tag:blogger.com,1999:blog-9222823941653971224.comments2024-03-28T04:24:14.785-07:00Technicalinfo.net BlogGunter Ollmannhttp://www.blogger.com/profile/00872922499284887206noreply@blogger.comBlogger105125tag:blogger.com,1999:blog-9222823941653971224.post-74197914137968565392019-01-09T01:44:25.450-08:002019-01-09T01:44:25.450-08:00Hi Gunter,
I really love your stories. I was not ...Hi Gunter,<br /><br />I really love your stories. I was not into deep programming at that time but i can remember my struggles to use my parents telephone line to dial-in into BBS's. It was a daily war to get that line available. I eventually moved my connection time to the night time when nobody was using it. Spending hours and hours to download midi files and creative photo's :-)<br /><br />I have also fond memories of copying games on floppy's and subsequently infecting my friends computers with unwanted virii. Learning the ropes of fixing OS's, pulling computers apart, trading pirate software. Yes, those were the days.Janhttps://www.blogger.com/profile/00943945111859146894noreply@blogger.comtag:blogger.com,1999:blog-9222823941653971224.post-73473462652596613962019-01-07T17:03:05.445-08:002019-01-07T17:03:05.445-08:00Glad it triggered some fun memories! Funny you men...Glad it triggered some fun memories! Funny you mentioned BBS... tomorrows blog covers my BBS days.Gunter Ollmannhttps://www.blogger.com/profile/00872922499284887206noreply@blogger.comtag:blogger.com,1999:blog-9222823941653971224.post-54299290371005087812019-01-07T14:38:20.067-08:002019-01-07T14:38:20.067-08:00that was a fun read, thank you... and being that I...that was a fun read, thank you... and being that I am OLD enough to live through all that, I may have actually funded your cohorts for hacks and cheats back in them days. <br />I too had a C64 and graduated to an IBM clone XT that I ran a WWIV BBS on... also lots of reverse engineering and recompiling that Turbo C+ code to personalize my site.... uniquely named: Rob's BBS.<br />I enjoyed the "Public Domain" software world out there and tinkered with re-engineering some of those warez. I wore a black hat back then... making disks available that would take down competing BBS modems, not real proud of that, but everything was Hayes compatible :)<br /><br />Sorry to ramble... but you triggered some serious nostalgic in me.Anonymoushttps://www.blogger.com/profile/08530982818537889155noreply@blogger.comtag:blogger.com,1999:blog-9222823941653971224.post-55356379945156736132015-04-16T21:13:13.183-07:002015-04-16T21:13:13.183-07:00Not only will automation help infosec, but so will...Not only will automation help infosec, but so will the new waves of the unemployed who can't do anything worth $15/hr. They will live in their parent's basements running script kiddy attacks on systems. Thus, we'll not only have more devices to defend, we'll have more adversaries to defend against.<br />Robert Grahamhttps://www.blogger.com/profile/09879238874208877740noreply@blogger.comtag:blogger.com,1999:blog-9222823941653971224.post-36110411576092319282014-08-01T06:18:29.102-07:002014-08-01T06:18:29.102-07:00Well stated. I refuse to have any of these devices...Well stated. I refuse to have any of these devices in my home for precisely this reason. The risk/reward equation is sorely out-of-balance.JBhttps://www.blogger.com/profile/13039774931769542332noreply@blogger.comtag:blogger.com,1999:blog-9222823941653971224.post-58895141101162579152014-02-19T02:59:59.194-08:002014-02-19T02:59:59.194-08:00I have gone thought your blog. It is nice and help...I have gone thought your blog. It is nice and helpful blog. I really like your blog.Anonymoushttps://www.blogger.com/profile/17136017862423246052noreply@blogger.comtag:blogger.com,1999:blog-9222823941653971224.post-61940025681315323642014-02-14T22:34:21.764-08:002014-02-14T22:34:21.764-08:00Gunter, I am happy for you that your matter is sol...Gunter, I am happy for you that your matter is solved in a pleasant way. I think there should be security measure form the google so the people who are trying to dropping the SEPRs on other’s blogs and websites should be banned and we should also start a private campaign to stop this idiotic thing.Anonymoushttps://www.blogger.com/profile/02559061556322424791noreply@blogger.comtag:blogger.com,1999:blog-9222823941653971224.post-27462027759708234582013-12-11T15:07:01.294-08:002013-12-11T15:07:01.294-08:00Taking the CISSP test is not the worst of it. It&#...Taking the CISSP test is not the worst of it. It's the ongoing requirements to maintain your CISSP in good standing.RiskPundithttps://www.blogger.com/profile/07829413010928581199noreply@blogger.comtag:blogger.com,1999:blog-9222823941653971224.post-84466136045396747522013-12-08T00:10:41.852-08:002013-12-08T00:10:41.852-08:00Wouldn't this encourage organisations not to i...Wouldn't this encourage organisations not to invest in security until a data breach occurs, at which point they know they can then invest 50% of their fine into getting their security right?<br /><br />The auto industry (yeah, sorry) uses lawsuits plus product recalls to fix their failures. Could we do the same for data breaches: receive a fine and take down your website _until_ the flaws are addressed?<br />Stephen de Vrieshttps://www.blogger.com/profile/09586014869632925100noreply@blogger.comtag:blogger.com,1999:blog-9222823941653971224.post-76446678402462108872012-11-27T19:51:53.952-08:002012-11-27T19:51:53.952-08:00It is pretty ineresting that POS and card readers ...It is pretty ineresting that POS and card readers that they have a good benifits for the business .Well thanks for sharing this you gave an idea to us.Sean Ahnerhttps://www.blogger.com/profile/18193483313096360309noreply@blogger.comtag:blogger.com,1999:blog-9222823941653971224.post-88809408116513784742012-11-27T07:06:37.278-08:002012-11-27T07:06:37.278-08:00I do totally agree with you, however you seem to g...I do totally agree with you, however you seem to gloss a bit quickly over some of the details of implementation of this for medium to big environments.<br /><br />For example:<br />- multiple layers of DNS resolvers, <br />- heterogeneity of DNS servers (and thus of log formats),<br />- data management for years of logs,<br />- rapid search of the logs for long periods.<br /><br />A project/tool that seem to ease a lot of those pain points is PDNSQDB (http://goo.gl/68iHw and http://goo.gl/AdNVV), but it is not yet released.Elhoimhttps://www.blogger.com/profile/16796667000011991859noreply@blogger.comtag:blogger.com,1999:blog-9222823941653971224.post-53781927066573640222012-07-18T21:13:36.400-07:002012-07-18T21:13:36.400-07:00Did you guys see our PHdays presentation? we were ...Did you guys see our PHdays presentation? we were showing this technique as well. Slides available here: http://www.slideshare.net/f00d/taming-botnetsFyodor Yhttps://www.blogger.com/profile/11051634087531348225noreply@blogger.comtag:blogger.com,1999:blog-9222823941653971224.post-1558915962408497642012-05-02T10:26:11.479-07:002012-05-02T10:26:11.479-07:00There might also be some challenges while utilizin...There might also be some <a href="http://www.theresearchpedia.com/research-articles/top-virtualization-challenges" rel="nofollow">challenges</a> while utilizing virtualization. . . . How can one deal with them?Anonymoushttps://www.blogger.com/profile/16392182566340408650noreply@blogger.comtag:blogger.com,1999:blog-9222823941653971224.post-63455622766907212852012-04-24T10:09:52.476-07:002012-04-24T10:09:52.476-07:00There is even a term for that: false flag (cfr: ht...There is even a term for that: false flag (cfr: https://en.wikipedia.org/wiki/False_flag )Elhoimhttps://www.blogger.com/profile/16796667000011991859noreply@blogger.comtag:blogger.com,1999:blog-9222823941653971224.post-16276513688281915472012-03-29T13:34:05.367-07:002012-03-29T13:34:05.367-07:00If a cyber war is ever fought, it will be fought o...If a cyber war is ever fought, it will be fought on two battlegrounds simultaneously - speech/propaganda, and malware.<br /><br />Speech and propaganda are present in any war, but their influence of any cyber war will be critical, as the ability of Anonymous to call enough supporters to initiate DDoS attacks without botnets can prove.<br /><br />Cyber weapons will serve two purposes - recon, and assault.<br /><br />Recon weapons will include Duqu and other info stealers<br />Assault weapons will include Stuxnet and other malware designed to actually inflict virtual or physical damage.<br /><br />Another interesting piece of malware which doesn't seem to be on the radar yet is a piece of Linux malware which seems rather professionally crafted, called Hutizu.<br /><br />I've written multiple articles on this malware. Feel free to read and comment.<br />http://caffeinesecurity.blogspot.com/search/label/HutizuKenhttps://www.blogger.com/profile/07051065687414146391noreply@blogger.comtag:blogger.com,1999:blog-9222823941653971224.post-17041365364241062972012-03-09T04:58:54.437-08:002012-03-09T04:58:54.437-08:00The content was really very interesting. I am real...The content was really very interesting. I am really thankful to you for providing this unique information. Please keep sharing more and more information ......<br /><br /><a href="http://techchai.com/2012/03/08/nokia-pureview-808-with-41-megapixels/" rel="nofollow">Technology updates</a>Deloris Millshttps://www.blogger.com/profile/18177854294676755183noreply@blogger.comtag:blogger.com,1999:blog-9222823941653971224.post-80777213742966414942011-01-12T07:21:52.685-08:002011-01-12T07:21:52.685-08:00Is it really true that IPv4 addresses run out or i...Is it really true that IPv4 addresses run out or it is just a myth?John Moscowhttps://www.blogger.com/profile/04233461212946132582noreply@blogger.comtag:blogger.com,1999:blog-9222823941653971224.post-69890383186117298702010-11-16T12:56:33.349-08:002010-11-16T12:56:33.349-08:00Just wanted to drop some information on you. The c...Just wanted to drop some information on you. The company responsible for this was inSegment. They are based in Needham, Massachusetts. They have lost several clients in this exact same manner. They have no idea how to to proper marketing, so they resort to these black hat tactics. Cheers.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-9222823941653971224.post-80955041074044175882010-09-29T12:12:04.868-07:002010-09-29T12:12:04.868-07:00Security is the degree of protection against dange...Security is the degree of protection against danger, damage, loss, and criminal activity. Security has to be compared to related concepts: safety, continuity, reliability. The key difference between security and reliability is that <a href="http://www.securitysystemsz.com" rel="nofollow">Security System</a> must take into account the actions of people attempting to cause destruction.Adam Scotthttps://www.blogger.com/profile/05883910813061545228noreply@blogger.comtag:blogger.com,1999:blog-9222823941653971224.post-32256444319386790212010-09-19T12:54:59.508-07:002010-09-19T12:54:59.508-07:00@HDM Don't get me wrong. I too enjoy breaking ...@HDM Don't get me wrong. I too enjoy breaking stuff and developing innovative evasions (and perhaps enjoy chaining the stuff together into a single minimally-sized payload most of all). But I'm also given to pause in perhaps that we should be rethinking what precisely our objectives are in this business? Granted we've all developed tools that make our lives easier during a pentest designed to replicate a known bad-guy technique (and of course Metaspolit is ace's ahead in this field), but perhaps we need to think a little further ahead in what needs to be done in helping to build the defenses? Naming and shaming doesn't appear to be making much progress - hence the "good enough" and "you get what you pay for" attitudes in protection development and (customer) spending.<br /><br />@Robert - you're a visionary star and you know it :-) I don't think that there's anyone left at IBM innovating in the IPS field. The folks that wanted to continue the battle all upped sticks and joined TippingPoint.Gunter Ollmannhttps://www.blogger.com/profile/00872922499284887206noreply@blogger.comtag:blogger.com,1999:blog-9222823941653971224.post-10631869199706174702010-09-19T11:10:53.578-07:002010-09-19T11:10:53.578-07:00I forget when I added gzip decompression to BlackI...I forget when I added gzip decompression to BlackICE Proventia (I think 2002). I do remember giving a presentation about it at ToorCon 2005.<br /><br />I put common SMB/MS-RPC evasions (like named-pipes fragging and DCE-RPC fragging) in BlackICE/Proventia in 2001. However, I admit it's an arms race: the stack is so complex that you can probably find a new evasion if you try hard enough. I haven't worked at IBM for 4 years, so I have no idea if they are keeping up with the latest evasions.Robert Grahamhttps://www.blogger.com/profile/09879238874208877740noreply@blogger.comtag:blogger.com,1999:blog-9222823941653971224.post-19494378894391591922010-09-18T16:24:08.675-07:002010-09-18T16:24:08.675-07:00The kicking comment was a lapse in judgment, howev...The kicking comment was a lapse in judgment, however, the glee that you read in devising new attacks was genuine. The only way to build defensible systems is by attacking them. The IPS industry has done such a poor job of keeping up with evasions that the AV vendors are now stepping into their shoes. These endpoint protection products would not be necessary if the network-level folks could keep up with the sophistication of the attacks in the wild. For the last 6 years, the Metasploit Framework had a common setting that would prevent nearly all IPS products from catching SMB-based exploits. It wasn't until vendors were called on this earlier this year (by a test house, no less), that we saw significant improvements. For all the contortions of the SMB protocol stack, its nowhere near as complex as client-side attacks through the web, and the IPS industry has been fighting a losing battle there by almost any standard of measurement. While some vendors still make an honest effort at deep protocol inspection, others are content to ignore available tools and ship defensive systems that can be trivially evaded by public tools. Selling a customer a system that claims to protect them against attacks and fails miserably when those attacks are modified is bad for everyone. The customer thinks they are protected and the vendor has no motivation to improve their products. <br /><br />MMetasploit, and the rest of the security community are still woefully behind what the actual attackers are doing in the wild. For all of the accusations about tools like Metasploit being abused, we still have attacks like Stuxnet that put the entire industry to shame (software vendors and security folks alike). We are in a losing battle, and while the good guys are outgunned, they should by no means be defenseless. The work we do on the Metasploit project helps even the playing field and allows everyone, including the same vendors that complain about our tools, to build stronger defenses. <br /><br />Going back to motivations; you want the people who *enjoy* this work to be the ones doing it. Just like you want your IPS signatures written by people passionate about the technology, you want a similar level of motivation by the folks who are making sure that technology functions correctly.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-9222823941653971224.post-67422591560885308752010-09-08T10:35:05.269-07:002010-09-08T10:35:05.269-07:00so here's where the infinity argument breaks d...so here's where the infinity argument breaks down.<br /><br />there are only a finite number of possible 1 byte files (256 of them, to be precise). the number of possible files up to and including 2 bytes in length is 256^2 + 256. for 3 bytes it would be 256^3 + 256^2 + 256. for 4 bytes ... well you get the idea. by induction, the number of possible files up to and including any finite length is itself a finite number.<br /><br />since we don't have computers that can hold infinitely large malicious files, therefore there cannot be infinitely many malicious files.<br /><br />and frankly, the idea that people would start thinking about infinite detection/protection/whatever is just downright scary. most would confuse it with perfect protection in spite of the fact that it means much, much less than that. i could write detection for any file that begins with a particular well known 68 byte string - it would have the potential to alert on an infinite number of files, but it only actually detects 1 (pseudo)threat.kurt wismerhttps://www.blogger.com/profile/03810635947269551517noreply@blogger.comtag:blogger.com,1999:blog-9222823941653971224.post-39718867545196849502010-05-10T04:25:58.744-07:002010-05-10T04:25:58.744-07:00NAC is a great technology if used and implemented ...NAC is a great technology if used and implemented by the right IT guys. I'm working for a Symantec partner in the Middle East, and had one SNAC (Symantec NAC) project for one of the banks here. It was a tough experience when it comes to make different products/technologies to the sing the same song, 802.1x Protocol. NAC in a corporate environment will touch multiple products, which have to be configured to rely on each other. <br /><br />1. Endpoints:<br /><br />Problems:<br /><br />- Legacy OS: Some vendors don't provide 802.1x supplicant for Windows 98, maybe open-source is another option but is not supported by your NAC vendor. <br /><br />Solution: Install Windows 98 on XP host, in Virtual PC. <br /><br />2. Switches: Different models running various firmware versions was a big problem since not all 802.1x commands were supported. <br /><br />Solution: Upgrade firmware ahead of time before NAC implementation, and use some tool to verify the running on all switches from one console. This will save you hours of troubleshooting and support calls. <br /><br />3. Printers: If you are lucky, your NAC vendor may support legacy devices exclusion. <br /><br />Solution: NAC solutions exclude printers, phones by MAC address. <br /><br />4. Phones: Same as printers, but latest IP Phones models support 802.1x authentication (username/password + Radius). <br /><br />Solution: Either enable 802.1x (upgrade firmware if outdated) if available, or bypass NAC. <br /><br />5. Knowledge: Lack of 802.1x knowledge will make network/security/IT teams a bit harder. So train your IT users on how to configure/analyse/troubleshoot 802.1x related issues. <br /><br />6. Vendor support (Switch + NAC): we've been able to solve complex issues when we consult both vendors. Don't rely on one only, NAC is not an independent technology. <br /><br />7. Software: Always be up-to-date, bugs can waste hours on the phone or remote WebEx sessions. NAC/Switch/802.1x supplicant firmware versions MUST be upgraded to evade unstable, strange, known issues. <br /><br /><br />That all what I can recall for now <br /><br />http://extremesecurity.blogspot.com<br /><br />a.qarta [@] gmail.comAyed Alqartahttps://www.blogger.com/profile/05283712627534691171noreply@blogger.comtag:blogger.com,1999:blog-9222823941653971224.post-4128341142974978072010-05-02T15:13:38.861-07:002010-05-02T15:13:38.861-07:00As an admin of a large anti-abuse group, I dug int...As an admin of a large anti-abuse group, I dug into this issue after our forums were continually trashed by spammers. I contacte some surprisingly reputable companiies whose names were being spammed, also some unknowns.<br /><br />Seems we have a lot of rather unethical "SEO Marketeers" targeting companies from small to large, and I suspect at cut-throat prices.<br /><br />However, the result is what you find as comment or profile spam in your blog or forum.Unknownhttps://www.blogger.com/profile/06480773266359479282noreply@blogger.com