NI3

HoneyMonkeys

Dann — Tue, 20 May 2008 16:50:26 +0000

I am at Microsoft this week for my company’s annual executive briefing. One of the first presentations this morning was from Microsoft Research. We learned about HoneyMonkeys. Honey Monkeys are the active equivalent of Honey Pots. Read What Is Strider HoneyMonkey?

Passwords via Email?

Dann — Wed, 05 Sep 2007 13:46:52 +0000

What’s wrong with this statement: “…the instruction email you receive will contain a password unique to each person to maintain anonymity.” Unique passwords via email equals anonymity? Right.

Posting from: Home

Seagate Announces A Drive With Independent Hardware Encryption

Dann — Tue, 07 Nov 2006 19:56:08 +0000

A nice one from Bruce.

Vista Vulnerabilities?

Dann — Wed, 25 Oct 2006 05:07:10 +0000

I wonder what Nessus would yield when run against Vista RC2? I think I just found a project for my next flight. I’ll have to build a Fedora/Nessus VM for this, put the Vista RC2 and Fedora/Nessus VM on a virtual switch, and scan away. Looks like I’ll need a larger portable drive to carry with me. One more VM and my 100GB portable Seagate is full.

Cracking WPA Keys with Aircrack

Dann — Mon, 13 Mar 2006 19:35:13 +0000

I received an interesting email from my brother in-law today asking me if Aircrack could crack WPA keys. I sent him this link to a how-to tutorial hosted on Wiretapped. It illustrated cracking WPA keys in 10 easy steps in less than 10 minutes. This is why WEP, WPA, and other wireless security protocols should never be used without some type of host identification mechanism.

Microsoft’s Patch Production Machine

Dann — Thu, 26 Jan 2006 17:10:46 +0000

“A Time to Patch,” by Brian Krebs over on the Washington Post blogs is an interesting historical look at Microsoft’s patch production history. Why is it so difficult for a company like Microsoft to develop a consistent history around patch production? It is due to the volatile nature of the interactions between people involved in identifying vulnerability and then producing a patch. Vulnerability identification and patching has nothing to do with software. Software is simply the output of a set of complex communications between many people, but all originating from a single person or a very small organization.

IM Security

Dann — Tue, 06 Sep 2005 23:27:07 +0000

This is a very interesting piece on instant messaging security, or lack thereof. A little dated, but directly tied to an article on IMlogic’s Real-Time Threat Protection system. I wonder if there is an open source equivalent to this?

Question: Antivirus Defintions Upper Limit

Dann — Mon, 25 Apr 2005 21:06:54 +0000

At what point are there too many virus definitions for a machine to effectively scan filesystems in realtime? At what point are there too many virus definitions for a machine to effectively scan a filesystem in 24 hours? I would constrain these measurements within a single cycle of Moore’s Law. Does anyone know of any studies that have taken a look at these questions or would contain references to these questions?

Security Incident Update

Dann — Tue, 12 Apr 2005 23:37:11 +0000

It looks like we got hit by this. This is a particularly nasty one. We had one location almost obliterated by this nasty little creature. Our team stopped this thing dead in its tracks, for now, by setting up an Active Directory GPO to prevent the execution of the worm EXE. This saga isn’t over, yet. Most antivirus vendors don’t have definition files for this leech, so we’ve been working with Symantec, McAfee, and TrendMicro to feed them information to produce the definition files. It’s been a really long week.

Security Incident Response Management

Dann — Tue, 12 Apr 2005 15:14:11 +0000

Over the last 24 hours we have been responding a security incident at one of our hub offices. The processes and procedures that have been used have been disjointed at best, but primarily adhoc, which is not good. We’ve got some fundamental gaps in security operations we are looking to close.