter" came from. It's just an idea, as I don't have the time or skill to implement it, but I'm hoping this forms a functional spec of sorts for someone who does.

Using a computer can be frustrating; you click on something and it doesn't complete as fast as it usually does, and you don't know why. Advanced users tend to look at their CPU usage, to provide some form of explanation. "Oh look, my CPU is really busy, that's why stuff is slow." This is often turned into a widget/gadget/screenlet that sits on their desktop blinking the current CPU usage.

We loved every moment, if only there was more time. Some photos are up courtesy of our photographers. Our informal engagement shoot, and photos from the wedding.

In the meantime, we're off on honeymoon!

In 17 hours. Finally, I can't wait.

Conficker has claimed it's first victim, this time a live one. Conficker, a computer virus that security researchers have warned will do severe damage to computing systems from April 1st, has claimed millions of computer victims to date. However, Harry Hermulen's computer was luckier than he was.

Thanks to the Department of Home Affairs, it is now possibly to get a bit more creepy. If you know someone's ID number (not a hard task) you can now find out if they are dead/alive, in the process of obtaining a new ID book or married (and when).

• Are they alive?
• Married?
• Applying for a new ID book?
  

While these would make a great addition to Maltego as new transforms, given how poorly protected our ID numbers are, I'm reluctant for the DHA to be making this info available. While this information certainly isn't a deep invasion of privacy, I am worried about them expanding the service. Additionally, the existence of these services implies that there is a DB full of juicy ID data connected to the internet, and I'm not sure they've secured it very well.

ClassicFM just phoned me for comment on this story. I did some quick research and was rather dismayed to find that this appears to be an attempt to drum up some press references for marketing rather than a responsible informing of the public.

Update: ClassicFM has put up the story with a soundbite.

I've previously, spoken about Paterva's awesome data mining tool Maltego in 2007. I've recently had cause to start playing with it again as part of the Privacy work I'm currently doing, and it's come a long way baby. 

Update: Verashni has since written a story on the matter.

Many non-technical people don't realise how easy it is to manipulate many of the core internet protocols. 2008 Was a particularly bad year for it with some key weaknesses being pointed out in critical protocols such as DNS, SSL and BGP (again) which have joined the ranks of SMTP, Ethernet and in-line SQL as broken. However, with all the technofeats, I forget how easy it is to do something simple that appears to be manipulation to the general public. A journo friend of mine, Verashni, noticed (amoung others) that visiting www.malema.co.za will take you to the DA's website. For any forein readers, this is funny as I'm sure Julius Malema has a dartboard with, opposing political party leader, Hellen Zille's face on it. I did a quick check of who had registered the domain and it was fairly obvious this was a prank:

2f. billingaccount : The ANC
2g. billingemail : neveranc@gmail.com
2i. invoiceaddress : Not 54 Sauer Street, Johannesburg, 2001
2j. registrantphone : +2774 115 9505
2k. registrantfax :
2l. registrantemail : neveranc@gmail.com