Security Briefing Time

cc photo credit DSCF3001 by joelogon on Flickr

From Briefing Time, a B-25J “Mitchell” bomber.

I love bomber nose art.  Couldn’t have asked for a more perfect find this time!

• Overwriting can occur anytime, as long as it is done once after - SANS Computer Forensics, Investigation, and Response blog.  Continuing the discussion on hard-disk wiping efficacy; one time overwrite, whatever the source, is usually sufficient.

• BackTrack 4 Beta released 2009 – LiveCD released by Remote-Exploit.org that is focused on pen-testing.  Really nice tool for security testers. Advanced tools and utilities.  Not for mere mortals!

• Using RegRipper for malware detection – Windows Incident Response blog – Harlan really shows the benefits for sysadmins in being familiar with some forensic tools and techniques.  Being familiar with registry research can help pin down malware detection and infection studies.

• The Trojan solved it! Catching a fraudster with another criminal, ‘myspacce.exe’ - SANS Computer Forensics, Investigation, and Response blog.  A really great study-read on how a malware infection gave away the subject of a forensics investigation.  Again, the focus here is picking up tips for system admins on malware knowledge and user activity. Also valuable in showing how alternative data streams of NTFS can be used in research as well as looking in the System Restore points for timing of activity.

• More tricks from Conficker and VM detection – SANS ISC Handler’s Diary blog – This time the focus is on how malware can use changes to the Access Control Lists (ACL/Windows File Permissions) settings on a particular registry key to prevent everyone (including Administrators) from removing the key.  It also checks to see if it is running on a virtual machine.  All indications is that this is a pretty sophisticated and well written nasty.

• Keeping Conficker / Downadup malware off your network in 2009 - Napera Networks – Great breakdown of important items to know about this malware and how to keep your systems clean.

• Best defense against malware: Smarter users – Chron.com TechBlog – local Houston reminder why a/v software itself might not be the end-all solution.  Slow DAT file updates look like it bit the H-town city government in the rear.

• Win32/Srizbi - Microsoft Malware Protection Center blog – Brief writeup of trojan dropper/rootkit that is targeted by the MSRT tool.  Some technical information on where to look for it in the file system and registry as well as how it works.  Good stuff.

• IE8 Security Part VIII: SmartScreen Filter Release Candidate Update – IEBlog team details some improvements in the way their product will alert users to unsafe web-pages.  Nice design work and is similar to what Firefox 3.x is using for end-user notifications as well.  i hope we can deploy this at our workplace environment not long after it is released and tested on our internal web-site pages.

• Exploit Shield 0.60 Beta - F-Secure Weblog – New version, now Vista compatible (32-bit at least) of a tool to provide various heuristics-based security protection.  Haven’t personally tried it out yet, but likely will be tossing it on a virtual machine system in the near future.

Cheers!

--Claus V.