TripleCheck Consulting Blog

The folks at the RSA conference have posted all of the key note speeches online . There are some good ones including James Bamford, Jamie and Adam from Mythbusters, and many others throughout the week.

The latest report from the Office of Auditor General of Alberta has been released this afternoon and contains several findings which point to specific deficiencies within the Government of Alberta's processes used to manage information risks and the effectiveness of their control environment. It appears that even though additions and changes to the OAG budget have affected their future plans for auditing security, they are still moving forward with their audits and recommendations related to information security in the GOA.

As expected, the conficker worm has continued it subtle updates and is using the newly acquired p2p functionality to do it. In addition it also appears to update the payload functionality and may also be actively defending itself by affecting the availability of the conficker working group site. Researchers are looking at the new code and initial analysis points to key-logger software and new protection mechanisms. I think most security professionals would serve their clients well by keeping up to date on this. UPDATE: It looks like the code is starting monetize, by installing a scamming anti-virus software package which costs you $49.99, and in some cases installing spamming relay software. There are also reports that it is set to delete itself on May 3rd (I'm skeptical about this one). Time for law enforcement to do their job and follow-the-money!

After getting through the steps required to setup a local network storage solution - I thought I would publish my steps for others that are doing the same thing. Not exactly security related but once the Solaris developers implement encryption into ZFS it will be :) The needs for the solution were simple - a network (IP) based storage solution which is both reliable, meets performance needs and doesn't break the bank. There are many people who would argue that a hardware based RAID array with it exposed through some NAS protocol would be a much easier solution to this need, but I'm intentionally trying to be cheap. The steps: 1. Hardware installation Easiest part - install SATA disks on a supported platform for OpenSolaris. No details here unless someone wants them. 2. Software installation OpenSolaris 2008.11 - 1 CD image found here . Burn the ISO, boot into the liveCD, double click on the "Install Solaris" icon on the desktop, and follow the instructions. I u

There has been so much misinformation being spread regarding what conficker will or will not do. And now that the mainstream media is picking up on the story they are repeating some of the speculation. I like to look at it in simple terms without muddling in all the technical details; All the research done suggests that the people behind conficker are intelligent, and well resourced which indicates that whatever motivation they have will be very well thought out and executed. The large amount resources used to develop and maintain conficker mean that the owners will spend large amounts of effort defending it and increasing its ability to spread efficiently. The whole circus around April 1st was the fact that the software would begin receiving new instructions, in no way did this mean that it would start acting in a more malicious way. The simple fact is that this virus could do anything it wants, and we should be prepared to handle this today or any of the other 365 days of the year