Security

Airline Security

Submitted by jbreland on Fri, 07/27/2007 - 13:45

I usually refrain from posting about such stuff on my site, mostly because I tend to work myself up into a rant and I just don't have the time and energy to deal with that these days, but this was a really good read. While responding to a question about a certain aspect of airline security, a pilot provided his thoughts on the industry as a whole. This is a very insightful point of view, and covers a lot of what's just plain wrong with the state of affairs today.

I highly encourage anyone interested in this sort of stuff (and if you ever have reason to fly on a plane, you should be interested) to read the full article. It only takes a few minutes.
http://hotair.com/archives/2007/07/16/a-pilot-on-airline-security/

(as found on Bruce Schneier's blog)

Which file types are actually executed during extraction by Universal Extractor?

Submitted by jbreland on Sun, 07/01/2007 - 14:49

JST posted a good question a while back in the Universal Extractor forum. He wanted to know if any executable files (such as installers) were actually run during the extraction process. For the vast majority of files, UniExtract will "rip" the contents out of the file using a extraction/decompression utility. For example, Inno Setup installers are handled by innounp, self-extracting Zip files are handled by 7-Zip or Info-ZIP, etc. However, there also cases where some files simply must be executed in order to extract the contents.

JST was concerned about this because he sometimes uses Universal Extractor to investigate malicious files. Obviously you want to be very careful when examining malicious files, so his concern was well justified. He asked for a list of file types that UniExtract will actually execute when extracting. It took me a while to get around to documented this, but I've finally done so. You can read the full list in this forum thread:

Are any files executed during extraction?

This is good information to know, especially if you ever work with suspicious files. I'm probably going to add this information to the main UniExtract page as well, and will look into possibly adding a warning message to UniExtract itself before executing any untrusted files.

How to Create Truly Obscure Passwords

Submitted by jbreland on Wed, 03/21/2007 - 17:09

I recently came across an interesting article on Irongeek.com (which itself is a pretty interesting security site that I'll probably add to my list of news feeds) entitled, "ALT+NUMPAD ASCII Key Combos: The α and Ω of Creating Obscure Passwords." The author suggests the idea of using non-standard (ie, not defined on standard keyboards) special characters as part of your password. It's common knowledge that adding special characters to your password greatly increases the difficulty of guessing or brute forcing the password. This extends the idea by adding normally hidden (and often unthought of) characters to the mix. So, while something like abCD1234%^&* might be a good example of using special characters in a password (though obviously you'd want something more random than that sequence), consider this password: äßÇн²¶╔¥¢. I'd love to see the password cracker that can crack that one. :-)

Of course, as the author mentions there are downsides to this. Increased complexity notwithstanding, its strength is also its main weakness; these are non-standard characters, and as such not all applications and operating support them in the same manner (or at all). While this may work great as a Windows user password, for example, it may not be possible to use it as a Linux user password.

Regardless, it's still an interesting concept that deserves some attention. Check out the article for more details on the subject, as well as a tutorial and reference charts for entering special characters. The Wikipedia article on Windows Alt keycodes (also referenced in the article) is another good resource.

Secure Password Analysis and Recommendations

Submitted by jbreland on Thu, 01/11/2007 - 14:09

Security guru Bruce Schneier has written a rather fascinating article on password composition and cracking. Security professionals in general would be interested in this, but in truth anyone using computer systems (read: you) should read and pay attention to this article.

Interesting statistics from the article: 24% of all analyzed passwords are recovered within minutes; up to 65% are cracked within one month.

You can read the full article at this link:
http://www.schneier.com/blog/archives/2007/01/choosing_secure.html

Password Management Concerns with IE and Firefox

Submitted by jbreland on Tue, 12/12/2006 - 08:01

SecurityFocus recently published a two-part article by Mikhael Felker covering security concerns with the password management functionality in both Internet Explorer and Mozilla Firefox. It's a pretty good read for anyone interested in such topics.

Here are the links:
http://www.securityfocus.com/infocus/1882
http://www.securityfocus.com/infocus/1883

Free (as in Freedom) Antivirus Software for Windows

Submitted by jbreland on Sat, 12/04/2004 - 11:24

For you open source freaks out there who want (or need) to use Windows, stay virus free, but only use open source software (besides your OS), there is a new piece of antivirus software out there. ClamWin is a Windows port of the well-known ClamAV, released under the GPL, and it works very well. Besides your own use, it's also good to have a free/legal solution to those house calls where your friends/neighbors/family has a virus but doesn't want to buy AV software.

Check it out at the ClamWin website.

SecurityDocs.com

Submitted by jbreland on Thu, 04/15/2004 - 00:06

Okay, this is actually one of the coolest things I've seen in a while. According to the site:

SecurityDocs.com is a directory of information security articles, white papers, and other documents that information security professionals find useful.

I spent a little bit of time earlier browsing the site, and it looks like there's some REALLY good content on here, covering everything ranging from firewall rulesets to OS hardening to security awareness. Very cool.

http://www.securitydocs.com/

Multiple UNIX Compromises

Submitted by jbreland on Wed, 04/14/2004 - 23:49

Recently, a string of attacks has taken place against numerous University systems and other high performance computing centers. This bulletin from the Stanford University ITSS provides an excellent overview of the attacks, covering how they were compromised, what evidence to look for, possible countermeasures, etc.

This is a very well-written article that also provides background information on the hows and whys of expoits. I highly recommend it.

Here's the full story.

Forensic Analysis of a Live Linux System, Part One

Submitted by jbreland on Fri, 04/09/2004 - 11:06

There's an interesting article on SecurityFocus about running a forensic analysis on a live Linux system. This would be applicable in situations where, for example, a server has been rooted, but you need to find out how and by whom.

This first article introduces the process and focuses on preparing the environment and data collection. Part Two will focus on the analysis stage. Definitely worth a read.

Read the full article