InfoSecPodcast.com » Security

Record IM video on the network?

Chris Harrington — Tue, 01 Jul 2008 15:23:03 +0000

A friend of mine is works in the financial services market. His company has a need to record Instant Messenger video sessions (think AOL and MSN webcam ) and archive them. They need to do this on the network as opposed to having client software do it locally on the desktop. This is due to the varied desktop systems, only half are Windows based.

Anyone know of a commercial solution or open source libraries that could do this? I know many IPS’ can detect IM video but he needs to record. Is IM video even encrypted? Before you start with the privacy concerns this is done with full knowledge of both parties who are also employees of the same company. It is a pilot program at this point.

–Chris

Technorati Tags: AIM video, record, MSN Messenger

WoW adds 2 factor authentication

Chris Harrington — Tue, 01 Jul 2008 15:12:23 +0000

World of Warcraft creator Blizzard Entertainment is selling hardware security devices. These small devices can fit on a key ring and provide a second form factor for authentication using something similar to a one time pad. The cost…..6 EUR. Robert over at Errata Security has a pretty good write up on it.

Now if only my bank could figure this out. Wait a minute….don’t they have to under PCI??

–Chris

Technorati Tags: WoW, World of Warcraft, Blizzard Entertainment, 2 form factor

ICANN shutting down a Chinese registrar?

Chris Harrington — Mon, 23 Jun 2008 13:33:42 +0000

I saw this today on Slashdot. There is an ICANN registrar in China who is apparently not living up to its obligations to verify proper contact information for people registering domain names. The registrar is Xinnet Bei Gong Da Software. How bad is it you ask?

Of 11,000 suspected spam domains registered through them, NONE were taken down in a 6 month period.

Approximately 100 new spam sites per day being registered.

A “significant” number of those domain registrations have apparent bogus contact information

What makes matters worse is that there appears to be some interesting langauge in the ICANN agreement that registrars are supposed to comply with:

“Registrar shall, upon notification by any person of an inaccuracy in the contact information associated with a Registered Name sponsored by Registrar, take reasonable steps to investigate that claimed inaccuracy. In the event Registrar learns of inaccurate contact information associated with a Registered Name it sponsors, it shall take reasonable steps to correct that inaccuracy.”

Reasonable steps? A little vague don’t you think? It will be interesting to see if ICANN does something here. Why does the prhase “Stop or I’ll yell Stop again!!!” come to my mind here?

–Chris

Technorati Tags: ICANN, Spammer, Xinnet

Savant Protection supports Google Android

Chris Harrington — Tue, 25 Mar 2008 14:07:06 +0000

I saw this press release today from my Savant Protection. According to the release Savant’s Protection has been ported over to the Google Android platform. Savant Protection is very interesting technology in the fight to prevent the spread of malware. It’s not AntiVirus in the traditional sense and it is not really white listing either. I’ve seen the demo and have run the app myself. It definitely improves on the current state of malware protection. Good job Ken!

I am curious to see what other security systems will be running on Android in the future. Is there a list of security type applications that run on it? Admittedly I am not that familiar with Android.

–Chris

Technorati Tags: Savant Protection, Malware, Google Android

Detecting Bot Command and Control Channels

Chris Harrington — Wed, 20 Feb 2008 01:15:16 +0000

I came across this paper on Detecting bot C&C channels in network traffic. It is from the Georgia Institute of Technology. An interesting read if you follow the bot problem.

–Chris

Technorati Tags: bot, command and control, channel

(ab)using Tor to spy on connections

Chris Harrington — Thu, 14 Feb 2008 00:57:51 +0000

I saw a reference to this article recently. I knew how Tor worked but never really go under the hood of the exit servers. Well apparently some others have and are setting up their own exit servers for nefarious purposes. It seems as though if you setup an exit server you can specify what ports you want to allow through it. By default I believe it will allow any. If I were to setup an exit server and only allow ports 23, 110 and 143, what do you think I would be able to see? Passwords. To top it off it looks like anyone can setup their own exit server.

Brilliant.

The moral of the story…unencrypted logins will get you into trouble.

–Chris

Technorati Tags: Tor, logons, exit server

Anyone still blocking Javascript?

Chris Harrington — Sun, 06 Jan 2008 14:50:14 +0000

In this new age of Ajax / Web 2.0, is anyone still blocking Javascript at the perimeter or disabling it in the browser?? I remember when this was a significant issue…and it may still be one. It seems like the advantages (perceived or not) of real time page updates provided by Ajax are out weighing the security risks of Javascript.

The reason I ask is that I installed a new Fortinet UTM at a customer site yesterday. When I was setting up the protection profile I could block Javascript, ActiveX and Cookies.

–Chris

Technorati Tags: Javascript, security, Ajax, Fortinet, UTM

Two job openings at my company

Chris Harrington — Wed, 24 Oct 2007 04:01:26 +0000

My company, GreenPages, has openings for the following positions:

Director of SMB & Education Solutions
Senior Network Engineer

If you or someone you know is interested send me an email, chris@infosecpodcast.com or Skype at chrisharrington

Thanks!

–Chris

Technorati Tags: GreenPages, employment

Backpack mounted Laser

Chris Harrington — Wed, 22 Aug 2007 15:16:18 +0000

Ok…not security related but I thought it was interesting. A German company is producing a backpack mounted Laser system apparently designed for cleaning thinks. Think of the uses…..

Is it me or are we just missing Harold Ramis wearing a white jumpsuit?

–Chris

Technorati Tags: laser, backpack

Hacking Illustrated Videos

Chris Harrington — Mon, 20 Aug 2007 11:38:48 +0000

I was poking around IronGeek’s site tonight and came across the Hacking Illustrated section. In it there are dozens of videos (in both avi and swf format) on subjects such as:

Check it out….there is a wide variety of content here.

–Chris

Technorati Tags: hacking videos, IronGeek