Archive for January, 2007
My staging servers cannot boot from CD-ROM, therefore I use a boot disk. For this reason alone, I have floppy drives in all my systems. I also save time by booting from floppy disk and installing operating systems over the network. A tip for anyone who's [...]
Posted by Marcin on Wednesday, January 31, 2007 in
Security and
Tech.
When contracted to perform a network security evaluation or penetration test, one of the most important stages is the pre-evaluation phase. During this phase, you develop contacts and gather information about the company. It's important to determine the [...]
Posted by Marcin on Tuesday, January 30, 2007 in
Security.
Literally right after RSA, SCALE is happening February 10th and 11th. I plan on making the drive out with several other friends from school. The presentations I'm looking forward to: New & Improved: How a More Modern IT Security Model Can Better Protect [...]
Posted by Marcin on Tuesday, January 30, 2007 in
News,
Security and
Tech.
Guy Kawasaki has a very interesting blog and today posted "The top 10 stupid ways to hinder market adoption." Supporting only Windows Internet Explorer. What Guy fails to mention, is having a website that's always available to its users. Supporting only [...]
Posted by Marcin on Monday, January 29, 2007 in
Security and
Tech.
I am not 100% positive or if this just merely coincidence, but I have a feeling my sister has fallen victim to the TJX security breach reported last week. Fraudulent transactions originating in France (of all places) began January 10th, comprosing four [...]
Posted by Marcin on Friday, January 26, 2007 in
News,
Privacy and
Security.
Part of any monitoring and intrusion detection strategy should include file integrity checking and regularly auditing programs capable of privilege escalation. These programs are often replaced or modified by intruders, creating processes or performing [...]
Posted by Marcin on Friday, January 26, 2007 in
Security.
My bank recently upgraded it's architecture and web site, adding more features and "improved security." After logging in, I am directed to a page greeting me asking to update my account information and "security challenge questions." The drop-down menu [...]
Posted by Marcin on Wednesday, January 24, 2007 in
Security.
I love xkcd, and I just had to share this with comic with all of you. Sums up my experiences with Wikipedia entirely! Courtesy: xkcd.com
Posted by Marcin on Tuesday, January 23, 2007 in
Other.
I made this poster back a couple years ago, telling users to think before they click. It shows a mouse pointer and "Format C:\" button with a red circle and a slash through it. (edit: click here for the *nix version) If anyone has some other sayings for [...]
Posted by Marcin on Tuesday, January 23, 2007 in
Security.
My good friends over at Security Horizon have released the Winter 2007 issue of The Security Journal. Stories covered include: Fire up your Fox:a Browser Platform for Security Testing How I Cut Our Spam by 90% Risk Assessment with NIST SP 800-30 Book [...]
Posted by Marcin on Monday, January 22, 2007 in
Security.
F-Secure has a replay of their WorldMap from last night, 01/19/2007. It shows the spread of Storm-Worm Small.DAM, an e-mail worm and it's really, really cool. I want one! (not the worm of course, :P ) The video is also available on YouTube.
Posted by Marcin on Saturday, January 20, 2007 in
Security.
I was tired today.. maybe it was the material, or the fact that I had to break my college routine and wake up early in the morning... but I was beat. Regarding the IEM, the material could be a little better. Some of the tools that were mentioned are not [...]
Posted by Marcin on Thursday, January 18, 2007 in
School and
Security.
This semester, I am taking the IEM as part of a class that will be assigned to evaluate my university's network security. Last semester, I was a team leader in an IAM, an assessment of my school's organizational information security. The IAM is two full [...]
Posted by Marcin on Thursday, January 18, 2007 in
School and
Security.
The time is nearing and I will have to move my site to a new host. Along with the move, we'll undergo a domain name change to www.tssci-security.com as well. Currently we're hosted on a dedicated FreeBSD server running Apache, and I'm pretty happy with [...]
Posted by Marcin on Monday, January 15, 2007 in
News and
Other.
Volume 6 of the Uninformed Journal is out. This issue contains the following: Engineering in Reverse Subverting PatchGuard Version 2 Locreate: An Anagram for Relocate Exploitation Technology Exploiting 802.11 Wireless Driver Vulnerabilities on Windows [...]
Posted by Marcin on Sunday, January 14, 2007 in
Security.
To anyone who has `register_global` turned on for PHP versions 4 thru 4.4.3,< 5.1.4, update your Wordpress; 2.0.7RC1 is available. The exploit takes advantage of code flaws in wp-trackback.php.... again, allowing a SQL injection admin hash disclosure. [...]
Posted by Marcin on Thursday, January 11, 2007 in
Security.
Today Congress will ask the President for an update on National Strategy for Pandemic Influenza. This reminded me of an article I read in the December 2006 issue (pp 36-43) of Information Security Magazine. One of the feature stories, Don't Wait for [...]
Posted by Marcin on Thursday, January 11, 2007 in
Security.
Thank you very much InformationWeek! I was reading an IW article, Adobe Patches Acrobat And Reader XSS Bug, 3 Other Flaws, hoping to get some useful information from it. The article contains 15 links, two of which are other IW articles and three direct [...]
Posted by Marcin on Wednesday, January 10, 2007 in
News and
Security.
I see Michael Farnum has responded to Terry Sweeney's blog post on Phishing your own users. I would just like to remind everyone that while intentions may be good, to remember the times people have tried this tactic with viruses. How many times did we [...]
Posted by Marcin on Monday, January 8, 2007 in
Security.
I came across this today, a Multiple Vendor PDF Document Catalog Handling Vulnerability over at MOAB. I was curious, so I decided to check it out and download the POC exploit code. The document failed to open on my Windows XP workstation using Foxit [...]
Posted by Marcin on Monday, January 8, 2007 in
Security.
I'm at the airport right now, after having gone through an extensive, supposedly random TSA security screening and came across this article at dheera.net. In summary, the article states blurring sensitive text in photos is a bad idea. The reason being, [...]
Posted by Marcin on Sunday, January 7, 2007 in
Security.
Michael (LV) over at terminal23 hits the nail right on the head with the latest articles and blog posts regarding full disclosure and responsible disclosure. I'd rather hear from the community about a new security vulnerability than wait for a vendor to [...]
Posted by Marcin on Friday, January 5, 2007 in
Security.
As some of you know, I should be (hopefully) graduating this August. I'll be taking a couple classes this summer to finish up the credits I need and finally graduate. I've been thinking more and more about some entry-level security certifications but am [...]
Posted by Marcin on Friday, January 5, 2007 in
Security.
With the recent vulnerabilities in Adobe Acrobat/Reader and reported exploits, I just want to point you all to a free, light-weight self-executable PDF reader for Windows: Foxit Reader 2.0. It's super fast for simple text PDFs, however it sometimes has [...]
Posted by Marcin on Thursday, January 4, 2007 in
Security.
I couldn't take it anymore, so I bit the bullet and bought a ticket to ShmooCon for $150. Next thing I need to arrange are hotel accommodations. Wardman Park Marriott is too expensive for us poor college students, so I'll be looking into getting a room [...]
Posted by Marcin on Tuesday, January 2, 2007 in
Security.
Happy New Year everyone! I had a great night with my friends and a lot of unneeded drama, but oh well. I'm disappointed I wasn't able to snag ShmooCon tickets for $75; they sold out in under three minutes! I'm still organizing a trip with several other [...]
Posted by Marcin on Monday, January 1, 2007 in
News,
School and
Security.
