Archive for May, 2006
Author: Dave Lewis
May 31, 2006 at 11:20 am · Filed under Security Mgmt
Single sign-on seems to be one of the holy grails of enterprises today. But, what a lot of companies do is to rush in without reading the fine print. This is something that I have seen first hand in several corporations and now RSA Security has released research to back this up. To say nothing of the fact that RSA has an SSO of their own, but, a lot of companies buy solutions for ease without asking the right questions. And this can be best illustrated by purchases that do not encrypt passwords well, if at all.
However, RSA raised concerns that only 11 per cent of organisations using enterprise single sign-on combine the system with strong authentication.”Password resets continue to demand considerable IT resources which are purely a cost centre for UK businesses,” said Tim Pickard, a spokesman at RSA. “However, businesses also need to be mindful of the security implications.”
In a tangent to this, I have seen network monitoring software such as Halcyon that’s not centrally managed and the agent username and password are in CLEAR text. In this day and age is there any excuse for this behaviour?
Article Link
Tags: Single Sign On, Passwords, SSO, Security Threat
Author: Dave Lewis
May 31, 2006 at 7:02 am · Filed under Malware
The Redmond clan is set to release their “OneCare” offering on Thursday. But, will anyone care?
OneCare combines antivirus, anti-spyware and firewall software with back-up features and several tune-up tools for Windows PCs. The product will be sold in the US starting on Thursday, Microsoft said on Tuesday. The company plans to expand to international markets in the coming 12 months, it said.
Article Link
Tags: Microsoft, OneCare, Microsoft OneCare, Windows OnCare, Spyware, Antivirus
Author: Dave Lewis
May 30, 2006 at 9:32 pm · Filed under Exploit, Vulnerability
OK, I know from my own shop there is some confusion on the Symantec vulnerability. I have previously written about this. The lads at ISC attempt to clear this up.
The latest patches from Symantec are causing quite a bit of confusion. To reiterate again what Kevin wrote in his diary (http://isc.sans.org/diary.php?storyid=1368):*ALL* versions of 10.0.x and 10.1.x of Symantec Antivirus Corporate Edition and 3.0.x and 3.1.x of Symantec Client Security seem to be vulnerable.
Symantec Antivirus Corporate Edition version 8.x and 9.x seem to be ok.
Symantec released 4 patches for each product (http://www.symantec.com/avcenter/security/Content/2006.05.25.html):
Symantec Antivirus Corporate Edition
10.1.0.394 -> 10.1.0.396 (there’s a typo here on their web, it’s not version 3)
10.1.0.400 -> 10.1.0.401
10.0.2.2010 -> 10.0.2.2011
10.0.2.2020 -> 10.0.2.2021
Symantec Client Security
3.1.0.394 -> 3.1.0.396
3.1.0.400 -> 3.1.0.401
3.0.2.2010 -> 3.0.2.2011
3.0.2.2020 -> 3.0.2.2021
Now, if you are running *ANY* other version that is affected, you will have to first upgrade to one of the versions that have the patch out and then install the patch. I hope this will clear the confusion.
There seem to be some mitigations to the problem though. As eEye stated, this is a remotely exploitable vulnerability. Symantec Antivirus Corporate Edition, when in managed mode, will have the service Rtvscan.exe listening on TCP port 2967. In case that your host based firewall is configured to block access to this port (effectively meaning that you can’t manage the client from the centralized server, at least not until the client connects to it) you should be ok.
On our test machine, the unmanaged installation of Symantec Antivirus Corporate Edition didn’t have any listeners so it looks like it’s safe, at least from a remote exploit over the network (patch in any case!).
Article Link
Tags: Symantec, eEye, Remote Exploit, Exploit, Vulnerability
Author: Dave Lewis
May 30, 2006 at 7:35 pm · Filed under Firewalls
Well, seeing as how this is right up the alley here at Liquidmatrix.org I thought I would share it with the readers. Engadget has a piece on how to build a network firewall. Enjoy.
Network appliances don’t always offer all the firewalling features a user needs — you know, the advanced port blocking and security procedures we’d like to keep our little home network fiefdoms secure. In today’s How-To we’ll show you how to build a firewall out of an old PC with a live Linux CD and some spare ethernet cards. It’s the perfect use for that machine with the dead hard drive (or no hard drive at all).
For this How-To you’ll need:
* A suitable PC, with a CD-ROM and USB port - we suggest a Pentium II
* At least two Ethernet ports (onboard + a second card or similar)
* A blank CD-R to burn the system CD
* USB thumb drive, floppy disk or hard drive.
…and of course a pound of advil and super absorbant paper towels. You’ll know when it happens.
Article Link
Tags: Engadget, Network Firewall, Firewall, How to, Linux
Author: Dave Lewis
May 30, 2006 at 5:42 pm · Filed under Malware
We all scan for virus, block spam emails, put locks on the doors and shred papers. But, who among you is scanning for rootkits? This is a problem that is rapidly outstripping virus outbreaks as the number one problem. There are handy free one off tools to look for them such as Root Kit Revealer over on Sysinternals. As well there is the Blacklight product from F-Secure. Jon Ostik has a brief write up about this on CNet. So these are just a couple of tools. What are people out there using?
Article Link
Tags: Rootkits, Malware, SANS, Trojans, Spyware, Worms, Viruses
Author: Dave Lewis
May 30, 2006 at 2:55 pm · Filed under Humour, Privacy
This is hilarious! Apparently, Target is selling doormats that read:
J posed an interesting question. Would that constitute probable cause in the US? Ah, If only they delivered to Canada.
Link
Tags: Warrant, Search Warrant, Doormat, Humor, Humour
Author: Dave Lewis
May 30, 2006 at 2:49 pm · Filed under Privacy
The Canadian Privacy Commissioner, Jennifer Stoddart, wants more power. In her annual report to Parliament today she promised that her office will ride into battle with a flaming sword of justice.
“We are considering seeking amendments that would give the privacy commissioner the discretion to visit private sector entities and review their privacy management framework and practices,” said the report, adding that this power could be used “even when a privacy breach has not become public.”
The Personal Information Protection and Electronic Documents Act (PIPEDA) has no teeth. Stoddart is looking to change that perception.
So, now where will I get my random faxes from chartered financial institutions? 
Article Link
Author: Dave Lewis
May 30, 2006 at 2:16 pm · Filed under Crypto
Here’s a very cool extension for Gmail in your Firefox browser. This will allow you to encrypt your email, gmail that is.
Originally I planned on using the Solitaire encryption algorithm devised by Bruce Schneier for the book, Cryptonomicon, written by Neal Stephenson. (As an aside, I heartily recommend this book.) However, this method has a couple of drawbacks when used to exchange regular emails rather than keeping spies safe in hostile territory.
* You need to exchange the keys and deck in some secure manner prior to sending the emails.
* It will require a separate deck and key to be kept safe for each person you correspond with in an encrypted fashion.
* Going back and decrypting old emails will require you to keep versions of the deck saved with each email. This is not only tiresome, but can probably be used by an attacker to break your encryption.
Article Link
Tags: Gmail, Gmail Encrypt, Email Encryption, Google
Author: Dave Lewis
May 30, 2006 at 12:52 pm · Filed under Web Security
The security standards within the Web Services Framework (WSF) have made significant progress, and a wide variety of products support Web Services Security (WS-S), the foundation of the WS-* security architecture. But Diana Kelley, a senior analyst at Burton Group, has a caveat: “Just because the standards are on track doesn’t mean we’ve solved all the problems. Organizations still have a lot to think about.”
Since security is frequently an afterthought, the fact that security standards are being hammered out early in the Web services and SOA deployment stage is promising, Kelly said, but she stressed that standards are only one part of a security strategy.
Article Link
Tags: Web Services Framework, WSF, SOA, Web Service
Author: Dave Lewis
May 30, 2006 at 12:26 pm · Filed under News
McAfee has found itself back in the headlines again. This time it’s not nearly as rosey. With their SEC woes fresh in mind this stings a little. They have had to fire their general counsel, Kent Roberts. It was discovered that he had been in a stock option grant ugliness. The case involving Roberts apparently stems from activity in 2000.
It said its audit committee is continuing a review of other option granting practices and has retained an independent counsel, adding that it is in communication with the U.S. Securities and Exchange Commission and the Justice Department.
Article Link
Tags: McAfee, General Counsel, Security, Security Software, SEC, DOJ
Next entries »
Explore
Security Bloggers Network
