I have to deal with dozens of different security vendor resellers on a day to day basis. One of the things I love to do is to torture the ones that are trying to sell me the be-all-end-all 100% secure product. The problem is that as long as humans are in the mix there will, and can never be, 100% security. It’s just not going to happen. But, time and again salesmen will hit me with the buzz words of the elevator pitch. “Real time”, “HIPAA Certified”, “SOX certified” and so on. I have seriously gotten to the point with the used car salesmen of the world where I have begun a disinformation campaign. Myrcurial and I have been slipping in non-words (a la Bush) into conversations with salesguys. Our favourite and first attempt is the word “compliancy”. We take our inspiration from Stephen Colbert and his word “truthiness”. I have slipped “compliancy” into a couple of conversations and it is a marvel to watch them pick it up and add it to their lexicon of bullshit. Give it a whirl with your friendly neighbourhood snake oil purveyor.
Tags: Compliancy, Stephen Colbert, Truthiness, Security Vendors
I have had a tendency to rant and rave about some things on this blog in the past but, I should clarify some points. I’m not anti-anyone from a software/hardware perspective. I have reservations about some vendors that’s certain but, I’ve gotten past the typical whipping of the Redmond crew. Sometimes it is just too easy and I lapse into my old ways but, they do have some good products. Yes, I said it. They really do. As do Linux, Unix and Mac vendors. There is good to be had across the board as well as the bad. But, it is important to realize that the arguement of my OS is better than your OS is one of personal preference and/or business requirements.
Also, I have grumbled extensively about the whole NSA, AT&T and Narus silliness on this weblog. I fully believe that the NSA and Narus are necessary. Yup, I said that too. But, these are entities that should not be permitted to run rampant. THAT is the difference for me. Hunting bad guys/gals is a necessity but, these are powers that should never be allowed to run without safe guards. I get to do a lot of cool things in my day job but, I often hear “who’s watching the watchers”. No kidding. That is exactly why I go out of my way to make sure our auditors are permanently haunting me. This is so that I can never get the idea in my head to go off on a negative tangent.
Tags: Security Blog, Weblog, Blog, NSA, Narus, Microsoft
There are time when vulnerabilities pop up that bother me. I know for most it means patching et cetera. But, in this instance it’s a product that I particularly like. Brightmail, who was purchased by Symantec last year(ish) has been amalgamated into the Symantec Mail Security offering as well as a standalone antispam offering. It works quite well. I’ve had this one in the lab and tested it. A very nice product. But, if you use this be sure to read on and patch ‘er up. Secunia gives this one a Moderately critical rating.
Description:
Some vulnerabilities have been reported in Symantec Brightmail AntiSpam, which can be exploited by malicious people to cause a DoS (Denial of Service) and overwrite or read sensitive information.1) When installing e-mail scanners, it is possible to select an option that allows the Control Center to connect from any computer. If this option is selected, it is possible to impersonate the Control Center and cause the Brightmail AntiSpam service to stop responding by sending invalid posts.
2) Input passed in “DATABLOB-GET” and “DATABLOB-SAVE” requests is not properly sanitised. This can be exploited to overwrite or read some files on the system in combination with vulnerability #1.
Solution:
Update to version 6.0.4 or upgrade to Symantec Mail Security for SMTP 5.0.
Tags: Brightmail Vulnerability, Symantec, SMS, Antispam
Having my head firmly between my buttocks last week I managed to forget to post this one. It’s not that major but, I thought that I would make mention of this problem as there is a fairly extensive install base.
Description:
NSFocus Security Team has reported a vulnerability in various RealSecure/BlackICE products, which can be exploited by malicious people to cause a DoS (Denial of Service).
The vulnerability is caused due to an error in the detection of the MailSlot buffer overflow vulnerability (MS06-035) and can be exploited to cause an infinite loop by sending a specially crafted SMB MailSlot packet.
Successful exploitation causes the application or system to stop responding.
There is an updated XPU for this one 24.40 is the rev I believe.
Tags: ISS Realsecure, BlackIce, Vulnerability
Well, here I am onsite in Las Vegas. Almost didn’t make it past US Customs. I ran up against a grumpy SOB that had little interest in letting my in. After some verbal gymnastics he relaxed and let me by. Unreal. I’m just going to attend a conference. I’m not coming to rape the cattle and ride off on your women.
I’m sitting in my room staring out the window at the Strip. “Hilary Duff Revealed” is playing on the TV and I’m amazed that I haven’t ripped the TV off the wall and hurled it out the window. Yes, I can’t find the remote. My body is deeply confused. As far as it’s concerned it’s 2 am Monday July 31st. Reality, it’s 11 pm on Sunday the 30th. I’m so tired and so I’ll wrap this up. Black Hat has begun and I’ll be without internet access for Monday and Tuesday. But, on Wednesday when the good stuff starts being rolled out I’ll have access. I’ll be sure to post anything breaking if/when I have access. Stay tuned.
Oh, and before I forget…a big screw you goes out to Air Canada for messing up my ticket. You people suck.
Tags: Black Hat, DefCon, Las Vegas, Security Conference
I’ve crossed over into the neon jungle of Las Vegas. On my flight I had a lecture on how to gamble properly from a guy with out the common sense (insert deity) gave a mule. Did I ever mention how much I hate air travel? Convenient? Yes. Annoying as hell? Check.
Tags: Apache Fix, Faulty Updates, Black Hat Conference, US Navy Laptops, Microsoft Kernel, Google Click Fraud, Daily Links, Morning Coffee, Security Blog
Hey folks, just wanted to give you a quick headsup that the latest version of Wordpress has been released. Version 2.0.4 fixes 50(ish) potential problems with the popular blogging software.
Tags: Wordpress 2.0.4, Wordpress Vulnerability
SCADA systems control the lights, gas and water in your town to name just a few. These are systems that are running our critical infrastrucutre. These are the same systems that, historically, SCADA vendors have not taken security seriously.
The Idaho National Laboratory and the New York State Office of Cyber Security and Critical Infrastructure have teamed up with utilities and makers of distributed control system software to offer advice on how to make system security a major part of the critical infrastructure.Later this week, the group will release the latest draft of a set of guidelines for utilities and manufacturers that offers specific requirements for suppliers of supervisory control and data acquisition (SCADA) systems, SecurityFocus has learned.
Tags: SCADA Security, SCADA, Idaho, National Labratory, Tighten Security
Friday! Bloody hell, it’s been a long week. I’m happy that it’s Friday and I’m heading to Vegas tomorrow for Black Hat and Defcon (yes, I know, I’ve said that a few times). Hope to see you there.
Tags: Vista Delays, Laptop Stolen, PayPal, SCADA Security, IE7, Daily Links, Morning Coffee, Security Blog
It has not been a great week or two for Cisco. And with the impending Black Hat and Defcon conferences around the corner things are just going to get worse. Yesterday afternoon yet another Cisco vulnerability was announced. This time it was specific to their implementation of IKE or Internet Key Exchange which is susceptable to a resource exhaust attack which is basically little more than a denial of service.
The attack against the Internet Key Exchange (IKE) protocol described in the NTA Monitor advisory exploits the stateless nature of the IKE version 1 protocol. The goal of such an attack is to deplete the resources available on a device to negotiate IKE security associations, and block legitimate users from establishing a new security association.
Advisory (.pdf)
Tags: Cisco, IKE Vulnerability, IOS Software, PIX, Black Hat, Defcon
