I spoke with Ryan Narine last night about my ethical obligations towards shutting down botnets if I had, or had somehow obtained, the power to. I basically equated the prospect to “vigilante justice” and took the moral high-ground on the topic. I don’t believe that individuals should be solving this issue on their own. Ryan mentioned that we’ve been doing the exact same thing for years and botnets are worse than ever (paraphrasing). Regardless, we, as private citizens, do not have the right to invade others privacy to do what we think is best for them. My quote from the article:
Andrew Hay, product manager at Q1 Labs, a network security management company, said the concept of tampering with a user’s machine without consent, even if it’s to remove malicious software, is “ethically questionable.”
“I couldn’t in good conscience send any command to a machine without the user’s knowledge and approval,” Hay said. “Ethically speaking, we just can’t make that decision regardless of if it’s right or whether it’s the best thing to do for the good of the Internet.”
The full article can be seen online here (my part is the last two paragraphs on the second page).
What do you foresee as the next “great-awakening” for network security? Will it be a breach of the national power grid? Perhaps a horrible botnet, worm, or virus infestation/outbreak? What about a surge in browser threats for desktops or mobile phones? Maybe even a disclosed national security breach by a foreign power?
Please fill out the following survey (coordinated by Q1 Labs) to indicate what you think is next on the horizon – http://www.surveymonkey.com/s.aspx?sm=16FAHPNF3sHKXczECIGNaQ_3d_3d
Ugh….I haven’t had a case of the flu like this for years. I’m finally over it (I think) and hopefully things will be getting back to normal soon.
Here is the list:
PHPIDS – Security Layer & Intrusion Detection for PHP Based Web Applications – This is an interesting tool that I haven’t heard about until today.
PHPIDS (PHP-Intrusion Detection System) is a simple to use, well structured, fast and state-of-the-art security layer for your PHP based web application. The IDS neither strips, sanitizes nor filters any malicious input, it simply recognizes when an attacker tries to break your site and reacts in exactly the way you want it to. Based on a set of approved and heavily tested filter rules any attack is given a numerical impact rating which makes it easy to decide what kind of action should follow the hacking attempt.
From the SANS Information Security Reading Room:
Enterprise Security 2008 Learning Guide – Good collection of articles to check out.
2008 won’t just be a year of the same old network, application and compliance issues. New malware has hit the scene, cyberterrorist attacks have become more common, and virtualization technology has presented different enterprise network security challenges. Mike Chapple, Michael Cobb, Joel Dubin, Mike Rothman and Ed Skoudis explore various information security areas and point out the new threats that every organization needs to be ready for.
More on Hating Agents – Everyone hates them but they are required – no, not lawyers….I’m talking about log agents. Anton lists some good pros and cons for leveraging an agent to get you your logs.
I responded to a question about using agents for log collection on a mailing list (semi-public); I think this content also begs to be blogged.
Password Cracking Wordlists and Tools for Brute Forcing – Ever want to find a good word list for your audits?
I quite often get people asking me where to get Wordlists, after all brute forcing and password cracking often relies on the quality of your word list.
Do note there are also various tools to generate wordlists for brute forcing based on information gathered such as documents and web pages (such as Wyd – password profiling tool) These are useful resources that can add unique words that you might not have if your generic lists.
Also add all the company related words you can and if possible use industry specific word lists (chemical names for a lab, medical terms for a hospital etc).
Is the mobile malware threat overblown? – Overblown…maybe. Under-exploited…possibly. Not receiving the amount of attention it deserves…definitely!
The trouble for some IT pros is that security experts have been warning of growing mobile phone attacks for more than three years and the big event has yet to materialize.
Does this mean the mobile phone threat has been overblown all this time, over-hyped by security vendors generating FUD to sell new products? Not exactly.
True, enterprises continue to experience little by way of mobile phone attacks. But that’s only because companies are still limiting the functionality of such devices among employees. Just about everyone uses cell phones with Internet capabilities these days. But in the working world, use of the devices are still limited to making phone calls and checking email.
New Docs at SWGDE – Some new docs on forensics. Thanks Harlan.
The Scientific Working Group on Digital Evidence (SWGDE) has released some new documents, the most notable of which are the Vista Technical Notes, and the document on “Live Capture”.
Could computer forensics help your organisation? – Umm…ya?
Forensics is not yet a mainstream field and descriptions and definitions vary. Yet how do organisations integrate incident response, breach handling and forensic examination into a security strategy? That security strategy should be defined by policies and procedures to minimise security risk at the lowest cost and least disruption. It is a major challenge facing many CIOs…
Scary concept: Friendly worms – If this ever became a reality, which I doubt it will, how long would you expect it would take before someone exploited the updating and transport mechanism to “do evil”?
This isn’t a new idea, the concept of creating worms that patch your computer when you catch them. There are even some malware out there now that patches vulnerabilities on systems to make sure other worms can’t exploit the same vulnerabilities. But the problem is, if both beneficial and malign software show the same basic behavior patterns, how do you differentiate between the two? And what’s to stop the worm from being mutated once it’s started, since bad guys will be able to capture the worms and possibly subverting their programs.
SQL Injection Tutorial Now Available! – Very cool. Good for Oracle in taking a step to help people secure their product and applications.
By taking this self-study tutorial, you can arm yourself with techniques and tools to strengthen your code and applications against these attacks. This tutorial employs text and diagrams to present concepts, design issues, coding standards, processes, and tools. Flash-based demos and simulations allow you to visualize what you have learned, and assessment quizzes help you gauge your learning progress.