Karl's Place » security

Analyze a Bot-Infected Host with Wireshark

karl.kranich — Tue, 28 Jul 2009 22:51:12 +0000

Here’s a video by Laura Chappell analyzing the network traffic from a bot-infected host.? Good stuff!

Injection-proof SQL

karl.kranich — Thu, 16 Oct 2008 14:22:06 +0000

Bruce Schneier points to an Oracle paper on How to Write Injection-proof SQL.? Sixty-two pages that I hope to look at some day…

Eavesdropping on Bluetooth

karl.kranich — Fri, 18 Apr 2008 20:29:51 +0000

People assume those bluetooth headsets can’t be listened in on … or that it’s limited to 30 feet.? Both beliefs are false!

Joshua Wright is a wireless hacker and security guy extraordinairre.

Click here to view the embedded video.

Laura Chappell Interview on Ron Nutter’s Help Desk Tool Chest

karl.kranich — Tue, 22 Jan 2008 19:27:15 +0000

Hear Laura Chappell, the network troubleshooting and packet inspection guru, on episode 6 of Ron Nutter’s Help Desk Tool Chest podcast (his interview with her is about 37 minutes in).

For more great stuff from Laura, see Wireshark University and www.packet-level.com.

Time to Update Wireshark

karl.kranich — Thu, 20 Dec 2007 14:08:30 +0000

It’s time to update your copy of Wireshark, everyone’s favorite packet analyzer.? Why, you ask?

follow UDP streams
filter on SNMP OIDs
improved Vista support

And if you don’t know about it already, head on over to Laura Chappell’s Wireshark University and check it out.? Sign up for the free FIN Bit Magazine and download the free Wireshark Accelerators reference card (keyboard shortcuts for Wireshark).

Give Snort a try

karl.kranich — Wed, 31 Oct 2007 15:26:32 +0000

If you’ve been wanting to give the open source network intrusion detection system Snort a try, check out Knoppix-NSM.

I haven’t tried it yet, but Russ McRee wrote a nice article about it called Putting Snort to Work in Information Security magazine.

Free Antivirus/Antimalware Super-Scanner

karl.kranich — Thu, 27 Sep 2007 20:31:37 +0000

If someone sends you a file (or you download a questionable file) and you really want to be sure that the file is safe, try out VirusTotal.

VirusTotal is “a service that analyzes suspicious files and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware detected by antivirus engines”. You upload or email a file to them, and they scan it with a bunch of antivirus programs.

They currently list 32 companies whose antivirus engines are used.

This is certainly not a replacement for running antivirus software on your machine, since it only scans individual files that you submit.

Security Awareness Video Contest

karl.kranich — Mon, 13 Aug 2007 15:39:10 +0000

Check out the winners of the 2007 Computer Security Awareness Video Contest conducted by the EDUCAUSE/Internet2 Computer and Network Security Task Force, the National Cyber Security Alliance, and ResearchChannel to raise awareness of and increase computer security at colleges and universities.

Quoting from the site:

The contest sought videos that explain computer security problems and specific actions college and university students can take to safeguard their computers or personal information.

Winning videos were selected for creativity, content, technical quality, and overall effectiveness of delivery. Cash prizes were awarded to winners in each category. The two gold winners received $1,000, the two silver winners received $800, and the two bronze winners received $400 in cash prizes. Five honorable mentions were also selected in each category.

Cisco interviews Ed Skoudis

karl.kranich — Mon, 30 Apr 2007 13:37:37 +0000

Cisco’s Robb Boyd interviews security expert Ed Skoudis in this episode of Cisco’s Techwise Podcast series.

Ed is a popular SANS instructor and an excellent communicator. He and Robb give an overview of the current Internet security scene, and don’t even try to sell any Cisco products!

Probably the easiest way to get this podcast is to point your podcatcher (like iTunes) to this link and choose the episodes you want. The Skoudis one is called “Crouching Wi-Fi Hidden Dragon” after a section from his book, Counter Hack Reloaded.

NetworkWorld good stuff

karl.kranich — Tue, 17 Apr 2007 15:32:57 +0000

I read NetworkWorld every week, and I usually find something interesting. The April 2, 2007 issue, however, surprised me with the number of articles that directly addressed topics that I’m currently interested in:

Free downloadable book: Security Engineering

karl.kranich — Mon, 25 Sep 2006 14:47:19 +0000

Security Engineering: A Guide to Building Dependable Distributed Systems is available as a free chapter-by-chapter pdf download.? I haven’t read it yet, but the forward is by Bruce Schneier.? If he recommends it, it’s got to be good.