Thursday, January 29, 2009
IEC Web Site Compromised
Taps vs Span Ports
- Taps free SPAN ports for tactical, on-demand monitoring, especially intra-switch monitoring. Many switches have only two ports capable of SPAN, and some offer only one. If you commit a SPAN port for permanent monitoring duties, and you need to reassign it for some sort of troubleshooting on a VLAN or other aspect of the traffic, you have to deny traffic to your sensor while the SPAN port is doing other work. Keep your SPAN ports free so you can do intra-switch monitoring when you need it.
- Taps provide strategic, persistent monitoring. Installing a tap means you commit to a permanent method of access to network traffic. Once the tap is installed you don't need to worry about how you are going to access network traffic again. Taps should really be part of any network deployment, especially at key points in the network.
- Selected taps do not permit injected traffic onto the monitored link. Depending on the tap you deploy, you will find that it will not be physically capable of transmitting traffic from the sensor to the monitored link. This is not true of SPAN ports. Yes, you can configure SPAN ports to not transmit traffic, and that is the norm. However, from my consulting days I can remember one location where I was told to deploy a sensor on a box with one NIC. Yes, one NIC. That meant the same NIC used for remote SSH access also connected to a switch SPAN port. Yes, I felt dirty.
- What taps see is not influenced by configuration (as is the case with SPAN ports); i.e., what you see is really what is passing on the link. This is key, yet underestimated. If you own the sensor connected to a SPAN port, but not the switch, you are at the mercy of the switch owner. If the switch owner mistakenly or intentionally configures the SPAN port to not show all the traffic it should, you may or may not discover the misconfiguration. I have seen this happen countless times. With a network tap, there's no hiding the traffic passing on the monitored link. Many shops have been surprised by what is traversing a link when the finally take a direct look at the traffic.
- Taps do not place traffic on a switch data plane, like a SPAN port does. This point is debatable. Depending on switch architecture, SPAN ports may or may not affect the switch's ability to pass traffic. By that I mean a SPAN port may not receive all traffic when the switch is loaded, because forwarding may take precedence over SPANning.
The Veterans Affairs Department has agreed to pay $20 million
Wednesday, January 28, 2009
How-to Install Snort on Ubuntu 8.10
http://baronne.mouton.co.uk/snort-on-ubuntu-server-810-intrepid-ibex/
Tuesday, January 27, 2009
Serious security alert for Monster.com and USAJobs.gov users, Sophos reports
Job websites struck by hackers once again, putting identities at risk
IT security and control firm Sophos is advising all users of careers website Monster.com and USAJobs.gov, the official job site of the US Federal Government, to change their passwords following news that both sites have been the victim of a serious hacking attack which has compromised both and usernames and passwords.
Furthermore, as research has discovered that 41 percent of people use the same password for every website they access, many Monster and USAJobs users are likely to be at risk of their accounts on other websites are at risk of being hacked. Read more...
Obama smartphone conforms to military standards
The Sectera Edge is actually a re-purposed Palm Treo 750 that has been reconfigured to send and receive wireless classified e-mail messages and attachments, as well as access Web sites on the government’s Secure IP Router Network (SIPRnet). It features a single-touch button that permits authorized users to toggle between SIPRnet and government’s non-secure network, NIPRnet. And it would allow the president to have secure voice conversations. Read more...
My personal opinion. I think L-3 guardian is much better.
http://www.l-3com.com/cs-east/ia/smeped/ie_ia_smeped.shtml
Sunday, January 25, 2009
Hoax that claims Apple CEO Steve Jobs has had a heart attack
"A widely-circulated URL which points to an image that purports to be a wired.com story about Steve Jobs health is a hack job," Wired.com said. "We won't provide the URL here but the Twitterverse quickly surmised that the item was not correct." It appears to have first been reported by Mashable.
Someone created a legitimate-looking Web page using Wired's public upload image viewer, which generates a page containing an image under a Wired logo banner, Wired.com said. The hole has been patched, the news site added. Read more...
Friday, January 23, 2009
Trojan Attack Masquerades as E-ticket notice
Jan 22, 2009 | 05:19 PM
By Tim WilsonDarkReading
Security researchers have spotted a new attack designed to fool users into thinking that airline tickets have been purchased with their credit cards.
The attack, which was first spotted as an email from Northwest Airlines, and subsequently as a message from United Airlines, is a realistic-looking "receipt" that contains an attachment bearing the name Your_ETicket.zip or eTicket.zip, according to researchers at security vendor Sophos. Read more...
Wednesday, January 21, 2009
To disclose or not to
Cheap cracks
ARIZONA MAN INDICTED FOR SELLING COUNTERFEIT SOFTWARE ON EBAY
Friday, January 16, 2009
Preemptive Blocklist and More Downadup Numbers
The number of Downadup infections are skyrocketing based on our calculations. From an estimated 2.4 million infected machines to over 8.9 million during the last four days. That's just amazing. Read more...
Wednesday, January 14, 2009
RealVNC 4.1.2 'vncviewer.exe' RFB Protocol Remote Code Execution Vulnerability
An attacker can exploit this issue to execute arbitrary code in the context of the vulnerable process. Failed exploit attempts are likely to result in denial-of-service conditions.
This issue may be related to the vulnerability discussed in BID 30499 (RealVNC 4.1.2 'vncviewer.exe' Remote Denial of Service Vulnerability).
RealVNC 4.1.2 is vulnerable; earlier versions may also be affected.
Read more...
Tuesday, January 13, 2009
Serious security vulnerability in Safari web browser reported
Monday, January 12, 2009
Mysterious credit card charge may have hit millions of users
CheckFree warns 5 million customers after hack
Friday, January 9, 2009
F-Secure Warns about a new Worm
Typical problems generated by the worm include locking network users out of their accounts. This happens because the worm tries to guess (or brute-force) network passwords, tripping the automatic lock-out of a user who has too many password failures.
more technical details
Thursday, January 8, 2009
Friendster Users Beware!!!
Wednesday, January 7, 2009
-
In 2013 Android grew to a very large number: 87%. This was its share of the global smartphone market. It also grew to an even larger one: 97...
-
Pretty neat tool for iOS devices! iVerify is an integrity validator for iOS devices capable of reliably detecting modifications such as mal...
-
ICMP TYPE NUMBERS (last updated 2008-02-13) Registries included below: - ICMP Type Numbers - Code Fields - ICMP Extension Objects Classes Th...