InfoSecPodcast.com

I saw this press release today from my Savant Protection. According to the release Savant’s Protection has been ported over to the Google Android platform. Savant Protection is very interesting technology in the fight to prevent the spread of malware. It’s not AntiVirus in the traditional sense and it is not really white listing either. I’ve seen the demo and have run the app myself. It definitely improves on the current state of malware protection. Good job Ken!

I am curious to see what other security systems will be running on Android in the future. Is there a list of security type applications that run on it? Admittedly I am not that familiar with Android.

–Chris

Technorati Tags: Savant Protection, Malware, Google Android

I will be in Orlando tonight and tomorrow night, Atlanta on Wednesday and Raleigh-Durham on Thursday. If anyone is around and wants to grab some food / drink let me know.

–Chris

I came across this paper on Detecting bot C&C channels in network traffic. It is from the Georgia Institute of Technology. An interesting read if you follow the bot problem.

–Chris

Technorati Tags: bot, command and control, channel

I have a shiny new MacBook Pro, finally. What are your favorite Mac apps? What should I not be without?

Thanks!

–Chris

Technorati Tags: MacBook, Applications

I saw a reference to this article recently. I knew how Tor worked but never really go under the hood of the exit servers. Well apparently some others have and are setting up their own exit servers for nefarious purposes. It seems as though if you setup an exit server you can specify what ports you want to allow through it. By default I believe it will allow any. If I were to setup an exit server and only allow ports 23, 110 and 143, what do you think I would be able to see?  Passwords. To top it off it looks like anyone can setup their own exit server.

Brilliant.

The moral of the story…unencrypted logins will get you into trouble.

–Chris

Technorati Tags: Tor, logons, exit server

Juniper Networks announced today their EX line of Switches. You can see more about the switches and a demo at www.juniper.net/  This new line of switches runs their JunOS operating system, rather than some other OS that would create confusion and complication. I have spoken to the local Juniper team and it seems as though Juniper built the switches themselves rather than through OEM or acquisition. I’m not sure I agree with that from a product maturity or time to market aspect. In any case, congrats to Juniper for filling what many believe was a hole in their product offering.

I am curious as to what this will do for their NAC strategy, if anything.

–Chris

Technorati Tags: Juniper, switches, NAC

In this new age of Ajax / Web 2.0, is anyone still blocking Javascript at the perimeter or disabling it in the browser?? I remember when this was a significant issue…and it may still be one. It seems like the advantages (perceived or not) of real time page updates provided by Ajax are out weighing the security risks of Javascript.

The reason I ask is that I installed a new Fortinet UTM at a customer site yesterday. When I was setting up the protection profile I could block Javascript, ActiveX and Cookies.

–Chris

Technorati Tags: Javascript, security, Ajax, Fortinet, UTM

I have been following the case of Dan Egerstad from Sweden. He is the researcher  who earlier this year posted the user names and passwords for 100 accounts on the Internet. Included in those accounts were ones from government embassies and major corporations. How did he obtain them? He used the Tor network.

I first learned of Tor while at the NSA, back then it was more commonly known as Onion Routing. Tor is basically a series of servers setup with software that allows the forwarding of packets while hiding the originating IP address. One of the biggest problems with Tor is the “last hop” or exit router. This is the last Tor server (node) that handles the packet before it reaches the destination. This last node sees everything being passed and is not encrypted, unless the connection to the destination is done using SSL / TLS, IPSec, etc. The other issue with the exit router is that anyone can set one up. Since Tor is an open network you just need hardware to run the Tor software and a network connection. This is where Dan came in.</strong>

Dan simply setup several Tor servers and analyzed the traffic passing through these exit servers. All total he was able to gather over 1000 user names / passwords. In the interest of disclosure he did make some attempts to notify the organizations involved. It seems in most cases he was ignored or not understood. He then posted 100 of those accounts on the Internet.

The moral of the story. Encrypt it end to end if you expect any degree of privacy. Transport level and application level encryption is so common place these days it amazes me the number of people that don’t use it. The Wall of Sheep at DefCon is a good representation of this.  Will that solve everything? Of course not but it will definitely help.

–Chris

Technorati Tags: Tor, encryption, Dan Egerstad