I saw this press release today from my Savant Protection. According to the release Savant’s Protection has been ported over to the Google Android platform. Savant Protection is very interesting technology in the fight to prevent the spread of malware. It’s not AntiVirus in the traditional sense and it is not really white listing either. I’ve seen the demo and have run the app myself. It definitely improves on the current state of malware protection. Good job Ken!
I am curious to see what other security systems will be running on Android in the future. Is there a list of security type applications that run on it? Admittedly I am not that familiar with Android.
–Chris
Technorati Tags: Savant Protection, Malware, Google Android
Share This
February 25, 2008 – 11:36 am
I will be in Orlando tonight and tomorrow night, Atlanta on Wednesday and Raleigh-Durham on Thursday. If anyone is around and wants to grab some food / drink let me know.
–Chris
Share This
February 19, 2008 – 8:15 pm
I came across this paper on Detecting bot C&C channels in network traffic. It is from the Georgia Institute of Technology. An interesting read if you follow the bot problem.
–Chris
Technorati Tags: bot, command and control, channel
Share This
February 19, 2008 – 12:20 am
I have a shiny new MacBook Pro, finally. What are your favorite Mac apps? What should I not be without?
Thanks!
–Chris
Technorati Tags: MacBook, Applications
Share This
February 13, 2008 – 7:57 pm
I saw a reference to this article recently. I knew how Tor worked but never really go under the hood of the exit servers. Well apparently some others have and are setting up their own exit servers for nefarious purposes. It seems as though if you setup an exit server you can specify what ports you want to allow through it. By default I believe it will allow any. If I were to setup an exit server and only allow ports 23, 110 and 143, what do you think I would be able to see? Passwords. To top it off it looks like anyone can setup their own exit server.
Brilliant.
The moral of the story…unencrypted logins will get you into trouble.
–Chris
Technorati Tags: Tor, logons, exit server
Share This
January 29, 2008 – 10:02 am
Juniper Networks announced today their EX line of Switches. You can see more about the switches and a demo at www.juniper.net/ This new line of switches runs their JunOS operating system, rather than some other OS that would create confusion and complication. I have spoken to the local Juniper team and it seems as though Juniper built the switches themselves rather than through OEM or acquisition. I’m not sure I agree with that from a product maturity or time to market aspect. In any case, congrats to Juniper for filling what many believe was a hole in their product offering.
I am curious as to what this will do for their NAC strategy, if anything.
–Chris
Technorati Tags: Juniper, switches, NAC
Share This
January 6, 2008 – 9:50 am
In this new age of Ajax / Web 2.0, is anyone still blocking Javascript at the perimeter or disabling it in the browser?? I remember when this was a significant issue…and it may still be one. It seems like the advantages (perceived or not) of real time page updates provided by Ajax are out weighing the security risks of Javascript.
The reason I ask is that I installed a new Fortinet UTM at a customer site yesterday. When I was setting up the protection profile I could block Javascript, ActiveX and Cookies.
–Chris
Technorati Tags: Javascript, security, Ajax, Fortinet, UTM
Share This
November 20, 2007 – 9:32 pm
I have been following the case of Dan Egerstad from Sweden. He is the researcher who earlier this year posted the user names and passwords for 100 accounts on the Internet. Included in those accounts were ones from government embassies and major corporations. How did he obtain them? He used the Tor network.
I first learned of Tor while at the NSA, back then it was more commonly known as Onion Routing. Tor is basically a series of servers setup with software that allows the forwarding of packets while hiding the originating IP address. One of the biggest problems with Tor is the “last hop” or exit router. This is the last Tor server (node) that handles the packet before it reaches the destination. This last node sees everything being passed and is not encrypted, unless the connection to the destination is done using SSL / TLS, IPSec, etc. The other issue with the exit router is that anyone can set one up. Since Tor is an open network you just need hardware to run the Tor software and a network connection. This is where Dan came in.</strong>
Dan simply setup several Tor servers and analyzed the traffic passing through these exit servers. All total he was able to gather over 1000 user names / passwords. In the interest of disclosure he did make some attempts to notify the organizations involved. It seems in most cases he was ignored or not understood. He then posted 100 of those accounts on the Internet.
The moral of the story. Encrypt it end to end if you expect any degree of privacy. Transport level and application level encryption is so common place these days it amazes me the number of people that don’t use it. The Wall of Sheep at DefCon is a good representation of this. Will that solve everything? Of course not but it will definitely help.
–Chris
Technorati Tags: Tor, encryption, Dan Egerstad
Share This
