|
[Via Webcast: iPhone Forensics Demonstration] Come promesso ai ragazzi del corso di forensics posto le informazioni per un pò di mela evidence acquisition Tags: apple, evidence acquisition, forensics, iphone[Via goosh.org - the unofficial google shell.] L’utilità di certi oggetti è sempre molto dubbia se associati al web in se e per se, ma sto già sognando una interazione con lynx su di una bash shell nuda e cruda … o mio dio! X11 può definitivamente andare nel cassetto! Shell r0x! Tags: bash shell, google, shell, terminal
31
05
2008
Update on the Book - Amazon - RoughCuts - Writing done? [Raffy's Computer Security Blog]Posted by: Andrea L. in reblog
By the way, my reviewers were absolutely amazing. I couldn’t have wished for a better team. Thanks guys! The rought-cuts version of “Applied Security Visualization” is now also available. It’s an electronic version of, I think, 4 of the chapters. You can also pre-order the book on Amazon. This is all really exciting. Finally, after 1.5 years, the book is close to be done. Let’s hope for a launch in August, at BlackHat! Tags: book, securityHere’s another slide show from eWeek about the IT security risks of employees: 1) USB Flash Drives This must employee security threat week. Information Week magazine had a similar article about the same subject.      Come ogni santo Lunedì mattina mi dedico all’aggiornamento spulcio i feed e cosa ti trovo? Un fantastico test ameno Molto molto divertente [Via Zombie Apocalypse! Quante possibilità hai?] Tags: amenità, freeuser, test
Core Security Technologies Advisory - Three vulnerabilities discovered in the iCal application may allow un-authenticated attackers to execute arbitrary code on vulnerable systems with (and potentially without) the assistance from the end user of the application and may cause a denial of service condition. iCal version 3.0.1 on MacOS X 10.5.1 (Leopard) is affected
24
05
2008
5 Tips for beginning security bloggers [belsec] [Belgian Security Blognetwork]Posted by: Andrea L. in reblogFirst you should decide for yourself if you wanne use your real name or just a pseudonyme. It is very dangerous to use your real name because in our country the IT business has no culture of discussion, debate and openness to comments and correction. It seems sometimes that every consultant has to be a Leonardo Da vinci what even in as a specialists ain’t easy or even possible. The other danger is that as there is no culture of discussion the first response they have is to attack the messenger. Silly, but the reality. Secondly you should decide if you would inform your boss that you are blogging. whatever you do you better not blog or write about his boss or his clients or ennemies. It will always come back to you. You can inform your boss and he has no right to refuse you the right to blog - surely not if you keep yourself strict to the rule that you don’t blog about all those things connected around his firm. But if you use your real name and you can be found on the internet linked to your boss you should inform your boss and you should ask if there is a communication or blogpolicy. It would be wise for some firms to have that. Thirdly you should decide if you let people comment on the blog or not. First of all you shouldn’t give those comments a high visibility as it something you don’t control. And in most blogsystems you can put them out when needed. Fourth you should search for a hosted system and not try to host or implement yourself a blogging or website system. You may do it but you will lose a lot of time trying to keep up with the pace of attacks and bugs. And when you get hacked it is your credibility that is up in smoke. Fifth you should remember that belgium has a very stringent cybercriminality law and you really should think twice before publishing stuff that could be used to attack a system. You should also think twice a a securitytester to do the testing yourself. Tags: blogging, freeuser, security
I believe I first learned of Gigamon at the 2006 RSA show. I mentioned their appliance 1 1/2 years ago in my post Pervasive Network Awareness via Interop SpyNet. Today I finally got a chance to cable a GigaVUE 422 in my lab. Gigamon describes their appliance as a “data access switch,” but I prefer the term “traffic access switch.” You can think of the GigaVUE as an advanced appliance for tapping, accepting tap or SPAN output, and filtering, combining, separating, and otherwise manipulating copies of that traffic for monitoring purposes. The device I received contained one fixed panel (far left in the image), plus four configurable daughter cards. This model has fixed fiber ports. At the extreme left of the image you’ll see two RJ-45 ports. The top one is a copper network management port, while the lower is a console cable. The first daughter card, to the right of the fixed panel, is a GigaPORT 4 port copper expansion module. That card also has four SFP slots for either copper or fiber SFPs; they’re empty here. The next daughter card is a GigaTAP-TX copper tap module. The final daughter card is a GigaTAP-SX fiber tap module. You’ll notice I have room for one more daughter card, at the far right. If I had time to create a pretty network diagram, I would show how everything is cabled. Absent that, I’ll describe the setup. I have three servers and one network tap that are relevant.
To summarize, I have the GigaVUE acting as an acceptor of network traffic (from the iTap), an interceptor of network traffic (via the fiber and copper tap modules), and as a source of network traffic (being sent to the 2950iii). On the GigaVUE this translates into the following:
Given this setup, I wanted to configure the GigaVUE so I could get traffic from Ports 5, 9, 10, 13, and 14 sent to port 7. After logging in via the console cable, I configured ports 9 and 10 so that their traffic was available to other ports on the GigaVUE. By default (and when power is lost), these ports passively pass traffic. GigaVUE>config port-params 9 taptx active GigaVUE>config port-pair 9 10 alias copper-tap Next I told the box I wanted port 7 as my “tool” port. This means it will transmit traffic it sees (none yet) to the 2950iii acting as a network sensor. GigaVUE>config port-type 7 tool I told GigaVUE to send traffic that it sees from the iTap on port 5 to port 7. GigaVUE>config connect 5 to 7 At this point I could sniff traffic on the 2950iii and see packets from the iTap, sent through the GigaVUE. Finally I configured the two sets of tap ports to transmit what they saw to the tool port as well. GigaVUE>config connect 9 to 7 GigaVUE>config connect 10 to 7 GigaVUE>config connect 13 to 7 GigaVUE>config connect 14 to 7 At this point traffic sent between r200a and r200b on their copper and fiber ports, plus traffic from the iTap, appeared on the sniffing interface of the 2950iii sensor — courtesy of the GigaVUE. I decided to try a few simple filtering actions to control what traffic was seen by the 2950iii sensor. The first filter told the GigaVUE to not show traffic with destination port 22. This filter applies at the tool port, so traffic to dest port 22 makes it into the GigaVUE but is dropped before it can leave the box. GigaVUE>config filter deny portdst 22 alias ignore-ssh-dst GigaVUE>config port-filter 7 ignore-ssh-dst The second filter removes traffic from source port 22. GigaVUE>config filter deny portsrc 22 alias ignore-ssh-src GigaVUE>config port-filter 7 ignore-ssh-src The final two commands remove these filters. GigaVUE>delete port-filter 7 ignore-ssh-dst GigaVUE>delete port-filter 7 ignore-ssh-src This is a really cursory trial, but I wanted to document the few commands I did perform. If you have any questions, feel free to post them here. I’ll ask the Gigamon team to respond here, or directly to you if you so desire in your comment. Thanks to Gigamon for providing a demo box for me to try. I wanted to get some “hands-on” time with this device so I can decide if I need this sort of flexibility in production monitoring environments.
Here’s another image, from a higher angle. Copyright 2003-2008 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)
Tags: Gigamon, GigaVUE, hands-on, iTap, security
Microsoft Word versions 2003 and 2007 are susceptible to crash and cross site scripting vulnerabilities via malicious javascript execution.
##################################################### DORK: N/A —DESCRIPTION— 1. Write Tabs - You can post title, contents and upload files. In Upload section, You can upload php script such as r57,c99,etc. into systems 2. If you can't upload your php script: Found message "File type does not meet security guidelines. Try another" —NOTE/TIP— In Plugins Edit section, Use comment /* … */ to keep plugins code before add shells. ##################################################################
21
05
2008
Presentation Zen: Brain rules for PowerPoint & Keynote presentersPosted by: Andrea L. in reblog
As I have said many times: if you want to learn how to be a great presenter, look outside the public-speaking and presentation-skills literature, and certainly look beyond advice on how to use ephemeral software apps like PowerPoint and Keynote. Every year it seems a new book comes out with practical applications for presenters and speakers, even though it’s not a book about presentations at all. For example, best-selling books like A Whole New Mind, and Made to Stick had valuable lessons and applications for presenters; some of the ideas from those two books ended up in Presentation Zen. This year, thanks to the Authors@Google speaking series (where I also spoke in March), I stumbled across this 50-minute talk by Dr. John Medina outlining a few of his key points from Brain Rules. I was impressed with the content, so I bought the book. Tags: John Medina, presentation zen, zen brain |
|
Powered by WordPress, Mandigo theme by tom.
Entries (RSS)
and Comments (RSS).
55 queries. 0.807 seconds.
Social Networks
