Archive for the ‘Uncategorized’ Category

EuroTrash Security podcast is live

2009/11/04 1 comment

The first episode of EuroTrash Security has been released this week. The stated goal is to create an infomation security podcast focused on happenings within Europe. Which provides one of the best taglines for a podcast I’ve heard: Security with funny accents.

EuroTrashSec is made up of a four-man team; Wim, Chris, Dale and Craig. With intro and outro music provided by c64 and Int Eighty of DualCore Music. The first episode can be found at the episode listings page.

The first episode was good, in my mind hitting the target perfectly. Focusing on the UK’s attempt at a infosec ‘talent show‘, UK-based conferences and a review of the recent security bloggers meet-up, which was organised by Dale.

Keep up the good work guys, I’m looking forward to the next episode.

Andrew Waite

Categories: Uncategorized

Dissecting the Hack

2009/10/23 Comments off

When I first heard about Jayson’s book, Dissecting the Hack: The F0rb1dd3n Network I was really looking forward to getting my hands on a copy. Without going through the backstory, getting a copy could now be difficult.

The community response to the situation has been outstanding, I don’t think any other industry would pull together to completely re-write some of a books material with original content. A new security community has been created to facilitate taking Dissecting the Hack forward, so head over to the forums and help out if you can. (And don’t forget to say ‘Hi’ if you do)

Props to Jayson for keeping positive and still being productive throughout.

Andrew Waite

Categories: Uncategorized

Clouds in BlackHat’s conference

Being the other side of the pond I wasn’t able to attend Black Hat, but I have been keeping a keen eye on the posted conference materials and talk recordings being released after the conference’ close. As I’ve recently been researching the latest buzz of Cloud Computing, naturally I was initially drawn to the talks with Cloud computing as a topic.

First up is Kostya Kortchinsky’s Cloudburst: Hacking 3D (and Breaking Out of VMware. This presentation details an exploit vector for breaking out of the guest environment and allowing arbitrary code execution on the underlying host. Kortchinsky clearly knows his stuff, but I’ll admit most of his talk goes well above my head. For reasons touched on below I think this is a virtualisation issue not a Cloud issue, which was likely added to title to cash in on the current buzz, but either way the bottom line is guest escape is rapidly moving from theoretical threat to practical attack vector and something that should be considered when designing any system, network or architecture.

Secondly, the Sensepost team do a great job of explaining security issues new or prevelant to Cloud architecture with Clobbering the Cloud! and include some great (read humorous) images to help illustrate they points. I especially like the idea of building and sharing trojaned/backdoored machine images and waiting for the unsuspecting to take advantage of your generousity 🙂 The videos used within the actual presentation are available direct from the Sensepost site, here.

Taking away the award for longest talk title related to Cloud Computing is: Cloud Computing Models and Vulnerabilities: Raining on the Trendy New Parade. This talk discusses the three components of the cloud ‘stack’; Software as a Service (SaaS), Platform as a Service (PaaS) and Infrastructure as a Service (Iaas).

I love the definition used for cloud computing or more accurately the statement that Cloud Computing is NOT:

  • Virtualisation
  • Remote Backup
  • Most of the stuff called cloud computing
  • And: ‘If you’re not re-writing your software, it’s not Cloud Computing’

From my previous research into Cloud Computing I feel that a lot of the security concerns often raised are not new or unique to the Cloud, and that well established and basic best practice will defend against the issues. The speakers of this presentation seem to be of a similar mind, but suggest that the early big players in this market are not necessarily doing all in their power, the example is that something as basic as logging and audit trails aren’t fully available within the current on market solutions.

Likewise depending on Cloud providers contracts and EULA clients of cloud services may not be able to fully control the security testing of ‘their’ environment as some providers forbid ‘malicious’ traffic being targetted at their architecture and platforms, which could limit and/or remove the ability to perform fully comprehensive penetration testing, which depending on location, market and data may be a legal or regulatory requirement.

Whilst not related to the Black Hat conference I read an article from from RackSpace, claiming that the Cloud is going spell the end of shared hosting as we know it. In my view this can only be a PR fluff piece, as anyone that understands hosted services, even those selling Cloud services themselves, agree that regardless of how you rate the benefits of Cloud architecture it is not, and cannot be, a silver bullet to solve all the world’s IT problems, leaving a market for traditional architectures.

If the Cloud is here to stay, so is everything else. Regardless of an individual IT professional’s personal opinion of Cloud computing it must be fully understood and measured on technical merits alongside existing solutions to be able to provide best value and ROI, implementing any solution based on ‘religious’ arguements is not in the best interests of any business.

Andrew Waite

Categories: Uncategorized

Links from my inbox (2009-08-17)

2009/08/17 Comments off

Going through my inbox, today seems to be a good day for sharing links. So I thought I pass some of these on, may be of use to others too.

IronGeek’s Security and Forensic podcasts:

Links to the latest episodes of the podcasts that are regularly listened to by IronGeek, in chronological order. Shouldn’t be too many surprises; PaulDotCom, Exotic Liability, etc. Could be a good way to keep upto date and/or check the content for anything interesting of those podcasts you don’t listen to religiously.

Tools for extracting files from pcaps:

SANS ISC diary has a list and discussion of tools for gathering different files and executables from a PCAP file. Often useful for incident response, forensic or malware analysis work. Looks like a nice compilation of tools to have handy for when the need arises.

40 Tools for your sysadmin bag:

Sunbelt provides a list of 40 tools useful for SysAdmin and security work. Some good tools listed, but as it’s compiled by Sunbelt some of the entries should be taken with a pinch of salt. For instance Sunbelt’s own sandbox is listed as being ‘similar to VirusTotal’, without the more ubiquitous VirusTotal itself making the list.

Andrew Waite

Categories: Uncategorized

BCS Exit Survey

Sorry for the non-security related rant. I recently recieved my renewal reminder for the BCS, I’ve been increasingly disappointed with the ‘advantages’ of being a member. Whilst I don’t like not being a member of a professional body for my craft, I simply cannot justify the cost any longer. I don’t like being negative but my response to a question on the exit survey says it all:

What, if anything, do you feel BCS could be doing to better serve it’s members?

Primarily: Better regional events. Most (all?) events are located in London, making events infeasible for members in other regions of the country. When I joined as a member there were several good events, covering a wide range of topics, held by my local groups. My local branch (Newcastle) has not ran a decent event in excess of 12months and currently do not have ANY events organised for the future (using as a source and point of contact).

Alternative groups in the area (SuperMondays, CloudCamp NE, among others) are free of charge and provide significantly better events, networking opportunites and information than BCS alternatives. Taking the geographical location out of the equation, the quality of discussion on the BCS’s online forums is limited, infrequent and in most cases superfical. It seems most members do not view the forums as a good source for information or discussion.

The last event I attended was finished off with a presentation and Q&A session by Rachael Burnett, at the time president of the BCS. For the head of the organisation Rachael appeared out of touch with the real-world industry, this is a situation that I’ve seen mirrored in the organisation as a whole in my experience.

When starting my career, the information provided by the newsletters, email announcements, etc. from the BCS were valuable. Lately however, the articles have been dated, with me already recieving the information from another source in some cases weeks before the BCS version. As a result the BCS emails now recieve little more than a cursory glance before being deleted.

I’m aware that there is work in progress to provide a local branch of the YPG in my region. Whilst I sincerely hope this is successful I do not have high hopes for it’s success and after several years paying membership with seeing any real benefit this move is too little too late for me.

There is a hugely active and skilled computing profession in the North East of England, but the BCS seems to completely ignore the region and fails (from my experience) to provide any benefit to the region or the region’s members; either that or the BCS is equally out of touch and poorly serving the UK’s IT community as a whole.

Andrew Waite

Categories: Uncategorized

BlackHat 2009 resources on-line

2009/07/30 Comments off

For those of us that are unable to attend BlackHat in person, the talk resources are now available online. Currently the video/recordings of the talks themselves aren’t uploaded but there are slideshows, whitepapers etc. available for each talk.

It’s a long list of good looking information, to the point I’m still struggling to decide what to look through first, and unlike looking through the line-ups of previus years there is very little that doesn’t spark my interest.

Get you fill of BlackHat material here

Andrew Waite

Categories: Uncategorized

RSS Feeds

2009/03/26 Comments off

Something I’ve been meaning to do for a while is document and keep a list of all the RSS feeds I’ve collected over the years, mainly because I can’t remember them all. Initially I had a mild panic as I couldn’t find any of the URLs from the feeds I’ve got configured through Outlook 2007, the usual guestimate of right-click>properties failed me. For those needing to do the same ‘File > Import and Export’ is your friend. Select the ‘Export RSS Feeds to an OPML file’ and the rest should be self explanatory to get all of your RSS info in XML form.

With panic over I’ve transferred all relevant links to the RSS page over at Infosanity. Hopefully you might find a few unknown gems amongst the list. If you’ve got some good feeds I’m missing please let me know and I’ll update accordingly.

Andrew Waite

Categories: Uncategorized