InfoSecPodcast.com » Security Tools

Record IM video on the network?

Chris Harrington — Tue, 01 Jul 2008 15:23:03 +0000

A friend of mine is works in the financial services market. His company has a need to record Instant Messenger video sessions (think AOL and MSN webcam ) and archive them. They need to do this on the network as opposed to having client software do it locally on the desktop. This is due to the varied desktop systems, only half are Windows based.

Anyone know of a commercial solution or open source libraries that could do this? I know many IPS’ can detect IM video but he needs to record. Is IM video even encrypted? Before you start with the privacy concerns this is done with full knowledge of both parties who are also employees of the same company. It is a pilot program at this point.

–Chris

Technorati Tags: AIM video, record, MSN Messenger

RFP for PenTesting

Chris Harrington — Wed, 11 Jul 2007 13:53:26 +0000

eWeek has a decent RFP template you can use when selecting a company to provide PenTest services. It’s not perfect but it is a great start if you have nothing. The RFP is on page 44 of the July9th issue.

If you happen to be looking for those services check out NMI InfoSecurity Solutions. They produce the best reports I have ever seen from a security services company. They also have a risk metric system (RSK) that makes it easy to track changes in your security risk level.

**Disclaimer** Yes, I used to work for NMI and no I did not receive compensation for this plug

–Chris

Technorati Tags: eweek, pentest, rfp, NMI

Declassified window film stops wireless / cell signals

Chris Harrington — Fri, 06 Jul 2007 14:50:16 +0000

I saw this one on Slashdot the other day science.slashdot.org/article.pl?sid=07/07/03/0228246&from=rss

Quote from article:

“Once manufactured under an exclusive contract with the US government, this recently declassified window film is now available to the public. But don’t expect to see it on store shelves anytime soon. Currently, it’s only available directly from the manufacturer, and at prices that will likely make it prohibitive for all but the wealthiest home owners. The two-millimeter-thick coating can block Wi-Fi signals, cell phone transmissions, even the near-infrared, yet is almost transparent… It can keep signals in (preventing attempts to spy on electronic communications) or out, minimizing radio interference and even the fabled electronics-destroying electromagnetic pulse generated by a nuclear blast.”

Think of the applications. How much do you think that stuff costs per foot???

–Chris

Technorati Tags: window film, declassified, wireless, cellular

List of Malware Analysis tool from SANS

Chris Harrington — Sat, 04 Nov 2006 03:07:23 +0000

The Internet Storm Center at SANS has a post with a list of Malware Analysis tools submitted mostly by readers. If you are thinking about dissecting that piece of malware you just found, take a look at this list of helpers. Unless you do this a lot you’ve probably never heard of most of these tools.

–Chris

Technorati Tags: SANS, Malware, Internet Storm Center

Malware Analyzing Sandbox

Chris Harrington — Sat, 04 Nov 2006 02:47:44 +0000

The clever folks over at Sunbelt Software have created a great free service to analyze malware samples called CWSandbox. How it works is you upload your suspected malware sample to their site. The CWSandbox then runs the malware and gives you a detailed report of what it did, it’s name if known, and a bunch of other cool information.

I found a post on nCircle’s blog that has a pretty detailed description of this tool. The next time you have a strange ZIP attachment upload it and see what CWSandbox says.

–Chris

Technorati Tags: CWSandbox, Malware, Sunbelt Software, nCircle

Free Windows Honeypot from NetVigilance

Chris Harrington — Thu, 02 Nov 2006 18:12:21 +0000

VA provider NetVigilance has released a free Honeypot for Windows called WinHoneyd. It is a low-interaction (it simulates services such as RPC, HTTP, FTP, etc.) honeypot based on the Open Source honeyd software written by Niels Provos. Instructions, sample configs and FAQ’s can be found on the NetVigilance site.

–Chris

Technorati Tags: WinHoneyd, honeypot, netvigilance, Niels Provos, honeyd

Ajax based port scanner

Chris Harrington — Fri, 27 Oct 2006 14:41:39 +0000

In the “WEB 2.0″ world we live in it was a matter of time before Ajax security tools showed up. Ener OPScanner, an Ajax based port scanner. I definitely wouldn’t start making plans to replace NMAP with it. It’s more a novelty and a useful way to can yourself when making basic firewall or ACL changes.

–Chris

Technorati Tags: Ajax, port scanner, security

Web based VMX file creator

Chris Harrington — Wed, 18 Oct 2006 11:35:20 +0000

If you do any sort of sandbox / Honyepot work like me you probably use VMWare Virtual Machines. When you create a VM the configuration settings are saved in a file with the .vmx extension. This file is a simple text file with name value pairs. Mike over at MikeTechShow.com posted a link to EasyVMX, which is a web based vmx configuration file creator. If you are looking for something more than just the VMWare VM creation wizard you should check this out.

–Chris

Technorati tags: VMWare, Miketechshow, easyvmx, vmx

Bootable Linux security distros

Chris Harrington — Wed, 27 Sep 2006 02:47:13 +0000

Darknet.org.uk has a pretty good list of Linux distributions that are geared to security tasks like pentesting, forensics and nsm. The good thing about this list is that these are Live CD’s. This means you can drop them into your CD a boot into a working Linux distro without affecting the currently installed operating system. Most do have to option for a complete hard drive install should you wish.

–Chris

Technorati Tags: Darknet, Linux, Live CD, security, whax, knoppix std, f.i.r.e

Is that website safe?

Chris Harrington — Tue, 12 Sep 2006 21:36:00 +0000

When we click on a hyperlink we really have no idea if the site on the other end is safe. When I go there will I find spyware, a virus infected file, a browser exploit…who knows? I’m pretty paranoid when I “surf” the web. Anytime I go adventuring on the web I am doing it thru a Firefox browser running on a Link Virtual Machine. To take a step further, the VM is connected to an access point in it’s own VLAN. So if it does get p0wned it can’t do any damage on my internal network. Yes, this is my home network

LinkScanner
I saw this post by Brian Krebs who writes on Security for the Washington Post. If you don’t follow his column you should. Brian mentions a site called LinkScanner from Exploit Labs. LinkScanner allows you to enter a URL and it will check to see if there are any nasty things hiding there. I’ve been using this site for a while and it has alerted me of a couple sites with malware.

McAfee Site Advisor
McAfee offers the Site Advisor service to determine if a website has malicious content. They use a Red / Yellow / Green color scheme to visualize if a site is Bad, Unknown, or Good. If you happen to use Internet Explorer they have a plugin that will display the Site Advisor rating of the page you are on in the lower right of the browser. I’ve used SA quite a bit and it seems to be a solid tool.

Dr. Web
The Russian AV company Dr. Web has released browser plugins for Firefox, IE and Opera. These plugins allow you to scan a site for malware before visiting it. Right clicking on a link gives you the option to scan it for malware. I have not had a chance to use their tools yet so I can’t vouch for their quality.

Google
When you click on a link from a Google search (or cache I think?), a warning page will be displayed if the site is determinted to have malicious content. This is possble through a partnership with www.stopbadware.org. Several prominent people including Vint Cerf and Ari Schwartz are involved with StopBadware.org.

There are probably other I have missed. If you know of any please let me know and I will post them here.

–Chris

Technorati Tags: SiteScanner, Malware, spyware, Site Advisor, Exploit Labs