myNetWatchman’s SecCheck is a handy tool available as ActiveX or DOS executable. It dumps out a bunch of configuration detail from your system:
- Currently active processes
- Defined services
- Startup folder items
- Startup Registry Key contents
- Applications listening for inbound connections
- Applications with active network communications
- Active Browser Helper objects (BHOs)
- Installed ActiveX controls
- Module dump (DLLs) for all active applications
If you don’t mind trusting the executable content from myNetWatchman, it’s faster and easier than downloading a bunch of separate tools (fport, etc) to do the same thing.
Via Roland Piquepaille’s Technology Trends: iPod Imaging:
… several thousands of doctors are using the free OsiriX software to manage their medical images on their iPods and Macintoshes …
It’s an interesting route-around of the usual IT solutions (which offer not enough space and are less convenient). My cursory inspection of all the linked-to articles and software documentation shows zero discussion of privacy, security, and HIPAA — yet. Is sending a medical image via iChat secure enough?
Two hoary protocols get even more final nails driven into them:
Government Uses Color Laser Printer Technology to Track Documents:
Next time you make a printout from your color laser printer, shine an LED flashlight beam on it and examine it closely with a magnifying glass. You might be able to see the small, scattered yellow dots printer there that could be used to trace the document back to you.
According to experts, several printer companies quietly encode the serial number and the manufacturing code of their color laser printers and color copiers on every document those machines produce. Governments, including the United States, already use the hidden markings to track counterfeiters.
Peter Crean, a senior research fellow at Xerox, says his company’s laser printers, copiers and multifunction workstations, such as its WorkCentre Pro series, put the “serial number of each machine coded in little yellow dots” in every printout. The millimeter-sized dots appear about every inch on a page, nestled within the printed words and margins.
“It’s a trail back to you, like a license plate,” Crean says.
Maximillian Dornseif’s Red Team: FireWire round-up has several links on using Firewire (IEEE 1394, Sony i.Link) to access physical memory, without any software cooperation from the target host. He just presented at the PacSec/core04 conference. He publishes sample code. He points out that this could be very useful for forensic analysis of live systems. He demonstrates how the technique can be used for privilege escalation or spying. He points to several security advisories that arose out of this discussion.
Looking for needles in enormous bulky repetitive haystacks? Many logfile reduction programs require investment in tuning and tweaking. In contrast,
SLCT, the Simple Logfile Clustering Tool is useful right out of the box, with no tuning for specific logfile formats; it figures things out on its own. I was going write something just like it (a generalization of previous logfile reducers I have done), now I can instead plan on improving on something that’s already pretty darned good (and fast and memory-conserving too).
[via the handy site LogAnalysis.Org]
Paul Vixie shares his Thoughts About “Protection Against BIND”, in which he reacts to the latest SANS Top 20 Vulnerabilities List, pointing out that there are no recent exploits, some of the configuration advice is lame or worse, and dDoS attacks on otherwise secure software is not a “vulnerability”. While the SANS Top 10 and Top 20 lists have always been useful awareness tools and helpful basic guidance, there is always a tendency in a complex field for consensus guidance to turn to overgeneralized mush. Intelligent criticism like this is a good thing.
I happened across web site of Victor Yodaiken who had some piquant remarks on security (“Someone made serious money from construction of the Maginot line.”) and the Common Criteria (giving a beautifully clear example of how they might be translated into plain acronym-free English). Now if only he published an RSS feed; I don’t know of a currently-open public scraper (myRSS is not accepting new feed requests).
So a full install of a Red Hat Enterprise Linux 3 box that was connected to the internet in November 2003 even without the firewall and without receiving updates would still remain uncompromised (and still running) to this day.
It’s not to say that a RHEL3 user couldn’t get compromised - but that’s not the point of the survivability statistuc. In order to get compromised, a user would have to have either enabled anonymous rsync, SWAT, or be running an open CVS server, none of which are default or common. Or a user would have to take some action like visiting a malicious web site or receiving and opening a malicious email.
You are currently browsing the archives for the security category.
