Archive for June, 2004

Jun 25 2004

Spreading the Love, IIS style

Published by under Malware

Wonderful, just wonderful. Large numbers of IIS servers out there are being infected with a worm that uses known, but unpatched vulnerabilities in MS IIS to download a trojan into IE when any of the sites on the IIS server are accessed. The worm is making changes to the IIS servers that add a header and footer to every page on the server, including a download script as part of the pages. Microsoft has a fix, but it’s complicated and may mess up your server. Here are some links for more complete information on this mixed medium attack.

Internet Storm Center

Bleeding Snort signatures
Current Bleeding Snort Signatures

What You Should Know About Download.Ject

Researchers warn of infectious Web sites

Continue Reading »

Comments Off on Spreading the Love, IIS style

Jun 24 2004

I have a gmail account!

Published by under General

I have become one of the chosen few! Okay, maybe it’s not really that big of deal, but it is one of those simple, geeky pleasures in life. You can send to me at

Now comes my dilema. Do I keep forwarding my email to my Yahoo account, or do I switch to Gmail wholesale? I think I’ll give Gmail a week or two before I do anything drastic.

Anyone else have any experience with Gmail they’d like to relate?

[Slashdot] [Digg] [Reddit] [] [Facebook] [Technorati] [Google] [StumbleUpon]

6 responses so far

Jun 23 2004

International Recognition

Published by under CISSP/ISC2

The CISSP receives international standardization

I hope this is good news. I’m not sure if it really means anything in the long run, but it sounds really nice in the short term. Will this force the ISC2 to solidify their processes and procedures?

Now, will someone explain to me what ISO/EIC 17024 is?

[Slashdot] [Digg] [Reddit] [] [Facebook] [Technorati] [Google] [StumbleUpon]

2 responses so far

Jun 23 2004

Paper CISSP?

Published by under CISSP/ISC2

Training, certification or experience? A security dilemma.

I am beginning to hear this argument more and more. People are getting their CISSP certification without the required amount of experience, they are going to bootcamps, they are just passing the test on book knowledge. The certification I worked hard for is being cheapened, and I don’t like it. When I hear someone compare the CISSP to the MCSE, I cringe. I don’t want the CISSP to become just another piece of paper anyone can get! I want it to remain something that is an accomplishment and something to be proud of.

What can be done? First of all, the ISC2 can enforce the rules on experience as a security professional. I believe they are doing some verification of experience, but this needs to be stepped up. I’m seeing more and more anecdotal evidence that there are a lot of people out there who never should have been allowed to sit for the test in the first place. It’s one thing to not have security in your title, but feel you have the experience necessary. It’s completely different when your only security experience is the boot camp you sat in last week. I don’t know how people pass the test on a few days training, but that’s a different issue.

Second, I would like to see the ISC2 do more to further the public’s awareness of what the CISSP is intended to be, and more importantly, what it is not intended to be. The certificate is a benchmark of 10 domains of knowledge, and the holder is expected to have a general awareness of all 10 domains. They are not however supposed to be an expert in all 10 domains. In fact, the CISSP is aimed at management level personnel, and the holder may not be a technical expert in any of them. For example, I needed to spend a lot of time learning the basics of cryptography for the exam, but I still couldn’t set up a PKI infrastructure if my life depended on it.

The last thing I would like to see from the ISC2 is movement towards more clearly defined processes and policies. Optimally, I would like to see the organization get ISO9000 certified, but that may be too much to ask. There has been a lot of concern lately revolving around a survey sponsored by the ISC2, and I think many of the issues this has raised over this incident could be resolved by clearing up the policies. I don’t believe that policy and process are the solution to a problem in and of themselves, but when you have those documented it’s a lot easier to troubleshoot your issues. Ad hoc processes rarely work, in my opinion.

I’m proud of being a CISSP, and I want to remain that way. But I see that there is currently an assault on the validity of the certificate. Too many people are passing the test that shouldn’t have been allowed to sit for it in the first place. The ISC2 has had some management fumbles lately, and seems more concerned with the number of CISSP’s than the quality of the applicants. The original plan was for the CISSP to be the Gold Standard of security certificates. When I hear the CISSP compared to the MCSE, I feel that the standard has been tarnished. Time to break out the polish and regain some of that shine.

[Slashdot] [Digg] [Reddit] [] [Facebook] [Technorati] [Google] [StumbleUpon]

2 responses so far

Jun 17 2004

Switch to Firefox

Published by under General

SecurityFocus HOME Columnists: Time to Dump Internet Explorer

I just started changing my own household over to Firefox last week. I saw one too many episodes of The Screen Savers where the lead story was the latest IE vulnerability. I don’t hate IE, I’m just tired of having to worry about so many vulnerabilities. The wife and kids are adjusting, but my youngest doesn’t care as long as his games stay the same. Anyone had any success in migrating a business to a non-IE browser?

[Slashdot] [Digg] [Reddit] [] [Facebook] [Technorati] [Google] [StumbleUpon]

Comments Off on Switch to Firefox

Jun 15 2004

I wondered what was up

Published by under General

SANS – Internet Storm Center – Cooperative Cyber Threat Monitor And Alert System – Current Infosec News and Analysis

I was having probelems getting to Yahoo this morning to get to my email. Now I know why. I’m curious to hear what the exact root cause was, and if it was human or computer error.

[Slashdot] [Digg] [Reddit] [] [Facebook] [Technorati] [Google] [StumbleUpon]

Comments Off on I wondered what was up

Jun 14 2004

Suspiciously Quiet

Published by under General

I thought it was just me at first, but apparently the Internet was fairly quiet this weekend. Or so the Internet Storm Center says. I look at this site daily for a very high level view of what’s going on around the big, bad Internet. I’m more paranoid about lulls in traffic than I am in surges. I usually figure that the only reason traffic would go down was because I was missing something. I like having someone else to benchmark my own traffic against.

[Slashdot] [Digg] [Reddit] [] [Facebook] [Technorati] [Google] [StumbleUpon]

Comments Off on Suspiciously Quiet

Jun 12 2004

A good virus paper

Published by under Malware

Reflections on Witty: Analyzing the Attacker

I like this dissection of the motivation of a virus writer based on the characteristics of the worm. Thanks to Axel Eble at the information security blog for pointing me to it.

[Slashdot] [Digg] [Reddit] [] [Facebook] [Technorati] [Google] [StumbleUpon]

Comments Off on A good virus paper

Jun 09 2004

TCP/IP Skills for Security Analysts (Part 2)

Published by under General

Here’s part 2 of an article I linked to in May. I haven’t had a chance to read it yet, so no comment.

TCP/IP Skills for Security Analysts (Part 2)

Incidently, this is entry #100. I wasn’t sure I could write that much. Next major goal: 500.

[Slashdot] [Digg] [Reddit] [] [Facebook] [Technorati] [Google] [StumbleUpon]

Comments Off on TCP/IP Skills for Security Analysts (Part 2)

Jun 08 2004


Published by under Site Configuration

I deleted the last post I published. Another CISSP, suggested that the time wasn’t quite right for some of my statements, and I had to agree.

Please refer to the the Register article for the cause of many current concerns, and if you are a CISSP, please send me an email at There is an open letter (email) from the members of the CISSP forum on Yahoo. I can provide you with copies of this letter.

[Slashdot] [Digg] [Reddit] [] [Facebook] [Technorati] [Google] [StumbleUpon]

Comments Off on Self-editing

Next »