Network Security Blog

Thwarting Hacker Techniques: Network security — You should know Jack

Here’s part 4 of 5 in this series. I’d write a little more about it, but I’m sick and anything I wrote would probably come out garbled. I know everything I’ve said so far today has.

Yesterday I added a number of permanant links to the tools I tell friends and co-workers to download the most often, like Firefox and Ad Aware. I have the nagging feeling I missed something, so if you have a favorite open source or free security tool that I missed, please let me know.

SANS Top 20 Vulnerabilities – The Experts Consensus

The SANS group has collected this excellent list of vulnerabilities, and it’s definitely something that should be perused. I always find this list amusing, mostly because of the scope of the vulnerabilities. The Windows top 10 are always the most ubiquitous tools, the ones no one can live without, like the web browser and email, not to mention the web services. In comparison, while the vulnerabilities on the UNIX side are important, most of them are quite a bit more limited. For example, every Windows system is going to have the workstation service (W2), but only a limited number of *nix systems are going to have BIND or a web server running. The #1 vulnerability on the Windows list should just be Windows itself.

On a related note, Richard Bejtlich, author of The Tao of Network Security Monitoring, takes exception with the way SANS uses the words ‘threat’ and ‘vulnerability’. His point is well taken, but I’m not sure if it’s that important in the bigger picture. Semantics definitely affect how you look at an issue or problem, but I think it’s more important to get the information out than argue about how its presented.

If I have the time, I’d like to compare the new list to the last few years. Other the the name of the specific vulnerabilities, I’m pretty sure what’s on the list really hasn’t changes all that much over the last few years. So yes, this years buffer overflow is a little different from last years, but it’s still a buffer overflow in how IE handles URLs.

SC Magazine

What idiot thought putting bluetooth in a car was a good idea? Just the thought that all someone has to do is walk up to within 15 feet of my car to infect it with who knows what sort of program scares me. If some script kiddie can come up with a Lexus infecting virus, what’s to stop a malicious hacker from disabling your car or worse.

Engineers need to start thinking about the consequences of including needless technology. Yes, it’s nice if your car and your cell phone can communicate to download GPS updates, but what’s going to happen when that update includes a virus that guns the engine and disables the breaks when your on a winding road? Ah, the joys of technology.

I’ve been using the Adblock extension for Firefox for about two weeks now, and it’s been working wonderfully. I haven’t had any problems, but one of my co-workers stated that he’d had several problems with the ESPN site. Apparently ESPN uses the same servers to supply it’s navigational images as it uses for its ad images. I’ve included an export of the Adblock settings I’ve used in the extended entry. You can copy those into a text file and import them into your Adblock setup.

Let me know if you have additional listings that work well for you. My settings seems to block about 95% of the ads out there, but I’m looking to get up to 99%, as long as it doesn’t start negatively impacting my web surfing.

Continue Reading »

Okay, I’ll be the first to admit it, I have no real reason or use forit, but I want a MiniMac. Having a computer that I can easily hold in one hand, running OsX just seems cool for some reason. But I can’t tell my wife, ‘No, we can’t pay for the kids to go to soccer’ and then turn around and say ‘Can I buy a MiniMac?’ I still want one anyways.

Ps. I know it’s properly called a Mac Mini, but MiniMac sounds better to me.

Thwarting Hacker Techniques: Detecting intrusions while saving money

Part 3 of 5. The author is pointing users to some ideas about Intrusion Detection and Network monitoring. This is the point where you’re slipping from clueless user to talented neophyte to security professional. I’m not going to start asking my father to install Snort on his desktop to catch hackers, but I might suggest it as a fun side project for one of the local Unix administrators.

If you want to know a lot more about Snort, check out Snort 2.0 (I think a 2.2 version may be out) by Brian Caswell, published by Syngress Press. You might also want to get a copy of Ethereal Packet Sniffing by Angela Orebaugh, also from Syngress. For the real TCP/IP arcana, check out TCP/IP Illustrated by W. Richard Stevens from Addison Wesley. This is a reference book, not light reading. Unless you’re having a sleepless night that is.

CNN.com – U.S. bars ‘terrorists’ from Canada – Jan 21, 2005

Well, last week’s DHS snafu finally made the main-stream news, but in an extremely small way. Apparently, this CNN article and a few references on National Public Radio were it. The DHS is being very close-mouthed about this incident, but I’m fairly certain they’re discouraging coverage.

Ah, the things we’ll do for the illusion of security.

IRC Analysis

I had some issues with the science behind the article, but the author has recently added a short blurb stating that he was using a purely un-scientific method for coming to his conclusions. Basically, he did a key word analysis of the language used on 60 of the largest IRC channels, and found that in almost every case the words in question were being used to try and sell pirated or cracked software.

I haven’t used IRC in a couple of years myself. I got tired of baiting immature, uneducated children, whether they were 14 or 40. Actually, I think I got out before it got really bad, with all of the attempts to compromise systems, install spyware or just use the channels as ways to introduce viruses. I’m a little surprised by the conclusions the author draws, but not that surprised.

“Evil twin” WiFi hotspots are being used to hack bank accounts- expert

I’m surprised no one thought of this before. Or maybe they have, and no one’s caught on. The idea is simple, set up your own wireless hotspot with an identical SSID to an already availible public hotspot. Sniff all the traffic coming accross it, and garner all the wonderful information people are transmitting for you.

If you have a corporate VPN available to you, connect to that before doing your banking when you are using a public hotspot. Or, if you have the technical inclination and know how, SSH to your home systems and use SSH Port forwarding. Really, any bank worth your money will be using SSL and encrypting the data from your system, but someone with enough time and information can probably crack the data stream.

For some more thughts on using wireless hotspots, read the SANS Internet Storm Center entries from Sunday and Monday of this week.