haxorthematrix

So, this past Monday I did some consulting work after my day job. It is in a neighborhood that is not the best, and is certainly not in a high tech area. I got out of my car, went inside, and did my work. I went home. All was well.

I went back to the same customer last night and did some more work. The owner showed up about an hour after I got there, and said "Hey, I've got something of yours.", and proceeded to hand me a 1GB USB thumbdrive. My 1GB USB thumbdrive. My UNENCRYPTED 1GB USB Thumb drive. My UNENCRYPTED 1GB USB thumbdrive with my podcast show notes, some SSH keys, and notes on a research project I was working on. The owner had found it lying in the parking lot after I had left on Monday, brought it up to his office, and plugged it in. He found the podcast show notes and knew it was mine, and kindly returned it.

Now fortunately it was found by an individual that I trust. Just think if I had been a doctor and had patient records on this, or an accountant with company financial records. Fortunately my incident was fairly low risk (and I spent the morning re-issuing SSH keys), but it certainly could have been MUCH worse.

It just goes to show that you should look at your corporate policies on how data is transmitted - not just across the internet, but on other media as well. USB Keys and portable media players have huge capacities now, which is just an easy way to lose/disclose a whole lot of data.

Learn from my mistake; review your policies, encrypt your sensitive data in transit, and evaluate the use of removable media in your environment.

...and yes, that thumbdrive is PGP encrypted now.

- L

Posted by Larry at 10:34 AM | Permalink | Comments (0)

Be VERY careful when publishing to the web, or for that matter sending sensitive data across the interent. Always inderstand the potential risks of all of the data files that you are sending, and what types of hidden data can be revealed.

- L

Slashdot Traces Hacker with News Photo

The metadata inside the photo apparently revealed when and where the photo was taken, who the photographer was and even what kind of camera was usedhttp://news.com.com/2061-10789_3-6042304.html

Posted by Larry at 11:02 AM | Permalink | Comments (0)

- L

Linux kernel 2.6 ICMP bug resulting in remote DoS, (Wed, Feb 15th)

Here we have a perfect example of how ...(more)...

Posted by Larry at 03:55 PM | Permalink | Comments (0)

In this instance, a corrupt Word .doc file could allow for arbitrary code to be run on the BES. Now with the other instances, they were for file formats that are not terribly common, but EVERYONE uses Word documents. Apparently the workaround (not the patch) involves turning off processing for .doc files in the Attachment Service of the BES. Ouch - no more Word docs for you! At least the patches for Exchange and Groupwise (Domino patches are coming) don't break the processing.

Check out the advisory from BlackBerry here.

Time to get patching your BES.

- L

blackberryWord.txt

A corrupt Microsoft Word (.doc) file opened on a BlackBerry wireless device could potentially provide a means to execute arbitrary code on the BlackBerry Attachment Service component of the BlackBerry Enterprise Server.

Posted by Larry at 11:29 AM | Permalink | Comments (0)

- L

Botnet Attack Shuts Down Hospital Network

A California man, along with two minors, are facing felony charges after unleashing a botnet in January 2005 that resulted in shutting down the network of the intensive care unit at Northwest Hospital and Medical Center in Seattle. The hospitals computers, along with up to 50,000 others across the country, were used to make over $100,000 from adware affiliate programs.

The Seattle Times has the full story.

Posted by Larry at 02:39 PM | Permalink | Comments (2)

- L

EFF issues Google Desktop warning

Configure it carefully, or forget it

Google has released a revamped version of its desktop search tool which introduces the ability to search the contents of one computer from another. Previous versions of the tool indexed files on user's PCs, but using the optional "Search Across Computers" facility in Google Desktop 3 temporarily stores text copies of searchable items on Google's own servers for up to 30 days.…

Posted by Larry at 01:25 PM | Permalink | Comments (0)

- L

Network-Monitoring Data Put to Music

StrongGlad writes "Building on the idea that people are naturally attuned to sound, the Sheridan College Institute of Technology and Advanced Learning has created software that translates network and server activity into music. And, their IT department operators can interpret the music to detect problems in the system." Talk about finding the beauty in Spam. From the article: "Last Friday, IT department operators began listening to what sounds like classical music but is actually a precise audio model of system metrics. They are trained to recognize instruments, chords, tempo and other musical elements of music as a translation of e-mail activity from 15 servers over three subnets. Every aspect of the music correlates to information. Probes detect server activity and send about 20 summaries a second to the iSIC sound engine. The data is aggregated and transformed into an audio format."

Posted by Larry at 03:48 PM | Permalink | Comments (0)

There is also some talk now that the affected WebVPN code may have also been carried over into other modules as well.

Sounds like blocking port 80 to these devices is really the only way to mitigate this issue until Cisco gets their stuff together...

- L

Cisco confirms VPN vulnerability

A vulnerability located for Cisco Systems Inc.’s 3000-series VPN concentrators running WebVPN appears to extend to all versions of the product, according to a security researcher who has been following the situation.

Posted by Larry at 03:53 PM | Permalink | Comments (0)

That meane we were most likely getting exploited before anyone even knew about it.

- L

Brief: WMF flaw was sold for $4,000

WMF flaw was sold for $4,000

Posted by Larry at 03:47 PM | Permalink | Comments (0)

- L

VMware GSX for free? I'm there!

First VMware released their VMware Player for free, now it looks like they're going to be doing the same for VMware GSX. Using GSX you can create and save a virtual machine that you can then port and use on any system with the VMware Player. Richard Bejtlich uses this technology to give aspiring (or even seasoned) IDS practitioners a chance to play with a Sguil sensor. You can also check out the Community Virtual Machine page for more downloadable VM's. This is a good opportunity to make your own virtual machines to share.

Technorati Tags: security, virtual machine

Posted by Larry at 03:45 PM | Permalink | Comments (0)