Security Tools News & Tips

I’ve switched to a Mac last year. I’m glad that I did it, and there’s no looking back now. I think security is the main reason MS Windows will never be my primary machine again. To be specific it’s virus/malware/spyware. And the main reason I’ll never give up my Mac as a primary machine is because it’s much more stable, secure and cool. Although, Ubuntu might change that someday. Lets see…

Chief at IT Toolbox has a nice post on the reasons Why Security Pros Use Macs.

Security professionals need not hide behind the argument that avoiding Microsoft Products is the end-all solution to a secure computing environment. Security Professionals have much better reasons, and those were amplified when I talked to other folks at CEIC 2007 over the last few days. I was astounded at the number of Mac laptops that were present. It was easily twice the number from last year.

• Leave a comment...(0)

• (IN)SECURE Magazine issue 11 is available for download. It’s a freely available digital security magazine discussing some of the hottest information security topics.
• One in 10 web pages laced with malware – At least one in 10 web pages are booby-trapped with malware, according to Google.
• The Pirate Bay hacked – They have got a copy of the user database. That is, your username and passwords.
• 1.4 million Chinese infected over holiday week – May vacations bring trojan avalanche for gamers and filesharers.

• Leave a comment...(0)

I locked myself in for 2 months to prepare for the CISSP (Certified Information System Security Professional) exam, and now I’m back triumphant to tell the story. Yes, I just received the Congratulations email from ISC2. I’m sharing my experience here with a hope that it might be helpful to anyone who’s preparing to take the exam. There’s no doubt that it was THE MOST difficult exam I’ve ever taken.

Let me give you a general idea about this certification. CISSP is a security certification carried out by (ISC)², which is a globally recognized, vendor neutral organization for certifying information security professionals. To pass the CISSP exam you’ll have to be competent in 10 Domains of the Common Body of Knowledge (CBK):

• Access Control
• Application Security
• Business Continuity and Disaster Recovery Planning
• Cryptography
• Information Security and Risk Management
• Legal, Regulations, Compliance and Investigations
• Operations Security
• Physical (Environmental) Security
• Security Architecture and Design
• Telecommunications and Network Security

To qualify to sit for the exams you need to:

Subscribe to the (ISC)² Code of Ethics.
Have a minimum of four years of direct full-time security professional work experience in one or more of the ten domains of the (ISC)² CISSP® CBK® or three years of direct full-time security professional work experience in one or more of the ten domains of the CISSP® CBK® with a college degree. Additionally, a Master’s Degree in Information Security from a National Center of Excellence can substitute for one year toward the four-year requirement.

Update: Effective 1 October 2007, professional work experience requirements for the CISSP will increase from four to five years, and direct full-time security professional work experience will be required in two or more of the ten CISSP CBK domains. A new endorsement policy will also be in effect, requiring anyone who passes a CISSP, CAP, or SSCP exam to have their qualifications endorsed by another (ISC)² credential holder. These changes will not affect those who sit for an examination on or before 30 September 2007. For more information, please refer to the Experience Requirement Change FAQs.

The exam itself is 6 hours long, with 250 questions based on the 10 domains. 25 out of 250 questions are for research, but you’ll have to answer all of them, and there’s no way of knowing which one is which. So, 225 questions will be scored, and you’ll have to get 700 out of a possible 1000 points on the grading scale to pass. Different questions carry different weight (marks) and there’s no way to know which question carries how much marks. As of writing this, the exam costs US$ 499 if you register 16 days ahead of exam date or US$ 599 if you register later.

• Continue reading or Leave a comment...(0)

Password is the weakest form of authentication and if you’re using one of the 10 Most Commonly Used Passwords Online, you should immediately change it.

1. password
2. 123456
3. qwerty
4. abc123
5. letmein
6. monkey
7. myspace1
8. password1
9. blink182
10. (your first name)

• Leave a comment...(0)

• What to Do When Your Security’s Breached – You’ve got a full-blown security incident on your hands. What are you going to do about it?
• How I’d Hack Your Weak Passwords – If you invited me to try and crack your password, you know the one that you use over and over for like every web page you visit, how many guesses would it take before I got it?
• Wireless LAN security myths that won’t die – Since it has been two years, I’m going to update the information with more defined categories and better explain why they’re so bad from an ROI (return on investment) and security perspective.

• Leave a comment...(1)

• Top 12 OS X Tiger Security Issues – Top security issues with Mac OS X and tips on how to plug them.
• Tracking Back The Trackback Spam – Interesting ways to detect the Trackback Spam.
• Surprise, Microsoft Listed as Most Secure OS - Symantec in its latest research report that when it comes to widely-used operating systems, Microsoft is doing better overall than its leading commercial competitors. Real Surprise here.
• Man hijacks 90 eBay accounts – An Australian man pleaded guilty to breaking into eBay and a local bank to steal AU$42,000 (about $34,000), in a case that demonstrates the problem of account takeovers on the auction site.

• Leave a comment...(1)

• Vista less secure than XP – Security company Kaspersky claims that Vista’s User Account Control (UAC), the system of user privileges that can be used to restrict users’ administrative rights, will be so annoying that users will disable it. Without UAC, Vista will be less secure than Windows XP SP2.
• Microsoft shipped OneCare unfinished? – “OneCare is a new product–they shouldn’t have rolled it out when they did, but they’re fixing the problems now,” Arno Edelmann, Microsoft’s European business security product manager, told CNET News.com sister site ZDNet UK last week.
• ‘Surge’ in hijacked PC networks – The number of computers hijacked by malicious hackers to send out spam and viruses has grown almost 30% in the last year, according to a survey.
• OFFICIAL ANNOUNCEMENT: April 2007 is the Month of Myspace Bugs, Yuss! – Myspace is important, in that there are a bazillion users and a kajillion dollars involved.
• How the NSA Secures Their Computers for Each OS – NSA has developed and distributed configuration guidance for operating systems. These guides are currently being used throughout the government and by numerous entities as a security baseline their systems.

• Leave a comment...(1)

Apple issued a security update for its Mac OS X to plug 45 security holes. This update includes OS fixes, and other application fixes including Disk Images, Networking, and ImageIO. Mac users are advised to update their system as soon as possible. Here’s more about the Mac OS X 10.4.9 Update (delta) and about the security content of Mac OS X 10.4.9 and Security Update 2007-003

• Leave a comment...(1)

• Dive Into Intrusion Detection – What is intrusion detection, what motivates attackers, the issues you need to protect from, when is intrusion detection needed, how do they work and list of some popular intrusion detection tools.
• Network pros share their favorite freeware – 7 Freewares used by professionals to manage their network.
• Microsoft WGA phones home – If the user clicks the close button to cancel the installation of this WGA, Windows sends some information back to Microsoft over the wires.
• Bug may expose encrypted e-mail – Bug in GnuPG and GPGME can expose some encrypted email.

• Leave a comment...(0)

I came across an excellent series of papers in TAZ Forum that takes an in-depth look at hacking, it puts you in the shoes of an attacker and allows you to understand how the attacks work. Understanding the attacks and actual steps taken by an attacker is very helpful because it gives us the necessary insight to better protect our corporate networks effectively.

2007 A Hacking Odyssey: Part One – Reconnaissance

For this chapter we will take the mindset of the Attacker and the preliminary steps he may go through to attack your IT emporium.

How does an attacker decide which organisation to target? When he has decided on the organisation how does he set about attacking it, how does he know where to go on the internet to find the specific network he wants to attack, how does he find your geographical location if he wants to wardrive you, how does he find useful information to socially engineer you, how does he find your phone number range to war dial you, how does he find your mail server?

These are just some of the things the attacker will need to know before planning any attack against you and is generically referred to as reconnaissance.

2007 A Hacking Odessey Part 2 – Network Scanning & Nmap

The second phase can be generically summed up as ‘Scanning’. To even start this phase we need of an absolute minimum one thing; an IP address. If you have not been able to glean and IP address during your reconnaissance phase, then you will need to go back and persevere with it, because until you get one you will not be able to do anything else….you can’t scan something if you don’t know where it is.

Scanning typically involves all or some of the following:

Covered in this paper:
War Driving
War Dialling
Network Mapping
Port Scanning

• Leave a comment...(0)