Tech-2 Security

Stuxnet worm

SC Magazine Full Story

American university sees $1 million stolen after banking malware intercepts controller's credentials Full Story

Its been a while since I last posted.  Been pretty busy with work which is good.  I've been playing around with a lot of new products and thought I would write this quick update. Back in the day when the only options were to configure systems via command line your average generalist would leave this type of thing to the "experts".  Now with the number of servers and workstations growing, the generalists have become more multitasking, bringing knowledge from home to the workplace and vice versa.  So what about security ?  Well this is an area in which a lot of people dabble without understanding the complexities of the task.  Just getting something working may be acceptable to get a result but not fully understanding the how and why poses the risk in security.  A GUI somewhat simplifies most tasks but an "invisible" command entered at the CLI of the same device will likely go unoticed. Everyday admins make changes to make their job easier, and often take the simp

Microsoft `s final release of Office 2010 is due next month.  Most users with 64 bit machines will dive straight in and choose to install the 64 bit version.  Before doing so, read the following Microsoft recommendations. The recommendations for which edition of Office 2010 to install are as follows: If users in your organization depend on existing extensions to Office, such as ActiveX controls, third-party add-ins, in-house solutions built on previous versions of Office, or 32-bit versions of programs that interface directly with Office, we recommend that you install 32-bit Office 2010 (the default installation) on computers that are running both 32-bit and 64-bit supported Windows operating systems. If some users in your organization are Excel expert users who work with Excel spreadsheets that are larger than 2 gigabytes (GB), they can install the 64-bit edition of Office 2010. In addition, if you have in-house solution developers, we recommend that tho

Google have been asked to hand over hard disks from their street cars for investigation by the German Authorities to find the extent of data collection from Wi-Fi hostspots . Google have not yet responded to this request.

Google are reported to be under investigation in response to Street View cars inadvertantly collecting wi-fi data from broadcasting wi-fi systems.  Cars equiped to collect street view images were incorrectly loaded with experimental wi-fi software which enabled them to collect MAC addresses and SSID`s from wi fi devices. Publicly accessible systems may also have unknowingly given up payload data as well. Google have said that they are very sorry for the error and are to employ the services of a third party to confirm that the data has been securely deleted. It is interesting that this type of event  highlights the many issues users face.  Publicly accessible "free" wi fi hot spots always seem like a useful convenient tool, ideal for a bit of web browsing maybe, however anything remotely sensitive should never be carried out over these systems as we never know who is listening both through the airwaves and on the hardwired end of the access point. Man In The Middle (MITM) snoo

I just read an article stating that the US military is looking to setup a cyber warfare division with the ability to defend and react to cyber attacks.  Although interesting reading I would have assumed that this sort of system would have been inplace already.  It obviously has a big task ahead in determining at what level they consider an attack to be taking place, when and how to respond. Presumably we are talking about a major targeted attack on military systems.  Judging by recent news coverage of NASA systems being snooped on for UFO evidence, setting decent passwords on their systems seems like a good starting point.

Another Fortinet announcement FortiGate-3950 Series Benefits (Lifted from Fortinet website) 120 Gbps firewall throughput ensures your policy enforcement won't affect network performance Modular design makes it easy for you to deploy exactly the performance you need today and in the future Advanced FortiASIC designs maximize throughput and deliver very low latency, delivering wire-speed firewall performance at 10-GbE and GbE link speeds Redundant, hot-swappable power supplies minimize single-point failures  Available FortiManager and FortiAnalyzer integration simplifies security management, reporting, and analysis while reducing operating expenses FortiGuard Subscription Services deliver automated, real-time, and up-to-date protection against security threats

Well, it's here at last. Just like the new government, Fortinet releases the all new Version 4 MR2 OS with its updated GUI. (In all fairness, it was released on April 1st but I like to leave things to settle before singing it`s praises). For those of you, like myself who have worked with Fortinet products for many years, the new GUI takes all of 5 minutes to figure out. The GUI is a major overhaul with vast improvements to the granularity of protection profiles to name but one of the many features. Under the hood there are a bunch of additonal features as well.  Too many to discuss here. For more information on the complete product range and features visit the Fortinet website. www.fortinet.com

Out of the many things that Fortine t do well, high performance for a low price tag is near the top of the list. The new 1240b has come in with performance figures so good, that consumers question the price. Features Stateful Firewall Gateway Anti-Virus Web Filter IPS Application Control Firewall Throughput 40 Gbps IPSec VPN Throughput 16 Gbps Antivirus Throughput 900 Mbps Maximum Concurrent Sessions 2,000,000 Network Interfaces 24 Hardware Accelerated Base-SFP 14 Hardware Accelerated 10/100/1000 2 Non-Accelerated 10/100/1000 For more information on the complete product range and features visit the Fortinet website. www.fortinet.com

Please excuse the basic graphic but it illustrates the point. More and more I am seeing companies implementing VMWare servers in a similar manner to the image here. They are using separate NIC`s for LAN and DMZ but essentially are hosting all DMZ and LAN servers on a single VMWare server. When challenged about this, it ultimately comes down to the cost savings etc. I am a great believer in virtualization, however not as depicted here. In my opinion DMZ guest systems should always be running on separate physical hardware to the LAN Servers (Whether VM or not). The DMZ is typically used to host servers which are internet facing and therefore by default more prone to being attacked. If a DMZ server is compromised then in a good design, the path to the internal network is through an ACL on the firewall and therefore can be controlled very strictly from a single point. If this is then deployed as per the diagram, a compromised DMZ server on the same VM architecture to the LAN severs so

I've just spent some time out watching my favourite comedy movies, the original Pink Panther films. Made over 30 years ago, these films relied on primitive effects which in my opinion made the visual jokes even better. What strikes me is the lack of technology available back in those days. No "real" computers, offices with computerless desks and everything but fancy televisions being the focal point of furnished rooms. I am old enough to remember the days without computers and the thrill of the ZX-81 computer being released, and no google to find out the answer to just about anything. So what am I going on about here.....? Well, in essence it is all about the evolving threats, how we must be open minded and keep up with what is happening around us. Security back in those days was limited to the necessity of keeping information locked up in a secure filing cabinet in a guarded room. A basic security strategy, but one which could be regarded as effective under the c

Upgrading or replacing your PS3 Hard Disk PDF (Original)

Not a very technical document, but explains the basics PDF Document

I have been doing a lot more research into the spyware issue I had and it seems to be a rogue AV trojan. Basically here are the symptoms: SYMPTOMS Constant popups warning of issues on my PC (See pics above courtesy of www.geekpolice.net) Inability yo run task manager Inability to run any installers or av software Inability to run just about any applications without errors. The warnings of rogue IP addresses attacking me were quickly rumbled after they continued after my internet connection was disconnected. Still the trojan was a real pain in the ass. Being from a security background I never fully trust a machine after it has been infected so I always rebuild as I mentioned in a previous post. CURE If you do not want to carry out a rebuild then you are going to need to be very thorough and very patient with this one. If you have other user profiles on the PC you may be able to login using a different user and then run your scanning tools from there. If not then rebooting in safe mo

I've got gateway anti-virus, anti-virus / anti-spyware software on my PC but I still got a nasty spyware bug which resulted in me having to do a rebuild to get rid of it. Luckily I use Macrium Reflect (Free version) to image my C: drive, so the rebuild took all of 20 minutes. But is goes to show that with all these measures in place I still got problems. I am going to investigate the trojan/spyware and see what I can find out. Although I did a complete rebuild for my own benefit, out of all the Anti-Spyware software I tested, SuperAntiSpyware was the only one which detected and removed the problem. I have now purchased this also.

Before diving in to your infrastructure upgrade, take a step back and consider the following issues: What am I upgrading this for ? Am I worried about confidentiality of my data ? Am I worried about the integrity of my data ? Am I worried about the availability of my data ? Nothing particularly new here, but often one of more of these elements is overlooked until it is too late, or the budget has run out. We all want the best we can afford, however we need to ensure the money is spent in the right places. For example a standard company website may not be of concern when it comes to confidentiality, however availability and integrity are probably important. But out of these two which would be most important. Integrity or availability. Well if I had to spend the money on only these two areas, it would be 3 quarters of the budget on integrity and a quarter on availability. I think I would rather the site was down for a few hours than hacked but left up. Of course the minute I decide to a

Having never paid much attention to politics, this years election grabbed my attention and encouraged me to vote. But what a voting system we have. Queueing up outside a temporary portacabin only being asked my name when I entered and a worn down pencil sellotaped to a piece of string to make my mark with. Waiting 19 hours for all the counts to come in, when the simplest piece of computing technology could be used to take my vote and instantaneously creating a result for each polling station. But what of the security implications, and possible IT related issues ? Well if you ask me, putting an X on a piece of paper while only being challenged for my name, and having hundreds, if not thousands of people counting the votes in, is also fraught with potential issues...not to mention wasting my day watching the results.....come on get with the times.....

If only hacking was as much fun as it looks in the movies ! I want one of those gizmo`s which can crack any cipher by connecting it to my mobile phone. I also need to practice typing madly into a computer which displays nothing but a load of random heiroglyphics while I consume large quantities of coffee, cookies and coke.....It must be possible cause I saw it in a film...Oh and I need to make sure I can easily be bribed by an attractive busty female who would likely never be interested in me....now that bit could contain an element of fact... Hackers Movie.........Fun Movie, factually a joke...