Twitter
LinkedIn
RSS

Posts Tagged ‘podcasts’


ISC StormCast for Friday, April 25th 2014 http://isc.sans.edu/podcastdetail.html?id=3951, (Thu, Apr 24th)

(c) SANS Internet Storm Center.

Read More...

Fun with Passphrases!, (Thu, Apr 24th)

As systems administrators and security folks, we’ve all had our fill of our users and customers using simple passwords.  Most operating systems these days now enforce some level of password complexity by default, with options to “beef up” the password requirements for passwords. The prevailing wisdom today is to use passphrases – demonstrated nicely by our bud at xkcd – http://xkcd.com/936/ So I routinely have very long pass phrases for public facing accounts.  Imagine my surprise when I was creating a new account on major cloud service (the one that starts with an “O” and ends with a “365″), and found that I was limited to a 16 character password.  Needless to say I have a case open to see if that limit can be removed.  I’m not looking for no limit / invitation to a buffer overflow status on the password field, but something bigger than 16 would really be appreciated !     (c) SANS Internet Storm Center

Read More...

Be Careful what you Scan for!, (Thu, Apr 24th)

After some fun and games at one customer site in particular, I found that the SSL services on the earlier versions of the HP Proiliant Servers iLo ports (iL01 and iLO2) are not susceptible to heartbleed. However, their implementation of SSL is fragile enough that scanning them for the Heartbleed vulnerability will render them inoperable.  This affects Proliants from G1 all the way up to G6, as well as many of the HP Bladesystems.  A complete power down of the entire system – as in remove both of the AC cables – is required to reset the iLo card and bring it back to life.  While this may seem  like a quick fix for a single server, if that server is running a Hypervisor, or if it’s a bladesystem with Hypervisors running on the blades, this can multiply to be a huge issue.  Especially if your client scanned the server subnet, and effectively bricked all their iLO cards before they realized there was a problem (oops) (And yes, the fact that we worked this out Easter weekend is somewhat ironic.) Full details are in HP Support Document c04249852 This illustrates that even when scanning for simple things (with NMAP, Nessus or any other scanning tool really), it’s best to scan a few test systems first – or if you have a test VLAN that replicates your production systems, even better!   This isn’t a problem with the scanners, almost always the problem is the fragility of the service being scanned.  Many services are only written to deal with “the right” inputs, which is not how most scanners (or most attackers) tend to operate. Safe Scanning Everyone! ======================== Rob VandenBrink Metafore (c) SANS Internet Storm Center.

Read More...

ISC StormCast for Wednesday, April 23rd 2014 http://isc.sans.edu/podcastdetail.html?id=3947, (Wed, Apr 23rd)

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Read More...

Port 32764 Router Backdoor is Back (or was it ever gone?), (Tue, Apr 22nd)

Unlike announced a few month ago, the infamous “Port 32764″ backdoor was not fully patched in new routers [1]. As a reminder, the original backdoored allowed unrestricted/unauthenticated root access to a router by connecting to port 32764.

Read More...

Allow us to leave!, (Mon, Apr 21st)

Here’s one yardstick that I use before signing up for any new online service: I first search the Interwebs for stories from users who tried to close their account and to leave same service, and were given a hard time.  I understand that commercially it is “rewarding” to show 300 million subscribers, even if 90% of them are stale accounts. But from a privacy and data security point of view, it does NOT make any sense for a user to leave an account behind that he/she knows for sure will never be used again.  Some services, also larger ones, are handling this issue professionally, and have a decently findable link on their home page that allows the closing of an account and deletion of stored data. Others .

Read More...

ISC StormCast for Monday, April 21st 2014 http://isc.sans.edu/podcastdetail.html?id=3943, (Mon, Apr 21st)

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Read More...

Testing your website for the heartbleed vulnerability with nmap, (Fri, Apr 18th)

We have received reports by many readers about buggy tools to test for the heartbleed vulnerability. Today I want to show you how easy it is to check for this vulnerability using a reliable tool as nmap. You just need to trigger a version scan ( -sV ) along with the script ( ssl-heartbleed ).

Read More...

ISC StormCast for Friday, April 18th 2014 http://isc.sans.edu/podcastdetail.html?id=3941, (Fri, Apr 18th)

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Read More...

New Feature: Monitoring Certification Revocation Lists https://isc.sans.edu/crls.html, (Wed, Apr 16th)

—— Johannes B. Ullrich, Ph.D. SANS Technology Institute Twitter (c) SANS Internet Storm Center.

Read More...