[SecurityRatty] tag: january

Monthly Blog Round-Up October 2008

Mon, 10 Nov 2008 13:35:00 +0000

As we all know, blogs are a bit "stateless" and a lot of good content gets lost since many people, sadly, only pay attention to what they see today. These monthly round-ups is an attempt to remind people of useful content from the past month!

So, here is my next monthly "Security Warrior" blog round-up of top 5 popular posts and topics.

OF COURSE, the news of my “transition” is the item #1, by far. “Change!!!” and “Qualys” posts rule the list.
Last month I posted a bunch of my presentations on logs, security, etc on the blog. “Presentation from GOVCERT.NL 2008: Log Forensics” takes one of the tops spots; and so do “Presentation on Application Logging, Done Wrong or Very Wrong” and “Presentation on Optimizing Your Logging for Insider Attack Tracking.” BTW, all the presentations are here.
Shockingly, AGAIN this month, the "Top 11 Reasons to Secure and Protect Your Logs" came up as #1 most popular post (maybe driven by my poll). BTW, see my other logging polls and my other “top 11” lists.
SIEM bashing reached a new high (eh…“low”? :-)), now that Richard is helping too; my “11 Signs That Your SIEM Is A Dog or "Raffy, You Killed SIM!" is on the top list. It is both humorous and sadly true (and backed up by other sources and here.)
Somewhat predictably, PCI compliance is obviously still all the rage: MUST-DO Logging for PCI? post was again propelled to a place in my monthly Top5 list.

See you in November.

Possibly related posts / past monthly popular blog round-ups:

Technorati Tags: blog,security,loggings,monthly

Microsofts Report Shows Vista More Secure Than XP

Wed, 05 Nov 2008 01:41:59 +0000

Microsoft’s latest security report shows that the number of new vulnerabilities found in its software was lower in first half of the year than the last half of 2007, with the Windows Vista OS proving more resistant to exploits than XP. Microsoft reported 77 vulnerabilities from January to June compared to 116 for the last six [...]

Happy (Belated) First Birthday!

Fri, 31 Oct 2008 04:27:00 +0000

.... to my ADSL application.

Last year in October a salesperson at Telkom phoned to let me know that my phone exchange supports ADSL and do I want to upgrade my line to have ADSL?

I did the maths and worked out that it would be cheaper for me to have ADSL and have the benefit of all-time-on access to the Internet.

So, I applied and a few days later my application was processed and I had an application number. It all got to the point where I had the modem connected and ready when a technical person at the exchange noticed that "no, the exchange is potentially ready for ADSL but was not, in fact, ready."

"But, good news, there is a project to upgrade the exchange to be ADSL capable. It should be done by latest end of December 2007."

That became end of January, end of February, end of April... then it jumped to end of June.

Now it is scheduled to be completed by the end of April 2009.

The way things are looking - I'll probably be celebrating the second birthday of my ADSL application this time next year... many happy returns.

Man charged in Scientology Web attack

Thu, 16 Oct 2008 20:00:00 +0000

An 18-year-old New Jersey man will plead guilty to the January online attacks that took down the Church of Scientology's Web site, federal prosecutors said Friday.

The Image Group Website Hacked Through SQL-Injection, Credit Cards Data Stolen

Mon, 13 Oct 2008 18:54:37 +0000

From January to August 2008, hackers through an SQL injection flaw were able to access names and credit or debit card information of the persons who placed orders on The Image Group e-commerce website. The Image Group (http://www.theimagegroup.net) is a firm for promotional products and corporate merchandise headquartered in Ohio. The Image Group has notified the [...]

Monthly Blog Round-Up - September 2008

Wed, 01 Oct 2008 12:19:00 +0000

So, here is my next monthly "Security Warrior" blog round-up of top 5 popular posts and topics.

Shockingly, AGAIN this month, the "Top 11 Reasons to Secure and Protect Your Logs" came up as #1 most popular post (maybe driven by my poll). BTW, see my other logging polls.
Security ROI - and its parent topic "security metrics"/"measuring security" - is definitely an ongoing HOT debate. Indeed, the old post "Security ROI Pile-Up!" takes the #2 spot this month, possibly propelled by a more recent post "Second ROI War."
Some say that "short blog posts rule", but, in reality, good, fun content is the best. Here is an example: "Dumb Luck IS a Strategy!" post makes the top list. In it, I try to explore why people still ignore security concerns even if stare people in the face...
Discussion on what you can do to soften the impact of "getting 0wned" ( "What CAN You Do?") made the top list. Good!
As before, my post "11 Signs That Your SIEM Is A Dog or "Raffy, You Killed SIM!"". It is both humorous and sadly true (and backed up by other sources)
Still burning hot is a post with my irreverent comments on a Terry Childs saga. Namely, "On Doomsaying (Terry Childs case)", "So ... Am I? Maybe I Am!" and "Admins , Good Guys or "I am NOT an Idiot!""

See you in October.

Possibly related posts / past monthly popular blog round-ups:

Technorati Tags: blog,security,loggings,monthly

Show 030 - An Interview with Ken van Wyk

Fri, 26 Sep 2008 17:23:25 +0000

On the 30th episode of The Silver Bullet Security Podcast, Gary talks with Ken van Wyk, principal and founder of KRvW Associates. Ken was the first employee of CERT and has been an active member of FIRST. Ken and Gary discuss why the discipline of computer science doesn’t learn from failure like mechanical engineering does, how we’re making steps backwards in computer security, whether focusing on web applications is a good or bad thing for software security, and Ken’s recommendation for moderately-priced red wines.

Ken’s personal page
KRvW Associates
CERT
FIRST
Secure Coding
Incident Response
SC-L mailing list
From the foreword to Secure Programming with Static Analysis - blog entry with photo of Tacoma Narrows Bridge
TJX’s stock increase since the January 2007 security breach
The Addison-Wesley Software Security Series
Barbara D’Asti wines

SDL Sessions at BlueHat

Thu, 25 Sep 2008 12:05:00 +0000

Bryan here. Last January, I wrote a post on this blog bemoaning the difficulty of making security interesting and “sexy” to developers. Applied research conferences generally place a much greater emphasis on revealing new vulnerabilities and new attack techniques, and much less emphasis on educating people on how to actually fix those vulnerabilities. I was at RSA Conference last April, and I attended a session by a very well-regarded, high-profile security researcher. He gave an eloquent and educational presentation on the dangers of a significant new attack vector, but all the prescriptive guidance he gave for dealing with the threat amounted to something like, “If you’re worried about this kind of thing, talk to your browser manufacturer.” No offense to this presenter, but if I’m going to listen to 70 minutes of discussion of a dangerous threat, I want to leave the room with a clear understanding of what I can do to solve the problem! It’s not enough just to know that the problem exists.

So, in conjunction with the BlueHat team, I am pleased to announce that the SDL team will be organizing the sessions for the second day of the fall BlueHat conference. The BlueHat SDL sessions will be laser-focused on not just describing vulnerabilities but also solving them. Every attendee should leave every presentation with a clear idea of exactly what he or she needs to do to protect themselves from the threat that was discussed during the session.

The sessions will begin, appropriately, with the topic of secure design. Danny Dhillon of EMC and the SDL team’s own Adam Shostack will each present their organization’s approach to threat modeling. As a bonus, Adam will also be demonstrating the new SDL Threat Modeling tool that you might have heard about last week.

Next up is Matt Miller, a recent and very welcome addition to the Microsoft Security Science team. Matt has a fantastic presentation on the evolution of buffer overflow attacks and on the corresponding development of overflow mitigations. From there we will switch gears to look at some managed code implementation issues: iSEC Partners’ Scott Stender and Alex Vidergar will demonstrate coding techniques to mitigate elusive concurrency vulnerabilities in web applications.

At this point we will have covered the Design and Implementation phases of the SDL; where better to go from here than Verification? One of the most important activities in the Verification phase is fuzzing, and we have a trio of security experts from the Microsoft Security Science team to talk about it. Jason Shirk, Lars Opstad, and Dave Weinstein will answer three of the most common fuzzing questions: How should I fuzz? When have I fuzzed enough? And what do I do now that I’ve fuzzed?

Finally, we will wrap up the Verification phase talks with a return appearance to BlueHat by Stach & Liu’s Vinnie Liu. Vinnie will compare different approaches to security verification – static code analysis, blackbox analysis, and manual code review – and make recommendations as to when each approach is best used.

Even if you can’t make it in to BlueHat in person, you can still watch the sessions via streaming media on TechNet. Additionally, webcast interviews with the speakers – condensed “Cliff’s Notes” versions of their full presentations – will be posted on Channel 9. And we’ll be continuing the BlueHat tradition of inviting speakers and other industry notables to guest blog about their topics and the latest security trends. More information on all of these resources will be posted here when it becomes available.

Google Moves to 3rd Party Processing - The eCrime equivalent

Tue, 23 Sep 2008 20:00:00 +0000

The numbers behind Google's processing are staggering. Indexing over one trillion URLs, the Internet search giant reported in January that it processes 20 Petabytes of data per day.

Turns out a Petabyte is 1000 Terbytes. So Google processes over 20,000 Terabytes of data per day. Supporting all of this impossibly massive data crunching is a huge network of proprietary servers and custom made storage. It's the mythical Google grid.

Google conceals the exact nature of the grid; it's one of their trade secrets.

So, what if I told you Google is abandoning its mythical, proprietary, custom-made processing and storage grid, and is moving to an off-the-shelf third party processing platform?

Any boffin would have choked on this scoop.

OK, relax. Google isn't ditching its proprietary grid. But its eCrime equivalent is certainly doing exactly that.

Monthly Blog Round-Up - August 2008

Thu, 04 Sep 2008 08:22:00 +0000

I saw this idea of a monthly blog round-up and I liked it. In general, blogs are a bit "stateless" and a lot of good content gets lost since many people, sadly, only pay attention to what they see today. This is an attempt to remind people of useful content!

So, here is my next monthly "Security Warrior" blog round-up of top 5 popular posts and topics.

In a bizarre twist of fate (maybe driven by my latest poll), the "Top 11 Reasons to Secure and Protect Your Logs" came up as #1 most popular post in August. The analysis of said log security poll is coming up tomorrow. BTW, see my other logging polls: poll #8 that covered context data for log analysis is analyzed here and a controversial Windows Log Collection Poll (which is a poll #7) and poll #6 about logs that people actually review and poll #5 about logging challenges.
Next up is my post "Log Management - Day 1," which talks about the very first thing you do when embarking on a journey to log management.
Still burning hot is a post with my irreverent comments on a Terry Childs saga. Namely, "On Doomsaying (Terry Childs case)", "So ... Am I? Maybe I Am!" and "Admins , Good Guys or "I am NOT an Idiot!""
Somewhat predictably, PCI compliance is all the rage again with 1.2 coming out soon. So, MUST-DO Logging for PCI? post was again propelled to a place in my monthly Top5 list. It discusses the fact that there is no "easy list" of what you MUST do to comply.
Finally, my post "11 Signs That Your SIEM Is A Dog or "Raffy, You Killed SIM!"". It is both humorous and sadly true (and backed up by other sources)

See you in September, when .... ah, come on! I will tell you later :-)

Possibly related posts / past monthly popular blog round-ups:

Technorati Tags: blog,security,loggings,monthly