- July 2018
- March 2018
- January 2018
- September 2017
- August 2017
- June 2017
- May 2017
- April 2017
- January 2017
- December 2016
- August 2016
- June 2016
- May 2016
- April 2016
- March 2016
- January 2016
- October 2015
- September 2015
- January 2015
- August 2014
- May 2014
- February 2014
- December 2013
- November 2013
- October 2013
- June 2013
- February 2013
- January 2013
- October 2012
- September 2012
- August 2012
- July 2012
- April 2012
- March 2012
- February 2012
- December 2011
- November 2011
- October 2011
- September 2011
- July 2011
- May 2011
- April 2011
- February 2011
- November 2010
- October 2010
- August 2010
- July 2010
- May 2010
- March 2010
- February 2010
- December 2009
- October 2009
- August 2009
- July 2009
- May 2009
- April 2009
- March 2009
- February 2009
- December 2008
- November 2008
- October 2008
- September 2008
- June 2008
- May 2008
- April 2008
- March 2008
- February 2008
- January 2008
- August 2007
- June 2007
- May 2007
- April 2007
- March 2007
- February 2007
- January 2007
- December 2006
- November 2006
- October 2006
- August 2006
- March 2006
- February 2006
- January 2006
- October 2005
This seems to follow on from a posting I noticed a few weeks back from a Microsoft blog of Jeff Jones regarding SQL Server 2005.
So this highlights the fact that Microsoft are starting to make progress with their SDL program and Oracle don’t seem to have a handle on Security.
However this can also provide people with a false sense of security. These reports are looking specifically at the vulnerabilities of the products only e.g. MS SQL Server and Oracle. Consider the database code that your developer has created:
- Has he or she developed code with security in mind?
- Do they even know about writing secure code?
It might be very possible that your database which happens to be sitting on your SQL 2005 server is bypassed with a SQL injection.
With Windows Server 2003 SP1 or the R2 release you can install a utility called ABE or Access Based Enumeration.
ABE makes visible only those files or folders that the user has rights to access. Once you have enabled ABE, the server will not display files or folders that the user does not have the rights to access i.e. if the NTFS File/Folder permissions have been set for specific user/group access. This is very useful for most companies due to the sensitive nature of some folders.
In many cases creating the folder structure to provide a level of access for certain users/groups will lead to a highly complex and unmanageable system. So I think ABE is going to really assist both IT Admins and Management!
Finally never rely on ABE alone, always start with a strong foundation of Groups and NTFS Folder permissions and audit these settings – you might be surprised at what you find.
Details of ABE and the download can be found at Microsoft
The BBC thought it would create a Windows XP Honeypot to see what would happen.
SEVEN HOURS OF ATTACKS
36 warnings that pop-up via Windows Messenger
11 separate visits by Blaster worm
3 separate attacks by Slammer worm
1 attack aimed at Microsoft IIS Server
2-3 “port scans” seeking weak spots in Windows software
Not surprising really, I’ve heard of other stories whereby someone has installed a plain vanilla box without a firewall onto the internet and was it was owned within 20 minutes. Even if that story was not true it would most likely be owned within a few hours or at least on the same day.
Full details of story here at the BBC website.
Web 2.0 best described by the guys that coined it, O’Reilly and “What Is Web 2.0
Design Patterns and Business Models for the Next Generation of Software” website should provide you with some insight into what exactly it is.
However as with everything these days, the more cooler stuff you add, the more vulnerable it is. Which is highlighted in this article over at Help Net-Security “Top 10 Web 2.0 Attack Vectors“.
So when the powers to be come running into your office with we need to have this Web 2.0 stuff because everyone else has it! Remember the attack vectors associated with it and ensure you provide a risk assessment and if possible business case to either justify it’s usefulness vs security risk… in plain English do we really need this stuff?
No doubt in just about all cases there are going to be some components of Web 2.0 that will benefit the organisation. You probably really do need some of them and/or have no choice in the matter and you may already be using some of them.
Just don’t forget to apply the security principles to Web 2.0 that you are using on your network.
Yes I’m using Web 2.0 here by blogging 🙂
Google now has a new search tool http://code.google.com
I’m sure this may be of use to some coders and I’m also sure it’s of even greater use for the bad guys!! Many Security experts are warning about the ease of obtaining code and other information.
A great book by Johnny Long “Google Hacking for Penetration Testers” highlights the current dangers of Google. I think he might be adding a new chapter for the next edition!
How to Expand a VM Disk and merge it into the existing partition.
If you have created a VM with VMWare Workstation/Server and have since discovered you need more disk space within the VM, use the vmware-viskmanager command utility together with a partition tool, here is how I do it!!
Use the vmware-vdiskmanager command line tool to expand the current VMware disk file. Your virtual disk file may look something like this “ws2003.vmdk”. Let’s say that the current disk size is 8GB and you want to make it 15GB, run the following command:
“vmware-vidiskmanager.exe -x 15GB ws2003.vmdk”
See the syntax switches from the Administration Manual or issue vmware-vdiskmanager.exe /? for more.
Once you have expanded the disk file you will need to use a disk partition tool to merge the partitions or if you are happy with a second partition simply use the Disk Manager tool from the Administration Tools in Windows XP or Windows 2000/2003.
To Merge the parition I recommend BootIT from Terrabyte – see http://www.terabyteunlimited.com/bootitng.html for more details.
With VMWare you may be unable to see the screen once booting into BootIT, this problem can occur when the video adapter chipset is not supported.
To work around this issue:
- First try reversing the VESA Video option when you create the installation diskette (that is, if you had it enabled before, try leaving it disabled, or vice versa).
- If it still does not work, try doing the same with the Standard VGA option.
- You may need to upgrade your system BIOS and/or graphics card firmware.
Network Security Toolkit (NST v1.4.0)
This release is based on Fedora Core 4 using the Linux Kernel: 2.6.15-1.1831_FC4 or 2.6.15-1.1831_FC4smp. Many new NST WUI features and capabilities have been included with this distribution:
* Time Management – NTP, hardware clock and system clock management.
* Network Packet Capture – An enhanced NST WUI web-based front-end to the tethereal network protocol anaylzer.
* Network Packet Capture Manager – Provides a means to manage network packet capture files on a NST probe.
* An enhanced NST WUI web-based file system mounting page.
* PDF rendering for most output including network packet capture decoding.
* Enhanced directory and file viewing pages with auto refresh.
* Introduced browser session saving for many NST WUI pages.
* Add a simpilfied front-end to the NST WUI for beginner users.
* Network Monitoring – integrated the Nagios networking tool into the NST WUI.
* Better navigation and flow when using the NST WUI pages.
Most networking and security applications have been updated to their latest version.
Check out Aaron Margosis’ blog on a series he is running on LUA – Fixing “LUA bugs”, Part I.
Bruce Schneier makes mention of an interesting phishing article. The morale of the story, just because you are connected via HTTPS/SSL and can see that trusty padlock in your browser, does not mean you are safe, right?