Security Blog 

Blogger Broken
This blog is now inactive thanks to Blogger publishing functionality clashing with my host.
I'm actually posting this manually! Leaving the archives up for search.

Please subscribe to my 2 other blogs for a mix of security and tech news.

how radical

SliceHost - Built for Developers


Cool tool - cutter
Came across a cool tool today for Linux firewall admins: cutter. Heard of it? It allows you to "cut" internet connections on a firewall. Something like:

# cutter 3400

That kills all network connections from using port 3400. A simple tool, but something I could use several times a week. Link - via digg.

On an unrelated note, I hope to transition this feed over to the main site, under a specific article category. I recommend subscribing to the new feed now so you don't miss the switch.


Cell phone tracking
This report seems to be generating a lot of buzz, I'm not sure why. I guess most don't understand the cellular infrastructure enough to know this has been going on for years. Certainly real time tracking is possible, but I'd be more curious to see the log retention policies of the large wireless companies. Since most people leave their cells on 24/7 (thanks to extended batteries), it's quite possible that a company w/ a 6 or 12 month archive could create an amazingly accurate map of your life. I'll have to research the technical aspects of the 3rd generation wireless rollouts happening now (EVDO, EDGE, etc) - but my initial guess would be that these require more towers creating a denser coverage map. This increase certainly generates an even more accurate tracking model.


New site and podcast
Hey all - it's been a while. In case you didn't notice, we redesigned the main site. I'm not sure how this will affect the security blog just yet, I might move the feed over to the new site based on sections - we shall see. But I'll post any changes here. Please check it out. Also - starting a new feature: podcasts. The first episode of Taming Tech deals with content management systems, but security themed episodes are forthcoming. Check it out!


Sony rootkit thoughts
Bruce Schneier nails the Sony rootkit story. I didn't pay much attention to it, because I haven't purchased a CD in close to 2 years (thanks iTunes). But I skimmed the news stories coming out and each time my jaw dropped a little further: 500k machines infected including government boxes, cloaking software, Sony's CEO making silly statements... But the real story, as Bruce Schneier points out - why the hell didn't any Antivirus software (or IDS for that matter), detect this software sooner? We are collectively paying these companies billions of dollars for what?

What do you think of your antivirus company, the one that didn't notice Sony's rootkit as it infected half a million computers? And this isn't one of those lightning-fast internet worms; this one has been spreading since mid-2004. Because it spread through infected CDs, not through internet connections, they didn't notice? This is exactly the kind of thing we're paying those companies to detect -- especially because the rootkit was phoning home.

But much worse than not detecting it before Russinovich's discovery was the deafening silence that followed. When a new piece of malware is found, security companies fall over themselves to clean our computers and inoculate our networks. Not in this case.

Thanks Bruce, for shining a light on the overlooked aspect of the Sony story. It's really making me rethink our industry's so called defense mechanisms.


Hackers and Crime
An OK article that reiterates what I have feared for quite some time. We've moved passed the nerdy age of hacking. They're becoming more sophisticated and zeroing in on profit...

Forget the outdated hacker image of a spotty anarchic teenager holed up in his bedroom defacing the Web sites of global organisations, today's hackers are not only older but more determined than ever to claim your cash and identity.


Internal database abuse
Scary article from the Post Dispatch on internal database abuse, this time by a police officer.

...ran a heroin distribution ring that was violent and tightly knit, making it difficult for informers to penetrate it, federal authorities say.

The gang also had a secret weapon: It cultivated a police officer to dig into a law enforcement database to figure out which of its customers might be undercover informers...

But I'm not sure I agree with the chief of police's comments:

"This case personifies exactly the effectiveness of the system," the chief said. "We had intelligence that somebody was running people's names involved in narcotics cases without a legitimate reason, and we ran those names and found out who it was, and took the appropriate action."

Mokwa said officers use REJIS on a daily basis, and tightening security would be burdensome. "You have to rely upon the integrity of officers to use the system properly," he said. "To change it, you would have to restrict their access."

To suggest that there's no room for improvement in security is silly. Sure - they found out that someone was running inappropriate queries - but how long did it take them? What kind of details were they able to reveal? How could the whole thing have been prevented? Such an attitude cannot be comforting to undercover officers in the field...


Lynn update
This made me smile. Glad to see he's back on his feet.

Michael Lynn, the hacker who hit the headlines in July for exposing a Cisco router flaw is now employed by arch-rival Juniper, according to the vendor. Juniper declined to reveal what role Lynn is occupying.

The security researcher was dramatically sued by Cisco earlier in the year after he discovered a Cisco router IOS flaw and defied the networking giant and then-employer ISS to publicise the flaw at a hacking convention in Las Vegas.

Lynn was widely regarded as a hero by many in the internet community in the wake of the scandal but many doubted if he could again find gainful employment as a security researcher.

For its part, Cisco was widely castigated for its heavy-handed tactics in stopping Lynn from further publicising his findings, with some commentators suggesting that the internet could be at threat if similar whistle-blowers are discouraged to come clean on flaws.