Skip to main content


Showing posts from March, 2010

Win7/IE8 Exploit - CanSecWest - Vancouver BC, Canada

Recent trends for malware usually point to some older version of Internet Explorer running on Windows XP.  The lack of address randomization and execution protection makes it an easy target to create functioning exploits.  This years CanSecWest security conference again proves that it draws some of the brightest security researchers from around the globe. As usual Charlie Miller is there on his "no more free bugs" tour - pointing out that Apple still hasn't taken security seriously enough, and showing through 5 lines of python code ways to reliably identify 20+ exploitable bugs in very common Internet related applications.  Seriously Apple, time to implement the basics, users of your operating system are not just educated coders and security people, they are common people that like to click through stuff. More interesting though is the exploit of a fully patched IE8/Windows7 platform by   Peter Vreugdenhil .  His two step bug and exploit avoids both the ASLR, and permane

COBIT 5 - Exposure Draft

ISACA has released an exposure draft which describes the design requirements objectives for the next version of the COBIT framework.  It appears that a tighter integration with the other ISACA products will be a main focus ensuring that RiskIT and ValIT processes are tightly integrated. It will be interesting to see what feedback they get, and the release schedule for the publication.  The continuing development and release of these products keeps ISACA as one of the best professional organizations that provides good return on member dues.

skipfish - Google's Free Web Security Testing Tool

Recently, Google and  Michal Zalewski ( lcamtuf ), author of the other venerable passive web security tool ratproxy , have released a beta version of a second web application security tool, skipfish which performs very optimized security checks of well-known security issues. As stated within their own documentation the primary design goals are to be high-performance, easy to use, and employ well designed security checks.  I will be comparing this tool to several other tools including AppScan, BurpSuite, and several others, and providing some findings of my own. Thanks again Google / Michael, this type of continued support helps us and our clients find and fix vulnerabilities! Update 1: redspin has a bit of an initial writeup on it. Update 2:  Simple instructions for 10.6.2 OSX install: a)  download and unpack both skipfish and libidn . b)  ./configure and make libidn c)  select a dictionary that you want to use for bruteforcing server resources (these are used to find server resour

Anti-virus, Patching, Drugs and the Immune System

Anti-virus is a hotly debated control.  For some it is a very profitable business model, and for others it is a primary portion of their security environment.  In other circles pointing out faults and weaknesses in anti-virus controls has become a banner for a crusade.  All of this results in confusion of users who are using it to protect themselves against online threats, which makes all of us a little less secure.  I'd like to make the point that if we focused on the causes of our online illnesses, secure software development and patching, that this would go a long way to improving our trust in the online community. Anti-virus, like drugs produced by pharmaceutical companies are good at one thing, treating known conditions effecting us.  In anti-virus' case this is known malware and viruses.   These treatments are still essential at treating these conditions, and investment in new treatments is also very important. On the other hand secure coding, development practices and ra

Whitehouse Unveiling Their Cyber Security Initiatives

The Whitehouse has unveiled a report describing the specific initiatives that the US government is taking in reaction to the global cyber security threat.  These 12 initiatives, documented within the Comprehensive National Cybersecurity Initiative (CNCI)appear to be part of a well-coordinated plan championed by Howard Schmidt, the President's Cybersecurity Coordinator and include: Initiative #1. Manage the Federal Enterprise Network as a single network enterprise with Trusted Internet Connections. Initiative #2. Deploy an intrusion detection system of sensors across the Federal enterprise. Initiative #3. Pursue deployment of intrusion prevention systems across the Federal enterprise. Initiative #4: Coordinate and redirect research and development (R&D) efforts. Initiative #5. Connect current cyber ops centers to enhance situational awareness. Initiative #6. Develop and implement a government-wide cyber counterintelligence (CI) plan. Initiative #7. Increase the security of our