Monday, August 31, 2009

Great Cheat Sheets

x86 Intel assembly
OWASP SQL Injection Prevention
OWASP XSS Prevention
SANS Google Hacking
DDOS Incident Response
USB Device Forensics, XP
USB Device Forensics, Vista and Win7

In addition to the great Networking cheat sheets which include:
Protocols (OSPF, IPv6, BGP, EIGRP, 802.1x, IPv4 Multicast, Spanning Tree,..)
Applications (tcpdump, Wireshark Filters)
Technologies (VLAN, QoS, MPLS)
Others (Common ports, IP Access List, Subnetting, Cisco IOS versions, ...)

Saturday, August 29, 2009

Small Business Information Security, The NIST Fundamentals

NIST released a draft "Small Business Information Security: The Fundamentals " for public comment. A good reading for SMB IT.

Thursday, August 27, 2009 Mass Injection, with regional stats

The reported mass injection for almost 85K web site is not yet over, and it is increasing every day. The original post was released few days ago by ScanSafe followed by media coverage from The Register.

The injected malicious IFrame is pointing to hxxp://, with no obfuscation of any kind, with further redirection to other malicious sites.

Querying Google for infections in several countries in the region, gives the below very low numbers:
Egypt 3
Saudi Arabia 3

Using Google query again for checking the Arabic site gives 28 infections

WebsSense released more details on several exploits used.

Monday, August 24, 2009

Writing Facebook Virus

This is an interesting blog entry explaining how to write a facebook virus in 7 steps, the blogger claim that a proof of concept code is available for security researchers.

XSS vulnerabilities on many facebook applications can be easily exploited. The problem is in Facebook applications platform not a specific application problem.

Friday, August 21, 2009

Cyber Intelligence Report

Cyveillance Cyber Intelligence report is showing that AV vendors does not provide adequate protection from newly discovered malware.

Similar bad results with browser's Anti-Phishing features.

Monday, August 17, 2009

Network Solutions Data Breach

Network Solutions incident that compromised personal and financial data for over 500,000 credit and debit card holder has raised some questions regarding the security standards as it is one of the largest breaches for PCI-Compliant companies in history.

I just have 2 small points:
- All standards are not perfect.
- Standards exist to reduce the risk not eliminating it.

Friday, August 14, 2009

Twitter-based botnet

Jose Nazario, manager of security research at Arbor Networks discovered a botnet that uses twitter updates from a specific twitter account as Command and Control channel. The updates are base-64 encoded that lead to malicious short urls.

The idea of using twitter updates as a C&C channel was presented in Defcon few months ago, and a twitter-based botnet POC is available for public since then.

Now we can imagine the next step for the bad guys:
- Use Asymmetric/Symmetric keys to encrypt and sign the C&C updates
- Use same technique like domain-flux that was used in conficker, by generating hundreds of thousands of twitter accounts, and randomly go and check some of them.
- Use more than one micro blog service, like jaiku for example, already detected.
- Use blogs, or even public social media profiles to distribute commands.

I guess this will take us to the next level of botnets..... hold your breath ....

Microsoft Office Visualization Tool (OffVis)

Microsoft Office Visualization Tool (OffVis) tool is a free tool to analyze MS office docs, you can take closer look at structure and format

download it from here.

Wednesday, August 12, 2009

Netflow From Your Home ADSL Router

If you have Netgear or Linksys routers, updating the firmware with another one from DD-WRT will allow you to get flow data from these routers. it works only with routers not the gateway models, see a full list of supported hardware here.

The netflow settings in DD-WRT is called RFlow.

Monday, August 10, 2009