General: February 2005 Archives

IM Security Challenge

Instant Messaging presents the same vulnerabilities as email, yet it is not protected in nearly the same manner. Corporations have dumped money on preventing email viruses but every other port is left untamed.

Potential Problems:
1. Application attacks. Such attacks are possible if IM client software is not kept up to date. Generally speaking companies stay on top of Microsoft patches but not as many patch their other applications. Since IM is generally ad hoc and user installed, it is not likely to be kept up to date.
2. Viruses sent via file transfers - There are many viruses such as Bropia that spread through IM networks and have effected corporate customers.
3. SPAM - (SPIM) Spam to IP accounts is fairly easy to control. Dont accept IMs from people not on your buddy list.
4. URLs. This is where a link to an exploit or virus is sent.

Solutions:
1. Ban IM. It can be blocked at the firewall, but you may find yourself looking for a new job if you choose to implement that solution.
2. Implement an internal IM server with Antivirus such as Microsoft LCS with Sybari Antivirus for IM. With LCS SP1 coming out this spring you can force Yahoo and AIM users to go through your server so that public traffic i protected.
3. Implement IMLogic to hijack public IM sessions so you can scan and control IM traffic.

By Roger on February 27, 2005 6:16 PM |

Security Attitudes and Firewall Traversal

An employee writes to a company helpdesk complaining that he cannot access a site. The URL was sent to him by the vendor to be used to register software. When he attempts to go to the URL he gets blocked by Websense. (Websense is an industry leading web filtering/ web security company. Corporations use their block list to prevent employees from accessing disallowed sites). He writes to the helpdesk "No biggie, I will just login to my AOL account and bypass company policy. That will make it easier."

I'd forgotten that the AOL client basically acts as a VPN and allows users to bypass corporate policy. :(

The kicker is that the url actually produces a 404. I suspect that the user has spyware loaded locally that redirects 404s to a specific webpage, and it is that page that is on the block list.

By Roger on February 27, 2005 6:05 PM |

SAIC Breakin Nets employee records

http://www.washingtonpost.com/wp-dyn/articles/A17506-2005Feb11.html?nav=rss_technology
A smash and grab operation stole computers from an administrative SAIC building. The stolen information included names, Social Security numbers, addresses, telephone numbers and records of financial transactions. It was stored in a database of past and present SAIC stockholders. It is not known if the data on the computers was encrypted.

Physical security cannot be neglected.

By Roger on February 12, 2005 6:25 PM |

Infosec Related TV

Rob Rosenberger wrote about his rejected idea for a infosec based tv show. He's thinking something along the lines of MaxX. If you haven't seen the show, its a clip show of disasters and police chases backed up by acerbic voice over commentary. The problem is where do you get the video clips. The only people filming at work is physical security. Their cameras are aimed at the entrances. They wont catch video of Troy in Accounting opening loveletter. Everything would have to be reenacted. This works for John Walsh, but on a show like MaxX, the show is too fast paced and would require too many segments be filmed.

I would advise modeling the show after the all too brief reality series "Spymaster" on TLC. They first showed auditions in major cities where they ran people through a situation and based on how they handled it, they let them on the show. The selected candidates were taken to "The Farm" a foux CIA training center. There they learned how to handle weapons, self defense and basic espionage. Through several challenges individuals were weeded out. The finale was a "hostage" rescue in Mexico.

I would see the analogous show as a hacker bootcamp. Perhaps it could be something like "Hacking by the Numbers" taught by the Sensepost guys, except you have a big finale where you must defend your own computers while attacking computers of the other guys.

While we're on the subject, am I the only one who would like the yearly competition between the NSA red team and the combined armed forces academies televised?

Ok, the show would get pilloried for glorifying hackers. Perhaps the "Hackmaster" approach isn't the best show. I'm thinking an Infosec comedy might work, but it might be tough to do without ripping off Dilbert or The Office.

By Roger on February 7, 2005 1:13 AM |

Shmoocon Ends

The Shmoocon concluded today. I wasn't fortunate enough to make it down to the conference. I wish I had, but because of school, I dont get out much.

There are two posts related to shmoocon over at the TaoSecurity Blog. They are worth checking out.

http://taosecurity.blogspot.com/2005/02/shmoocon-concludes-shmoocon-finished.html

http://taosecurity.blogspot.com/2005/02/shmoocon-day-two-here-are-few.html

http://taosecurity.blogspot.com/2005/02/shmoocon-begins-i-am-happy-to-report.html

By Roger on February 7, 2005 12:47 AM |

Hot Spot Found on Saturn

Future astronauts were thrilled by the discovery of a hot spot on Saturn. They will now be able to use their wireless access minutes at Starbucks across America, major airports as well as Saturn.

Security professionals immediately sounded an alarm. If these war drivers can pick up a hot spot on Saturn, imagine what they can do with the signal from the wifi equipment at your house!!!


The preceding blog entry was a joke based on the AP headline Astronomers Find 'Hot Spot' on Saturn.

By Roger on February 5, 2005 2:08 AM |

Security Mold

Over on another board that I frequent a user was posting about a problem he was having at his house. It started with his new windows. It seems they were still getting condensation. It turns out that the humidity is 80% in his home. His wife is suffering some allergies due to the humidity. This guy is concerned about the quality of the window construction. Later he starts other threads about dehumidifiers.

No one can understand why he has such high humidity in the winter in Pennsylvania. Finally it comes out that there is water in the crawl space beneath his house. Even once this is discovered, the guy just says he doesn't want to deal with that now. He wants to know about how to know that the windows were installed correctly. He wants to know how to know that his dehumidifier is working.

We all have these blind spots. Well, perhaps blind spot isn't the right word. We're aware of the problem but we refuse to acknowledge it or deal with it. Its easier to deal with the symptoms rather than the problem itself. Its also true in our professional lives. For example, we have nice safe little security projects that wont effect people. We do the equivelent of putting up air fresheners and getting a dehumidifier instead of fixing the mold infested bacteria pool that is in the crawl space.

By Roger on February 1, 2005 10:45 PM |

Weak Link

Saw this over in Bruce Schneier's blog
gate.jpg

Your security is only as good as its weakest link.

By Roger on February 1, 2005 2:53 PM |
« General: January 2005 | Main Index | Archives | General: March 2005 »

Search