The Network Administrator

Another reason to be VERY cautious when using a guest WIFI network.

MWahl | November 11, 2010 | 3:19 pm

This has been out there for some time now. A brand new Firefox add-on called “FireSheep” http://wiki.twit.tv/wiki/Security_Now_272 lets anyone who is connected to the same Wi-Fi or Ethernet as someone that may be using Facebook or Twitter hack their account easily with just the click of a mouse button.

The link below shows just how easy it is to install firesheep.http://codebutler.com/firesheep

The goods news, there are something’s you can do to protect yourself.

If you use Firefox, these add-ons should do the trick:

HTTPS Everywhere — this gem from the Electronic Frontier Foundation is about as good as it gets. By default it forces most popular websites to use HTTPS, and you can add your own rules for other sites. This is one of the few add-ons that I use everywhere
Torbutton — this solution is slightly more involved (it’s for power-users), but if you want to be really secure and anonymous, the Tor network is a fantastic solution
Force-TLS — this is like HTTPS Everywhere, but doesn’t come with a built-in dictionary of secure sites. Adding them is very easy, though

Chrome users, due to a limitation of the browser, aren’t quite so lucky. There is no way to force HTTPS with an extension. You may have read elsewhere that KB SSL will help you, but it won’t. Instead you need to use a secure SOCKS proxy. This isn’t particularly hard, it does involve a bit of work.

A guide for Windows users, using SpoonProxy
A guide for Mac users, using Meerkat — our sister site TUAW has a guide that might help, too

Opera and Internet Explorer users: you too will need to use a SOCKS proxy; just follow one of the guides above.
Ultimately, though, if you use unsecured Wi-Fi networks you will leave yourself exposed. The best solution might not be to install add-ons, but to ask your local coffee shop owner to secure his network with WPA2. The entire problem would go away if big-name websites used HTTPS across the board, too.

Comments: Comments Off
Categories: Security
Comments rss
Trackback

Need to be PCI Compliant? Check out Qualys!

MWahl | October 16, 2010 | 4:35 pm

Qualys Websitehttp://www.qualys.com

They will even give you a FREE Scan, when you sign up for a FREE two week trial.

http://www.qualys.com/forms/trials/qualysguard_pci_trial/

Comments: Comments Off
Categories: Security
Comments rss
Trackback

Zenmap security scanner GUI

MWahl | October 16, 2010 | 4:19 pm

I have written about then nmap command line interface in the past, but I want to make sure you are aware of a GUI Nmap tool to scan IP addresses and urls.

Zenmap Website

http://nmap.org/zenmap/

Zenmap Download Page

http://nmap.org/download.html

Check out this video below, mastering the Nmap scripting engine.

Mastering the Nmap Scripting Engine – Fyodor & David Fifield – Defcon 18 from Gordon Fyodor Lyon on Vimeo.

Comments: Comments Off
Categories: Security
Comments rss
Trackback

Scan your external public ip address

MWahl | October 16, 2010 | 4:14 pm

http://www.secmynet.com

You can scan your router. firewall,etc and make sure you only have the ports you need open.

Comments: Comments Off
Categories: Security
Comments rss
Trackback

Windows updates for October 2009

MWahl | October 12, 2009 | 5:58 pm

With nine “Critical” and five “Important” updates, October’s patch Tuesday is going to be pretty important to say the least.

Microsoft will be addressing at least 34 vulnerabilities.

See the complete details here….http://www.microsoft.com/technet/security/bulletin/ms09-sep.mspx

Bulletin ID	Bulletin Title and Executive Summary	Maximum Severity Rating and Vulnerability Impact	Restart Requirement	Affected Software
MS09-045	Vulnerability in JScript Scripting Engine Could Allow Remote Code Execution (971961) This security update resolves a privately reported vulnerability in the JScript scripting engine that could allow remote code execution if a user opened a specially crafted file or visited a specially crafted Web site and invoked a malformed script. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.	Critical Remote Code Execution	May require restart	Microsoft Windows
MS09-049	Vulnerability in Wireless LAN AutoConfig Service Could Allow Remote Code Execution (970710) This security update resolves a privately reported vulnerability in Wireless LAN AutoConfig Service. The vulnerability could allow remote code execution if a client or server with a wireless network interface enabled receives specially crafted wireless frames. Systems without a wireless card enabled are not at risk from this vulnerability.	Critical Remote Code Execution	Requires restart	Microsoft Windows
MS09-047	Vulnerabilities in Windows Media Format Could Allow Remote Code Execution (973812) This security update resolves two privately reported vulnerabilities in Windows Media Format. Either vulnerability could allow remote code execution if a user opened a specially crafted media file. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.	Critical Remote Code Execution	May require restart	Microsoft Windows
MS09-048	Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution (967723) This security update resolves several privately reported vulnerabilities in Transmission Control Protocol/Internet Protocol (TCP/IP) processing. The vulnerabilities could allow remote code execution if an attacker sent specially crafted TCP/IP packets over the network to a computer with a listening service. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed.	Critical Remote Code Execution	Requires restart	Microsoft Windows
MS09-046	Vulnerability in DHTML Editing Component ActiveX Control Could Allow Remote Code Execution (956844) This security update resolves a privately reported vulnerability in the DHTML Editing Component ActiveX control. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.	Critical Remote Code Execution	May require restart	Microsoft Windows

Comments: Comments Off
Categories: Security
Comments rss
Trackback

microsoft security essentials is a Free anti-malware shield for Windows XP, Vista and 7

MWahl | October 1, 2009 | 7:37 pm

Available from http://www.microsoft.com/security_essentials
the program is designed to stop common threats such as viruses, spyware, rootkits and Trojans. It runs on Windows XP, Vista and 7, in both 32-bit and 64-bit editions.

Also check out..http://www.malwarebytes.org/mbam.php

Sometimes its faster and easier to just use the windows system restore and go back to sometime before the malware was installed.

Comments: Comments Off
Categories: Security, Windows Desktops, Windows Server, Windows tools
Comments rss
Trackback

CrackingWEP

MWahl | September 6, 2009 | 7:17 am

https://help.ubuntu.com/community/CrackingWEP

Comments: Comments Off
Categories: Linux Server, Linux tools, Security
Comments rss
Trackback

Microsoft® Windows® Malicious Software Removal Tool (KB890830)

MWahl | August 27, 2009 | 9:33 pm

This tool checks your computer for infection by specific, prevalent malicious software (including Blaster, Sasser, and Mydoom) and helps to remove the infection if it is found. Microsoft will release an updated version of this tool on the second Tuesday of each month

If you havent installed this I would recommend doing so. You may already have it, in that case select start run type mrt.

http://www.microsoft.com/downloads/details.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en

Comments: Comments Off
Categories: Security, Windows Desktops
Comments rss
Trackback

Generate rsa to ssh to pix

MWahl | July 4, 2009 | 12:28 pm

conf t, ca generate rsa 1024

If there is an existing key that you need to clear, issue ca zeroize rsa

Comments: Comments Off
Categories: Networking, Security
Comments rss
Trackback

Wireless Security

MWahl | July 3, 2009 | 8:50 am

I am always suprised at the number of wireless access points that are unsecure. At the very least I would recommend not broadcasting your SSID, if possible use a security mode such as WAP with a encryption of TKIP or AES. Some devices depending on age may not support security modes beyond WEP. Before you go out and buy a new routers or access point check to see if you can upgrade the device software.