The Lazy Genius
 Internet Storm Center Infocon Status
Home
Syndicate
Syndicate this category
Main Page
 Tools
 Audrey
 IBM
Get FireFox for Secure Browsing
Recent Comments
Re: Blog Reading Level
Re: Hacking Linux onto your 360 just got a wee bit easier
REIMER's a stooge
Re: Welcome!
Re: Welcome!
Month Archive
May 2008
March 2008
February 2008
January 2008
December 2007
My Blog Roll
.: UNEASYsilence :.
.:[ packet storm ]:.
180solutions Blog
5ives
A Day in the Life of an Information Security Investigator
ASTALAVISTA
ASTALAVISTA Security Directory
Arik's blog
Asa Dotzler - Firefox and more
Atlanta Business Chronicle
Avery J. Parker's Blog
Ben Edelman - Home
Ben's Bargains
Blingo Buzz
BlueHat Security Briefings
Boing Boing
CNN.com
CSO Homepage
Caffeinated Security
CastleCops
Cheapstingybargains.com
Computer Crime Research Center
Computer Internet Security eLamb
Cryptome
Daily Phreak - Daily Telecom, Asterisk & Phreaking Updates
Dana Epp's ramblings at the Sanctuary
Digg
Digg Blog
Digital Common Sense
Digital-Mafia
Dorian Software BLOG
Dr. Antonio Nucci
E-Bitz - SBS MVP the Official Blog of the SBS "Diva"
EFF: Breaking News
EFF: DeepLinks
EFF: miniLinks
Engadget
Everlasting Blort
F-Secure : News from the Lab
Forever Geek
GeoURL Log
George Ou | ZDNet.com
Global Security Watch
Go Fug Yourself
Gravatar - Globally Recognized Avatar
Hack In The Box
Hack a Day
I-Hacked.com
Inc.com
InfoWorld
Inside AdSense
Israel Torres on Security
Joao Barros
Kim Cameron's Identity Weblog
Lotus Geek
MAKE: Blog
Mark's Blog
Mark's Sysinternals Blog
Metasploit Blog
Microsoft Architecture Resource Center
Microsoft Secguide's WebLog
Microsoft Security Bulletins
Microsoft Windows Security
Monkeys In The News
NPR : News
National Cyber Alert System
NetIdentity Blogware - Support Center :: Main Page
Network World on Firewalls
Network World on IDP/IPS
Network World on Network Security
Network World on VPNs
Network World on Wireless
PCI and Data Security Compliance
PostSecret
RAW Data
Regulatory Compliance
ReveNews - Online Revenue News & Opinions
Rootkit.com
Rootsecure.net | Home
SANS Internet Storm Center
SANS NewsBites: Security Digest
SC Magazine
Sage Project News
Schneier on Security
Scobleizer - Microsoft Geek Blogger
Search Engine Watch Blog
SecuriTeam Blogs
Security Awareness for Ma, Pa and the Corporate Clueless
Security Fix
Security Visualization Portal
Security to the Core | Arbor Networks Security Blog
SecurityDocs
SecurityDump: Directory of Security Tools
SecurityFocus
Slashdot
SlickDeals.net
So sue me
Steve Lamb's Blog
Steve Riley on Security
Sunbelt BLOG
TaoSecurity
TechNet Blogs
TechRepublic
TechRepublic Downloads
Technorati Weblog
Telecom, Security and P2P
The Cloud Appreciation Society
The Dilbert Blog
The Edge of I-Hacked
The Metasploit Project
Urban Legends Reference Pages: What's New
User Friendly the Comic Strip
Viruslist.com - Analyst's Diary
Vitalsecurity.org
Welcome to nosec
Wi-Fi Networking News
WiFi Thoughts
Windows Incident Response
Windows Live Safety Center
Woot : The Blog
meeblog
one2one, Dell’s Weblog
terminal23
trifinite.blog
xkcd
Login
User name:
Password:
Remember me 

Main Page  »  Security
« Previous 10 days
Thursday, May 1
View Article  Plasma TV components applied to password cracking
by Xavier Ashe on Thu 01 May 2008 08:44 AM EDT

Forget networked PCs or even PlayStation 3s, components commonly found in plasma TVs are the latest thing in password cracking tools.

High performance FPGA (Field Programmable Gate Array) chips are the Chuck Norris of number crunching, equally suited to image processing and (with a bit of modification) password cracking.

During the Black Hat conference in Washington in February researcher Dan Mueller used FPGA kit in an attack that cracks standard GSM transmissions, encrypted using the A5/1 algorithm, in as little as 30 seconds.

The same technology can be applied to crack Bluetooth transmissions in as little as eight seconds, according to security consultancy SecureTest, which ran a demo of the technology at the recent Infosec conference.

Read the full article on The Register.

Leave Comment  |  Permanent Link  |  Cosmos
Tuesday, March 25
View Article  HP Cuts Investment in their Security Portfolio
by Xavier Ashe on Tue 25 Mar 2008 05:30 PM EDT

Burton Group has specifically commented on HP’s struggle to succeed in this competitive market. Burton Group’s Identity and Privacy Strategies Report, “The Identity Management Market 2007: An Expanding Universe”, Our Catalyst 2007 Keynote “Identity Management Market Landscape 2007: Enabling Security and Control Objectives in the Enterprise”, and our “Vantage Point 2007: Trends in Identity Management” telebriefing, all noted that HP’s ability to compete, mindshare, and market momentum has been in sharp decline.

Burton Group has been contacted by HP customers who report that HP is no longer going to seek new customers for its Identity Center product.  We have contacted HP and the company confirms that HP Software has decided to focus its investment in identity management products exclusively on existing customers and not on pursuing additional customers or market share. HP is in the process of reaching out to each customer regarding the change. Last week Burton Group spoke to HP Software Vice President of Products Eric Vishria regarding this development. 

Vishria explained that the Identity Center product line was not performing in this highly competitive market at a level that’s acceptable to HP, but added that the product supports the operations of a number of HP’s critical customers.  HP has therefore made the decision to focus research and development efforts on existing customers only.

This was posted on the Burton's Group Identity Blog.  Interesting stuff, read more:

Customers of other IdM vendors and customers considering new IdM deployments should also be carefully scrutinizing this announcement. As the market becomes increasingly competitive it is imperative that customers evaluate the viability and long-term strategy of their existing and potential IdM vendors. Burton Group predicts that the market will see continued, or even increased, consolidation in coming months.

Leave Comment  |  Permanent Link  |  Cosmos
Sunday, March 9
View Article  Cult of the Dead Cow Releases Goolag
by Xavier Ashe on Sun 09 Mar 2008 10:56 AM EDT
Cult of the Dead Cow, or cDc, an old-school hacking crew famous for its anti-censorship stance, has shipped a new tool that turns the Google search engine into an easy-to-use vulnerability scanner.

Taking its cue from Johnny Long's Google Dorks—search queries that reveal sensitive information—cDc's new Goolag Scan pushes the envelope even more, offering a stand-alone Windows GUI-based application to power the searchers.

The open-source program comes with about 1,500 custom Google search queries embedded by default to run searches for vulnerable Web applications, misconfigured Web servers with open backdoors, sensitive user names and passwords, and other documents accidentally exposed on the Internet.

"It's no big secret that the Web is the platform," said Oxblood Ruffin, a spokesperson for the hacker think tank. "This platform pretty much sucks from a security perspective. Goolag Scanner provides one more tool for Web site owners to patch up their online properties.

"We've seen some pretty scary holes through random tests with the scanner in North America, Europe and the Middle East. If I were a government, a large corporation, or anyone with a large Web site, I'd be downloading this beast and aiming it at my site yesterday. The vulnerabilities are that serious," Ruffin said.

The utility ships as a .Net program that can be manually configured to power Google queries for specific servers or for an entire set of domains.

For example, a business can ask Goolag Scan to search for vulnerable servers or "files containing juicy information" on all its Web sites, turning the scanner into a useful auditing tool.

News report from eWeekTry Goolag now.
Leave Comment  |  Permanent Link  |  Cosmos
View Article  Bejtlich points out Gartner Wisdom
by Xavier Ashe on Sun 09 Mar 2008 10:28 AM EDT
2003: "IDSs [intrusion detection systems] have failed to provide value relative to its costs and will be obsolete by 2005." (Gartner, "Gartner Information Security Hype Cycle Declares Intrusion Detection Systems a Market Failure")

2008: "Our adversaries are very adept at hiding attacks in normal traffic. The only true way to protect our networks is to have an intrusion detection system." (Robert Jamison, Under Secretary of the National Protection and Programs Directorate at DHS)

From TaoSecurity.
Leave Comment  |  Permanent Link  |  Cosmos
Tuesday, March 4
View Article  Funny "Hacking" Story
by Xavier Ashe on Tue 04 Mar 2008 04:54 PM EST
After a bit more back-and-forth about how he could "just answer any questions I had right now", the sales rep pointed me to their sample ads, a 7mb PDF with sixteen pages of seemingly real companies, all with the same phone number (555-555-5555) and the same website (00000000000.com). Somehow, that didn't convince me to "invest" several hundred dollars, so the salesman faxed over some more inforation with a single, real ad.

As I eagerly waited for the follow-up call later that day, I thought I'd take a minute or two to check out their website. Almost immediately, I came across their Federal Procurement Officers Only page. Out of curiousity, I entered a username and password, and then clicked the Login button. Instantly, a JavaScript dialog popped-up...

Since there's really only one thing that could cause such a dialog to pop-up so fast, I checked the source code...

Entertaining story posted on The Daily WTF.
Leave Comment  |  Permanent Link  |  Cosmos
Monday, March 3
View Article  It's official: Pirates crack Vista at last
by Xavier Ashe on Mon 03 Mar 2008 02:21 PM EST

A genuine crack for Windows Vista has just been released by pirate group Pantheon, which allows a pirated, non-activated installation of Vista (Home Basic/Premium and Ultimate) to be properly activated and made fully-operational.

Unlike cracks which have been floating around since Vista RTM was released in late November, this crack doesn’t simply get around product activation with beta activation files or timestop cracks - it actually makes use of the activation process. It seems that Microsoft has allowed large OEMs like ASUS to ship their products with a pre-installed version of Vista that doesn’t require product activation – apparently because end users would find it too inconvenient.

Read More on APC.

Leave Comment  |  Permanent Link  |  Cosmos
Tuesday, February 26
View Article  Best practices for IT security management
by Xavier Ashe on Tue 26 Feb 2008 12:11 PM EST

The nuts and bolts of an information risk management (IRM) framework are best put in place long before you install the technology. But it's never too late to mitigate business risk by working out the mechanics of functions, requirements and controls. Discover and report on the right priorities, and you can construct a framework for making well-informed decisions.

Read Five steps to building information risk management frameworks and Developing Controls for People, Processes and Technology by Forrester analyst Khalid Kark who details how to build a sound IRM solution in your organization, including:

Defining domains for your IRM framework
Three questions to ask when assessing the criticality of IRM requirements
Overcoming two significant challenges in defining security metrics programs
Converging physical and logical security through process collaboration

Kark is a principal analyst at Forrester Research. His research focuses on information risk management strategy, governance, best practices, measurement and reporting.

This expert advice is part of a continuing series on IBM best practices for IT security management. IBM security services and solutions such as Tivoli®, Internet Security Systems™, and Rational® enable customers to better manage their infrastructure, operations and IT processes.
Leave Comment  |  Permanent Link  |  Cosmos
Tuesday, February 19
View Article  PCI compliance drives identity management spending, says IBM's GRC chief
by Xavier Ashe on Tue 19 Feb 2008 03:58 PM EST
Great interview with Kristin Lovejoy, the director of IBM Governance and Risk Management Strategy over at Information Security Magazine.

When Consul was acquired, how difficult was the technology integration?
Kristin Lovejoy: There was a good bit of integration work that had to occur. Most of it was around assuring that the product offering met the scalability requirements that had to be defined by IBM. IBM's acquisition of the technology undergoes a blue-washing process. The blue washing process assures that the technology sold to IBM customers are not packaged with any kind of code that is not documented—no open source components. Also the database infrastructure had to be reworked and released for DB2.

You've been viewed as a leader in driving the implementation of auditing as a required step in identity and access management. Talk about the importance of auditing.
Lovejoy: Of course it was Sarbanes Oxley where the concept was initiated. Section 404 required organizations to not only look at their business controls but also their IT controls. It points to a requirement that organizations adopt a control framework within the finance, accounting organization, making sure there's no conflict of interest. Sarbanes Oxley made people say trust is ok but now I have to verify. We saw a lot of companies want to be able to monitor privileged users such as database administrators and developers. They wanted to ensure that those that were working in the preproduction environment were only working in the preproduction environment.

In addition to Sarbanes Oxley, there have been over time lots of requirements like PCI DSS and HIPPA that requires you to do audit logging. These requirements, which always said you need to maintain the logs, are now beginning to indicate that it's not simply collecting logs, but you also have to be able to review the activity in logs and identify areas potentially anomalous activity.



Read More.
Leave Comment  |  Permanent Link  |  Cosmos
View Article  New IBM Redbook - Deployment Guide Series: IBM Tivoli Compliance Insight Manager
by Xavier Ashe on Tue 19 Feb 2008 11:03 AM EST
In order to comply with government and industry regulations, such as Sarbanes-Oxley, Gramm-Leach-Bliley, and COBIT, enterprises have to constantly detect, validate, and report unauthorized change and out-of-compliance actions on their IT infrastructure.

The Tivoli Compliance Insight Manager v8.0 solution allows organizations to improve the security of their information systems by capturing comprehensive log data, correlating this data through sophisticated log interpretation and normalization, and communicating results through a dashboard and a full set of audit and compliance reporting.

We discuss the business context of security audit and compliance software for organizations, and we show a typical deployment within a business scenario.

This is the second IBM Redbook covering IBM Tivoli Compliance Insight Manager - the first book being the Compliance Management Design Guide with IBM Tivoli Compliance Insight Manager, SG24-7530.

This IBM Redbooks publication is a valuable resource for security officers, administrators, and architects who wish to understand and deploy a centralized security audit and compliance solution.

Download the Deployment Guide Series: IBM Tivoli Compliance Insight Manager
Publish Date:   February 15, 2008     ISBN Number:   0738485705
Leave Comment  |  Permanent Link  |  Cosmos
Monday, February 11
View Article  Security in Dilbert
by Xavier Ashe on Mon 11 Feb 2008 01:22 PM EST
Leave Comment  |  Permanent Link  |  Cosmos
Tuesday, February 5
View Article  TSOM and TCIM Integration! (TSIEM)
by Xavier Ashe on Tue 05 Feb 2008 12:01 PM EST

Chief Security Officers (CSOs) and Chief Information Security Officers (CISOs) today are focused on prioritizing security initiatives to support their business goals, and on managing technical risk and governance.  Their organizations are challenged to both minimize security-based business disruptions and ensure and demonstrate compliance with privacy regulatory requirements, with a limited set of resources.   Security information and event management (SIEM) technology can provide a solution to these challenges, and provide greater leverage of people and greater visibility of their existing security infrastructure.

IBM offers two SIEM complementary capabilities for the security information and events:

  • A real-time, network event-oriented management dashboard that facilitates attack recognition and incident management
  • An information analysis dashboard to assess how well an organization adheres to its security and governance policies

IBM Tivoli Security Information and Event Manager V1.0 (TSIEM) is comprised of two products:  IBM Tivoli Security Operations Manager V4.1 (TSOM) and IBM Tivoli Compliance Insight Manager V8.5 (TCIM). These products, working together, help you realize the full promise of enterprise SIEM. By centralizing log collection and event correlation across your enterprise, you can leverage an advanced compliance dashboard to link security events and user behavior to your corporate policies.

Tivoli Security Information and Event Manager delivers a comprehensive foundation to help address your SIEM requirements.  As a result, IT organizations can reduce their exposure to security breaches; collect, analyze, and report on compliance events; and manage the complexity of heterogeneous technologies and infrastructures.  TSIEM provides support for numerous applications, operating systems, security products, and network infrastructures, as well as desktop and mainframe systems.

Using TCIM and TSOM together provides the benefits of both products, through their complementary user-centric and network-centric perspectives.  Integration between TSOM and TCIM can provide additional unique capabilities:

  • Identify important audit and administrative events from the network/security infrastructure for privileged user monitoring and compliance reporting.   This leverages the broad network and security product support of TSOM and its correlation capabilities to provide added value auditable events for use in the TCIM privileged user monitoring and audit and compliance reports.
  • Identify network-centric policy violations with TSOM, and forward these high level correlated events to TCIM for consolidated compliance dashboard and reporting and views.  

The integration described in this document provides the foundation to accomplish these two general use cases.  It describes the specific of configuring TSOM to send events to TCIM.

Dowload the Tivoli Security Information and Event Manager: Tivoli Security Operations Manager and Tivoli Compliance Insight Manager Integration Guide

Leave Comment  |  Permanent Link  |  Cosmos
Saturday, February 2
View Article  Pass-The-Hash Toolkit
by Xavier Ashe on Sat 02 Feb 2008 10:03 AM EST
Pass-The-Hash Toolkit v1.2 is available.

What is Pass-The-Hash Toolkit?

The Pass-The-Hash Toolkit contains utilities to manipulate the Windows Logon Sessions maintained by the LSA (Local Security Authority) component. These tools allow you to list the current logon sessions with its corresponding NTLM credentials (e.g.: users remotely logged in thru Remote Desktop/Terminal Services), and also change in runtime the current username, domain name, and NTLM hashes (YES, PASS-THE-HASH on Windows!).

Direct download links:
source code:
http://oss.coresecurity.com/pshtoolkit/release/1.2/pshtoolkit_v1.2_src.tgz
binaries:
http://oss.coresecurity.com/pshtoolkit/release/1.2/pshtoolkit_v1.2.tgz

More info:
http://oss.coresecurity.com/projects/pshtoolkit.htm
http://oss.coresecurity.com/pshtoolkit/doc/index.html

what's new:
http://oss.coresecurity.com/pshtoolkit/release/1.2/WHATSNEW

From Hexale.
Leave Comment  |  Permanent Link  |  Cosmos
Search
Google Search
Translators
Partner Sites
Chat with me
Random Links
Xavier's Monkey
Geekin'
Paris Hilton's Sex Tape
Another Princess Passes
Validate my RSS feed
GeoURL - Find My Neighbors
Office of the National Counterintelligence Executive
Giganews Free 5-day Trial
National ZIP Code Browser and Lookup
The Hitchhiker's Guide to the Galaxy
Coupon-Codes.Net
Doom9.net
mobile17 - Free Ringtone Converter
Georgia Tech Information Security Center
CyberCrime Summit 2006
Images here, images there, images everywhere
Ports Database
FrozenTech's LiveCD List
Tools -- TechnicalInfo.net
Airfarewatchdog.com
Linux Magazine's Tip of the Day
Falling Sand Game
Motivator: Inspire! Motivate! Mock!
Oh My Proxy! - Free Anonymous Browsing and Web Proxy
White Hat Links
All Net Tools - Tool Box - Network
BiDiBLAH
Browser Security Test
CERT Coordination Center
Cellular/Mobile Phone Forensics
Center for Internet Security
CipherTrust - Zombie Statistics
DNS Report
DNS Stuff
FAQ: Firewall Forensics (What am I seeing?)
Foundstone Free Tools
How to Report Internet-Related Crime
Internet Crime Prevention and Control Institute
Key Recovery Utilities and Resources
Micromuse: NETCOOL/NEUSECURE
Network Chemistry - Packetyzer and BlueScanner
Network Situational Awareness (NetSA)
Open Web Application Security Project (OWASP)
Qualys Free Network Security Scanner : Free Security Scan
SANS Institute
Security-Freak.net !
SpamBayes: Windows platform
Sys-Security Group
The Spamhaus Project - DROP
WLSec - Wireless LAN Security Framework
Wikto Web Assessment Tool
trifinite.org - Bluetooth Security
Black Hat Links
AccessDiver
AntiOnline
Astalavista Security Group
BLACKLISTED411.COM
Big bertha says: default passwords
Crackspider.net!
Default Password List
Edge-Security
Firewalk
IE Exploits
InfoHacking
John the Ripper password cracker
MegaSecurity.org
Mezcal :: HTTP request brute force tool
Nomad Mobile Research Centre (NMRC)
Nomad Mobile Research Centre (NMRC)
Password Recovery Software
SnadBoy Software
Spectorsoft - Netbus Keylogger
TheBUGS.ws
Tutorials - Rexploit
WT: Odysseus
Whoppix and WHAX demos
hping security tool
j0hnny's Google Hacks Database
oxid.it
Friends
Avenir - The Writer's Workshop
Dagmar d'Surreal
Day in the life of a DJ named ...
DougMcClure.net
Ex Nihilo Nihil Fit
Flickr: Photos from joethepeacock
Icarus Rising
Keith Landers
Keith Landers
Royal Classic Jams
Sean's Idea Kitchen
Short sighted gluttony
Spontaneous Sociability and The Enthymeme
TankByte
The Security Samurai
Trekking Through The Uncanny Valley
Wain Kellum
Washburn's World
pictures from a robot
Alexa Traffic Counter
Feed Map
Technocrati Chart
Posts that contain "Lazy Genius" per day for the last 60 days.
Technorati Chart
Get your own chart!