Raesene's Ramblings

Slashdot | Port Knocking in Action
there's a story on slashdot.org covering a port knocking proof of concept. Ironically there's better links in one of the early comments than in the story itself! I've made a list of them below for reference.
portknocking.org
An article at Linux Journal
An article at Linuxsecurity.com
A tutorial at Librenix
For those of you wondering "what the stuff is port knocking anyway?" here's a definition I got from the UNIX FAQ at aplawrence.com
" Port knocking is a security technique to allow access to people who know the "secret knock". The basic idea is this: packets addressed to certain ports are silently ignored but are logged. If you contact the right series of ports in the right sequence, possibly with the additional condition of holding the ports open for a certain period of time, the firewall rules will be adjusted to allow you access.
The interesting things about this technique include the fact that you can obviously transmit information with the pattern or duration of the "knocks". That means that you could request that some other ip be allowed access, or just request that certain information be sent to you. Another interesting aspect is that because the packets are silently dropped, there's no way to scan a host and determine that it is using a port knocking technique. Even if you knew that it was using such a technique, but didn't know the algorithm, any brute force attempt would be effectively impossible"

Dana Epp's ramblings at the Sanctuary : Securitydocs.com: The Information security library for the infosec pro
There's a handy link to a site called securitydocs.com over at Dana Epp's Blog, for a site which collates security white papers.
Quite a few of the random ones I looked at were from the SANS reading room (in itself an excellent resource).

Dana Epp's ramblings at the Sanctuary : Forensic Analysis of a Live Linux System
There's a post referring on to an intereting set of presentations about Linux Forensics over at Dana Epp's Blog...

I was pointed to this interesting sourceforge project by another Rory... asleap home page
It's a piece of software which exposes the weaknesses in Cisco's LEAP protocol.... This is the second thing I've seen recently regarding lack of security in Ciscos products recently... odd for a vendor with a relatively good reputation for security...

UK firms failing security challenge - ZDNet UK News
This is one of the stories that always emerge when the large consultancy companies do their annual security surveys. In amongst alot of stats there are some meaningful pieces of information. This story focuses on the state of wireless security (poor).
I'm not at all suprised that 50+% of companies haven't deployed security on their wireless LANS, however it is very worrying as they are essentially allowing the man on the street (literrally) to wander into their corporate LAN without any restriction.
Given that most companies practice the "warm smarty" method of network security (crunchy on the outside, soft and squishy on the inside), this is especially worrying.

Well the April Microsoft patches came out today, and depending what article you read about it there are either 4 [securityfocus.com] or 20 [nwfusion.com] .
The cynic in me would say that this was Microsoft trying to keep the apparent number of vulnerabilities in Windows down and I reckon that for certain industry analysts and studies it might well work, as if you don't go into the technical detail of the vulnerability it's not apparent that more than one flaw is getting fixed by each patch.
What I actually find more concerning is that several of the vulns appear to affect Windows 2003/Windows XP. I think that this shows that Microsoft has a very long road ahead of it to improve the security of its products. As whilst it may be ensuring the quality of all new code that is produced, there is obviously a lot of legacy code that will be causing problems for some time to come.....

Over at the New Scientist there's an interesting note for an attack on a mail server.
I always find attacke like this interesting asa they're essentially a case of mis-use of a protocol. Also given that tthe return of undeliverable e-mail is usually taken as a given on the Internet and it becomes unlikely that this kind of DoS attack will be going away anytime soon.

The Metasploit Project is a collection of exploits with an interface to allow them to be easily executed.
Whilst I can see the value of this kind of project from the point of view of going one step beyond a vulnerability scanner and actually demonstrating an exploit getting, for example, remote root access on a system, the other uses of this kind of work will lower the knowledge barrier for a range of cracking activities....

Cisco Security Advisory: A Default Username and Password in WLSE and HSE Devices
This is a pretty nasty vulnerability for someone like Cisco to have, as you'd have thought that their development process would have noticed this kind of mistake. Also given that WLSE is a piece of security software, in that it monitors for rogue AP's amongst other things it is suprising that this got through.
I think that the only saving grace of this is that the kind of equipment it occured in, will probably be managed by networking professionals who will check for security advisories....

TESTVIRUS.org lets you send EICAR test strings to any e-mail address using a variety of obfuscations, to see if your mail server will catch them all...