Академический Документы
Профессиональный Документы
Культура Документы
d to attract a
large number of readers and organizations professionally involved in the infosec
industry .
At the Astalavista.com we had a couple of contests active around the year, our
constantly updated gallery section with various fan photos, and an overall impro
vement in the quality of the submissions
at the site.
For 2005 we have prepared quite a lot of new services and sections at our newsle
tter, we have extended the
security knowledge we've been providing you so far with more practical articles,
tutorials, for both home and
professional readers. Issue 13 will be the longest and most resourceful so far,
so watch out!
Thank you for contacting us with all of your ideas and comments, and thanks for
the interest.
Enjoy your time, happy holidays, folks!
Astalavista's Security Newsletter is mirrored at:
http://packetstormsecurity.org/groups/astalavista/
If you want to know more about Astalavista.com, visit the following URL:
http://astalavista.com/index.php?page=55
Previous Issues of Astalavista's Security Newsletter can be found at:
http://astalavista.com/index.php?section=newsletter
Editor - Dancho Danchev
dancho@astalavista.net
Proofreader - Yordanka Ilieva
danny@astalavista.net
02. Security News
------------The Security World is a complex one. Every day a new vulnerability is found, new
tools
are released, new measures are made up and implemented etc. In such a sophistica
ted Scene
we have decided to provide you with the most striking and up-to-date Security Ne
ws during the
month, a centralized section that contains our personal comments on the issue di
scussed. Your comments
and suggestions about this section are welcome at security@astalavista.net
------------[ SCHOOL'S OUT TO SHUN IE ]
Citing security risks, a state university is urging students to drop Internet Ex
plorer in
favor of alternative Web browsers such as Firefox and Safari.
In a notice sent to students on Wednesday, Pennsylvania State University's Infor
mation Technology
sites in order to increase their bandwith damaged the company's reputation a lot
by
going through various industry experts and portal opinions. Although a couple of
sites
have been sucessfully shutdown, the customers are unknowingly commiting illegal
actions
towards the spam sites; furthermore, there're much more effective proactive appr
oaches to
find spam instead of targeting a couple of web sites. Next time it would be some
one's computer
or an organization's network to be shut down.
[ GOOGLE WORM TARGETS AOL, YAHOO ]
Days after Google acted to thwart the Santy worm, security firms warned that var
iants have begun
to spread using both Google and other search engines.
More information can be found at:
http://news.com.com/Google+worm+targets+AOL,+Yahoo/2100-7349_3-5504769.html?tag=
nl
Astalavista's comments:
Application based worms are getting increasingly popular due to their easy to ex
ecute nature
and due to the help of an intermediary, in this case the search engine that's ac
tually feeding
their intrusive attempts. Google's reaction to the worm was pretty fast but it o
pened an interesting
discussion of the way search engines can restrict, or even monitor users/worms.
Who's still searching for passwd files
on Google??
[ GROUPS FIGHT INTERNET WIRETAP PUSH ]
Companies and advocacy groups opposed to the FBI's plan to make the Internet mor
e accommodating
to covert law enforcement surveillance are sharpening a new argument against the
controversial
proposal: that law enforcement's Internet spying capabilities are just fine as i
t is.
More information can be found at:
http://www.securityfocus.com/news/10192
Astalavista's comments:
This issues need as much publicity as possible, so here we go. The current archi
tecture of the Internet
is insecure by design and everyone knowing enough about various protocols and ne
twork
issues is aware of that. Both hackers and government officials have all the poss
ible
capabilities to wiretap each and every bit of data you've ever sent with the
current design of the Internet. What's even worse would be to make the Internet
even more insecure in
order to accommodate it for better wiretapping; since the same capability goes r
link.
05. Tool of the month
-----------------ARPalert - unauthorized ARP address monitoring
ARPalert uses ARP address monitoring to help prevent unauthorized connections on
the local network.
http://www.astalavista.com/?section=dir&act=dnd&id=3338
06. Paper of the month
------------------A day in the life of the JPEG Vulnerability
This paper will provide a detailed analysis of the Buffer Overrun in JPEG Proces
sing which
started appearing on Microsoft software in September 2004.
http://www.astalavista.com/?section=dir&act=dnd&id=3326
07. Free Security Consultation
-------------------------Have you ever had a Security related question but you weren't sure where to dire
ct it to?
This is what the "Free Security Consultation" section was created for. Due to th
e high
number of Security-related e-mails we keep getting on a daily basis, we have dec
ided to
initiate a service, free of charge. Whenever you have a Security related
question, you are advised to direct it to us, and within 48 hours you will recei
ve
a qualified response from one of our Security experts. The questions we consider
most interesting and useful will be published at the section. Neither your e-mai
l,
nor your name will be present anywhere.
Direct all of your Security questions to security@astalavista.net
Thanks a lot for your interest in this free security service, we are doing our b
est
to respond as soon as possible and provide you with an accurate answer to your q
uestions.
--------Question: Hello, although I already have several opinions on this question, I wa
s wondering whether you
could also advise me about how to proceed in this situation. You see, all my emp
loyees use IE on their
computers and we cannot catch up with all the spyware and sometimes malicious so
ftware installed on the desktop
computers. We have a commercial anti-virus and we're considering a spyware one t
o deal with this problem, what do you
think we should do?
--------Answer: A commercial anti-virus scanner is essential for making sure that you're
auditor, an administrator or a
firewall specilist would require you to take different certificates, although th
e CISSP one can be considered "a must have"
and proves that the holder has a very good background in various information sec
urity positions. I would recommend you
to go through our list of certificates in Issue 1 or check http://www.isaca.org
; http://www.cisco.com or
http://www.giac.org right away.
08. Enterprise Security Issues
-------------------------In today's world of high speed communications, of companies completely relying o
n the Internet for
conducting business and increasing profitability, we have decided that there sho
uld be a special section for
corporate security, where advanced and highly interesting topics will be discuss
ed in order to provide
that audience with what they are looking for - knowledge!
- Can our 5k firewall tell us if we're really under attack? Small or middle size businesses are often given the false impression of security
represented by the
multilayer firewall protection introduced by a top rated vendor. The results are
often very dissapointing, not
clear, and in the end it's usually the person responsible for configuring it who
gets blamed. This short article
will try to bring more insight on why firewalls are not a complete solution to y
our network connection dependent
business, the advantages of IDSs, and the possible employment of system administ
rators well experienced in firewall
architectures.
Multilayer firewall approaches happen to be very useful while fighting network a
ttacks, restricting
access control or making sure trust is established between specific hosts only.
While this is true, many businesses out
there still believe that their firewall is the perfect sensor to detect network
and host based attacks, leaving the
possibility to implement a cost-effective and open-source IDS solution far behin
d their future opportunities. Firewalls will
indeed give you useful information on who's attacking your network, but they wou
ld miss important trends such as the
vulnerabilities tried at your network, the possible brute forcing of accounts an
d many others. If you really want to see
the big picture in details and make sure you take the adequate measures to respo
nd to the real threats and attacks to your
network, then you're strongly advised to take advantage of the use of an IDS (In
trusion Detection System), where the most
popular open-source one is Snort (http://www.snort.org). If properly configured
and maintained, this IDS will give
you a very detailed and useful informaton on what's really going around your net
work.
Your firewall is essential the way the Internet is somehow essential for your bu
siness, but the person
behind configuring it should have a very broad sense of knowledge on various thr
eats methodologies and recent trends in
order to keep the firewall up-to-date with the latest security trends. If not co
There're things that you cannot live without while using the Internet these days
and they're a decent
anti-virus scanner and a personal firewall. While this is true, the fact that a
lot of users don't know a lot about
how their scanners or personal firewalls can be taken advantage of has created a
myth that what goes through the
scanner and is reported as safe is actually safe, and if allowing your latest 31
337 application or backdoored music
player to establish an Internet connection is considered smart, will let malicio
us attackers to take advantage
of your assets. Anti-virus and anti-trojan scanners deal mostly with signatures
and on-the-fly scanning. Although they've
started issuing signatures updates very often, never trust the software entirely
because as we have seen, vulnerabilities
that bypass the scanning of certain anti-virus software have been found in the p
ast. Use your common sense - is this a
reliable program, does it have a reliable site, does Google know anything about
it. If you spend some time, you might
actually identify it as a spyware, virus etc. by reading someone else's "experie
nce" with what you were about to run.
Besides all, don't be naive and make sure you update your signatures on a daily
basis, thus ensuring yourself you're
still protected from a large number of malicious code.
Is my firewall considered a trusted security measure
Your personal firewall is as important as your anti-virus scanner is, but again
it depends on how you
configure it, or to what extent you understand each and every event it notifies
you of. Basically, what's important about
your firewall is to make sure that there're no vulnerabilities affecting your cu
rrent version, and besides all, to
make sure what processes are allowed to connect to the Internet. Do you make a d
ifference between the files Olidvd32.exe
and 0lidvd32.exe? The second one starts with "zero". My point is that unintentio
nally or even intentionally you might allow
a malicious program to establish a connection to the Internet. Thus it will be a
ble to send all the information
gathered or give the attacker a remote access to your computer. Pay additional a
ttention to untrusted music or movie
players, or anything that proclaims to be free software but often comes with a v
ariety of hidden features within.
Be more suspicious!
The spyware threat
"How significant is it really and why should I care?" As far as spyware is conce
rned, the irresponsible Internet user is
considering the exchange of free music and movies for the installation of spywar
e on his/her desktop PC, and is
actually fighting against himself/herself when trying to remove these. How do y
ou get infected with spyware?
Illegal sites, cracks, porn etc. often experience financing problems, and proble
ms that can no longer be solved by placing
adult banners or reselling porn sites memberships(or it's the natural greed?). T
his is why you may
find spyware on sites spreading screensavers, wallpapers, lyrics and the aforeme
ntioned ones. Beside secretly monitoring
your Internet activities, web sites that you visit and in some cases your passwo
rds and pretty much everything that
you type, the spyware often updates automatically without your knowledge, it sl
ows down your computer and makes the
majority of your applications crash, as well as your favorite IE browser. Using
freeware AdAware or Spybot - Search&Destroy
applications will indeed protect or desinfect you from a large number of publicl
y known spywares, and with tools like
Spywareguard or others that directly block malicious web sites, BHOs or cookies
you can rest by the time you open your
IE browser again. If you really want to solve your spyware problem, try using an
y other browser beside IE, and in a
while you'll notice the difference - no more toolbars, weather forecasts etc. un
der your URL field...
In the next part we'll cover spamming, phishing and software and browser vulnera
bility attacks.
10. Meet the Security Scene
----------------------In this section you are going to meet famous people,security experts and
all personalities who in some way contribute to the growth of the community.
We hope that you will enjoy these interviews and that you will learn a great dea
l of
useful information through this section. In this issue we have interviewed
Mitchell Rowton from http://www.SecurityDocs.com/
Your comments are welcome at security@astalavista.net
-----------------------------------------------Interview with Mitchell Rowton,
http://www.securitydocs.com/
Astalavista: Hello Mitchell, would you please tell us something more about your
background in the information security industry, and what is SecurityDocs.com al
l about?
Mitchell: I joined the US Marine Corps after high school. There I worked a help
desk
for a year or so before moving on to being a server administrator. After a whil
e I became more and more interested
in the networking side of things (switches and routers.) Firewalls weren't used
that often back then, and one day
I was asked to put up an access-control list (ACL) on our borderrouter. After t
hat I started getting more and more
security responsibility. When I left the Marine Corps I used my security clearan
ce to get a job as a DoD
contractor, then a contractor in the health care industry.
By this time in my life I had a wife and kids. So I took a job that was more st
able and didn't have as much
travel closer to home. When I think back, this is probably when the idea behind
SecurityDocs.com was born. While
I was leaving one job and going to another I was told to do a very in depth turn
over about starting an incident response
team at the company. So how do you explain how to start an incident response te
am at a fortune 500 company in a turnover
document? After a while I gave up and put several dozen links to white papers t
hat discuss starting an incident
response team.
Xakep.ru
http://www.Xakep.ru/
Xakep.ru is a popular, well organized and very resourceful Russian web site abou
t security
Hackers4hackers.org
http://www.Hackers4hackers.org
Hackers4hackers.org is a Dutch E-zine about security
Blackcode.com
http://www.blackcode.com
Blackcode has been online since 1998 providing its mostly novice visitors with v
arious security resources
12. Astalavista needs YOU!
--------------------We are looking for authors that would be interested in writing security related
articles for our newsletter, for people's ideas that we will turn into reality w
ith
their help, and for anyone who thinks he/she could contribute to Astalavista in
any way. Below we have summarized
various issues that might concern you.
- Write for Astalavista What topics can I write about?
You are encouraged to write on anything related to Security:
General Security
Security Basics
Windows Security
Linux Security
IDS (Intrusion Detection Systems)
Malicious Code
Enterprise Security
Penetration Testing
Wireless Security
Secure programming
What do I get?
Astalavista.com gets more than 200 000 unique visits every day, our Newsletter h
as more than 22,000 subscribers, so
you can imagine what the exposure of your article and you will be, impressive, i
sn't it! We will make your work and you
popular among the community!
What are the rules?
Your article has to be UNIQUE and written especially for Astalavista, we are not
interested in republishing articles
that have already been distributed somewhere else.
Where can I see a sample of a contributing article?
http://www.astalavista.com/media/files/malware.txt
Where and how should I send my article?
Direct your articles to security@astalavista.net and include a link to your arti
cle. Once we take a look at
it and decide whether is it qualified enough to be published, we will contact yo
u within several days, please be patient.
Thanks a lot all of you, our future contributors!
13. Astalavista.net Advanced Member Portal Promotion
------------------------------------------------Astalavista.net is a world known and highly respected Security Portal, offering
an enormous database of very well-sorted and categorized Information Security
resources - files, tools, white papers, e-books and many more. At your disposal
are also thousands of working proxies, wargames servers where all the members
try their skills and, most importantly, the daily updates of the portal.
- Over 3.5 GByte of Security Related data, daily updates and always working link
s.
- Access to thousands of anonymous proxies from all over the world, daily update
s
- Security Forums Community where thousands of individuals are ready to share th
eir knowledge and
answer your questions; replies are always received no matter of the question ask
ed.
- Several WarGames servers waiting to be hacked; information between those inter
ested in this activity
is shared through the forums or via personal messages; a growing archive of whit
e papers containing
info on previous hacks of these servers is available as well.
http://www.astalavista.net/
The Advanced Security Member Portal
14. Final Words
----------Dear Subscribers,
Watch out for our Issue 13 in January, 2005, a lot of new and useful sections ha
ve been added plus many
other surprises. We appreciate all your feedback, your remarks and anything else
you want to say to us, so keep it coming.
See you all in 2005!
Editor - Dancho Danchev
dancho@astalavista.net
Proofreader - Yordanka Ilieva
danny@astalavista.net