The Lazy Genius

Welcome!

Xavier Ashe — Mon, 01 Jan 2007 00:00:00 -0500

Thank you stopping by The Lazy Genius, a security focused Blog from the security architect, Xavier Ashe. Here you will find an abundance of security information, much of which cannot be found through normal news outlets. This site is intended for other security professionals and IT managers that are responsible for their company's security.

Blog is Moving

Xavier Ashe — Sat, 17 May 2008 09:09:48 -0400

I will be updating by site very soon to move to Moveable Type. Please continue to check http://xavier.ashe.com for updates.

Open Call for Audtions

Xavier Ashe — Mon, 12 May 2008 23:31:24 -0400

DigiTribe Productions, LLC (Geekin', After, The Statement of Randolph Carter) is pleased to announce open auditions for our newest feature film project, currently known as "The $1,000 Feature".

The Project: Our goal is to push ourselves to our creative limits and create an entire 90-minute feature film for exactly $1,000. We will be keeping an open production diary throughout filming and publishing the budget as the money dwindles away. The film itself is a dark, violent drama about one man's quest to save a friend. For more information on the 1KF, please check out our website -- www.digitribe.net
Due to the ultra-low budget nature of the film - compensation will be limited to meals, credit & copy.

Characters: Most, but not all, roles are for early 20's to mid 30's, male and female. Further information on roles can be found at: http://www.digitribe.net/projects/1kfeature/audition/roles

When and Where: Auditions will be held Saturday, May 24th from 11:00 AM to 4:00 PM at Eyedrum, located at 290 MLK Jr. Drive, Suite 8, Atlanta, 30312. Performers will be seen on a first come - first served basis.

RSVP: Headshots and resumes will be accepted in advance and can be sent to 1kf-auditions@digitribe.net or PO Box 42 Jonesboro, GA 30237.
Some performers who pre-submit a headshot & resume may be selected for the Priority List. These performers will be notified by email, and will be sent to the head of the line when they arrive at the audition.

Plasma TV components applied to password cracking

Xavier Ashe — Thu, 01 May 2008 08:44:03 -0400

Forget networked PCs or even PlayStation 3s, components commonly found in plasma TVs are the latest thing in password cracking tools.

High performance FPGA (Field Programmable Gate Array) chips are the Chuck Norris of number crunching, equally suited to image processing and (with a bit of modification) password cracking.

During the Black Hat conference in Washington in February researcher Dan Mueller used FPGA kit in an attack that cracks standard GSM transmissions, encrypted using the A5/1 algorithm, in as little as 30 seconds.

The same technology can be applied to crack Bluetooth transmissions in as little as eight seconds, according to security consultancy SecureTest, which ran a demo of the technology at the recent Infosec conference.

Read the full article on The Register.

HP Cuts Investment in their Security Portfolio

Xavier Ashe — Tue, 25 Mar 2008 17:30:10 -0400

Burton Group has specifically commented on HP’s struggle to succeed in this competitive market. Burton Group’s Identity and Privacy Strategies Report, “The Identity Management Market 2007: An Expanding Universe”, Our Catalyst 2007 Keynote “Identity Management Market Landscape 2007: Enabling Security and Control Objectives in the Enterprise”, and our “Vantage Point 2007: Trends in Identity Management” telebriefing, all noted that HP’s ability to compete, mindshare, and market momentum has been in sharp decline.

Burton Group has been contacted by HP customers who report that HP is no longer going to seek new customers for its Identity Center product. We have contacted HP and the company confirms that HP Software has decided to focus its investment in identity management products exclusively on existing customers and not on pursuing additional customers or market share. HP is in the process of reaching out to each customer regarding the change. Last week Burton Group spoke to HP Software Vice President of Products Eric Vishria regarding this development.

Vishria explained that the Identity Center product line was not performing in this highly competitive market at a level that’s acceptable to HP, but added that the product supports the operations of a number of HP’s critical customers. HP has therefore made the decision to focus research and development efforts on existing customers only.

This was posted on the Burton's Group Identity Blog. Interesting stuff, read more:

Customers of other IdM vendors and customers considering new IdM deployments should also be carefully scrutinizing this announcement. As the market becomes increasingly competitive it is imperative that customers evaluate the viability and long-term strategy of their existing and potential IdM vendors. Burton Group predicts that the market will see continued, or even increased, consolidation in coming months.

You need a Mercedes Benz

Xavier Ashe — Thu, 20 Mar 2008 23:05:52 -0400

I am selling my Benz. Who wants it? $500 off the edmunds.com price by mentioning this blog.

2003 MERCEDES C320
Price:$18,268
Mileage:77,129
Color:Black
Doors:4
Features:
Air Bag, Air Conditioning, Anti-Lock Brakes, CD player, Heated Seats, Leather Interior, Power Seats, Power Steering, Power Windows, Security Features, Side Impact Air Bags, Sunroof, Traction Control

Additional Comments:
This car has served me well, but I am getting married and need to get a bigger car (more kids!). It is priced to move. It's in near perfect condition. This is a very fun drive. Give us a call to schedule a test drive any time (we work from home). More details: AM/FM Stereo; Multi-CD Changer; Cassette; Premium Audio System (Bose); 4-Wheel Anti-Lock Brakes; Dual Control Air Conditioning; Alloy Wheels; Cruise Control; Front And Rear Head Air Bags; Rear Window Defroster; Power Seats; Leather Seats; Power Door Locks; Power Heated Mirrors; Power Windows; Power Steering; Front And Rear Side Air Bags; Sunroof/Moonroof; Tinted Glass; Power Tilt Wheel; Bucket Seats; Fog Lights; Lighted Entry System; Automatic Climate Control; Memory Driver And Passenger Seats; Power Telescopic Steering Wheel; Clock; Trip Computer; Stability Control; Anti-Theft Alarm System; Rear Bench Seat; Remote Trunk Release; Leather Steering Wheel Trim; Center Console; Garage Door Opener; Keyless Entry System; Wood Interior Trim; 16 Inch Wheels; 3.2L V6 SOHC 18V FI Engine; Tachometer; Traction Control; Audio Steering Wheel Controls; Leather Shift Knob Trim; Intermittent Wipers; Daytime Running Lights; Turn Signal Mirrors Contact Xavier Ashe 404-229-8905, xashe@digitribe.net

Cult of the Dead Cow Releases Goolag

Xavier Ashe — Sun, 09 Mar 2008 10:56:13 -0400

Cult of the Dead Cow, or cDc, an old-school hacking crew famous for its anti-censorship stance, has shipped a new tool that turns the Google search engine into an easy-to-use vulnerability scanner.

Taking its cue from Johnny Long's Google Dorks—search queries that reveal sensitive information—cDc's new Goolag Scan pushes the envelope even more, offering a stand-alone Windows GUI-based application to power the searchers.

The open-source program comes with about 1,500 custom Google search queries embedded by default to run searches for vulnerable Web applications, misconfigured Web servers with open backdoors, sensitive user names and passwords, and other documents accidentally exposed on the Internet.

"It's no big secret that the Web is the platform," said Oxblood Ruffin, a spokesperson for the hacker think tank. "This platform pretty much sucks from a security perspective. Goolag Scanner provides one more tool for Web site owners to patch up their online properties.

"We've seen some pretty scary holes through random tests with the scanner in North America, Europe and the Middle East. If I were a government, a large corporation, or anyone with a large Web site, I'd be downloading this beast and aiming it at my site yesterday. The vulnerabilities are that serious," Ruffin said.

The utility ships as a .Net program that can be manually configured to power Google queries for specific servers or for an entire set of domains.

For example, a business can ask Goolag Scan to search for vulnerable servers or "files containing juicy information" on all its Web sites, turning the scanner into a useful auditing tool.

News report from eWeek. Try Goolag now.

Bejtlich points out Gartner Wisdom

Xavier Ashe — Sun, 09 Mar 2008 10:28:25 -0400

2003: "IDSs [intrusion detection systems] have failed to provide value relative to its costs and will be obsolete by 2005." (Gartner, "Gartner Information Security Hype Cycle Declares Intrusion Detection Systems a Market Failure")

2008: "Our adversaries are very adept at hiding attacks in normal traffic. The only true way to protect our networks is to have an intrusion detection system." (Robert Jamison, Under Secretary of the National Protection and Programs Directorate at DHS)

From TaoSecurity.

Funny "Hacking" Story

Xavier Ashe — Tue, 04 Mar 2008 16:54:35 -0500

After a bit more back-and-forth about how he could "just answer any questions I had right now", the sales rep pointed me to their sample ads, a 7mb PDF with sixteen pages of seemingly real companies, all with the same phone number (555-555-5555) and the same website (00000000000.com). Somehow, that didn't convince me to "invest" several hundred dollars, so the salesman faxed over some more inforation with a single, real ad.

As I eagerly waited for the follow-up call later that day, I thought I'd take a minute or two to check out their website. Almost immediately, I came across their Federal Procurement Officers Only page. Out of curiousity, I entered a username and password, and then clicked the Login button. Instantly, a JavaScript dialog popped-up...

Since there's really only one thing that could cause such a dialog to pop-up so fast, I checked the source code...

Entertaining story posted on The Daily WTF.

It's official: Pirates crack Vista at last

Xavier Ashe — Mon, 03 Mar 2008 14:21:07 -0500

A genuine crack for Windows Vista has just been released by pirate group Pantheon, which allows a pirated, non-activated installation of Vista (Home Basic/Premium and Ultimate) to be properly activated and made fully-operational.

Unlike cracks which have been floating around since Vista RTM was released in late November, this crack doesn’t simply get around product activation with beta activation files or timestop cracks - it actually makes use of the activation process. It seems that Microsoft has allowed large OEMs like ASUS to ship their products with a pre-installed version of Vista that doesn’t require product activation – apparently because end users would find it too inconvenient.

Best practices for IT security management

Xavier Ashe — Tue, 26 Feb 2008 12:11:03 -0500

The nuts and bolts of an information risk management (IRM) framework are best put in place long before you install the technology. But it's never too late to mitigate business risk by working out the mechanics of functions, requirements and controls. Discover and report on the right priorities, and you can construct a framework for making well-informed decisions.

Read Five steps to building information risk management frameworks and Developing Controls for People, Processes and Technology by Forrester analyst Khalid Kark who details how to build a sound IRM solution in your organization, including:

			Defining domains for your IRM framework
			Three questions to ask when assessing the criticality of IRM requirements
			Overcoming two significant challenges in defining security metrics programs
			Converging physical and logical security through process collaboration

Kark is a principal analyst at Forrester Research. His research focuses on information risk management strategy, governance, best practices, measurement and reporting.

This expert advice is part of a continuing series on IBM best practices for IT security management. IBM security services and solutions such as Tivoli®, Internet Security Systems™, and Rational® enable customers to better manage their infrastructure, operations and IT processes.

PCI compliance drives identity management spending, says IBM's GRC chief

Xavier Ashe — Tue, 19 Feb 2008 15:58:18 -0500

Great interview with Kristin Lovejoy, the director of IBM Governance and Risk Management Strategy over at Information Security Magazine.

When Consul was acquired, how difficult was the technology integration?
Kristin Lovejoy: There was a good bit of integration work that had to occur. Most of it was around assuring that the product offering met the scalability requirements that had to be defined by IBM. IBM's acquisition of the technology undergoes a blue-washing process. The blue washing process assures that the technology sold to IBM customers are not packaged with any kind of code that is not documented—no open source components. Also the database infrastructure had to be reworked and released for DB2.

You've been viewed as a leader in driving the implementation of auditing as a required step in identity and access management. Talk about the importance of auditing.
Lovejoy: Of course it was Sarbanes Oxley where the concept was initiated. Section 404 required organizations to not only look at their business controls but also their IT controls. It points to a requirement that organizations adopt a control framework within the finance, accounting organization, making sure there's no conflict of interest. Sarbanes Oxley made people say trust is ok but now I have to verify. We saw a lot of companies want to be able to monitor privileged users such as database administrators and developers. They wanted to ensure that those that were working in the preproduction environment were only working in the preproduction environment.

In addition to Sarbanes Oxley, there have been over time lots of requirements like PCI DSS and HIPPA that requires you to do audit logging. These requirements, which always said you need to maintain the logs, are now beginning to indicate that it's not simply collecting logs, but you also have to be able to review the activity in logs and identify areas potentially anomalous activity.

New IBM Redbook - Deployment Guide Series: IBM Tivoli Compliance Insight Manager

Xavier Ashe — Tue, 19 Feb 2008 11:03:36 -0500

In order to comply with government and industry regulations, such as Sarbanes-Oxley, Gramm-Leach-Bliley, and COBIT, enterprises have to constantly detect, validate, and report unauthorized change and out-of-compliance actions on their IT infrastructure.

The Tivoli Compliance Insight Manager v8.0 solution allows organizations to improve the security of their information systems by capturing comprehensive log data, correlating this data through sophisticated log interpretation and normalization, and communicating results through a dashboard and a full set of audit and compliance reporting.

We discuss the business context of security audit and compliance software for organizations, and we show a typical deployment within a business scenario.

This is the second IBM Redbook covering IBM Tivoli Compliance Insight Manager - the first book being the Compliance Management Design Guide with IBM Tivoli Compliance Insight Manager, SG24-7530.

This IBM Redbooks publication is a valuable resource for security officers, administrators, and architects who wish to understand and deploy a centralized security audit and compliance solution.

Download the Deployment Guide Series: IBM Tivoli Compliance Insight Manager
Publish Date: February 15, 2008 ISBN Number: 0738485705

Security in Dilbert

Xavier Ashe — Mon, 11 Feb 2008 13:22:47 -0500

TSOM and TCIM Integration! (TSIEM)

Xavier Ashe — Tue, 05 Feb 2008 12:01:02 -0500

Chief Security Officers (CSOs) and Chief Information Security Officers (CISOs) today are focused on prioritizing security initiatives to support their business goals, and on managing technical risk and governance. Their organizations are challenged to both minimize security-based business disruptions and ensure and demonstrate compliance with privacy regulatory requirements, with a limited set of resources. Security information and event management (SIEM) technology can provide a solution to these challenges, and provide greater leverage of people and greater visibility of their existing security infrastructure.

IBM offers two SIEM complementary capabilities for the security information and events:

A real-time, network event-oriented management dashboard that facilitates attack recognition and incident management
An information analysis dashboard to assess how well an organization adheres to its security and governance policies

IBM Tivoli Security Information and Event Manager V1.0 (TSIEM) is comprised of two products: IBM Tivoli Security Operations Manager V4.1 (TSOM) and IBM Tivoli Compliance Insight Manager V8.5 (TCIM). These products, working together, help you realize the full promise of enterprise SIEM. By centralizing log collection and event correlation across your enterprise, you can leverage an advanced compliance dashboard to link security events and user behavior to your corporate policies.

Tivoli Security Information and Event Manager delivers a comprehensive foundation to help address your SIEM requirements. As a result, IT organizations can reduce their exposure to security breaches; collect, analyze, and report on compliance events; and manage the complexity of heterogeneous technologies and infrastructures. TSIEM provides support for numerous applications, operating systems, security products, and network infrastructures, as well as desktop and mainframe systems.

Using TCIM and TSOM together provides the benefits of both products, through their complementary user-centric and network-centric perspectives. Integration between TSOM and TCIM can provide additional unique capabilities:

Identify important audit and administrative events from the network/security infrastructure for privileged user monitoring and compliance reporting. This leverages the broad network and security product support of TSOM and its correlation capabilities to provide added value auditable events for use in the TCIM privileged user monitoring and audit and compliance reports.
Identify network-centric policy violations with TSOM, and forward these high level correlated events to TCIM for consolidated compliance dashboard and reporting and views.

The integration described in this document provides the foundation to accomplish these two general use cases. It describes the specific of configuring TSOM to send events to TCIM.

Dowload the Tivoli Security Information and Event Manager: Tivoli Security Operations Manager and Tivoli Compliance Insight Manager Integration Guide

Pass-The-Hash Toolkit

Xavier Ashe — Sat, 02 Feb 2008 10:03:35 -0500

Pass-The-Hash Toolkit v1.2 is available.

What is Pass-The-Hash Toolkit?

The Pass-The-Hash Toolkit contains utilities to manipulate the Windows Logon Sessions maintained by the LSA (Local Security Authority) component. These tools allow you to list the current logon sessions with its corresponding NTLM credentials (e.g.: users remotely logged in thru Remote Desktop/Terminal Services), and also change in runtime the current username, domain name, and NTLM hashes (YES, PASS-THE-HASH on Windows!).

Direct download links:
source code:
http://oss.coresecurity.com/pshtoolkit/release/1.2/pshtoolkit_v1.2_src.tgz
binaries:
http://oss.coresecurity.com/pshtoolkit/release/1.2/pshtoolkit_v1.2.tgz

More info:
http://oss.coresecurity.com/projects/pshtoolkit.htm
http://oss.coresecurity.com/pshtoolkit/doc/index.html

what's new:
http://oss.coresecurity.com/pshtoolkit/release/1.2/WHATSNEW

From Hexale.

Tivoli Security Information and Event Manager

Xavier Ashe — Tue, 29 Jan 2008 11:22:48 -0500

This product offering is the next evolution of what I've been doing at IBM. Finally, a public announcement!!

IBM Tivoli Security Information and Event Manager V1.0 helps IT security organizations obtain valuable security insights that your organization can act on, by:

    * Facilitating compliance by using centralized dashboard and reporting capabilities.
    * Helping to protect intellectual property and privacy by auditing the behavior of all users — privileged and nonprivileged.
    * Managing security operations effectively and efficiently with centralized security event correlation, prioritization, investigation, and response.

IBM Tivoli Security Information and Event Manager V1.0 offers:

    * Integration and exchange of events between IBM Tivoli Security Operations Manager and IBM Tivoli Compliance Insight Manager correlation engines.
    * New endpoint pricing for both security incident and audit log collection.

Security information and event management (SIEM) is a primary concern of CIOs and CSOs in many enterprises and organizations. There is a need to centralize security-relevant events and analyze the consolidated data to obtain valuable security and compliance insights.

IBM offers two complementary perspectives on SIEM:

    * A real-time, network event-oriented management dashboard that facilitates attack recognition and security incident management.
    * An information analysis dashboard to monitor how well an organization adheres to its security and governance policies.

IBM Tivoli® Security Information and Event Manager V1.0 is comprised of two products that work closely together to help realize the full promise of enterprise SIEM: IBM Tivoli Security Operations Manager V4.1 and IBM Tivoli Compliance Insight Manager V8.5. Now you can centralize log collection and event correlation across the enterprise, and can leverage an advanced compliance dashboard and regulatory compliant reports to link security events and user behavior to corporate policies.

Tivoli Security Information and Event Manager V1.0 delivers a foundation from which to address your SIEM requirements — now and into the future. As a result, IT organizations can lower their exposure to security breaches; control the costs of collecting, analyzing, and reporting on compliance related events; and manage the complexity of heterogeneous technologies and infrastructures. IBM Tivoli Security Information and Event Manager offers end-to-end capabilities including:

    * Security compliance dashboard.
    * Security operations dashboard for security incident management.
    * Real-time log aggregation, correlation, and analysis of security incidents.
    * IT operations integration.
          o Recognize, investigate, and respond to security incidents automatically.
          o Streamline incident tracking, handling, and resolution.
    * Mainframe, operating system, application, and database audit analysis.
    * Privileged user monitoring and auditing (PUMA).
    * Log management reporting.

Hackers Hit Scientology With Online Attack

Xavier Ashe — Mon, 28 Jan 2008 17:01:00 -0500

A group of hackers calling itself "Anonymous" has hit the Church of Scientology’s Web site with an online attack.

The attack was launched Jan. 19 by Anonymous, which is seeking media attention to help "save people from Scientology by reversing the brainwashing," according to a Web page maintained by Anonymous.

Anonymous claims to have knocked the Church’s Web site offline with a distributed denial-of-service attack, in which many computers bombard the victim’s server with requests, overwhelming it with data in the hope of ultimately knocking the system offline. True to its name, Anonymous does not disclose the true identities of its members.

The attacks were spurred by the Church’s efforts to remove video of movie star Tom Cruise professing his admiration for the religion, according to an Anonymous video manifesto posted to Youtube.

Heh. Awesome. I mean.... HACKING IS BAD. You shouldn't do this. Even to people who had it coming. Read more.

Metasploit Project Releases version 3.1

Xavier Ashe — Mon, 28 Jan 2008 09:10:10 -0500

The Metasploit Project announced today the free, world-wide availability of version 3.1 of their exploit development and attack framework. The latest version features a graphical user interface, full support for the Windows platform, and over 450 modules, including 265 remote exploits. "Metasploit 3.1 consolidates a year of research and development, integrating ideas and code from some of the sharpest and most innovative folks in the security research community" said H D Moore, project manager. Moore is referring the numerous research projects that have lent code to the framework.

These projects include the METASM pure-ruby assembler developed by Yoann Guillot and Julien Tinnes, the "Hacking the iPhone" effort outlined in the Metasploit Blog, the Windows kernel-land payload staging system developed by Matt Miller, the heapLib browser exploitation library written by Alexander Sotirov, the Lorcon 802.11 raw transmit library created by Joshua Wright and Mike Kershaw, Scruby, the Ruby port of Philippe Biondi's Scapy project, developed by Sylvain Sarmejeanne, and a contextual encoding system for Metasploit payloads. "Contextual encoding breaks most forms of shellcode analysis by encoding a payload with a target-specific key" said I)ruid, author of the Uninformed Journal (volume 9) article and developer of the contextual encoding system included with Metasploit 3.1.

Read the full announcement here. The new GUI is pretty slick. This is my most common tool when testing my security implementations. I use Cain & Abel a lot also. Anyway, I am glad to see the project is still moving forward nicely.

Bill Gates’ last day at Microsoft (spoof)

Xavier Ashe — Thu, 10 Jan 2008 09:34:01 -0500

A video spoof shown during the CES 2008 keynote by Bill Gates about his last full day at Microsoft in July starring himself, Brian Williams, Steve Ballmer, Matthew McConaugheyr, Robbie Bach, Jay-Z, Bono, Steven Spielberg, George Clooney, Jon Stewart, Kevin Turner, Hillary Clinton, Barack Obama, Al Gore, Ray Ozzie and Craig Mundie,

Amazing who they can call for a guest appearance in the name of Bill Gates.

IBM digs into security management

Xavier Ashe — Thu, 10 Jan 2008 09:29:53 -0500

IBM is aggressively expanding its security portfolio in hopes of becoming the de facto source of advice and technology for businesses looking to adopt high-level IT governance and risk management strategies -- a transformation among customers that officials at Big Blue cite as both ongoing and inevitable.

As the waves of security threats and data management regulations have washed ashore and left organizations struggling to balance perimeter and internal security concerns with mounting obligations to protect highly-valuable data, companies are being forced to take more of a top-down approach that addresses broad sets of IT-oriented risks, versus individual problems, IBM officials maintain.

And while a host of players ranging from security software makers to massive IT consultants have begun marketing themselves as those best suited to help customers embrace a governance and risk management approach, IBM executives claim that their firm's mix of technology, services and partnerships place it at the top of any list of providers capable of helping organizations prepare their security operations for the future.

"We feel that we're ahead of the curve and driving forward our ability to meet these needs, some of which that might not yet have emerged from a broad perspective," said Kris Lovejoy, IBM's director of corporate security strategy.

"We feel that we are creating security risk management capabilities and have an opportunity to commoditize them in a way that can be leveraged at large," she said. "From an overall strategic perspective, that doesn't mean that customers are ready to stand up en masse right now and require everything we've built, but we're actively trying to extend the portfolio in advance of that trend."

...

Great article over at InfoWorld.

FAA: Boeing's New 787 May Be Vulnerable to Hacker Attack

Xavier Ashe — Thu, 10 Jan 2008 09:12:23 -0500

Boeing's new 787 Dreamliner passenger jet may have a serious security vulnerability in its onboard computer networks that could allow passengers to access the plane's control systems, according to the U.S. Federal Aviation Administration.

The computer network in the Dreamliner's passenger compartment, designed to give passengers in-flight internet access, is connected to the plane's control, navigation and communication systems, an FAA report reveals.

The revelation is causing concern in security circles because the physical connection of the networks makes the plane's control systems vulnerable to hackers. A more secure design would physically separate the two computer networks. Boeing said it's aware of the issue and has designed a solution it will test shortly.

"This is serious," said Mark Loveless, a network security analyst with Autonomic Networks, a company in stealth mode, who presented a conference talk last year on Hacking the Friendly Skies (PowerPoint). "This isn’t a desktop computer. It's controlling the systems that are keeping people from plunging to their deaths. So I hope they are really thinking about how to get this right."

Teen Calls Bush’s Secret Phone; Creates Security Scare

Xavier Ashe — Thu, 13 Dec 2007 20:22:45 -0500

An Icelandic teen, MSNBC reports, figured out President Bush’s private phone number, and called it recently, leaving a message saying he was the president of Iceland and wanted Bush to call him back. When police visited the teen, after being alerted by Secret Service, he would not say how he learned the top-secret number. Big Head DC is speculating that he somehow deciphered the code from when Jenna Bush called her parents during a recent taping of the Ellen show.

From Big Head DC.

Microsoft wireless keyboards crypto cracked

Xavier Ashe — Tue, 04 Dec 2007 15:42:19 -0500

Security researchers have cracked the rudimentary encryption used in a range of popular wireless keyboards.

Bluetooth is increasingly becoming the de-facto standard for wireless communication in peripheral devices and is reckoned to be secure. But some manufacturers such as Logitech and Microsoft rely on 27 MHz radio technology which, it transpires, is anything but secure.

Using nothing more than a simple radio receiver, a soundcard and suitable software, Swiss security firm Dreamlab Technologies managed to capture and decode the radio communications between a keyboard and a PC. The attack opens the way up to all sorts of mischief including keystroke logging to capture login credentials to online banking sites or email accounts.

Dreamlab cracked the encryption key used within Microsoft Wireless Optical Desktop 1000 and 2000 keyboards. As most products in Microsoft's wireless range are based on the same technology other products are likely to be insecure. Max Moser and Phillipp Schrödel of Dreamlab Technologies succeeded in eavesdropping traffic from a distance of up to ten meters using a simple radio receiver. More sensitive receivers may make it possible to capture keystrokes over larger distances.

Read the full article on The Register.

Blog Reading Level

Xavier Ashe — Sat, 01 Dec 2007 19:55:05 -0500

Guide for Mapping Types of Information and Information Systems to Security Categories

Xavier Ashe — Fri, 09 Nov 2007 13:07:06 -0500

Draft Special Publication 800-60 Revision 1, Volume I: Guide for Mapping Types of Information and Information Systems to Security Categories and Volume II: Appendices to Guide for Mapping Types of Information and Information Systems to Security Categories, is now available for public comment at http://csrc.nist.gov/publications/PubsDrafts.html. The draft revision to Volume I contains the basic guidelines for mapping types of information and information systems to security categories. The appendices contained in draft Volume II include security categorization recommendations and rationale for mission-based and management and support information types

'Unbreakable' BD+ Blu-ray protection cracked

Xavier Ashe — Fri, 09 Nov 2007 10:46:12 -0500

A software firm reckons it has definitely cracked the forthcoming BD+ copy protection on Blu-ray discs even though Sony says it has beefed up the protocols involved.

Confident developer SlySoft says it has the ability to get round the Blu-ray camp's latest security protocol - despite its latest AnyDVD software only cracking Blu-ray's older security system, AACS (Advanced Access Content System). Currently, Blu-ray disks are digitally encrypted using that system, also used by the HD DVD camp. But BD+ is a new layer of security that is exclusive to Blu-ray.

Blu-ray: not so tough

"We already found a way to crack BD+ and we have just turned to fine-tuning," said James Wong, SlySoft's head of development in a statement. "I should really think about hiring a bodyguard now, since this product won't please everybody."

Read the full article on Tech.co.uk.

More feedback about IBM Security

Xavier Ashe — Sat, 03 Nov 2007 12:32:08 -0400

I am getting word if more and more coverage on these announcements that IBM made on Thursday. Here are a few excerpts from new stories:

Investor's Business Daily: "It's an extremely ambitious strategy but also one that plays well to some of the company's fundamental strengths," said analyst Charles King, of research firm Pund-IT, whose clients include IBM. It "does very well at developing end-to-end solutions and its view of enterprise IT is quite sweeping in comparison to some of its competitors."

eWEEK: "We've been seeing the security market itself lurch form headline to headline, and customers in particular need to stop thinking about their strategy in terms of the latest crisis," said Lovejoy. "We're trying to elevate risk management above other security conversation; starting with PCI fits that mold well, because it dovetails with this concept of starting with a risk management plan."

Investor's Business Daily: "The more we engage with our clients, the more it becomes clear that security as it has been until now is broken," said Val Rahmani, general manager of infrastructure management services for IBM Global Technology Services. "Many clients have 32 different vendors doing security for them. Who can manage 32 different vendors doing related aspects of the same thing?"

InfoWorld: "[IBM is] in a position that few others in IT can match or challenge when it comes to having a fairly complete story across multiple aspects of enterprise IT and systems integration—but security had long been an obvious gap in that story," said Scott Crawford, an analyst with Enterprise Management Associates. "What they are pushing towards with this announcement is a strategy that takes a more comprehensive approach to security across multiple fronts. With the rise of focus on a more strategic approach to GRC, I would expect more vendors to take a more strategic approach to the IT security and risk management market," he continued. "This is an example of a company that can take on such an initiative with more credibility than many."

And we also have some video and radio coverage:

Bloomberg
NBC (18 Clips)
ABC (14 Clips)
WCBS (radio):

IBM Security, a good place to be right now!

Xavier Ashe — Thu, 01 Nov 2007 15:40:56 -0400

NYTimes.com - IBM Plans Major Security Initiative
Bloomberg - IBM Plans to Spend $1.5B to Help Customers Secure Data
ZDNet - IBM touts enterprises free of fear and $1.5B security spend
SearchSecurity.com - IBM to boost security spending, push PCI DSS program
Internetnews.com - IBM: Security Is Our Brand
HardOCP - IBM Announces End-to-End Solution for PCI Compliance

Just to name a few... So, yeah, I've been busy. I am now working on both Tivoli Security Operations Manager (TSOM) and Tivoli Compliance Insight Manager (TCIM). These products work very well together in what is dubbed "The IBM SIEM Solution". The articles above speak of Tivoli and Watchfire (part of the Rational brand) in Software Group and ISS in Global Technology Services. So the $1.5B will be spread around a bit.

The comforting thing is that IBM is making a significant investment into allowing it's recent acquisitions (Consul, Micromuse, ISS, Watchfire) work together to meet the customer's needs. No longer will people doubt me when I say "I'm a security guy" and "I work for IBM" together.

Here's the official press releases:

Developer deploys graphics cards to accelerate password cracks

Xavier Ashe — Wed, 24 Oct 2007 09:07:47 -0400

Nvidia's GeForce 8 series of graphics chips can be used to crack Windows NT LAN Manager (NTLM) passwords 25 times more quickly than was previously possible, security software developer Elcomsoft has claimed.

The Russia-based company this week announced the second major release of its Distributed Password Recovery application, a tool designed to recover forgotten or lost passwords for a wide range of application and document types, including PDP-protected ZIP files, Adobe Acrobat PDFs, Lotus Notes ID files and Microsoft Office documents.

Elcomsoft admits its software uses "brute force" to crack a file's password, thus exposing the lost key to the user. The technique essentially tries all possible password combinations until it finds the one that fits. It works, but it's time time-consuming.

"Using a modern dual-core PC you could test up to 10m passwords per second," Elcomsoft said, "and perform a complete analysis in two months."

But use a GeForce 8 series card and Nvidia's Compute Unified Device Architecture (CUDA) tools to run the cracking algorithms on the GPU rather than the CPU, and you can finish up in 3-5 days, the developer claimed.

"Since high-end PC mother boards can work with four separate video cards, the future is bright for even faster password recovery applications," it added.

CUDA was launched almost a year ago to enable scientists and engineers to use graphics cards typically aimed at gamers for more serious number-crunching applications. The GeForce 8 series of GPUs went on sale in March 2007.

From The Register.