Winamp 5.35 is out fixing the MP4 file parsing buffer overflow vulnerability that was previously announced.
Archive for May 2007
Security Metrics
In our recent FISMA audit at work, KPMG didn’t like the vulnerability remediation report that I create each month for the Infosec group. They wanted more metrics, but their examples of metrics were very similar to what I already do.
Flash forward a few weeks, and we have a CEO who is very interested in number… in metrics.
I spend a lot of time on putting together the Infosec report, but I have to question whether some of the numbers prove anything other than that the products in question are still collecting data.
So to meet these two demands for metrics, I’m searching high and low. This will have to be an off hours project. At work, I my top two tasks right now are writing an incident response plan and selecting a FDE product. That doesn’t leave a lot of spare time.
So I’ve spend some time over at securitymetrics.org. I’ve read the reviews of “Security Metrics: Replacing Fear, Uncertainty, and Doubt” over at Amazon. I’ve looked at A Few Good Metrics over at CSOonline.
I’m wondering if its worth getting the book or if I should just read NIST 800-80, “Guide for Developing Performance Metrics for Information Security” and 800-55 “Security Metrics for Information Technology Systems”.
I do believe the right Metric can provide insight, and be a true measuring stick for the infosec program. I’m just afraid that Metrics done poorly will lead to spending a lot of time gathering arcane correlations that no one will read and will mean nothing.
Life is Beautiful, this email isn’t.
I received the “Life is Beautiful” virus hoax email from a relative today.
At the bottom of the email it stated:
PLEASE SEND A COPY OF THIS E-MAIL TO ALL YOUR FRIENDS and ask them to
PASS IT ON IMMEDIATELY! THIS HAS BEEN CONFIRMED BY SNOPES.
http://www.snopes.com/computer/virus/life.asp
If you go to that link, it says that the Life is Beautiful email is a hoax. The forwarder(s) didn’t actually check Snopes, they just believed what the email said.
Capicom.dll, MS07-028 and SAV
A posting on the MyITForum.com SMS discussion list reports that Symantec Antivirus 10.x and above may include a capicom.dll.
MS07-028 says that third party applications that distribute the Software Development Kit version of capicom will need to be updated.
It is not know yet whether we can just replace the vulnerable version of capicom ourselves, or if we need to wait for a SAV update. If its the latter can this be a liveupdate fix or will a MSP be issued.
Are all FDE Software companies unresponsive?
You’d think it would be easier to spend a lot of money. I’m trying to evaluate Full Disk Encryption software, and the sales people I’m dealing with are frustratingly unresponsive.
I’ve heard from other companies that often they find that FDE companies just aren’t interested. Apparently so many companies are under a encryption mandate that they only want to spend resources on a guaranteed sale.
The most annoying example is the product I’m currently evaluating. Safeboot has not provided me with a pre-sales support direct contact. They also forbid contacting tech support. Instead I must contact the sales guy. The sales guy instead of getting me in touch with a engineer wants to set up a meeting “sometime this week or next.”
I was very upfront in my need to do this eval quickly. I learned what I wanted about Pointsec in two or three days. I can’t even get a response from Safeboot in that time period.
Network World: How Secure is a hosted environment
In a recent NetworkWorld article, Michael Osterman asks “How secure is a hosted environment”. Specifically, he’s talking about external hosting of mail stores in cases where the entire mail operation is outsource or where mail is archived externally.
The article reports on his trip to ZANTAZ and how impressed he was with their physical security. The article would have been better if it had covered other areas of information security. How are these servers protected against attack. Is the operation audited? How do you know those security doors aren’t propped open every other day of the week?
A Thought about the BITS vulnerability
I read an Infoworld article today that says that “Hackers are using Windows Updates’ file transfer component to sneak malicious code downloads past firewalls”. After trying to figure out what the writer was talking about, I went to the source, a Symantec blog entry. This made a BIT more sense.
The Infoworld article left me thinking this was a corporate firewall bypass. That didn’t make a lot of sense because many enterprises aren’t scanning HTTP and FTP anyway, so the use of BITS doesn’t change that. The Symantec blog was a bit clearer that this is a personal firewall bypass.
Parlor trick or serious problem? I guess I’d be more worried about how the computer got infected initially. Flashy article titles makes this problem seem worse than it is.
Summer is Coming, Beware the Bandwidth Loving Interns
As we roll through May, its time for an annual rite of late spring, its the arrival of the summer intern. Generally these are high school or college students with morally questionable opinions about copyright and movie downloads. It may be a good time to put out a reminder if you have a company policy respecting such.
Symantec so done with Antigen
Regular readers of my blog know that one of my many duties at work is to administrate what was once known as IMLogic (now known as Symantec IM Manager). I’ve complained loudly and frequently here ever since Symantec bought IMLogic . This post is more of the same. 
IMLogic would keep me up to date about new releases. Symantec released version 8.2 without letting me know.
IMLogic worked hard to stay on top of new developments in the IM industry and let me know what actions I should take. Yahoo announced their web IM a few days ago. I still haven’t heard from Symantec about the best way to make sure that Yahoo Web IM is either blocked or monitored.
When Symantec bought IMLogic and Microsoft bought Sybari, I predicted that the Sybari – IMLogic integration was not long for this world. As I read the Symantec IMManager release notes for version 8.2, I see that Antigen for IM is no longer integrated. Here’s a support article about that.
Fortunately, it seems this version doesn’t have a lot new that I care about.
Real-time Enterprise Vault export capability
Groups and Group policies based on IP address ranges
File transfer control by type
Internationalization And Localization Changes
VMWare Support
Oracle 10g Support
Unfortunately, 8.1 the version I’m using is EoL in the fall.
AOL Password Truncation
Brian Kreb’s Security Fix is reporting AOL is truncating passwords at 8 characters. I think our Solaris servers were doing the same thing until we upgraded to version 10. In fact, here’s a blog entry from the SUN Security Coordinator’s blog claiming that password truncation is a security feature. In other words, its a feature not a bog.
