System7

Spread the word, information is free.

Archive for June, 2009

Gartner: Security Software Vendor market share

Jun 30

Posted by The Gunslinger in news | No Comments

There’s a quick one page recap from Gartner about the 2008 security software vendor market-share breakdown.  As in 2007 Symantec is still clearly the market leader with 22% (falling 2% from 2007).  In second place is McAfee with 10%.

Not surprisingly the area with the most growth is SIEM -  security information and event management.  As everyone is preaching, including the maker of Snort, most companies have monitoring in place and are generating anywhere from a hundred to a hundred thousand events a week but more times than not NO ONE IS MONITORING THESE EVENTS.

Read the complete market-share breakdown here: http://www.gartner.com/it/page.jsp?id=1031712

2009 Verizon Business (Cybertrust) Data Breach report

Jun 28

Posted by The Gunslinger in news | No Comments

I was recently lucky enough to attend a talk by Sourcefire CTO Martin Roesch (creator of Snort).  He mentioned the Cybertrust Breach report which is wotrh a read.

One of the interesting facts is that the time from an initial breach of a network to compromising data is in MINUTES 27% of the time and in HOURS 21% of the time.  This is very startling data.  What the report concludes as well as Mr. Roesch is that folks aren’t monitoring their logs.  Almost everyone is running IDS/IPS these days and generating thousands of events but no one is actually watching them.  I’ll post a review of Martin’s talk in the next few days.

In the meantime you can find the 2009 breach report here.

Tip of the Day: Destroying Optical Media

Jun 21

Posted by The Gunslinger in security | 1 Comment

Another tidbit I’ve picked up from reading Bruce Schneier’s “on Security” was how to destroy optical media (cd’s, dvd’s).  Usually I crack them in half or scratch them with a sharp object.

It turns out another method is to place them in the microwave for 3-5 seconds (depending on the wattage of your microwave).

Good Backup Practice: I used to store all of my onsite/offsite backups on CDs and DVDs.  I’ve been sorting through all my backups and moving them into TrueCrypt containers and re-burning the data while being sure to destroy the unencrypted copies.

Free (Credit) Fraud Alerts

Jun 18

Posted by The Gunslinger in news | 1 Comment

I’m reading Bruce Schneier’s “Schneier on Security” which is a collection of his best essays and articles. One interesting item I came across was the mention of Fraud Alerts.  People registered with the US credit agencies (Transunion, Equifax, Experian) can request a free 90 day fraud alert.  After 90 days you can go ahead and sign up again forever and ever.

The fraud alert forces potential credit grantors to verify your identification before extending credit in your name in case someone is using your information without your consent.  Say goodbye to those credit card offers in the mail…

***You only need to sign up with one of the agencies below.  They are required by law to notify the other two agencies.

Sign up @ Experian

Sign up @ Equifax

*Unfortunately I can’t locate the TransUnion sign up page. Please let me know if you have better luck.


Google Wave

Jun 14

Posted by The Gunslinger in google, news | 1 Comment

At the recent Google I/O conference in San Francisco the next big Google project was announced, Google Wave.  Imagine being able to instant message and collaborate with multiple people in real time.  Now chat rooms have been around for a while real time collaboration is a new concept. Wave is so much more than an IRC chatroom; Wave allows users to include rich media in the conversations as well as adding people on the fly.  You can add users to the “Wave” at anytime.  New users added to a Wave can then “Replay” the Wave to see what they missed. A Wave is built using a tree structure which allows for the replay.

Imagine having a blog + chatroom + flickr all with collaborative “wiki” abilities.  I’ll be the first to admit it is difficult to wrap your head around.

Definitely check out the developer preview video here.

Great “defeating the firewall” article

Jun 13

Posted by The Gunslinger in networking, news | No Comments

I stumbled across an excellent article on freenode #security.  Does your employer use content filtering?  Are you sick of being restricted when using free wifi hotspots?  How about a hotel charging for wifi?

The article talks about methods to circumvent all of the above scenarios.  I actually do the most vanilla technique to overcome my employer’s web filter: dynamic ssh tunneling back to a server I have running at home.

Read it here:  http://blog.sebastien.raveau.name/2009/06/internet-by-all-means.html

SSL Strip

Jun 13

Posted by The Gunslinger in hardware & software | No Comments

There’s a nice tool that will perform SSL man in the middle attacks.  In layman’s terms this means when this tool is run on a gateway it will create a clear text HTTP stream on the network (that you can sniff) when someone creates a HTTPS session.  i.e. Someone logs into Gmail via HTTPS and there will be an HTTP clear text mirror of that session which you can sniff via Wireshark.

Check it out here: www.thoughtcrime.org/software/sslstrip/

Tags: , ,

Microsoft’s google killer: Bing

Jun 11

Posted by The Gunslinger in microsoft | No Comments

Now that Microsoft’s Bing has been out for a couple weeks I’m wondering everyone’s impression.  I like the simple interface with minimal ad’s and clutter.  Nothing like the MSN search.  It looks awfully similar to Google’s interface.

However, I’m very disappointed with search results.  I’m finding that most of my queries are not returning what I’m looking for.  I find myself returning to google.  This could be because the Bing engine doesn’t have enough information from analytics data to generate better results.  Hopefully with time this will improve; once Bing see’s what pages users are really interested in.

System7 wordpress tweaks

Jun 10

Posted by The Gunslinger in system7 | No Comments

Over the weekend I fixed a few issues we were having with the site.  Those items included:

“Next & Previous entries” links were not working
“Categories” links at the bottom of the page were not working correctly
Fixed Profile, Dashboard links for registered users
*Added CAPTCHA for Comments & Registration pages

Windows Forensics tip of the day…

Jun 10

Posted by The Gunslinger in forensics | 1 Comment

The Windows page/swap file usually contains very recent information of a user’s activity.  Data is usually overwritten fairly quickly  — depending on how “busy” the system is.  The page file can store potentially sensitive and incriminating evidence.  The legality of admitting evidence found in a page/swap file is still sketchy in the judicial system. However, it’s always a good idea to play it safe.

If you don’t mind a slightly longer shutdown / restart time you can have your system write zero’s to the page file.  This is disabled by default.

Start -> Run -> regedit

Change the following key from a 0 to 1

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\ClearPageFileAtShutdown

*The Microsoft KB article can be found here: http://support.microsoft.com/kb/314834