Don Parker Blog

Don Parker is lead analyst, and technical trainer at Bridon Security & Training Services located in Ottawa, Ontario, Canada. He has worked for SANS in the capacity of Local Mentor for the Intrusion Detection In-Depth track, and has enjoyed speaking at various security conferences, as a guest speaker. Being a widely published author he continues to write for various online, and print media like Securityfocus, and SCMagazine in an effort to share knowledge. Don also does technical book editing for various publishers, and enjoys teaching various custom courses for clients. Rounding out his activites he volunteers his time to various local efforts.

VPN’s and fragmentation

Well I would imagine most of you have Virtual Private Network’s (VPN) on your corporate network. That plus the use of an IDS can potentially give you problems, as often the use of VPN’s will result in fragmented traffic. Had that very problem occur to me a couple of years ago, and the end result was some really bizarre fragmented traffic. It took a while to figure out what the problem was but eventually we were able to trace it back to the VPN. Any of you guys ever experience the same scenario?
Technorati Tags: VPN, Packet, Fragmented packet, IDS

2007 e-Crime Survey

2007 e-Crime Watch Survey and the 5th Annual Global State of Information Security

Awareness of information security and identity theft issues is at an all-time high, but overall security isn’t improving. Even with increased IT spending, security specialists are recognizing that the amount they don’t know is rapidly growing. The explosion of stealthy threats from bots, Trojans and rootkits continues to out pace most IT staff capabilities.

Date:Nov. 27, 2007

Time:2:00 PM ET

1:00 PM CT

12:00 PM MT

11:00 AM PT

Register for this event

Join us for a look at two recent surveys of security professionals, the 2007 e-Crime Watch Survey and The Fifth Annual Global State of Information Security. These 2007 surveys have been compiled from CERT, CSO Magazine, U.S. Secret Service, CIO, CSO and PricewaterhouseCoopers. This presentation will focus on the results, analysis and potential solutions for SMB organizations.

Technorati Tags: E-crime, Trojans, Bots, Rootkits

More Microsoft patching

A good number of you are likely aware that Microsoft just issued another series of patches recently. I’m curious though to know if any of you have seen any activity that used these exploit vectors? Personally, I have not seen any such activity. It is always interesting to see just how widely exploited some of these vulnerabilities are prior to the actual patch announcements. Quite a few people have the skill to reverse engineer the patch, once released, and then find the problem. That is why things often pick up after a patch release.
Technorati Tags: Microsoft, Patch Tuesday, Exploit, Vulnerability

ISP Abuse departments

Well I have always known that ISP abuse departments are generally very lame. They never seem to bother returning any darn email that you send them. I recently had the need to try and find out what the heck an intermittent connection was doing. It was easily resolved the ISP but when I tried to surf to that IP address on port 80 there was nothing there. Strange. I thought my wife or son might have gotten me hacked . So I decided to send some packet logs to the ISP abuse department to investigate just why this IP addy with no web server was seeing SYN connect attempts by my computer.
07:52:41.875000 IP (tos 0x0, ttl 128, id 21722, offset 0, flags [DF], proto: TCP (6), length: 48) > S, cksum 0x727f (correct), 3900559278:3900559278(0) win 65535 <mss 1460,nop,nop,sackOK> 0x0000: 4500 0030 54da 4000 8006 5328 c0a8 6f02 E..0T.@…S(..o. 0x0010: d17b 519f 055e 0050 e87d cfae 0000 0000 .{Q..^.P.}…… 0x0020: 7002 ffff 727f 0000 0204 05b4 0101 0402 p…r………..
Well the abuse department never bothered to get back to me of course. Job well done ya bunch of idiot sticks. Nice to see your sad level of committment! Anyhow, I decided to run tcpdump.exe on my computer to try and find out what the heck was going on for as mentioned there was no web server at the IP addy. Well, it turned out to be much ado about nothing. It was Symantec dialing out for a/v updates.
07:52:41.906250 IP (tos 0x0, ttl 128, id 21728, offset 0, flags [DF], proto: TCP (6), length: 126) > P, cksum 0x5336 (incorrect (

Software baselines

As attackers continue to target software packages such as Quicktime, amongst others, it makes one wonder if more companies should not clamp down on their software baseline installs. While Microsoft has steadily improved the security of their operating systems it only makes sense then for hackers to shift their focus. This is where having a sane software baseline is very important for a corporate network. There is really little need to install Quicktime to list but one example. Too many employees expect their company to also act as an ISP while forgetting they are there to work. Having a software baseline is one way to deal with not only employee surfing but also to help secure the network itself. Any of you guys have such a policy in place at work?
Technorati Tags: Quicktime, Microsoft, Software baseline, ISP

Symantec purchases yet another company

If you ask me the trend of the last few years, which has seen a tremendous amount of consolidation in the computer security industry, is not really a good thing. Now Symantec has bought out another company in order to round out its product offerings. It is not often that you will see large companies being at the forefront of innovation. This is why it does not really bode well for us as a whole. Another example of this is IBM and others companies going on a recent buying spree. Its great news for the owners and or shareholders of the bought out companies, but not so great for the rest of us. Time will be the ultimate judge of this though.
Technorati Tags: IBM, Watchfire, Symantec

Improving cybersecurity?

It was with some amusement that I read the following. I don’t know why they need a whole task-force composed of experts to come up with a strategy to better safeguard their cyber assets. Much as we all know, it all comes down to implementing standard procedures. The key though is in making sure the foot-soldiers ie: the sys admin’s actually implement this plan. Point in case, how often have we seen systems hacked because they did not have a patch installed, or a system actually connected to the Internet while it was being hardened . Let’s not over complicate things here. Stick to the basics and make darn sure that you actually stick to the game plan.
Technorati Tags: Cybersecurity, Network Security, Hack

Adobe PDF exploit

Most of you have likely heard about the recent surge in the use of the Adobe PDF exploit. Personally, I have received a few emails containing it but I was not able to actually look at the attachment. It was too late, as my provider had caught it. Kind of a bummer as I wanted to crack it open in a hex editor and also Olly. Have any of you been getting these attachments at your work or home? The volume does not seem to be too bad so far. If any of you have got a sample feel free to send it my way. Send me an email first though .
Technorati Tags: PDF exploit, Adobe, Microsoft, Virus

Spyware equals $$$

Well, if there was ever a doubt that spyware is big business give the following a read. I seriously doubt anyone will shed a tear now that the company has shut its doors. It is hard to comprehend though just how spyware can be so lucrative. That said, when you have millions of computers at your disposal, so to speak, the revenue can quickly add up. It is nice to see also that the government is taking this type of electronic annoyance more seriously by beginning to hand out some stiff fines.
Technorati Tags: Spyware, Trojan, Virus, Exploit

Identity theft

I just read this piece on identity theft. So it then came as a funny coincidence that my insurance policy came to me in the mail. Part of my policy gives me coverage for identity theft. A whopping $10,000.00 is what I am covered for. There is little doubt that identity theft is a real problem. Question is though, just how widespread is it? To my knowledge there is no one that I know who has been a victim of this. What about you guys? Anyone you know affected by this?
Technorati Tags: Identity theft, Computer security

Scroll to Top