If you are in the computer security industry, or a student of it, then it is likely that you have heard of fuzzing. This "fuzzing" is by no means new, but it remains a very effective technique to find flaws in software programs. Not only can you use fuzzing to find bugs in programs such as Internet Explorer and other web browsers, but you can also use fuzzing against network protocols. This is one area that is very much worth exploring if you are new to it. Quite a few fuzzing tools are out there to be used and are also free . Give it a shot, odds are you will find it a worthwhile endeavor.

Technorati Tags: Fuzzing, SPIKE, Network security, Web browser

For me scripting and programming have never really come easily. It is something that I need to work on, and continue to work at. Programming though, is something that I have pretty much given up on due to a lack of time. Scripting however is something that I force myself to keep picking at. The sheer versatility of being able to write scripts in PERL, Python or other such language cannot be stressed enough for the security professional. Actually I wrote a two part series on it that you may wish to give a read. It gives a pretty good example of just how versatile a tool, scripting can be. What I plan on doing in the short term is to try and devote an hour a day to scripting. A lofty goal I am sure, but one I will strive to attain. What about you guys, any preferred language?

Technorati Tags: PERL, Python, Ruby, Scripting

Well we pretty much all know that Intrusion Detection Systems (IDS) are a security program based on signatures. These signatures can be ASCII or HEX patterns, and ports, amongst other fields. Well while an IDS will not catch everything, especially 0 day, you can still try to catch the hacker who dropped a 0 day on you. How you ask??? Well most hacks have a predictable end state ie: remote code execution via a command shell or similar type strategy. Well the trick is to then build signatures to catch such outbound command sessions. Yep, that means stuff like c:’ and c:’windows’system32 and the such. That plus the xp_cmdshell which could be the result of an SQL hack. These are some of the obvious ones to look for. What takes time is to look for the not so obvious signs of outbound connectivity

Technorati Tags: Command shell, Remote code execution, Intrusion Detection System, IDS

It is a tough call for any parent. Does one install a keylogger on their child’s computer or don’t they. Well with the never ending parade of horror stories concerning kids and social networking sites, one has to wonder. Furthermore, if you install one, do you tell your children or don’t you? With WiFi being as prevalent as it is, your kids could be upstairs out of eye site surfing on sites that you don’t approve of. There is no easy solution outside of unplugging the modem and taking it to bed with you. Installing a keylogger as distateful as it seems, is for many the only solution to protecting their children. Personally speaking, I will be purchasing a PC and putting it in on the kitchen counter. That is where my kids will do their surfing. I would just as soon not take any chances.

Technorati Tags: Keylogger, Monitoring software, Computer

Well another of WindowSecurity’s authors is in the news. Martin Kiaer’s company has won an award for a project that he worked on. Not too shabby. A job well done to Martin and his company. This is exactly the kind of innovative work that professionals such as Martin are known for.

Technorati Tags: Martin Kiaer, Microsoft Partner

Has it ever crossed your mind, in the recent past, that becoming a writer would be neat? Take myself for an example. About six or seven years ago I took stock of my career. I decided that I wanted to implement some career goals. The first was to become a computer security contractor. Problem was, just how do you go about becoming one? For me the solution was to start writing articles about computer security. This would help me reach my goal in that it would get my name and skillset out there to potential clients. Not to mention that if your writing is good enough you can also get paid for it .

Well, you can do the same thing as I did. It worked for me! Now in addition to offering this piece of advice I shall also offer something more valuable, my time. Should this sound like something that is of interest to you, then by all means drop me a line. The catch-22 of no one knowing you is all to fresh in my mind. That can, to some extent, be mitigated by pointing a potential employer or client to your online writing portfolio. Once you have some writing samples those can in turn possibly be leveraged into a book contract. Anyhow, you know where to get a hold of me .

Technorati Tags: Computer security, Writing, Skillset

Well to all of you who think that military networks are all heavily defended here is something for you to read. This really serves to make my point that by, if nothing else, statistics prove that n number of computer networks are insecure. This statistical model, well hardly a model, also applies to the US military networks. Whenever your network or networks begin to become rather large there is always that chance that something was forgotten. Whether it be a vendor patch, or poorly applied file permission something is normally amiss. Some people have commented on the articles that I have written for WindowSecurity as being unrealistic in that the network was too easily penetrated. Well for every hack out there, there was a way in. Bear that in mind, and always regularly have your networks audited by third party help.

Technorati Tags: Pen Test, Vulnerability Assessment, Computer Network

Well my GCIA is soon about to expire and I am faced with the decision of deciding whether or not I want to recertify. I have had my issues with SANS as of late and still do. The problem for me is that I invested a lot of time and effort in getting my GIAC certs. I am loathe to let them expire, but I really no longer care for the way that they are conducting business ie: having devalued the entire cert family and then flip-flopping. Like many people I am not a huge fan of the certification industry as it is largely a self-serving one. Reality is though, most of us have to maintain certs.

Technorati Tags: SANS, GIAC, Certifications

The tried and true method of going after the IRC command and control server for a botnet is coming to a slow death. Where there is money there is ingenuity, and when you combine that with organized crime, it all happens quickly. Much as is stated in the article, having an IRC server brought down is, surprisingly enough, not a simple task even when it is clearly involved in botnet activity. You can now imagine compounding that problem by the thousands as you will now have to go after the individually infected hosts. There really has to be a simpler way. For me this is simple. Get the ISP’s involved. Ratchet up the penalties levied against people convicted of controlling botnets. I’d say it’s a good start.

Technorati Tags: Botnet, IRC, Computer Security

Well the threat of the trusted insider is no urban or IT myth. It is very much real, and everpresent. Though it is tough to get statistics in relation to actual computer crimes committed by trusted insiders, it is safe to say they are under-reported. What can you do though to mitigate this? There are steps that one can take. First and foremost in my mind is having periodic audits by external ie: third party, network security personnel. While not everyone can afford to do this it will go a long ways towards keeping everyone honest. Secondly, one could also have their internal network traffic analyzed on a regular schedule. This is both cost effective and also helps diagnose the state of your network ie: any viruses, worms, malware, or other shady business going on. It is something that I for one, certainly encourage my clients to do. Food for thought.

Technorati Tags: Network security, Insider threat, Malware, Worms, Computer virus