Nice tool

On the Security Response Weblog I found a nice article describing the (quite extensive) interface used by spammers to control the execution of their work. Even they have to do serious bookkeeping for their clients.

Advertisements

TSA Drops the Crypto Ball

The TSA dropped the ball this week by losing a laptop full of payroll data. I’d expected the TSA to know better, but on the other hand…

It all boils down to this:

“TSA dropped the ball when they chose to ignore recommendations set
forth by OMB to encrypt sensitive information,” said Rep. Bennie
Thompson, D-Miss., the chairman of the Homeland Security Committee.
“This is not a technological problem but a management one.”

There were times when it was taxing to have your entire hard-disk encrypted. It took a lot of effort to configure and at the same time it made your laptop as speedy as a brick. On the current dual-core laptop I own, you do not really know that the disc is encrypted. If you disregard the “please enter passphrase” question at the beginning.

Seriously, this really is a management issue or security issue. Apparently it’s very hard to make everybody truely understand that it’s a requirement. But I suspect we will see more of this in the years to come.

http://www.mercurynews.com/politics/ci_6388676

TCPDump packet parsing offsets

It’s always quite hard to get to the correct offset if you want to base your bpf filter on some obscure value somewhere in the IP, TCP or UDP header.

jquinby has compiled a nice list of all the ways in which you can get to each field.

One I use regularly is

tcpdump -i eth0 -n -l ‘ip[8]=61’

to capture some traffic behind our routers whose ip addresses are from too wide a range. This is quicker.

Technorati Tags:

TCPDump packet parsing offsets

It’s always quite hard to get to the correct offset if you want to base your bpf filter on some obscure value somewhere in the IP, TCP or UDP header.

jquinby has compiled a nice list of all the ways in which you can get to each field.

One I use regularly is

tcpdump -i eth0 -n -l ‘ip[8]=61’

to capture some traffic behind our routers whose ip addresses are from too wide a range. This is quicker.

Scammers make friends with charities

Interesting:

Scammers make friends with charities:

Carders attempting to verify that a stolen credit card is legitimate and active have begun donating money to charity. By attempting to pay small amounts of money to various charities, including well known charities such as the Red Cross, carders can determine if a stolen credit card is valid depending on the success or failure of the transaction.

There are likely a number of reasons that this method may be becoming more popular. For instance, bank behavior monitors may be less likely to pick up on donations to charities. Legitimate charitable donations are not daily transactions for anyone with a credit card, and so it would be difficult to determine if they are out of the norm. As such, it wouldn’t be too surprising to see this trend grow. I guess the one thing to note here though is that at least some of the stolen money is going to a good cause.

It sure is a way around the anti-fraud detection in place at the various creditcard companies. I wonder what their counter measure will be.

Technorati Tags:

Enable C2 Security Audits on Solaris

This is a tip I’ve found on the SysAd Blog:

Enable C2 Security Audits on Solaris:
It’s always a good idea to monitor activity on your server or workstation. Solaris provides a C2 auditing level system, which is the Basic Security Module (BSM). It’s enabled by running the bsmconv command. Here’s an example.

# cd /etc/security
# ./bsmconv
This script is used to enable the Basic Security Module (BSM).
Shall we continue with the conversion now? [y/n] y
bsmconv: INFO: checking startup file.
bsmconv: INFO: move aside /etc/rc2.d/S92volmgt.
bsmconv: INFO: turning on audit module.
bsmconv: INFO: initializing device allocation files.

The Basic Security Module is ready.
If there were any errors, please fix them now.
Configure BSM by editing files located in /etc/security.
Reboot this system now to come up with BSM enabled.

#init 6

By the way, the binary audit files (default directory /var/audit) are a bit cryptic. Use the praudit command to convert files to a ASCII format. Also, the /etc/rc2.d/S92volmgt file was moved to /etc/security/spool.

Technorati Tags: ,