Saturday, October 11, 2008

Meanwhile, in security news

Just because Ike rolled in and tossed the upper Texas Gulf Coast like dice in a back-alley craps game, it doesn’t mean that the world of computer security (or insecurity for that matter) has been standing still.

@ Windows Incident Response Blog

Harlan Carvey systems forensics author has been hard at work keeping us informed and updated with a number of great posts over at his Windows Incident Response blog:

PlainSight – Introduces PlainSight which is a Live CD format to boot and collect information by examiners.  It contains a number of basic tools to get forensic beginners on the right path to understanding and using them.

@ SANS ISC Handlers Diary

Never a dull moment or read there.

@ Microsoft Threat Research and Response Blog

Yes. Microsoft does do some good and informative work in malware research.

@ Wise Words and Counsel

Yeah.  I couldn’t come up something catchier.  But then again, these are not to be passed up.

TinyApps.Org Blog : Free stand-alone antimalware app from Kaspersky – REALLY awesome standalone a/v-antimalware scanner that Miles found.  I’ve got a follow-up post on this getting this one set up to use as well as a couple more tools in this class. Stay tuned to GSD!

Dancho Danchev’s Blog - Mind Streams of Information Security Knowledge: The Commercialization of Anti Debugging Tactics in Malware – Long tile, good post.  Wonderfully well-written post that covers how malware writers are responding to attempts to anti-reverse engineer their malware as well as the business behind those fuzzing efforts.

Helix3 – Live CD used for forensic examinations of systems got a major update last month (Helix 2008R1 (2.0).  Really a neat tool and one I have long-carried in my CD case.  Good whitepapers on their site as well on how to use their tool effectively.  One other things I’ve loved Helix for is that their disk not only has a Live CD boot side, but also a cool Windows “auto-run” menu side with additional tools to use on a running Windows system.  Their “User Manual” runs an astounding 339 pages long in high-detail.  Amazing support for an open-source project.

[IN]Secure Issue 18 – has been released (PDF).  Always a great read for security folks and system administrators.

  • Network and information security in Europe today
  • Browser security: bolt it on, then build it in
  • Passive network security analysis with NetworkMiner
  • Lynis - an introduction to UNIX system auditing
  • Windows driver vulnerabilities: the METHOD_NEITHER odyssey
  • Removing software armoring from executables
  • Insecurities in privacy protection software
  • Compliance does not equal security but it's a good start
  • Secure web application development
  • The insider threat
  • Web application security: risky business?

Forensic Time Dilatation « Didier Stevens – Didier draws our attention to a small problem with getting accurate timestamp data from forensic examinations.  In summary “ if you compile or interpret forensic reports, take particular care to avoid the pitfalls of timestamps. Take into account desynchronized clocks, clock drift, time-zones and time unit resolution.”

Matasano Chargen » Detecting Anonymizing Proxies – Nicely written and illustrated article on methods to attack anonymizing proxies to get information on IP sourcing and potential back-tracking to the “true” IP address.  Links to additional presentations by others on the subject are also included in the post.  While challenging, figuring out who and where someone is who is using an anonymizing proxy isn’t necessarily impossible.



1 comment:

Anonymous said...

Claus,the portable app Historian from Gaijin does indeed look like it could be quite useful. However, I must confess my ignorance in trying to figure it out. Even with English enabled on their site, I evidently don't have the language skills to understand this little tool. If you have any hints on Historian, I'm all ears. Anyways, thanks for finding these internet gems.