| 30/12/06 | IDS | USA's Federal Aviation Administration (FAA) plans to install wireless IDS at FAA training centers, air traffic control centers and FAA headquarters |
| 29/12/06 | Privacy | French court favors personal privacy over piracy searches |
| 24/12/06 | Privacy | [ JG ] A couple of articles have caught my eye during the last few days: Vodafone fined €76m over Greek wiretap scandal and DHS's 'Secure Flight' Program Proven Insecure. It seems quite obvious that these massive 'Big Brother' programs in the real world do a lot against the privacy of the individual and very little for the security of the community, in spite of all the propaganda around them. The sad thing is that most of the people are not against them because they don't understand the risks and because they provide a False Sense of Security they feel comfortable with. Sigh. |
| 20/12/06 | Forensics | Google searches help convict wireless hacker. His searches included "how to broadcast interference over wifi 2.4 GHZ," "interference over wifi 2.4 Ghz," "wireless networks 2.4 interference," and "make device interfere wireless network.". Unfortunately the court documents do not reveal how the FBI managed to discovere his search terms. Bummer. It would have been interesting to see if this was the result of a subpoena to Google (Google declared it can return an individual's search terms if provided an IP or a Web Cookie, while MSN and AOL say they can't). |
| 18/12/06 | Web Apps | Learn How Not To Use Cookies, and take a look at some other related references on Web Application Security. |
| 17/12/06 | IDS | Marty Roesch on Snort 3.0 |
| 11/12/06 | IDS | Take a look at this cool (& certainly useful) Map of the Internet IPv4 Address Space. |
| 30/11/06 | Privacy | A "funny" story on why you should be VERY careful when you get rid of your old computers, hard drives, flash drives, etc. Let's not mention what may happen if there is a forensically-savvy person at the other end. |
| 29/11/06 | Honeypots | A couple of new Honeypot Tools have been released: HoneySnap and Honeyclient |
| 28/11/06 | Malware | A bot program has been identified to propagate using several Windows vulnerabilities and a six-month old vulnerability in the Symantec Antivirus. Isn't it "funny" when defensive software becomes an attack vector? |
| 28/11/06 | Databases | David Lichtfield has published a paper about a new class of vulnerabilities which he has called Cursor snarfing. |
| 27/11/06 | Legal (US/EU)
Privacy | The US access to data on international bank transfers, granted by SWIFT (the Society for Worldwide Interbank Financial Telecommunications), violated the privacy laws of the EU.''. Check the original statement or the Securityfocus Article at that respect. |
| 26/11/06 | SSH | A new tool called Sharpener has been released to block SSH Brute Forces and a new associated SSH Brute Forcers Black List. I'm not a big fun of Black Lists unless they have been thoroughly tested (and even then...), but in any case, it's an interesting initiative. A similar initiative, DenyHosts has been running for some time as well.(JG) |
| 25/11/06 | Malware / IDS | A really interesting new tool, Universal Pattern Searcher which looks for common patterns in different datasets has been released. |
| 23/11/06 | Database | The Week of Oracle Database Bugs. Our colleagues at Argeniss have announced an initiative to release an Oracle 0-day exploit every day during a week on December. Will this change Oracle's security posture at all? |
| 22/11/06 | Legal (US) | Justices hand victory to free speech online: The California Supreme Court has ruled that websites annot be sued for posting or distributing libelous material written by others. |
| 21/11/06 | Databases | David Lichtfield has just published an illustrative paper Which is more secure? Oracle vs Microsoft. Oracle seems to clearly be the loser in this battle (as of today). |
| 20/11/06 | Malware | There is an interesting analysis by Lenny Zeltser at the SANS ISC about a commercial binary packer called Themida. The coolest part is this immunization idea suggested by a couple of ISC readers consisting on modifying standard (non-VM) systems in a way that they show VM-like characteristics, so malware which checks for the presence of a VM environment will not run. Really smart! Also interesting is the statistics referenced by Lenny: Three out of 12 malware specimens recently captured in our honeypot refused to run in VMware. |
| 19/11/06 | Vulnerabilities | The 2006 Edition of the SANS Top 20 has just been released. This year it has changed a little bit its focus, and it has been renamed to: SANS Top-20 Internet Security Attack Targets |
| 18/11/06 | Legal | We at JSS (and many others) suffered a while ago the consequences of Guidance Software's security breach. Now Guidance settles FTC breach charges. This is the saddest part: Guidance failed to implement "simple, inexpensive and readily available security measures" to protect consumers' data. As well as failing to take precautions to prevent web attacks, Guidance failed to detect unauthorised access to its network, a particularly embarrassing oversight given the nature of Guidance's business. We at the security business must be the first to be paranoid about our customers' security, but it looks like some companies aren't. Sad. |
| 17/11/06 | Malware | As you probably already know, malware (and specially rootkits) is targeting the hardware more and more. We saw Blue Pill (ab)using the virtualization features of the new generation of processors. Now, it's turn for PCI cards (network, video, etc.): PCI cards the next haven for rootkits?. The paper behind this news is Implementing and Detecting a PCI Rootkit by John Heasman. |
| 16/11/06 | Hacking | Digital Armaments have published their November-December Challenge, this time targeting Kernel vulnerabilities. A good opportunity for learning and having some fun. |
| 15/11/06 | BSD | It looks like the guys in the NetBSD community have been working pretty hard lately. The Recent Security Enhancements in NetBSD are definitely pretty impressive. |
| 15/11/06 | SPAM | I'm sure you've noticed the important increase in SPAM during the last 2 months (a perceived increase from 30% to 450% according to different sources). It looks like Bot nets are likely behind this jump in SPAM |
| 14/11/06 | Fingerprinting | A new version of SinFP, a tool which uses a new approach to active and passive OS fingerprinting, has been released. |
| 14/11/06 | Assessment | A new article about the Challenges faced by automated web application security assessment tools. |
| 13/11/06 | Auditing | The old Solaris Basic Security Module (BSM) has been openly ported to BSD, giving birth to OpenBSM. BSM is great if you are willing to sacrifice performance vs audit info, but the key in the real world is the tools to analyze the enormous amount of data produced. We'll wait to see what tools the FreeBSD community comes up with... |
| 11/11/06 | Legal | U.K. outlaws denial-of-service attacks. |
| 10/11/06 | Privacy | Interesting news today in Slashdot: "European expert researchers on identity and identity management summarize their findings from an analysis of passports with RFID and biometrics — Machine Readable Travel Documents or MRTDs — and recommend corrective measures." |
| 08/11/06 | Malware | A new interesting article in Securityfocus by Jamie Riden: Using Nepenthes Honeypots to Detect Common Malware |
| 30/10/06 | Encryption | Seagate announced today that they will produce hard drives that automatically encrypt the data, requiring users to have a key or password for decryption. |
| 18/10/06 | Log | Now that Log Management is getting so popular, it's good news that the final version of NIST publication Guide to Computer Security Log Management has seen the light. It's very recommended reading, as it covers a lot of different perspectives, from technical to operational and legal. |
| 06/04/06 | Honeypots | Malware wars! Botnets are being used by cybercriminals to perform denial of service attacks against antivirus vendors malware collection honeypots. |
| 05/04/06 | Malware | Kaspersky labs reported through Viruslist's weblog a cross-platform Proof-of-Concept virus that is capable of infecting both linux and windows binaries. |
| 05/04/06 | Vulnerabilities | Developers have quickly fixed about 900 bugs in popular open-source software as part of an U.S. government-sponsored source-code analysis project. |
| 04/04/06 | VoIP | Bruce Schneier describes why encryption in VoIP is so important due to a combination of traditional telephony threat model and the IP-networked one.Phil Zimmermman recently released ZFone a new Secure VoIP Phone based on a new protocol (ZRTP) proposed to be an IETF standard. |
| 04/04/06 | System | Virtualization software wars between Microsoft (who will provide Virtual Server Free), and VMWare who recently published the Server and Player software for free and just opened their Virtual Machine Disk Format Specification to the community. |
| 27/03/06 | Log Management | An interesting upcoming SANS webcast on Tuesday, March 28 at 1800 UTC/GMT: WhatWorks in Log Management: "Meeting Regulatory Compliance Requirements At Northwestern Memorial Hospital" Webcast |
| 26/03/06 | Hacking | Digital Armaments has launched a new edition of their Hacking Challenge, starting on April 1st: Oracle Database Hacking Challenge. |
| 24/02/06 | Phising | The Anti-Phishing Working Group just published their latest (December 05) trend report |
| 24/02/06 | Misc | Part 1 and part 2 of a really interesting interview with our two SANS colleagues Mike Poor & Ed Skoudis. |
| 23/02/06 | Malware | The two most important malware collection projects, nephentes and mwcollect, announced yesterday their fusion. The authoritative site for the joined effort is now http://www.mwcollect.org/ |
| 22/02/06 | Attacks | Check this interesting article: Demistifying Layer 2 attacks by Abhishek Singh. L2 security is typically one of the big forgotten so it's good to be aware of attack vectors against it. Additionally, remember there is a cool tool called yersinia by our friends David y Alfredo which can help you audit it. |
| 22/02/06 | Malware | Commtouch reports the January 2006's virus and spam statistics. In Summary: 19 new email-born significant virus attacks, of which a troubling 8 (42%) were graded "low intensity", 7 (37%) "Medium Intensity" and 4 (21%) were massive attacks – a rare phenomenon for a single month. |
| 21/02/06 | Wireless/
Privacy | More RFID news. Take a look at this: Cellphones can crack RFID tags. It appears that the RFID technology has come really low regarding security & privacy. RFIDs are going to be really deep into our daily life soon, so we better make sure these things are fixed before that happens. |
| 10/02/06 | Wireless/
Privacy | Two employees have been injected with RFID chips this week as part of a new requirement to access their company's datacenter. Welcome to the future! The most interesting part though is that those chips can be skimmed and cloned! |
| 07/02/06 | Malware | An excellent analysis by David Moore and Colleen Shannon from CAIDA of the spread of the Nyxem (or Blackworm or Kama Sutra or MyWife or CME 24) Virus in January and early February 2006. |
| 06/02/06 | IPS | The next SANS Webcast, on Wed. Feb 8 (18:00 GMT), will be WhatWorks in Intrusion Prevention Systems: "Guarding Sensitive Data with Financial Profiles Inc.", by Alan Paller and Joel Holland. |
| 05/02/06 | Pentest | Big news for the pentesters out there! The two leading pentesting live CD distros, Whax & Auditor, are merging into a new one: BackTrack. |
| 04/02/06 | Malware | Another interesting article on Malware: Malicious Malware: attacking the attackers by Thorsten Holz and Frederic Raynal |
| 03/02/06 | Malware | The mwcollect Alliance has been launched today. The mwcollect Alliance is a non-profit community effort to collect autonomously spreading malware and share with anti-virus and vulnerability researchers. |
| 31/01/06 | Malware | A popular report about the business impact of malware has just been released: Computer Economics 2005 Malware Report: The Impact of Malicious Code Attacks. A free executive summary is available. |
| 30/01/06 | Malware | On Jan 31 there will also be a SANS webcast, Eliminating Virus Outbreaks with Sara Lee, by Alan Paller and Bryan Jordan. |
| 29/01/06 | Forensics | On Jan 31 there will be a webcast on Automated Incident Response by Guidance Software. |
| 27/01/06 | Malware | Interesting news about a new approach in the rootkit technologies: Researchers: Rootkits headed for BIOS |
| 27/01/06 | Malware | The Blackworm worm, an extremely dangerous worm that will overwrite user's files on Feb 3, is spreading fast (300.000 systems so far). Make sure to clean your systems as soon as possible. More info at the SANS ISC. |
| 26/01/06 | Generic | Interesting interview with Richard Bejtlich. |
| 24/01/06 | Malware | The guys at CSRRT-LU, have put up a Malware Contest. Sounds fun! |
| 22/01/06 | Honeypots | If you speak spanish and you are in the Madrid area on February 9, you may want to attend to an interesting 4-hour course on Honeynets, SANS Stay Sharp: Deploying GenIII Honeynets, taught by Raul Siles. |
| 20/01/06 | Honeypots | If you are in the Honeypots arena, do not miss this interesting article, Sebek 3: tracking the attackers, part one by Raul Siles |
| 19/01/06 | Forensics | Interesting Webcast by Guidance Software on Jan 26: Creating a Computer Forensic Lab and Using EnCase in a Lab Environment |
| 11/01/06 | Forensics | Oracle Database Worm Spreading. |
| 10/01/06 | Generic | The SANS Institute has just published the SANS 2005 Information Security Salary & Career Advancement Survey. |
| 10/01/06 | Malware | An interesting research paper on Malware trends. |
