Archive for March, 2009

« Older Entries

Nmap for Conficker

Tuesday, March 31st, 2009

I tried out some of the Conficker tools mentioned earlier. Following Dan Kaminsky’s suggestion, the script is a little clunky, and it’s a LOT easier to run it using NSE (the Nmap Scripting Engine).

You are dealing with a beta build pulled from the nmap SVN, but it worked just fine doing import, make, and install on an OS X 10.5.6 box with the developer tools installed.

NSE’s output is a little wordy, so you probably want to dump output to something else to read it. Zenmap of the last production build seems to do just fine as well, though there’s really not that much it gives you in this case.

e.g.

(more…)

Posted in annoyances, information security | 7 Comments »

Conficker heads up, updates and resources

Monday, March 30th, 2009

For those of you who have not been paying a lot of attention to the network worm side of the house in the past year, one of the most sophisticated and successful Microsoft-based worms has been out in the wild for the past five months or so.

There is potentially a new twist in this story, of this worm that has taken over millions and millions of computers around the internet. Recently, the fruits of infosec professionals around the world collaborating together in a rarely seen manner have been coming to light, as they race against the worm’s April 1st refresh date.

A lot of rumor has been circulating about the April 1 deadline, and really, it won’t be the end of the world. What it potentially does mean is a new round of infections and updates, and a potential mutation or evolution in the worm code that will undo some or all of the progress made so far. The next 48 hours are a chance to make up some ground on this runaway problem.

If you are in charge of systems or networks, or even just have a few windows boxes at home that you are not sure about, take a few minutes to catch up on this story and use some of the (now) freely available tools to scan your network and try to see if you can spot this malware before it changes again, which is slated to happen on Wednesday of this week.

As always, scan (and do any other actions on your network) responsibly, and in accordance with the rules and regs that pertain to your network. If you are somewhere big, corporate, or federal, get your management involved and engaged, and mobilize to protect your resources.

note(ed): I think that between this and the response to Kaminsky’s “I broke the Internet” DNS bug last year, the information security community is starting to show a maturity and collaborative spirit that is crossing boundaries that previously impeded progress. While I don’t think that the incidents themselves are good innately, the collaboration that is springing from facing these adversities is excellent.

A good summary of “where things are at” from the Register

There are several posts and links from SANS ISC on the topic

Honeynet project’s dedicated scanning script in python

And Dan Kaminsky was nice enough to wrap it to an .exe and give his latest two cents worth

Posted in collaboration, information security | No Comments »

Synchronicity?

Thursday, March 19th, 2009

I managed to make it to the informal #novasecluncheon meetup in DC today.

A conversation topic was Rob Fuller and Rafal Losrecent run-in’s with an insecurely configured tinyurl (which was picked up by the media). Discussion also followed about the issues with a site being owned (bad enough) with the exponential implications of problems going through that site (much worse).

Once everyone gets done with lunch and back to their routine, what do we see? It appears that someone has managed to XSS Twitter successfully.

Is that timing, or what?

I’ve been meaning to save this up for another post, but now is also a great time to mention the Longurl Mobile Expander I’ve been playing around with. It’s a link expander Add-on for Firefox that allows you to preview “shortened” url’s by mousing over them before you click.

Click with care . . .

Posted in Twitter, Web Security, XSS, information security, meetups | 1 Comment »

OWASP Software Assurance Day and CapSec reminder

Thursday, March 12th, 2009

I’ll be attending OWASP Software Assurance Day at Mitre in McClean VA tomorrow.

This event did require pre-registration, and unfortunately it’s closed, but if you are interested, I’ll try to report back anything new above and beyond other previous OWASP events.

Also, save the date, CapSec DC is only two weeks away.

CapSec DC
Wednesday March 25th, 7:00 PM

Stetson’s
1610 U St NW
Washington DC 20009

Posted in Uncategorized | No Comments »

Government 2.0 Panel at FOSE

Thursday, March 12th, 2009

I attended the “Government 2.0 – Evolution or Revolution?” Executive Session at FOSE at the DC Convention Center.

I’m posting this sans links due to time constraints, most of the people/places/things are readily locatable in Google. I’ll try to come back and clean up links this weekend at some point.

The panel was moderated by Chris Dorobek, and consisted of Chris Rasmussen, Intelligence Community Collaboration Guru, Dr. Mark Drapeau, of the National Defense University and Mashable, Steve Ressler, creater of govloop.com, the “Facebook for Feds,” and Teresa Nasif, Director of the Federal Citizen Information Center and one of the forces behind USA.GOV.

Dorobek opened by restating the name of the session, and discussing where the government is at with Web 2.0. Comment was made about a recent discussion in the press of 2.0 hitting a “mid-life” crisis with the government, where the initial ground swell of enthusiasm has peaked and the grim realities of the difficulty of deployment and utilization in the government environment has set in. Dorobek stated that this is a misnomver — 2.0 is still in it’s infancy, and there is still a very long way to go, it’s not crisis but still an initial inception phase going on. He then introduced the speakers and gave a quick blurb on everyone’s background and how they related to the situation.

(more…)

Posted in FOSE, Federal, Web Security, collaboration, conferences, web people | 1 Comment »

« Older Entries