How to Break Web Software
Mike Andrews was one of the coolest and most knowledgeable professors I had the opportunity of learning from, while at school @ Florida Tech.
Currently, Mike is currently working as the Principle consultant at Foundstone/McAfee, taking a break from teaching.
At school, we did not have video tape lectures, but I did find this video of Mike talking at Google on how to break web software, how web applications are attacked and walks through a testing framework for evaluating the security of an application and takes some deep-dives into a few interesting and common vulnerabilities and how they can be exploited.
http://video.google.com/videoplay?docid=5159636580663884360The Great Zero Challenge
The Great Zero Challenge: A challenge to confirm whether or not a professional data recovery firm or any individual(s) or organization(s) can recover data from a hard drive that has been overwritten with zeros once. All they used is the Unix dd command using /dev/zero as input to overwrite the drive.
They are doing this because many people believe that in order to permanently delete data from a modern hard drive that multiple overwrites with random data, mechanical grinding, degaussing and incinerating must be used and even physically destroy them just to be extra safe.
As far as challenges go, this is one that many will pass, because no data recovery firm claims to be able to do zero recovery other than those with access to electron microscopy tools.
Many professional recovery firms for most part use tools that scan through the partition and file table area and perhaps even the entire disk to locate data that has either been marked erased or had references removed (for a full disk scan) and then restoring it. Perhaps they’ll also move the spindle from a dead drive into a new case to complete the operation, but I doubt there are many companies that will actually do electron force microscopy for you and even fewer that will do it at anything other than an astronomical fee.
How to crash Google Chrome
Google claims that its browser Google Chrome is able to isolate events that may crash a browser, isolated within those individual tabs. However, an issue exists with how Google Chrome handles undefined handlers in chrome.dll version 0.2.149.27 which is the latest version of the browser. A crash can result without any user interaction.
When a user visits a malicious link which has an undefined handler and followed by a special character, the browser crashes. You can also crash the browser by typing the characters :% in the Chrome URL bar. Google Chrome crashes with a message ” Whoa! Google Chrome has crashed. Restart now?”
Internet Browsers and their users
Comparison of the different Internet Browsers and their users.
Click here for a bigger picture : http://www.flickr.com/photos/21904710@N00/2754981251/sizes/o/
What is Defense in Depth
Defense-in-depth is fundamental to the design of a secure system. It stems from the idea that software can have flaws; people can make configuration mistakes; and hardware devices can fail. To compensate for events like these, we do not want to rely on a single mechanism to defend our resources. Instead, we deploy multiple layers of protection to account for the possibility that one of them may fail.
Let us apply this concept of defense in depth for securing your home network.
1. Router: You probably have a router(maybe wireless) connected to your cable or DSL modem. The router acts as a firewall protecting you from direct malicious attacks originating from the internet.
2. Anti-virus: Now, while the router acting as a firewall can help you against internet attacks, it cannot protect you against say an email based computer virus or a worm that got downloaded when you visited a malicious web site. An Anti-virus software with the latest signature updates, can protect you from such an attack.
3. Fully patched operating system: A virus probably needs access to some Windows service or a port. A fully patched operating system can add an additional layer of security.
Operating Systems Security: Year 2007 Vulnerability Report
Operating Systems Security: Year 2007 Vulnerability Report
This paper analyzes the vulnerability disclosures and security updates during the year 2007 for Windows Vista Operating System when compared to its predecessor, Windows XP, along with other modern Client Operating Systems Red Hat, Ubuntu and Apple Mac OS X.
The results of this analysis based on the Vulnerability Count Metric and Days of Risk suggest that Windows Vista is the most secure Operating System when compared to the other leading Desktop Operating Systems for the year 2007 based on its lower vulnerability profile. Windows Vista is also significantly easier to administer for IT Security of various corporations as well as individual users based on the number of Security Bulletins and updates it issues besides the excellent security support provided through Microsoft TechNet Security Center.
With the vulnerability and risk data available, I also wanted to tackle the topic of Browser security. The analysis reveals that Firefox 2.x on Ubuntu platform was the most secure browser for the year 2007 in terms of the lowest Days of Risk and vulnerability profile. While these results represent only the vulnerability dimension of security risk, they do provide insight into the aspects of security quality that are under the control of the vendors – code security quality and security response. These metrics however, must be considered in combination with several other important qualitative factors when choosing a platform based upon security maintenance and likelihood of a security breach in your environment.
Beyond patches and vulnerabilities, there are “softer” qualities of security that are difficult to quantify but undeniably impact deployed security. Qualities like security lifecycle support, bulletin descriptiveness, default security features and the like all have a direct impact on deployed role security.
Note: This report is an update to the previously published Windows Vista One Year Vulnerability Report by Jeff Jones1, a VP at Microsoft, who concluded that Windows Vista is more secure by analyzing vulnerability data of Windows Vista and other Operating Systems based on the first year of their operation. However, as Jeff admits, this kind of first year analysis may be good to evaluate the security practices and product development methodologies of a vendor more than measure the security of an Operating system. This paper expands on his findings while following a similar structure used in Jeff’s report presenting a deeper level of analysis and comparison of the modern workstation Operating Systems using the entire 2007 vulnerability and risk data which would more accurately reflect the “present security state” of these different Operating Systems.
Also, please note for non-windows fans, this is a Vulnerability Report not a ranking the most secure operating system report. Before you make any conclusions, I have presented the data used to come to the conclusions in this paper for everyone to access. I tried my best to level the playing field by having similar components for all Operating Systems accessed in this report.
Read the rest of this entry »
Physical Security & Information Gathering
This is a great presentation by Johnny Long at Defcon. He talks about how easy it is to gain access to secure locations without any “hacking” aka physical security.
http://video.google.com/videoplay?docid=2846156252478942794How Many Passes Does the Team in White Make
It is very easy to miss something you are not looking for. How many passes does the team in white make? Test you awareness and Do the Test!
Most Influential People in Security
Ryan Naraine over at eweek.com has come up with an interesting list of the top 15 most influential people in Computer Security.
1. Tavis Ormandy, Google Security Team’
2. Ivan Krstic, One Laptop Per Child’
3. Chris Paget, IOActive’ , Google
4. Bunnie Huang, Bunnie Studios’
5. Michal Zalewski, Google’
6. Window Snyder, Mozilla
7. The MOAB Hackers’
8. Dino Dai Zovi’
9. Michael Howard, Microsoft’
10. HD Moore, Metasploit ‘
11. Dave Aitel, Immunity’
12. Bronwen Matthews, Microsoft’
13. John Pescatore, Gartner’
14. Rob Thomas and Team Cymru’
15. Stefan Esser, Hardened PHP Project’
Check out Ryan’s list of the most influential people in Security, in this slideshow at eweek.
Microsoft Windows 7 Feature Request List
Microsoft seems like it is on track to release the next generation or the next version of Windows, Windows 7 to be tentatively released in 2009.
An indicator of what users wish to see in this next version of Windows has surfaced recently. Following is the full list of these features requested, and it is highly probable that quite of few of these features could be incorporated into Windows 7.
Feedback ID # 244119: Allow users to customize indexing more effectively
Feedback ID # 244127: UAC badge on all icons that will require UAC prompt
Feedback ID # 244352: Record live tv when you rewind
Feedback ID # 246001: Include Pinball into next version of Windows
Feedback ID # 246465: Multi-session remote desktop
Feedback ID # 246472: Basic download manager for Internet Explorer
Feedback ID # 246493: IE7 should include session restore feature
Feedback ID # 246494: Implement Vector GUI in the next version of Windows
Feedback ID # 246496: Add a message to the “computer locked” screen
Read the rest of this entry »