WS Blogs

Scripting is good

So just how many of you guys who actually work in the computer network security field have a good handle on scripting? Whether that be PERL, or Python doesn't matter really. It is pretty much a key ability to have. There is nothing worse then doing monotonous, redundant, and boring stuff. It has to be done, but really a monkey could do it. Problem is, there is only you to do it. That is where the scripting comes in. For example, what about the massive amount of data that your firewall or IDS generates? You may have a frontend for them, but does it display what you want? Often for me it does not. Back to scripting and the need to know it once again. You don't have to be a master at it as long as you can do what you need. Building good, and effective regex's though is a seriously irritating task! Seeing that the script won't work, and trying to find the breakpoint in the regex can be a most onerous task. Bleh. Anyhow enough about that. Do any of you have some thoughts?

Identity theft and you

Identity theft we are told is where people with malicious intent get access to personal information that would allow them to impersonate you. Information such as credit card numbers, Social Security Numbers, amongst other key personal identifiers. This type of story often hits the headlines in the papers or online computer security portals when another online database is discovered to have been hacked. There is a great hue and cry over the latest threat to our personal information.

Is this a legitimate concern or is it another one of those Internet myths? Well there are documented instances of ill gotten database information being used by organized crime. Information such as the aforementioned credit card numbers. These are quickly jacked up by buying goods, and then discarded it seems. That is indeed one concrete piece of evidence that personal identity theft is an issue. Are there any others though? None that I can think of offhand really.

My wife was the victim of identity theft but of a more mundane type. She had her bank card information scanned into a phony setup, and also had her PIN number captured by what is assumed to be a well placed mirror. This was quickly brough to the attention of our bank, who then promptly took over the case. In reality for us this was a minor incovenience but was of course of greater concern to the bank.

To sum up, my feelings are rather ambivalent over the whole identity theft situation. I certainly don't think it has reached epidemic proportions, yet it is a real problem. Perhaps one cure is to heavily penalize companies who have thei

Computer upgrade thoughts

I was recently thinking of upgrading my main computer to an AMD 64 bit CPU monster with 4 GB’s of RAM amidst other high end toys. The thought occurred to me though that as always, was my present main box doing the work I required of it? Well after replacing the pooched CD-RW in it things were looking much better in terms of its serviceability to me. That plus I did recently pick up two 19″ LCD displays for my home computer office. It is quite nice now with the dual LCD’s sitting on my computer desk.

Question is though like many of us I often upgrade simply for the sake of upgrading. The old computer/iPod/other tech toy work just fine in reality. One of the biggest things holding me back though I think is the lack of software for the new 64 bit architecture for x86. Microsoft finally has XP for 64 bit and when Vista finally ships it will of course have 64 bit operability built into it.

For me specifically there really wasn’t a need to drop $3,500.00 on a new computer tower after giving it some sober thought. It is not that I minded doing so as I can claim some of it on my taxes due to being a consultant, but rather that the money could likely be better spent elsewhere. Maybe I might just pick up some other h/w for the home lab instead. Likely the best thing is to simply wait for another year before making the planned upgrades. All I know is that I will certainly get my next computer custom built rather then buy a name brand.

The worst problem with buying a name brand computer at your local retailer is that you must further customize it to suit your individual needs. Also

Interview with a Security Professional – M3DU54

Well in an effort to continue the popular "Interview with a Security Professional" series I was lucky enough to have our very own M3DU54 answer some questions for us. Word has it he dictated the responses to several fine looking specimens whilst swilling Pina Coladas on the beach on the Spanish Riviera. The life of a retired hacker is indeed a truly stressful one! On with the interview then!


I postulated a little while ago that a good way to learn reverse engineering is by starting to analyze your own “toy” programs. One such as “Hello world” for an example as you know what the source code looks like and how the program functions. Do you think this method of self-learning a good one?

Absolutely. The major stumbling block for newcomers to reverse engineering is the sheer complexity. This way you can slowly build up the complexity at a rate you feel comfortable with and thus get a feel for not only how compiled code looks and relates to source – but also become more familiar with your debugging environment.

There will come a point when the pre-knowledge of the source will get in the way of any further learning. This should be a clear signal to fly the nest and start looking at other peoples code. Again, don’t try to find flaws in protection methods immediately, just try simple targets such as nag screens and work your way up. After a while you’ll be able to chart entire applications given time and read ASM almost as well as most people read source.

The days are gone where ASM was pretty much a requirement when writing code and now many ‘programmers’

FrSIRT no longer offers freely available exploit code

It was rather alarming to me when I heard that renowned online exploit archive site was no longer going to make public and freely downloadable the exploit code they hosted. The FrSIRT site is much more then simply an exploit code repository, however it is best known for the exploit code that it hosts.

The reason given by the site is that in order to comply with French law they were forced to no longer offer free and public access to the exploit code. You can still however have access to it should you be a subscriber to one of their services. It really is rather sad when one of the oldest democracies in the world comes to this.

Having such a quality central repository for exploit code was very handy, and of value to the computer security community. I for one went there all the time, and downloaded some of the code to play with in my lab. Sadly for me this will no longer be the case. That said I have no intentions of paying for a service so that I can still get it from them. There are still many other sites out there which host exploit code.

The only problem with some other sites is that often the code hosted is purposely obfuscated so that it does not compile. This is normally simple to fix, but for those out there without basic programming knowledge you are out of luck. Should you be in that situation then you may want to post on asking for help in getting it running. Forcing websites to remove exploit code is not a cure for anything, much like suing exploit researchers only makes things worst for computer security.

The hamster wheel that is computer security

Is it just me or do some of you also feel like you are on a hamster wheel when it comes to work. For those of us lucky enough to be working in the field of computer security, it sometimes feels like a neverending whirl of events. There is the need to stay abreast of changes in the industry, whether that be new operating systems, exploits, tools, the list goes on. We much like other jobs have a continually evolving workplace, and it can be sometimes be overwhelming to stay current.

How do you relax then one has to wonder. You cannot risk burnout as your employer won't really care that you are feeling burnt out. I have found the answer to this is; you really need to "get a hobby" as they say. Even if there is not a hobby of particular interest to you, how about a favorite television show. You need to enjoy something that is not related to what you do for a living.

As much as we enjoy computer security, and being a practicioner of it we also need something to do which is not related to it. Should you not find that something then odds are you will sooner then later begin to feel a burn out. This is something to be avoided. I felt that way after one of my certifications. Didn't really feel like doing anything for about six months.

Personally for me I very much enjoy watching Battlestar Galactica on the Space Channel. That show is absolutely fantastic and is an incredible remake of the original series. While I watch this show the last thing on my mind is computer security or writing. I am able to completely immerse myself in the show, and when it is finished I actually feel re

Apple ITunes the warez killer

Well it was great fanfare that Apple announced that they have reached the 1 billion download mark for their music service. This is indeed a milestone, for Apple and a watershed moment for the music industry. With the advent of the Internet and the fact that technology has uncorked many things never possible like ripping CD's and the such the music industry has been in a tizzy to stick the cork back in.

Well you may be asking yourself though just what the heck does Apple ITunes and their billionth download have to do with warez? Good question indeed! It is one though that I think that most network security practicioners could answer. For the remainder though it is one that does not make a whole lot of sense. Think of it this way. Most everyone working nowadays has direct Internet access via their workstation terminal at work. Quite a few of those people also use P2P schemes such as Grokster, EMule, and the such to download music, movies and who knows what else while at work.

While that may not seem all that big of a deal rest assured that it is. Would you want your company being server court papers courtesy of RIAA, DMCA or other such body? Odds are your bosses, owners would not be in the least bit impressed at being named in a multimillion dollar lawsuit for downloading copyrighted material. If your company is publicly traded odds are that the stock share price would take a hit. That definitely would not bode well for your job security as the network security analyst.

Whether or not we agree with recent court rulings we must realize that they are the law of the land. It

My first blog post

Well it seems I have finally fallen like many before me, and am now a blogger. It is a pretty fun way to share thoughts I may have on computer security, and other peripheral subjects that relate to it. I look forward to receiving feedback, and engaging in interesting debate with my readers. There is already something that caught my eye that is of interest to me, and hopefully to you as well. To that end I shall write my thoughts on it shortly. Till then!

Scroll to Top