System7

Spread the word, information is free.

Archive for May, 2010

How to detect an ATM skimmer

May 25

Posted by The Gunslinger in privacy, security | No Comments

I subscribe to the Privacy Rights Clearinghouse newsletter.  If you’ve not been to this site before and you’re interested in privacy it’s a worth while bookmark.  They recently published their ‘Summer Vacation – Privacy Primer‘ which has an interesting article on spotting ATM skimmers.  Skimmers are hard to detect; your best recommendation is to stick with cashing checks through a teller (or rely on your credit card if you have the self control)  Personally I’m guilty of believing I’m not at risk living in the suburbs; unfortunately it will take a come to Jesus moment (ahem, getting burnt) to slap some reality in me.

You can view the ATM Skimmer Awareness presentation here.

http://www.privacyrights.org/summer-vacation-privacy-identity-theft

Tags: , ,

Google beta’s SSL for web searches

May 24

Posted by The Gunslinger in google, news, privacy | No Comments

According to this H article, Google is beginning to beta a new feature of providing SSL for their standard web search service. As one commenter noted, Google is still collecting the same information from your searches but this will limit 3rd parties from eavesdropping on your search queries. Remember SSL doesn’t guarantee absolute privacy as there’s Moxie Marlinspike’s work, chance of CA intermediaries, and your employer loading their own trusted CA’s into your corporate devices.

Tags: , ,

Sourcefire’s “What would you do with a pointer and a size?”

May 22

Posted by The Gunslinger in news | 4 Comments

The Sourcefire Vulnerability Research Team (VRT) has an interesting project related to (near) real time detection of malicious data passing through an ingress/egress point.  Specifically they’re attempting to use this technology to detect malicious PDF’s.  Unfortunately right now you can’t scan the documents in real time without hurting the user experience.  Options would be to queue PDF’s until analyzed or attempt to post re-mediate malicious PDF’s that have been passed through (recall & purge).  They’ve released their real time framework and are looking for user snippets to perform detection of malicious data.  (think gluing some of Didier’s PDF analysis scripts together….)

*In case you’re unaware, Sourcefire is the maker of Snort IDS.

do you know where your pr0n is?

May 21

Posted by The Gunslinger in networking, news | No Comments

In 2008, Data Loss Prevention (DLP) was becoming the latest trend, hype, buzzword.  This slowed down in 2009 as with most technology because of everyone tightening their belt (purse strings).  I’ve been wondering how long it was going to take for an open source DLP solution to take off.  Please correct me if I’m wrong but it appears opendlp may be the first on the scene.  While still in its infancy (at a minor 0.2.1 release) it already has a web front end and a deployable agent for clients (monitoring data at rest).  It supports regular expressions which should make it flexible.  Without a WYSIWYG policy builder like you’re getting with off the shelf products you’re sacrificing ease of use vs. power and flexibility.

So far I’ve only used a pilot of Symantec’s (formerly Vontu) DLP product for my employer.  I had a blast testing it out on the network especially because of its flesh tone filter (if flesh_tone_filter then email me pr0n).  It’s a shame we may not see flesh tone filtering in opendlp any time soon; isn’t knowing where the pr0n is more important than the company’s lifeblood, intellectual property?

Tags: ,

Apache’s breach disclosure and podcast interview

May 4

Posted by The Gunslinger in news, security | No Comments

The Apache foundation has received a lot of praise from the security community recently for their uncensored disclosure of a recent breach.  (In case you missed the story, you can read Apache’s write up of the incident here) This goes back to the security community lobbying for full breach disclosure especially by private sector where we’re seeing it the least.  It’s the prisoner’s dilemma and so far we’re all getting screwed.

That being said, Philip M. Gollucci from the Apache Infrastructure team did an excellent interview on the Eurotrash Podcast.  You can download the mp3 here.

http://blogs.apache.org/infra/entry/apache_org_04_09_2010