April 2009 – InfoSanity Blog

Quick and dirty spam analysis

I don’t normal bother with analysing spam, however two received yesterday caught my attention. Mostly they were noticeable as they avoided my usually bulletproof filters. Both spam emails are similar in subject, content, and sending options. Sender address was spoofed (surprise, surprise) in this case I supposedly sent the email myself, from the same account […]

Breaking WEP

‘WEP is insecure and breakable’ – No surprise here, everyone knows this is the case. But there can be a large difference between knowing something is theoretically possible and seeing the security provisions fall over merely by being looked at. Recent InfoSanity research has shown WEP is still found on 30% of real-world access points. […]

Analysis of wireless statistics

As promised when the postman delivered the Alfa equipment, I’ve done some initial analysis of my first wireless capture. The data being analysed was collected during the evening commute back home, a trip that includes urban, sub-urban and rural areas so should be good representative sample group. Security The previous wireless post has already touched […]

Snort implementation on Debian

We’ve just completed the initial build for a new standalone IDS sensor running Snort. Having had previous experience (~1.5 years previously, manual source compile) I was amazed with the ease and speed with which the system was built, configured and operational. I’ll spare most of the details as installation requirements will vary from environment to […]

VMware ESXi updates

A couple of SANs ISC diaries (“Recent VMware updates available” and “VMware exploits – just how bad is it?“) should be a concern for anyone running a VMware lab (or VMware production environment). The ISC diaries explain the situation better than I could, but to cut a long story short the exploits allow a malicious […]

Honeypotting with Nepenthes

If you’ve got an interest in information security, then there is a good chance that you’ve got a good handle on malware in all it’s (in)glorious forms. The books, articles and war stories are nice, interesting and can result in some improved knowledge but to get a real feel for malware nothing beats live samples. […]

New Alfa wireless equipment

I’ve just taken delivery of, and started to experiment with, my new wireless equipment consisting of an Alfa AWUS036H and some additional antennas. My primary (official) motive for purchasing new hardware was that my primary incident response laptop only has 802.11b internal so can’t connect to newer networks (and I’ve just upgraded my home network […]

Booby-trapped Javascript

Fortinet have just released a nice blog post highlighting and analysing some changes in the obfuscated Javascript they are seeing. De-obfuscating javascript is (should be) straight forward as it is interpreted on the fly and you have the source code available (as opposed to a compiled malware binary requiring more advance RE techniques, as discussed […]