You are hereTech News / Network Security
Google recently started their Online Security blog which discusses security related issues encountered on the web and with the infrastructure that powers the Internet. While they only have 3 posts currently, I can see this blog becoming one of my favorite blogs since Google has access to so much security data that I believe that they will be able to identify Internet trends extremely fast and potentially police the Internet in a "gray hat" manner.
Their most recent post talks about web server software and malware infection rates. The Google Online Security team drew some pretty interesting conclusions about web server software and its infection rate in different sections of the world. According to the data they uncovered, malware infected machines were split right down the middle 49% to 49% when talking about infection rates on Apache web servers and IIS servers. However, when looking at the regional infection rates for each, we see that IIS is extremely more vulnerable in the Pacific than anywhere else. Now, one might conclude that people in the Pacific can't secure IIS well, but that would be a poor conclusion. Instead, the Google Online Security team identified (correctly IMO) that the issue stems from the rampant piracy in those areas and the fact that piracted copies of Windows are not privy to receiving updates from Microsoft. Google's Online Security team goes on to state that this may show evidence that Microsoft needs to change their policy and allow for pirated copies of Windows to still receive security updates since pirates will continue to run the software and that these infections hurt valid users more than pirates.
Google has the opportunity here, with their unparalleled data collection abilities to really make a difference in web security and I look forward to seeing exactly what their online security team comes up with in the future.
The security community came together and SANS has posted this comprehensive list of tools to analyze and combat malware. This is a fantastic post and hopefully one that gets around the net to all system and netowrk administrators out there dealing with malware infections of all kinds. The tools on the list are mostly freeware or shareware and almost all are for Windows machines (since malware is only seriously prevelant on Windows networks and machines - although some of the tools are cross-platform). If you run a network or even if you want to protect your home PCs, make sure to check out this list of tools.
In what can only be described as desperately needed, Computer Networking Help has posted a great tutorial on how to use the capture command for Cisco PIX firewalls. What is the capture command you ask? Well, many times you will want to "capture" the packets that flow on your network for analysis, intrusion detection, bandwith hogs, slowdowns, etc. and a packet sniffer is always needed. Instead of replicating all yrou traffic to a port so you can plug your laptop with Ethereal installation directly into a switch or firewall, the Cisco PIX IOS offers you its very own packet capturer.
If you are looking to run a network, this is a must read - even if you don't use Cisco PIX in your infrastructure. You would be surprised how many companies I have worked for that had networking guys that couldn't run a packet sniffer and even if they could, had no idea what they were actually looking at.
I don't usually post links to mirrors, but since the main site is down Ethical Hacker has mirrored an article called the Anatomy of a Hack (Chapter 2), that's a terrific resource in penetration testing. The article looks at a Windows network and provides a step-by-step plan for planning out your own test. All network security enthusiasts should read this article if they don't know the steps and also those who do as a refresher course.
Ethical Hacker has a column that goes over the most widely used WiFi network security tools available. Although providing a blueprint for script kiddies to hack wireless networks can seem to be a poor decision, information can only help the security scene in the long run. For those not familiar with any of the tools available, this is a good place to start understanding WiFi security.
Tenable Security released a new version of their industry leading vulnerability scanner - Nessus. However, this version has one major change over previous versions - it is now closed source. This move was made because no developers were contributing code when Nessus was open source and yet people were repackaging the software (not always a bad thing) for their own monetary profit.
Ok, enough politics. Nessus 3.0 offers greatly increased efficiency and speed with their new version. Anyone who's doing a network
eWeek has a report on rootkits and where they are being developed and for what purpose. Not to spoil the surprise for everyone, but spyware companies seem to be the leader (I know, I know, what a shocker!).
What makes this article great are the resources included in the article. There is a link to an anti-rootkit detector and some news about how Microsoft's AntiSpyware application will have future detection and removal tools for rootkits. For many who don't know, rootkits are the real malicious payload that we should be looking out for because deployers of rootkits aren't going to just hit your machine once - they are going to perform identity theft, credit card fraud and use your machine as a zombie in other black hat activities.
As reported by IMLogic, there is a new IM virus that actually "blind responds" to users making it one of the first viruses to try and talk to the user before getting them to click on a malicious link. The file will be a .pif file so be wary of any files that come across with that extension.
And for all you conspiracy theorists, IMLogic offers a subscription to get full virus details. Interesting how the preventers scoop everyone and will offer full details only
Google Hacking Using Unsalted MD5 Hashes - After being inspired by a recent Slashdot article, I worte up a quick "How To" on utilizing Google's search capabilities (and potentially even more dangerous, The Wayback Machine) to perform cracks on unsalted MD5 hashes. You can find my quick little forum write-up in the Hagrin.com forum.