CyberSecurity

Blog

  • RSS Reader Security Check

    With Google testing RSS ADS, predictions of Spyware on RSS soon and RSS exploits slowly emerging, this is a bit refreshing.
    RSS Spyware by Years End
    http://www.digg.com/security/_RSS_To_Carry_Spyware_Before_Year_s_Out
    Mark Pilgrim's RSS Prank
    http://diveintomark.org/archives/2003/06/12/how_to_consume_rss_safely

    read more | digg story

  • Digg 2.0 Beta (Digg 2.1. on the way)

    Beta of Digg 2.1 on the way. Here is the results of the first beta:
    Thanks to everyone for doing a great job beta testing digg 2.0 thus far. please keep it up! We are aware of the dropdown problems and issues with IE (who uses IE anymore? (we joke, we joke) 😉 We are also aware that some users are requesting a “minimalist” interface. We will do our best to satisfy everyone – expect to see something along those lines in 2.1. beta.digg.com un/pw: betatest

    read more | digg story

  • Remove the W32.Codbot WORM

    W32.Codbot is a worm that has been popping up throughout the net. It exploits the SQL Sever LSASS and RPC-DCOM process.

    W32.Codbot.AL masquerades as a system process which allows it to be run
    when the system boots up. Once running it connects to Internet Relay
    Chat (IRC) where it can take command to control you sytem.

    Instructions to remove W32.Codbot.htm:
    http://elamb.blogharbor.com/hacked/codbot.htm

  • Snort Technical Learning Guide

    Snort is touted as one of the best network intrusion-detection systems available, but some consider it complicated to operate. This Technical Guide simplifies Snort operation with answers to questions like how to modify Snort rules and where to place IDS sensors.

    read more | digg story

  • Vulnerability Disclosure List

    VulnWatch was created because the involved individuals felt the need for a forum which didn't currently exist: a non-discussion, non-patch, all-vulnerability annoucement list supported and run by a community of volunteer moderators distributed around the world.

    read more | digg story

  • Net Ready Key Performance Parameters (NR-KPP)

    The Net Ready Key Performance Parameters (NR-KPP) is
    comprised of the following elements: compliance with the Net-Centric
    Operations and Warfare (NCOW) Reference Model (RM), applicable Global
    Information Grid (GIG) Key Interface Profiles (KIP),
    DOD information assurance requirements, and supporting integrated
    architecture products required to assess information exchange and use
    for a given capability.

    Net Centric Operations Warfare Reference Model (NCOW RM) (a) The NCOW
    RM serves as a common, enterprise-level, reference model for the DOD’s
    Enterprise Architecture The NCOW RM will ultimately provide a common
    architectural construct for NCOW with a common language and taxonomy.
    The final version of the RM will include:

    1. All Views (AV): AV-1 and AV-2
    2. Operational Views (OV): OV-1, OV-2, OV-3, and OV-5
    3. System Views (SV): SV-1, SV-2, SV-3, SV-4, and SV-5
    4. Target Technical View

    AV-1 Overview and Summary
    Information Scope, purpose, intended users, environment depicted, analytical findings

    OV-2 Operational Node
    Connectivity Description Operational Nodes, operational activities performed at each node,
    connectivity and information exchange need lines between nodes

    OV-4 Organizational Relationships Chart
    Organizational, role, or other relationships among organizations

    OV-5 Operational Activity Model
    Operational activities, relationships among activities, inputs and outputs.

    OV-6c Operational Event-Trace Description
    One of three products used to describe operational activity sequence and
    timing – traces actions in a scenario or sequence of events and specifiestiming of events.

    SV-4 Systems Functionality Description
    Functions performed by systems and the information flow among system
    functions, including information assurance functions

    SV-5 Operational Activity to Systems Function Traceability Matrix
    Mapping of systems back to operational capabilities or of system functions
    back to operational activities.

    SV-6 Systems Data Exchange Matrix
    Provides details of systems data being exchanged between systems.

    TV-1 Technical Standards Profile Extraction of standards that apply to the given architecture,
    Including information assurance functions.

    Bookmarks
    that are constantly updated by people around the world use delicious
    feed for netcentric (will need an aggregator to view feed):

    http://del.icio.us/rss/tag/netcentric
    More on Netcentrics, Ditscap, DIACAP and Information Assurance at infoassure.blogspot.com

  • SSAA vs. ISP

    I've done a few System Security Authorization Agreements (SSAA's) but I
    admit I'm doing Information Support Plans, ISPs (formerly C4ISPs) for
    the first time.

    I used to think that the SSAA was a little bit
    too much information. Overtime I've learned that it make total sense.
    It forces the Information System designers to answer important questions. Many times the
    questions it answers aren't important until much later (such as life
    cycle issues).

    The ISP's puts the SSAA to shame in its sheer
    volume of information that needs to be gathered. This is because it
    includes the netcentric aspects of the system, the actual schedule and
    money involved, acquisitions issues and a bunch of other things that I,
    as a security guy, don't care about.

    The ISP is a birds eye view
    of the target system where the SSAA is a microscope into all levels of
    security over the life of the system from cradle to the grave.

    More on Information Assurace, DITSCAP, and DIACAP on infoassure.blogharbor.com

  • Del.icio.us Daily Blog Posting

    Content is king.  The more quality content you manage the more traffic you get.  There are a few methods of creating automated content that seem to be greatly over looked  Here is one:

    Del.icio.us:

    Del.icio.us has a built in automated tool that allows its users to recieve automated updates to their online bookmarks.

    If you login and goto the “Settings” tab and look under Experimental you'll see “daily posting blog.”  Select “add new thingy”

    Here are links with detailed instructions on how to configure the “add new thingy”:

    Moveable Type:

    Common Craft

    Kevin Wen

    BrownPau

    WordPress:

    Nozell (Rhyms with Oh, Hell)

    Typepad:

    LastMinute

    HERE IS HOW I did it:

    Get the Del.icio.us RSS URL of your choice (orange RSS button located in the bottom left corner).  Copy and paste that code into the RSS Parser of your choice. List of RSS Parsers: 

      http://p3k.org/rss/?setup=true
      http://rssxpress.ukoln.ac.uk/ 
      http://www.rssgov.com/rssparsers.html
      http://del.icio.us/tag/rss+parser

     It will take the RSS and crank out HTML with content baked fresh daily as the del.icio.us tag is updated.  With no further work on your part.  What a lazy bastard you are! You are getting new content with no work while everyone else slaves away by copying & pasting and children are still dying in Africa.  If you select a popular tag, it will actually send stuff you haven't seen on CNN, Digg, Slashdot or anywhere else… very entertaining at times.

  • Computer and Technical Book Reviews

    Author Robert Slade reviews lots and lots of the technical books. Books include everything from “Artificial Minds” by, Stan Franklin to the Official (ISC)^2 Guide to the CISSP Exam to Snow Crash by Stephonson. Excellent reference before you buy.

    read more | digg story

  • "Spies Among Us", Ira Winkler (Rob Slade book review)

    The following is a review by Robert Slade.  Robert Slade is a data communications and security specialist and author of Robert Slade's Guide to Computer Viruses: How to Avoid Them, How to Get Rid of Them, and How to Get Help

    REVIEW: “Spies Among Us”, Ira Winkler  

    by Rob Slade

    “Spies Among Us”, Ira Winkler 2005, 0-7645-8468-5, U$27.50/C$38.99/UK#16.99 Ira Winkler www.irawinkler.com
    5353 Dundas Street West, 4th Floor, Etobicoke, ON   M9B 6H8  2005 0-7645-8468-5
    John Wiley & Sons, Inc.
    416-236-4433 fax: 416-236-4448

      http://www.amazon.com/exec/obidos/ASIN/0764584685/robsladesinterne
      http://www.amazon.co.uk/exec/obidos/ASIN/0764584685/robsladesinte-21
    http://www.amazon.ca/exec/obidos/ASIN/0764584685/robsladesin03-20
    Audience n+ Tech 1 Writing 3 (see revfaq.htm for explanation) 326 p.  “Spies Among Us”

    In the introduction, Winkler admits that the title is slightly
    misleading: most surveillance is not done by international spies, but by common or garden thieves, competitors, and so forth.  The point that he is trying to make is that non-terrorists can hurt you, although he raises the issue with illustrations that are not completely clear.

    Part one deals with espionage concepts.  Chapter one reviews spying terminology, but makes points about the process by explaining the jargon and distinctions.  Risk analysis is introduced in chapter two, but the calculations used may not be clear to all readers.  An attempt to assess the value of information is made in chapter three.  Chapter
    four outlines threats (entities that might harm you) and five covers vulnerabilities–the way your own operations can make you subject to attack.

    Part two describes some case studies of spying.  The content is interesting, although the value is rather concentrated in the short “vulnerabilities exploited” section at the end of each chapter.  I must say that I've read all manner of similar stories and case studies in various security books, and Winkler's are more interesting than most.

    Part three deals with protection.  Chapter twelve lists a number of countermeasures.  These are described in a level of detail that is appropriate for non-specialists (in security), although the content related to technical safety might be a bit thin.  How to plan and implement an overall security program is outlined in chapter thirteen, which includes a very interesting section on how the Department of Homeland Security has taught us valuable lessons about how *not* to execute safeguards.

    While not structured in a formal manner that would make for easier reference, this book nonetheless has some excellent content.  Like Schneier's “Beyond Fear” (cf. BKBYNDFR.RVW ), it is easy enough, and engaging enough, for those outside of the security profession to read.
    Busy managers may find the work a bit wordy and disorganized, but it makes useful points, and has constructive suggestions.  Home users and amateurs will find the style most suited to them, although the recommended controls are aimed at businesses.  Security professionals will not (or should not) find anything new here, but may appreciate the “war stories” and explanations that can be employed in security awareness training.

    copyright Robert M. Slade, 2005   BKSPAMUS.RVW   20050531

    http://victoria.tc.ca/techrev         

    Slade's book reviews — http://sun.soci.niu.edu/~rslade/mnbk.htm

    Slade's Bio — http://sun.soci.niu.edu/~rslade/bkoigtce.rvw

    ======================
    rslade@vcn.bc.ca      slade@victoria.tc.ca      rslade@sun.soci.niu.edu