Continue reading ""Evil Thug" goes after Full-Disk Encryption"
This weekend was rather eventful, and we learned a valuable lesson about viruses, security software, and professional scepticism in IT environments. I've briefly documented it below so you can learn from our mistakes.
Last week Wednesday a virus was detected on a client's network. The anti-virus (AV) host intrusion prevention system (HIPS) was updated to block access to the URLs the virus was using to fetch its payload and other control instruction.. However, the domain lookups[1] to these URLs increased massively by Friday, so much so, they caused the internal firewalls to fail due to the load from trying to inspect this traffic. Domain lookups were then blocked at the firewall, but the source of the lookups persisted. However, network access was restored and outwardly there was nothing wrong.
Continue reading "When AntiVirus was the Virus"
Continue reading "Speaking "Business" in South Africa"
Continue reading "Twilter - Filtering Twitter for higer Signal"
Continue reading "Monitoring your Laptop/Desktop Processes Reduces Frustration"
Continue reading "Conficker Claims its First Human"
ClassicFM just phoned me for comment on this story. I did some quick research and was rather dismayed to find that this appears to be an attempt to drum up some press references for marketing rather than a responsible informing of the public.
Update: ClassicFM has put up the story with a soundbite.
Continue reading "SA AV Vendor Recycling News for FUD Marketing"
Continue reading "Using Maltego to Data Mine Twitter"
Update: Verashni has since written a story on the matter.
Many non-technical people don't realise how easy it is to manipulate many of the core internet protocols. 2008 Was a particularly bad year for it with some key weaknesses being pointed out in critical protocols such as DNS, SSL and BGP (again) which have joined the ranks of SMTP, Ethernet and in-line SQL as broken. However, with all the technofeats, I forget how easy it is to do something simple that appears to be manipulation to the general public. A journo friend of mine, Verashni, noticed (amoung others) that visiting www.malema.co.za will take you to the DA's website. For any forein readers, this is funny as I'm sure Julius Malema has a dartboard with, opposing political party leader, Hellen Zille's face on it. I did a quick check of who had registered the domain and it was fairly obvious this was a prank:
2f. billingaccount : The ANC
2g. billingemail : neveranc@gmail.com
2i. invoiceaddress : Not 54 Sauer Street, Johannesburg, 2001
2j. registrantphone : +2774 115 9505
2k. registrantfax :
2l. registrantemail : neveranc@gmail.com
Continue reading "Cybersquatting and Prank Redirects - Malema and the DA"
Continue reading "A Response to Bejtlich on DLP"
Continue reading "Opt-Out of Online Advertiser's Profiling"
Viruses using the autorun.inf file of removable media such as flash sticks and iPods to automatically execute and install themselves whenever they are plugged into a machine can now be thwarted by Ariad. This is a big vector at the moment.
It's a file system filter (I didn't know about these, they're cool) that blocks access to autorun.inf and effectively stops windows from automatically installing viruses for you (aka a design flaw). Group Policy should allow you to do the same thing, but if you have either incompetent domain admins, some inheritance complexity of multiple policy applications have self-imploded, or a family member who uses their USB without protection, this can help fill the gap.
Courtesy DiderStevens - Ariad
Dider asked me to add that at the time of writing this is beta software, so test it first.
Continue reading "Connecting to a Microsoft Office Communicator or Live Office Communicator Server in Ubuntu"
Continue reading "WorkTime Script to Prevent Innapropriate Web Surfing"
Continue reading "Why Patch Management will Remain Hard"