Hey guys,

There will soon be an opportunity going up on WindowSecurity to win a copy of Windows Group Policy Guide. Make sure you check the site regularly, and best of luck!

Technorati Tags: Group policy, Book

It was only a matter of time before rootkits and other assorted malware became cognizant of running in VMware type environments. There has been a lot of research lately concerning this by various researchers. For those of you who see running a VMware image as a failsafe be aware, it isn’t. That said, it is a huge step forward in terms of security though one that is not widely deployed by corporate networks. Equally fun thought is performing reverse engineering on malware that has code built into it to detect its running in VMware. Any of guys looked at any such malware?

Technorati Tags: VMware, Rootkit, Reverse engineering

It is always a very difficult decision to make; that of leaving a good full-time job to become a contractor. That is when you realize what a safety net it is working for someone else. That switch though can be done right with some proper planning. The one method that I would recommend is the following one. First off we will have to assume that you have a security clearance and the appropriate experience in computer security. With that said, apply to one of the agencies that staffs positions with the government or military. There are always vacancies that need to be filled. The trick is to get a one year contract or better if available. Having that first long term contract will allow you to save up a bankroll to see you through any lean times. Remember, contract work should pay you roughly 2.5 to 3 times what your normal full-time salary is.

Technorati Tags: Contracting, Security clearance

It seems that with that every passing year the virtualization market is growing. Many companies are waking up to the fact that running virtual servers makes good business sense. Though the same cannot be said of running VM images for end-users. That has yet to be adopted by mainstream corporate networks. Though I would wager it will gather steam in the next five years. Do any of you guys runs virtualized servers or workstations?

Technorati Tags: Virtual network, VMware, Server

How many of you have in-house designed web applications tied in to a backend database? Moreover, have these custom web applications been tested for vulnerabilities. The one thing that the myriad of web application exploits has taught us is that there is a large need for security testing. Anytime you introduce another dimension to your network it should be thoroughly tested. This is doubly so for anyone in the financial, automotive, and other such targeted sectors. I do say automotive because there have been several recent cases of "business intelligence" or more commonly known as corporate espionage involving automotive companies. It is far cheaper for a competitor to pay a professional hacker ten’s of thousands if they are going to get them corporate secrets worth millions or billions.

Technorati Tags: Web application security, Business intelligence, Audit

Well the folks at TJX who had their database breached have come up with a figure of $118,000,000 USD. That is the cost of the breach itself, and that includes the costs of liability and credits/debits which arose as a result of the lapse in security. In retrospect it would seem a bargain to have a well trained security staff in place, plus having outsourced third party audits of their network. Well hopefully TJX now realizes that network security is no longer an option, or a drain on resources, but rather a business enabler. I won’t my breath on getting a call from them though

Technorati Tags: TJX, Database, Computer security, Audit

It really is important that we as computer security professionals conduct ourselves in a professional manner. I see a lot of examples on a weekly basis where people who work in the industry shoot themselves in the foot, in quite often, spectacular ways. Seen as we all work in a medium which is Google indexed, then it makes sense to choose our words carefully. Even more so, when they might be visible for some time to come. It is always best to bite ones tongue, or take a night to cool off before responding to that email, or forum post. Look at it this way, if you are not sure about whether or not you should post that retort, or send that email, then odds are you shouldn’t. Remember, the Internet is largely a tone deaf medium, so choose your words carefully as they represent you, and your company.

Technorati Tags: Professionalism, Computer security, Google

Dave Aitel, CTO of Immunity has released their new debugger which was built using Python. It boasts the industries first heap analysis tool, and "analyze malware,
and reverse engineer binary files". I have not had a chance to play with it yet, but I’m fairly certain it will be quite good. On that note, many thanks to Dave Aitel and company for donating a ton of billable hours in order to develop Immunity Debugger and then release it for free.

Technorati Tags: Immunity debugger, Dave Aitel, Python, Heap analysis

There have been quite a few people, and some questionable research groups, who have claimed the Intrusion Detection System (IDS) to be dead. No longer a relevant technology and all that. Well I for one would disagree with that statement. While the IDS is not the end all be all of network security it is still a vital piece of it. The main problem with them is that the people who administer them often don’t have the requisite knowledge. They would be hard pressed to differentiate between and ICMP echo request and an ICMP echo reply. Much like any piece of network security technology, it is only as good as the person administering it.

Technorati Tags: Intrusion Detection System, IDS, Network Security, ICMP

Hi guys,

OSSEC will be releasing its latest offering this upcoming week. In case some of you have not heard of it, it is an open source, host based Intrusion Detection System (IDS). It does more then that though, log analysis, integrity checking, Widows registry monitoring to name but a few. Really quite a good security program, and to boot, it is free . You simply have to love open source. It would be great if they could also get a buck or two to help them along in their efforts. Check it out!

Technorati Tags: OSSEC, IDS, Log analysis, Integrity checking