Archive for August, 2003

Aug 29 2003

Mblaster writer suspect caught

Published by under Malware

According to the Washington Post, they have caught a suspect in the creation of the Mblaster worm, or one of it’s variants. You can read the whole story at theWashington Post. I found this on Slashdot.

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

Comments Off

Aug 28 2003

Hoaxes

Published by under Malware

Let’s start this off with the good stuff, then go on to my ramblings. Hoaxes are bad, a waste of time and energy, and can only be combated with education. If you recieve a chain email warning you about a new virus or worm, check one of these sites before forwarding the email:

You can also do a search on Google using the phrase ‘virus hoax’.

As a security professional, I have a hard enough time keeping up with all the real threats to the networks I protect, let alone trying to keep up with all the hoaxes and mis-information floating around out there. It usually only takes me a couple of minutes to look up a hoax, but that’s a couple of minutes I could have used to research a real threat.

The bottom line is this; take the time to research ‘virus warnings’ before forwarding them to your dozen closest friends. It only takes a few minutes, and it will save your friends a lot of unnecessary anxiety.

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

Comments Off

Aug 23 2003

SoBig.f a bust, On the track of the virus writer

Published by under Malware

Well, it looks like the SoBig.f virus was a bust last night. And it looks like the FBI has some sort of lead on the writer, but it may have dead ended. Here is an article on how the search is going so far.

Suprisingly, I found an even better article on Yahoo. I don’t usually think of Yahoo as being a great source of techy news.

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

Comments Off

Aug 22 2003

SoBig.f set to go off tonight

Published by under Malware

Just in case you don’t already know, the SoBig.f worm that has been causing so many problems the last couple of days is set to go into a new stage tonight. The best explination of this worm and it’s current status is on Sophos. We should know soon if the virus actually has something more for us or if this is a big case of Fear, Uncertainty and Doubt (FUD).

The worm has been set to point to 20 IP addresses on the web. All but 1 of these systems have been taken off-line. This could either be a big bang or a big bust. Only time will tell.

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

Comments Off

Aug 21 2003

Security Primer for the non-technical

Published by under Simple Security

The Internet is a dangerous place. When your connected to it, you need to make sure to protect yourself from it. Right now there are several very active worms out there, crippling systems around the world. Here are some basic steps you can take to protect yourself from the Internet.

1) Don’t open any email attachments you didn’t specifically request. Too many of today’s viruses and worms use email as their propagation method. Either delete unsolicited email attachments automatically or verify the source before opening them.

2) Have anti-virus software installed This is a basic step many people overlook entirely. Get McAfee, Trend-micro or whatever, but get an anti-virus program on your computer.

3) Stay up to date on your operating system and virus definition patches. They take time to install, occasionally cause more harm than good, and are just more thany many people want to deal with, but these patches are important. Learn how to update your computer. If you can use the Windows Update site, great, but it has been taking a hammering from one of the current worms, mblaster.

4) If you have a broadband connection (cable, DSL, etc.), make sure you have a firewall. You can either have a hardware firewall, such as a Linksys router, or a software firewall. I personally prefer to have both. A router with built in firewall is the best starting point for a home user. They have become very easy to setup and the price has come way down, <$100. A software firewall, such as Zone Alarm, is also good, but then your stopping the threat a little closer to your valuable computer. A personal firewall is also a good for users who have dial-up access.

5) Use common sense Anything that sounds too good to be true probably is. Don’t follow the link from an anonymous email promising quick riches or cheap products. Most of those are just attempts to get your money, and some are going to try and install software on your computer or get information from your computer.

These general rules should apply whether your at home or at work. At work at least the patching should be taken care of for you. But the common sense part is still up to you.

Martin McKeay

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

Comments Off

Aug 20 2003

A good night’s sleep

Published by under General

It’s amazing what a good night’s sleep can do for your attitude. Or at least what it can do for my attitude. I keep hearing that sleep deprivation is rampant throughout the United States and, to a lesser degree, the world. I can believe it. It’s almost impossible to work, play, spend time with family AND get 8 hours of sleep. I know I almost never get a full eight hours. Most nights I’m lucky if I can get six hours of sleep.

Here’s a decent article on sleep deprevation and what to do about it.

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

Comments Off

Aug 19 2003

So this is burnout?

Published by under General

Is this what burnout feels like? I have several co-workers that have been talking lately about what they are going to do next, and if it will have anything to do with network security. There have also been several threads on the CISSP mailing list concerning life after Network Security. I’m beginning to understand why.

I don’t know about other people out there, but most of what I do consists of either monitoring log files on a dozen or so different servers, or trying to keep up with the latest exploits out there. Both are a never-ending stream of data that can only be kept up with by constant vigilance. And some days, I just don’t feel up to it.

Continue Reading »

Comments Off

Aug 19 2003

Newsfeeds working, really!

Published by under Site Configuration

Okay,

Now the newsfeeds are really working. I guess most of the sites that allow newsfeeds don’t like it when you refresh more than once an hour. They actually cut you off for 72 hours or so. Since I let enough time pass, they are now allowing me to read the sites again.

In other news, it looks like the msblaster virus and it’s ilk have won out over Microsoft. Microsoft has had to change the IP address of windowsupdate.com, and now a number of ISP’s are blocking outbound access to the site all together. This must be Microsoft’s idea of being proactive. Hopefully they will come up with a better solution for the next DDOS worm to come out.

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

Comments Off

Aug 14 2003

Newsfeeds are done!

Published by under Site Configuration

Thhhp! :-P

The newsfeeds are in place, and hopefully fairly stable. It has been a labor of … love(?) to get them up and running. I almost killed both the new security site and my existing Champions RPG site in the process of adding these links. But, in the end, pure pigheadedness and … well, just pigheadedness, won out over the vageries of technology.

Continue Reading »

Comments Off

Aug 14 2003

Here goes nothing

Published by under Site Configuration

Welcome to my security blog. I’ve been running a security website for my own enjoyment for about a year, but the content has been pretty static (read stagnant) and it is too time consuming to update hard coded web pages in real time. I hope to be updating the new page quite a bit more often than I ever updated the old page. On the other hand, I may get bored in a couple of days and forget to update this one too. :->

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

Comments Off