Back when I was studying for my Security+ qualification my lecturer introduced me to BlackICE, which he rated highly as an intrusion detection system. Recently I wanted to improve the security of my PC and so I looked into getting a copy. First I found it difficult to determine who now owns BlackICE, as it seems that IBM at some point must have bought the software. Anyway, after downloading and installing it I immediately experienced issues with it - I couldn’t successfully add exceptions to rules, and more importantly it was unable to accurately report if it was running or not! Most annoying of all was that once I had decided that I’d had enough I couldn’t uninstall it! Fortunately this appears to be a common issue, and IBM provide a tool that will forcibly remove all traces of the application. Now I start from scratch and am looking for a decide IDS/firewall application that isn’t bloatware like Norton/McAfee. Any suggestions?
Archive for the ‘Security’ Category
BlackICE slips up
Thursday, February 14th, 2008Launching Windows Explorer from an Admin Command Prompt
Friday, November 16th, 2007This one just came up at work. You started command prompt running under an administrator account using runas and you want to invoke Windows Explorer with these elevated privileges. I was sure I’d done this before using explorer.exe but this didn’t seem to be working. After a quick search I found that start "." works, and you can replace the "." with whatever path you want Windows Explorer to open with.
All I need now is your password…
Thursday, October 18th, 2007Have you heard this before? For some reason in order for the IT department to provide me with a work laptop they need to know my username and password. This is totally wrong and you should never be required to disclose your password to anybody - despite what they tell you. The only thing someone can do with your account details that they can’t do as an Administrator is pretend to be you… In my particular instance it’s so they can set up my Exchange profile and VPN access. These are things I have no problem in doing myself.
If there is a real need for an Administrator to access your account then they can have your password reset, login, and then provide you with the password so that you can reset it. Slightly more hassle for them, but there’s an audit trail that would protect you if they used your account for anything illegal or against company policy.
Anyway, in order to get my laptop today (I’ve been waiting forever) I changed my password to the lame one they set up when you first get an account and e-mailed the guy back with it. I was suprised when I didn’t get some sarcastic comment back, but instead I got:
I should have known :)
Seems to be eveybodys
Lost for words… Oh, and fortunately I did at least confirm that the guy worked in the IT department before sending the e-mail. I’m sure that if I sent an e-mail to everyone in the building asking for their usernames and passwords I’d get 50% success, and of those probably half again have the same password!
Citrix backdoors easy to find
Monday, October 15th, 2007It appears that Google can be used to find Citrix gateways, which are often unsecured - allowing a hacker to get a command prompt on the servers. This article explains how, and includes a video showing how to get a command prompt from the calculator application - it’s scarily easy…
Update: The video has been removed by YouTube.
Recover forgotten passwords
Friday, October 5th, 2007This is the kind of software that can save lives. Well maybe not lives, but it can certainly save a lot of stress when you can’t remember your password to that FTP site, which is saved but now you need to use it on a new machine or provide it to someone else. Basically Snadboy’s Revelation (which also happens to have the best name for an app that I’ve seen this year!) reveals those passwords that are obfiscated by using something like asterisks - depending on the operating system. This is defiantely the kind of software we’ve all looked for in the past but find too numerous shareware applications that we get scared off by the thought of most of them loading our machines with nasty malware. I’ve checked this one out and it appears to be one of the good ones.
Of course there are also evil reasons to want to see passwords that are otherwise hidden, but I trust you.
iPhone hacking
Thursday, September 27th, 2007Not that I understand this article fully, but it’s interesting to see how quickly the iPhone has been hacked - and especially interesting how easy it may be to turn the gadget into a perfect spy device. In other Apple news, my flatmate has ordered the iPod Touch so I’ll get to have a play with one soon!
Default router passwords
Friday, September 21st, 2007If a cracker has physical access to your router then they can probably reset it to default factory settings (this is often just a case of holding down a button for a few seconds). Alternatively you may not have changed the default settings, the most important of which is the administrator password. If this is a wifi router that isn’t secured then someone within the radius of the wifi can be issued a network address, and access the router configuration and from here can take control of your network. This website has a comprehensive list of default usernames and passwords for routers, which shows how easy it is to get hold of these details. I have checked, and sure enough my router is in there and they’ve got the defaults correct. My advice is to always change these settings to something you will remember, and be aware of anybody with physical access to your router.
Security case files
Monday, September 17th, 2007I’ve been reading a few of SecurityMonkey’s case files at ITToolBox recently, and can highly recommend them if you’re interested in security. SM uses real life cases that he has been involved in as an Information Security Advisor, and changes the names involved (and probably adds a few flourishes to make it a more entertaining read). See the full list of the case files here.
They’re particularly great because they describe the process of forensics and are peppered with tips of software and hardware to use in certain situations but without feeling like an endorsement. I hope to read all of the cases, but of the ones I’ve read I can particularly recommend the Case of the arrogant eBayer and the Case of the ethical executives.
One warning though is that the pages seem to take forever to load for me so I usually cancel the page loading once the text is visible.
Hacking Toolkits
Friday, September 14th, 2007According this article on the BBC News website, hacking toolkits are being packaged by ‘malicious hackers’ and sold to ‘fledgling cyber theives’. The danger here is not that these tools are more available (they’re all easy to find) but that those using them may not understand the consequences or even how to operate the tools properly.
I haven’t seen these toolkits myself but I know where I can get hold of various security and penetration testing tools, many of which actually cost nothing but have a steep learning curve in order to use. These tools should be used to learn more about securing your own network, and identifying vulnerable systems. With these skills you will be essential to any company as an ethical hacker (a good guy). The pay is excellent and you should get the same buzz you would if you were a cracker (a bad guy).
Remember, the good guy always wins.
IronKey secure USB thumb drive
Monday, September 3rd, 2007Another gadget I’d buy in a snap if I had limitless cash is the IronKey - A USB thumb drive built for the security conscious among us. It’s a shocking truth that I currently don’t have a thumb drive at all (my last one snapped at the end and is currently floating somewhere in a desk drawer) and this is the very reason I’ve been looking for a new one with a decent capacity and strong enough for me to pull my keys out of my pocket with!
I generally used the drive for useful applications that saved me from trying to download them on a computer with a slow (or non existing) Internet connection, such as Firefox or a decent FTP client. I also used it to store security related applications - the kind that most anti-virus software would prevent you from running!
With greater capacity I could also use this for photos and video, which would mean showcasing my photography would be easy, or watching the latest episode of Heroes on any available computer would become possible (assuming I had the DivX installater on the drive too!)
I have to say that none of the above uses really demand security on the drive, but it always pays to think of securing your files. The device is military grade, which is a bit overkill - 10 incorrect password attempts to access the data (it’s all encrypted) and the chip self destructs!
I may have to order this at the same time as my Mandylion Password Manager, as the two products would work well together - use the Mandylion to store the IronKey’s password and manage the reminders for when it should be changed.
I also like that the drive comes with a secure version of Firefox, which basically proxies through IronKey’s servers so that your traffic is encrypted and anonymous - always a plus when using a workstation you don’t own and also useful for anyone trapped behind a corporate proxy server.
One downside is that they’re currently not supported by Mac or Linux but apparently drivers are in development, but overall I this is certainly on my wishlist.