Security Bites

Symantec to acquire Clearwell Systems for $390 million

2011-05-23T14:29:00.002+05:30

Symantec to acquire Clearwell Systems for $390 million
Economic Times

IT security company Symantec Corporation announced that it has signed a definitive agreement to acquire privately-held Clearwell Systems, an eDiscovery company. Under the terms of the agreement, Symantec will acquire Clearwell for a purchase price of approximately USD 390 million, net of Clearwell's existing cash balance of approximately USD 20 million, Symantec said in a statement.

UN Scam

2010-10-12T17:46:00.001+05:30

----- Forwarded Message ----
From: United Nations Organization <unct06@me.com>
Sent: Mon, October 11, 2010 12:14:03 PM
Subject: UN

UNCD

Demo of Cisco Cius: Part 1 (HD)

2010-07-02T08:18:00.000+05:30

IBM acquires Guardium

2009-12-04T20:35:00.005+05:30

Computer giant IBM Corp. is beefing up its database security offerings by acquiring privately held Guardium Inc. Guardium's database security appliance is a leader in database security space. The solution with give IBM ability to offer more comprehensive security solution to its customers. Guardium's product offers database security, auditing and policy enforcement for customers. It is interesting to note that Cisco was a strategic investor in Guardium.

Guardium Website: www.guardium.com

PCI Compliance Update from SC Magazine

2009-11-18T09:20:00.001+05:30

PCI DSS compliance continues to challenge businesses. 2009 brought additional guidelines, implementation changes and the PCI DSS 1.2 went into effect. 2010 promises further evolution of the PCI DSS standard. In this 10 minute webcast, Terri Quinn of Cisco Systems, a member of the PCI Board of Advisors, will give a recap of 2009 and the trends for 2010 in the world of PCI compliance.

http://video.webcasts.com/events/pmny001/viewer/index.jsp?eventid=32235

Featured speaker:
Terri Quinn, Compliance Solutions Marketing, Cisco

The Metasploit Project released Metasploit Framework 3.3

2009-11-18T09:14:00.000+05:30

The Metasploit Project released Metasploit Framework 3.3 today. This version contains 446 exploits, 216 auxiliary modules and hundreds of payloads. The Windows payloads now support NX, DEP, IPv6, and the Windows 7 platform. This release fixes 180 bugs since version 3.2 was released.

The new version of The Metasploit Framwork is available download here.

New version of NIST 800-41, Firewalls and Firewall Policy Guidelines

2009-11-12T16:21:00.002+05:30

A new version of "NIST Special Publication 800-41, Revision 1, Guidelines on Firewalls and Firewall Policy" is available, it can be found here =

http://csrc.nist.gov/publications/nistpubs/800-41-Rev1/sp800-41-rev1.pdf

Gartner Magic Quadrant for DLP

2009-11-12T16:06:00.002+05:30

2009 Magic Quadrant for DLP terms Websense, Symantec and RSA as leaders in this space. Read the report in the link below.

http://www.asl-security.co.uk/pdfs/websense/Gartner_Websense3107.pdf

Happy Birthday Virus !!!

2009-11-12T15:59:00.000+05:30

http://www.wired.com/thisdayintech/2009/11/1110fred-cohen-first-computer-virus

1983: Fred Cohen, a University of Southern California graduate student, gives a prescient peek at the digital future when he demonstrates a computer virus during a security seminar at Lehigh University in Pennsylvania. A quarter-century later, computer viruses have become a pandemic for which there’s no inoculation.

Cohen inserted his proof-of-concept code into a Unix command, and within five minutes of launching it onto a mainframe computer, had gained control of the system. In four other demonstrations, the code managed to seize control within half an hour on average, bypassing all of the security mechanisms current at the time. It was Cohen’s academic adviser, Len Adleman (the A in RSA Security), who likened the self-replicating program to a virus, thus coining the term.

Facebook Used By Whitewell Trojan To Communicate

2009-11-11T21:15:00.002+05:30

Facebook Used By Whitewell Trojan To Communicate
http://www.darknet.org.uk/2009/11/facebook-used-by-whitewell-trojan-to-communicate/

PAYPAL SPAM: Your PayPal Account has been locked for security reasons

2009-11-11T19:55:00.002+05:30

Unauthorized access to your PayPal account!

We recently noticed more attempts to log in to your PayPal account from a foreign IP address.

If you accessed your account while traveling, the unusual log in attempts may have been initiated by you. However, if you are the rightfull holder of the account, please visit Paypal as soon as possible to verify your identity:

Click here to verify your account

You can also verify your account by logging into your PayPal account at http://bit.ly/1OHMsf.

Note the url above. This is a short url for some other bogus site. Seems now attackers have started using short url sites for phishing attack.

If you choose to ignore our request, you leave us no choise but to temporaly suspend your account.

We ask that you allow at least 72 hours for the case to be investigated and we strongly recommend to verify your account in that time.

Thank you for using PayPal!
The PayPal Team

Nipper - No more free !!!

2009-11-04T18:55:00.001+05:30

It was some what surprise to me that Nipper is no more free. After the new and improved 1.0 version, the titania website now says it is a commercial product. That would be a sad day for many of the users who has been using the free version and waiting for 1.0 to come. Those who are using it for good purpose, could well pay the license fee and use it.

source: www.titania.co.uk

HIPAA violators could face fines of up to $1.5M

2009-11-03T09:57:00.001+05:30

The U.S. Department of Health and Human Services has issued an interim final rule to strengthen enforcement and increase penalties for violations of the Health Insurance Portability and Accountability Act, known as HIPAA.

Source: http://www.healthcareitnews.com/news/hipaa-violators-could-face-fines-15m

sqlsus 0.2 Released - MySQL Injection Takeover Tool

2009-03-23T13:26:00.003+05:30

sqlsus 0.2 Released - MySQL Injection &amp; Takeover Tool
http://www.darknet.org.uk/2009/03/sqlsus-02-released-mysql-injection-takeover-tool/

The sender also included this note:

SQLSUS 0.2 (MySQL Injection and Takeover Tool) Released

--
Sent via a FeedFlare link from a FeedBurner feed.
http://www.feedburner.com/fb/a/publishers/feedflare

Fast-Track 4.0 - Penetration Testing Tool

2009-03-22T16:17:00.002+05:30

For those of you new to Fast-Track, Fast-Track is a python based open-source project aimed at helping Penetration Testers in an effort to identify, exploit, and further penetrate a network. Fast-Track was originally conceived when David Kennedy was on a penetration test and found that there was generally a lack of tools or automation in certain attacks that were normally extremely advanced and time consuming. In an effort to reproduce some of David's advanced attacks and propagate it down to the team at SecureState, David ended up writing Fast-Track for the public. Many of the issues Fast-Track exploits are due to improper sanitizing of client-side data within web applications, patch management, or lack of hardening techniques. All of these are relatively simple to fix if you know what to look for, but as penetration testers are extremely common findings for us. Fast-Track arms the penetration tester with advanced attacks that in most cases have never been performed before. Sit back relax, crank open a can of jolt cola and enjoy the ride.

Read More at https://www.securestate.com/Pages/Fast-Track.aspx

Download at http://svn.thepentest.com/fasttrack

VideoJak - IP Video Security Testing Tool

2009-03-22T15:39:00.002+05:30

What is VideoJak?

VideoJak is an IP Video security assessment tool that can simulate a proof of concept DoS against a targeted, user-selected video session and IP video phone. VideoJak is the first of its kind security tool that analyzes video codec standards such as H.264. VideoJak works by first capturing the RTP port used in a video conversation and analyzing the RTP packets, collecting the RTP sequence numbers and timestamp values used between the phones. Then VideoJak creates a custom video payload by changing the sequence numbers and timestamp values used in the original RTP packets between the two phones. After the user selects a targeted phone to attack in an ongoing video session, VideoJak delivers the payload over the learned RTP port against the target. This attack results in severely degraded video and audio quality.

Download the Tool

Draft DNS Deployment Guide published by NIST

2009-03-02T19:53:00.002+05:30

DRAFT Secure Domain Name System (DNS) Deployment Guide

"NIST has drafted a new version of the document “Secure Domain Name System (DNS) Deployment Guide (SP 800-81)”. This document, after a review and comment cycle will be published as NIST SP 800-81r1. There will be two rounds of public comments and this is our posting for the first one. Federal agencies and private organizations as well as individuals are invited to review the draft Guidelines and submit comments to NIST by sending them to SecureDNS@nist.gov before March 31, 2009. Comments will be reviewed and posted on the CSRC website. All comments will be analyzed, consolidated, and used in revising the draft Guidelines before final publication."

Download the Draft from here.

OSSEC Version 2 Released

2009-03-02T06:30:00.002+05:30

OSSEC version 2.0 has been released with some new functionality built into the code. OSSEC is an open source Host Based Intrusion Detection System. It performs log analysis, file integrity checking, policy monitoring, root kit detection, real-time alerting and active response. This version supports agent less monitoring and many other new features and bug fixes.

As per their website:

Compiled Rules - Per popular demand, we are introducing the capability in the product to be able to use pre-compiled rules written in “C”. Customers who felt that the XML format for writing rules was very limiting, can now use the strong programming capabilities of C.
Agentless Monitoring - Lot of enterprises are faced with the requirement to monitor devices where there are restrictions on Agents to be installed either because of scalability requirements or due to the lack of the native operating system support. In version 2.0, Ossec customers can perform integrity checking and real time logs inspection on remote systems (such as Linux based devices, firewall devices such as PIX and routers etc).
New Language Support - We added support for the Dutch language in the install
New Log Rules Support - We added support for Yum logs and fixed/improved many of the other rules for different messages.
New reporting tool - We added a new tool to create and help generate reports

Currency Conversion

2009-03-01T17:35:00.001+05:30

While searching for currency conversion tool, I stumbled upon this website. Found it pretty useful and hence sharing here.

Amount:
From:
To:

Currency conversion powered by coinmill.com.

Gartner's Magic Quadrant for DLP

2009-03-01T11:59:00.003+05:30

Gartner Magic Quadrant for Data Loss Prevention (DLP), 2008 gives an idea about what is DLP and who are in this space. You can also understand the different offering of vendors and how they interpret DLP. A report can be downloaded from here.

SPAM Email

2009-02-20T16:47:00.002+05:30

Below is a email SPAM (or Money transfer fraud). All such emails offering you a fortune are fraud and should not be responded to or even read. Send them straight to your trash.

-----------------------------------------------------------------------
David Thorburn
Chief Operating Officer,
Clydesdale Bank,Uk.
david_thorburn20100@yahoo.com.hk

Greetings,

I am David Thorburn Chief Operating Officer, Clydesdale Bank,I am contacting
you concerning a deceased customer and an investment he placed under our
banks management eight years ago.I would respectfully request that you keep
the contents of this mail confidential and respect the integrity of the
information you come by as a result of this mail. I contacted you
independently of our investigation and no one is informed of this
communication.

I would like to intimate you with certain facts that I believe would be of
interest to you.In 2001, the subject matter; came to our bank to engage in
business discussions with our private banking division. He informed us that
he had a financial portfolio of fifty million united states dollars
($50,000,000,00).i want you to stand as the bona-fide next of kin to the
desease.

My proposal; you share the same surname With our late client; I am prepared
to place you in a position to instruct The security Firm to release the
deposit to you as the closest surviving relation.Upon receipt of the deposit,
I am prepared to share the money with you in half. That is: I will simply
nominate you as the next of kin and have them release the deposit to you. We
share the proceeds50% for me, 50% for you Should you be interested please
send me your
full names,n, I will prefer you reach me on my private email address below
And finally after that i shall provide you with more details of this
transaction.Your earliest response to this letter will be highly appreciated.

EMAIL ;david_thorburn20100@yahoo.com.hk

I await your response.
Mr David Thorburn

CA to acquire Orchestria for DLP Solution

2009-01-06T15:37:00.005+05:30

Orchestria is one of a few remaining independent DLP vendor whom CA is planning to buy to offer along with its identity and access management solution. DLP being a hot product for some time now is being acquired by most of the big players as seen from spate of acquisitions happening recently.

Source: Network World

http://www.orchestria.com/

Checkpoint announces plans to acquired Nokia's Security appliance business.

2008-12-24T18:51:00.002+05:30

Check Point Software Technologies announced plans to acquire Nokia's security appliance business.
Terms of the Nokia deal were not disclosed. Check Point entered the security appliance business in 2007 with the introduction of an appliance for midmarket businesses. Check Point sells an enterprise-grade VPN-1 UTM appliance called Edge, which runs on hardware from third-party partners like Nokia, IBM and Crossbeam. It provides a number of features including intrusion prevention technology, VoIP security, URL filtering and secure remote access connections.

Source: http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1343389,00.html?asrc=WGT_GGIN

Nipper Library 0.12.5 Released

2008-12-21T12:43:00.004+05:30

Nipper has released libnipper 0.12.5 which is a maintenance release having fixes for Cisco IOS and some reporting fixes. More details can be found at

http://nipper.titania.co.uk/news.php?id=20

Cyber Security Awareness Month

2008-10-28T07:18:00.005+05:30

SANS had come out with a series of article during the Cyber Security Awareness Month. These article covers everything from preparation, identification, containment and recovery. The topics are copied below and can be found at http://isc.sans.org/tag.html?tag=Awareness2008

Cyber Security Awareness Series from SANS

Date	Author	Title
2008-09-30	Marcus Sachs	Cyber Security Awareness Month - Daily Topics
2008-10-01	Marcus Sachs	Day 1 - Preparation: Policies, Management Support, and User Awareness
2008-10-02	Marcus Sachs	Day 2 - Preparation: Building a Response Team
2008-10-03	Jason Lam	Day 3 - Preparation: Building Checklists
2008-10-04	Marcus Sachs	Day 4 - Preparation: What Goes Into a Response Kit
2008-10-05	Stephen Hall	Day 5 - Identification: Events versus Incidents
2008-10-06	Jim Clausing	Day 6 - Network-based Intrusion Detection Systems
2008-10-07	Kyle Haugsness	Day 7 - Identification: Host-based Intrusion Detection Systems
2008-10-08	Johannes Ullrich	Day 8 - Global Incident Awareness
2008-10-09	Marcus Sachs	Day 9 - Identification: Log and Audit Analysis
2008-10-10	Marcus Sachs	Day 10 - Identification: Using Your Help Desk to Identify Security Incidents
2008-10-11	Stephen Hall	Day 11 - Identification: Other Methods of Identifying an Incident
2008-10-12	Mari Kirby Nichols	Day 12 Containment: Gathering Evidence That Can be Used in Court
2008-10-13	Adrien de Beaupre	Day 13 - Containment: Containing on Production Systems Such as a Web Server
2008-10-14	Swa Frantzen	Day 14 - Containment: a Personal IdentityTheft Incident
2008-10-15	Rick Wanner	Day 15 - Containing the Damage From a Lost or Stolen Laptop
2008-10-16	Mark Hofman	Day 16 - Containing a Malware Outbreak
2008-10-17	Patrick Nolan	Day 17 - Containing a DNS Hijacking
2008-10-17	Rick Wanner	Day 18 - Containing Other Incidents
2008-10-19	Lorna Hutcheson	Day 19 - Eradication: Forensic Analysis Tools - What Happened?
2008-10-20	Raul Siles	Day 20 - Eradicating a Rootkit
2008-10-21	Johannes Ullrich	Day 21 - Removing Bots, Keyloggers, and Spyware
2008-10-22	Johannes Ullrich	Day 22 - Wiping Disks and Media
2008-10-22	Chris Carboni	Day 23 - Turning off Unused Services
2008-10-24	Stephen Hall	Day 24 - Cleaning Email Servers and Clients
2008-10-25	Koon Yaw Tan	Day 25 - Finding and Removing Hidden Files and Directories
2008-10-25	Rick Wanner	Day 26 - Restoring Systems from Backup
2008-10-27	Johannes Ullrich	Day 27 - Validation via Vulnerability Scanning
2008-10-28	Jason Lam	Day 28 - Avoiding Finger Pointing and the Blame Game
2008-10-29	Deborah Hale	Day 29 - Should I Switch Software Vendors?
2008-10-30	Kevin Liston	Day 30 - Applying Patches and Updates
2008-10-31	Rick Wanner	Day 31 - Legal Awareness
2008-11-01	Koon Yaw Tan	Day 32 - What Should I Make Public?
2008-11-02	Mari Kirby Nichols	Day 33 - Working with Management to Improve Processes
2008-11-03	Joel Esler	Day 34 -- Feeding The Lessons Learned Back to the Preparation Phase
2008-11-04	Marcus Sachs	Cyber Security Awareness Month 2008 - Summary and Links

Courtesy: SANS Institute

Sun Launches Open Source Identity Management Solution

2008-09-30T21:20:00.002+05:30

The Open Web SSO project (OpenSSO) provides core identity services to simplify the implementation of transparent single sign-on (SSO) as a security component in a network infrastructure. OpenSSO provides the foundation for integrating diverse web applications that might typically operate against a disparate set of identity repositories and are hosted on a variety of platforms such as web and application servers. This project is based on the code base of Sun Java^TM System Access Manager, a core identity infrastructure product offered by Sun Microsystems.

For more information, refer https://opensso.dev.java.net/

Cisco releases IOS security advisory bundle

2008-09-24T17:35:00.003+05:30

Cisco today has released 12 security advisories for IOS covering multiple features of IOS. The details are available on http://www.cisco.com/en/US/products/products_security_advisories_listing.html. Starting last March, Cisco is release IOS advisory bundles on the 4th Wednesday of March and September every year.

McAfee to acquire Secure Computing. Acquired DLP Vendor Reconnex recently.

2008-09-23T11:32:00.004+05:30

McAfee on Monday announced an agreement to acquire Secure Computing in a transaction valued at $465 million that is expected to be completed by year-end.

The deal is being touted as combining Secure Computing’s strengths in firewall, Web and e-mail gateway filtering with McAfee’s intrusion prevention, desktop encryption, data-leak prevention, antimalware, regulatory compliance and centralized management.

Source: Network World
http://www.networkworld.com/news/2008/092208-mcafee-acquires-secure-computing.html

McAfee had also recently acquired DLP vendor Reconnex.
http://www.networkworld.com/news/2008/073108-mcafee-to-buy-data-protection.html

OSSEC v1.6 released

2008-09-12T06:59:00.007+05:30

The open source host based IDS software OSSSEC released its version 1.6 with many feature improvements and bug fixes.

New multi-server architecture
New platform support for Microsoft Vista (and Server 2008)
New platform support for VMware ESX
Added active response module for Windows
CIS benchmarks on Linux (through the policy auditing)
Added the VMWare Security hardening guideline to the policy auditing
Added support for McAfee VirusScan Enterprise logs
Added support for VMware ESX hostd logs
Added support for Mac OS FTP server logs
New tools to better manage the data stored (syscheck_control, rootcheck_control, log_test)

To read more on this and to download the tool visit OSSEC link here.

Cisco Virtual Office - A Green Solution providing work-life balance

2008-09-10T07:55:00.003+05:30

Cisco has very recently released its remote (home) office solution "Virtual Office". Virtual office provides capability for organizations to provide seamless office environment to its workforce to help them achieve work-life balance.

Virtual Office can replicate office environment with data, voice and video into a home office providing all the infrastructure required by the workforce to work from home.

Green Solution: By implementing such a solution, organizations can contribute to the well being of the planet by having less vehicles on the road. Employees also could be more productive without having to spend time negotiating traffic.

While improving employee productivity, such a solution can increase their job satisfaction by helping to achieve optimal work-life balance. In the current globalization scenario, employees are required to work round the clock to interact with peers and customers and Cisco's Virtual Office is an excellent solution for this.

Read more on this at http://www.cisco.com/en/US/netsol/ns855/networking_solutions_package.html

Wireshark 1.0.3 released with vulnerabilities fixed

2008-09-07T09:29:00.002+05:30

Wireshark 1.0.3 has been released and fixes several vulnerabilities that affect versions 0.9.7 to 1.0.2 inclusive.

The NCP dissector was susceptible to a number of problems, including buffer overflows and an infinite loop. Versions affected: 0.9.7 to 1.0.2

Wireshark could crash while uncompressing zlib-compressed packet data. Versions affected: 0.10.14 to 1.0.2

Wireshark could crash while reading a Tektronix .rf5 file. Versions affected: 0.99.6 to 1.0.2

Wireshark's full announcement is available here and can be downloaded from here

Source: SANS ISC

Nipper 0.12.0 Released with a whole new look

2008-09-04T16:36:00.002+05:30

Major release of Nipper 0.12.0 happened on Aug 31st with many changes in Nipper's structure and the output format.

Nipper is now based on a DLL and a CLI application. It now has capability to auto detect devices and some improved support for devices.

The report output has a major makeover with security audit providing risk rating and impact information. The audit output is also presented in a consolidated table. Some improvements in Checkpoint reporting too.

Check out the latest version at http://nipper.titania.co.uk/

BackTrack 3 released

2008-06-23T15:48:00.002+05:30

BackTrack is the most Top rated linux live distribution focused on penetration testing. With no installation whatsoever, the analysis platform is started directly from the CD-Rom and is fully accessible within minutes.

Currently BackTrack consists of more than 300 different up-to-date tools which are logically structured according to the work flow of security professionals. This structure allows even newcomers to find the related tools to a certain task to be accomplished. New technologies and testing techniques are merged into BackTrack as soon as possible to keep it up-to-date.

BackTrack can be downloaded from http://www.remote-exploit.org/backtrack_download.html

For more information check http://www.remote-exploit.org/backtrack.html

Nipper 0.11.8 Released

2008-06-12T09:51:00.003+05:30

This maintenance release includes improvements to the Cisco Content Services Switch support. It also fixes the Windows "day of month" issue and improves it a little. The release also contains a number of other minor improvements and updates.

http://nipper.titania.co.uk/news.php?id=8

Microsoft patches 10 bugs in Windows, IE and Bluetooth

2008-06-11T21:18:00.001+05:30

Microsoft Tuesday patched 10 vulnerabilities, four marked "critical," in Windows and Internet Explorer (IE), and disabled a little-known third-party ActiveX control bundled with Logitech hardware, including keyboards and mice.

The 10 fixes are delivered in seven separate security updates, three of which were considered critical, the highest threat ranking in Microsoft's four-step scoring system.

Source: http://www.networkworld.com/news/2008/061008-microsoft-patches-10-bugs-in.html?fsrc=rss-security

Metasploit.com briefly hijacked using ARP Poisoning

2008-06-06T21:27:00.002+05:30

Crackers briefly hijacked hacking tools website Metasploit on Monday.

Metasploit is an open-source toolkit widely used by both hackers and security admins to test for website vulnerabilities. But visitors to the site on Monday were redirected to a page announcing the site was "hacked by sunwear ! just for fun"

http://www.theregister.co.uk/2008/06/03/metasploit_hijack/

Read More on ARP Poisoning at http://en.wikipedia.org/wiki/ARP_spoofing

SPAM in Social Networking Sites

2008-05-22T16:30:00.001+05:30

Recently, there seems to be a increasing trend of spams targeting social networking sites and blogs. I could see this happening in Orkut and Wordpress and I am sure other sites also face such issues. When it comes to social networking sites, the trust between friends are used to propagate spams by embedding scripts into scraps and posts. I have seen many such instances in Orkut where a scrap is delivered with a script which seems to be linking to a valid site. This is a kind of phishing attack where the user is disguised into clicking something malicious. When a scrap is opened, the script in it runs on the browser and sends its copies to all the friends in your list. This is like a mass mail and it propagates when ever some one clicks on this like. Within no time, it propagates to millions of users in the site.

Similarly, there are many bots delivering comments on blogs with malicious URLs. I had seen this happening in Wordpress where you have configured comments from any one. Wordpress does check for spam in their comments using akismet, but there are many which escapes this.

Label: Spam, Phishing, Social Networking

HP buys EDS

2008-05-14T07:01:00.002+05:30

HP said Tuesday morning that it has signed a deal to acquire IT outsourcer EDS for $13.9 billion, or $25.00 per share. This will make HP the 2nd largest services company after IBM.

Read more..

Phishing Email - Abbey National Bank & Barclays Bank

2008-05-13T19:39:00.007+05:30

I received two phishing mails today on my yahoo account. This is related to Abbey National Bank and Barclays Bank. Check the content below. The URL points to
http://ww6.abbeynational.com.lan81.com/servlet/?poolid=21scbpzLkbkDtcwhhOkhOvp &
http://i-bank4.barclays.com.file38.com/olb/c/ConfirmMember.do/?siteid=21scbpzLkbkDtcwhhOkhOvp
(Do not visit the above URLs. It could contain malicious content)

It is important that the general Internet user community need to be aware of the dangers of phishing attacks and how and why to protect from this. Both the emails are similar and must be from the same source.

When you look at the above URLs, you will find they are not pointing to the banks domain but to some other servers. The names are kept similar to deceive unsuspecting user. When such an email is coming seems to be from a known source, email users need to be careful about this. It is always better to move your mouse around the url link and see for yourself in the browser status bar where exactly the url is pointing to. You will be surprised to know that many times links in the email doesn't point to the place it is suppose to. This trick is called phishing and is used by many cyber attackers to capture information from users about their internet account credentials. It is always better not to click on links coming through email. In case you need to login to the bank, you can open a new browser window and type the banks url and login. Mostly banks will not send such emails. So when in doubt you can always call the bank and verify the genuineness of the email. Hence be aware that such an thing exist and read emails cautiously.

----------------------START EMAIL COPY-------------------------------------

Subject: Important Abbey Private and Corporate Message

Dear Abbey National Bank OnLine Banking user!

Our Maintenance Division is carrying out an arranged OnLine Banking software upgrade
By visiting the link below please start the procedure of the member details approval:

http://www2.abbey-business.co.uk/servlet/?poolid=21scbpzLkbkDtcwhhOkhOvp

These instructions are to be e-mailed and followed by all customers of the Abbey e-Banking
Abbey National does apologize for any inconveniences caused to you, and is very grateful for your cooperation.

If you are not user of Abbey Internet Banking please ignore this notice!

*** This is automatically generated e-mail please do not respond ***

----------------------Second EMAIL-------------------------------------

Subject: The Barclays Plc: Urgent Banking Service Mail

Dear Barclays Electronic Banking user!

Our Support Division is doing an arranged OnLine Banking software upgrade
By following the link below please start the form of the customer details update:

http://i-bank2.barclays.co.uk/olb/c/ConfirmMember.do?login=21scbpzLkbkDtcwhhOkhOvp

These directions are to be e-mailed and followed by all users of the The Barclays Personal and Business. The Barclays does apologize for the troubles caused to you, and is very thankful for your cooperation.

If you are not customer of The Barclays Personal and Business please delete this letter!

*** This is robot generated email, please do not reply ***

----------------------END OF EMAIL COPY-------------------------------------

Here is the header information from the email

From Abbey National e-Banking'08 Sun May 4 11:24:16 2008
Return-Path:
Authentication-Results: mta145.mail.ukl.yahoo.com from=abbey.co.uk; domainkeys=neutral (no sig)
Received: from 83.25.40.102 (HELO abo102.neoplus.adsl.tpnet.pl) (83.25.40.102)
by mta145.mail.ukl.yahoo.com with SMTP; Tue, 13 May 2008 09:30:51 +0000
Message-ID: <002b01c8add9$637aef80$6501a8c0@drugi>
From: "Abbey National e-Banking'08"

Subject: Important Abbey Private and Corporate Message
Date: Sun, 04 May 2008 13:24:16 +0200
MIME-Version: 1.0
Content-Type: multipart/related;
type="multipart/alternative";
boundary="----=_NextPart_000_0027_01C8ADEA.270216E0"
Content-Length: 5064

---------------------------------------------------------------------------------

From Barclays IBank Tue May 13 10:22:31 2008
Return-Path:
Authentication-Results: mta123.mail.ukl.yahoo.com from=barclays.co.uk; domainkeys=neutral (no sig)
Received: from 83.22.132.114 (HELO dyu114.neoplus.adsl.tpnet.pl) (83.22.132.114)
by mta123.mail.ukl.yahoo.com with SMTP; Tue, 13 May 2008 10:22:36 +0000
Message-ID: <001b01c8b4e3$40988f58$72841653@kleppert-a7b5ac>
From: "Barclays IBank"

Subject: The Barclays Plc: Urgent Banking Service Mail
Date: Tue, 13 May 2008 12:22:31 +0200
MIME-Version: 1.0
Content-Type: multipart/related;
type="multipart/alternative";
boundary="----=_NextPart_000_0017_01C8B4F4.041EDAD0"

Nipper 0.11.7 Released

2008-05-11T15:53:00.000+05:30

This maintenance release includes a number of small feature enhancements. Nipper can now output network filtering to a CSV file and add comments to the CheckPoint rule output (optional). Options for Nokia IP and Bay Networks Accelar devices have now been added, so they no longer need to be processed as CheckPoint Firewall-1 and Nortel Passport respectively. The release also includes number of other updates.

http://nipper.titania.co.uk/news.php?id=6

Windows XP Service Pack 3 Released

2008-05-07T23:34:00.002+05:30

Lot of new releases this month. Microsoft released XP SP3 which is primarily a bundle of all patches since SP2. But there are some major security enhancements SP3 brings to table. They are

Support for Network Access Protection
Black Hole Router Detection
Enhanced security for administrator and service policy entries
A kernel mode crypto driver

Check it out here. http://support.microsoft.com/kb/936929

Nmap 4.62 released

2008-05-07T23:10:00.004+05:30

New version of hugely popular Nmap tools (V 4.62) was released recently. Major changes include enhanced capabilities of OS detection and version detection, new Nmap scripting engines with a total of 60 changes.

The new version can be downloaded from http://nmap.org/download.html

OSSEC 1.5 Released

2008-05-07T22:22:00.009+05:30

New version of OSSEC open source IDS tool was released recently. The new version includes many bug fixes and lots of improvements. Major feature enhancements include support for new log formats, new options for scheduling, performance improvements in Windows agent etc.

The complete changes can be found here and the software can be downloaded at http://www.ossec.net/main/downloads

Intellipool Network Monitor

2008-05-02T09:01:00.003+05:30

I am one of the early adopter of this network management software in 2002. After evaluation of multiple sofwares for network management, we shortlisted INM for a trial setup and it came through good. The advantage of INM is it simple architecture and completely client less setup. Still it provides great control over what we can monitor and alert and provides a great control over how it can be viewed. INM uses LEA scripting to add power to its capabilities.

INM supports almost all clients systesm and provides monitoring scripts for all general events and statistics. It also supports monitoring environment using external sensors. Lately they have come out with a distributed architecture to scale the product in to large organizations and also for managed service providers.

You can download a trial version at www.intellipool.com

Any one looking for a thin network management application should give this a try.

The Definitive Guide to Security Management

2008-04-18T06:14:00.002+05:30

This is a new eBook published provided by CA and published by Real time publishers. It aims at providing detailed information on how to develop, implement and maintain an effective security management strategy.

The book is provided free and published in real time. This concept makes the chapters available for public as and when they are written without waiting for the complete book to be finished.

The eBook is available on http://ca.com/au/content/campaign.aspx?cid=137511

Pidgin - Multiprotocol Instant Messaging

2008-04-17T08:07:00.003+05:30

Recently, I came across Pidgin a Free (Open Source) Multiprotocol Instant Messaging Client. I am impressed by the support it has for most of the IM protocols in use. It removes the need for multiple IM clients in your machine. It supports different platforms like Windows, Linux, CentOS etc.

Pidgin supports.

AIM
Bonjour
Gadu-Gadu
Google Talk
Groupwise
ICQ
IRC
MSN
MySpaceIM
QQ
SILC
SIMPLE
Sametime
XMPP
Yahoo!
Zephyr

I have not done enough research on how secure the client is. One important information is Pidgin stores all passwords in plain text and it is safe not to store password (default option) with the client. Check more details at http://www.pidgin.im/

Security Concepts ebook

2008-04-14T13:09:00.002+05:30

Check this eBook of security concepts published by Travis at subspacefield.org. A very nicely written book providing everyone with a comprehensive view of the security landscape. Excellent read.

Check the html version http://www.subspacefield.org/security/security_concepts.html
Check the PDF version http://www.subspacefield.org/security/security_concepts.pdf

Nipper - Security Auditing Tool

2008-04-13T23:51:00.008+05:30

I came across this tool recently and found it to be very impressive. Nipper is an open source tool capable providing security analysis of device configurations and also a configuration parser. The latest version 0.11.6 supports

Cisco Switches (IOS)
Cisco Routers (IOS)
Cisco Firewalls (PIX, ASA, FWSM)
Cisco Catalysts (NMP, CatOS, IOS)
Cisco Content Service Switches (CSS)
Juniper NetScreen Firewalls (ScreenOS)
CheckPoint Firewall-1 (FW1)
Nokia IP Firewalls (FW1)
Nortel Passport Devices
Bay Networks Accelar Switches
SonicWALL SonicOS Firewalls (SonicOS)

This tool can be found at http://nipper.titania.co.uk/

One disadvantage of the tool is, it does not take a directory as input. If you have many configurations, you have to run the tool that many times.

It is a command line tool. There is also a GUI front end available for download from the site.

It is very easy to install and use. There is a help file included which provides the different options for the tool. Nipper also has options to fully customize the output and provides an XML output along with HTML, Latex etc providing more control over the usage of the output. It also has options to specify the device as edge, internal etc, so that the security analysis can be move focused.

A List of Security Websites

2007-10-23T17:55:00.027+05:30

This post, I am listing down all those good information security websites which I had come across. This will be kept updated as and when I bump upon any good sites.

Generic Security Sites
Cert.org
Sans Institute
Internet Storm Center
Security Radar
Arbor Atlas
CIS

Multi Function Vendor Websites
Cisco Systems
Checkpoint Software
Websense
Symantec
McAfee
IBM
RSA
Stonesoft
GFI Network
Nitrosecurity

Firewall/VPN/UTM
Cisco Systems
Sonicwall
Nokia (Uses Checkpoint software)
CyberGuard
http://www.vyatta.com & http://www.vyatta.org (Open Source)
Untangle (Open source)

Security Risk Management
Sybox Security
Redseal SRM
nCircle

Data Loss Prevention
Vontu (Now acquired by Symantec)
Websense
Tablus (Now acquired by RSA)
Reconnex (Now acquired by McAfee)
Orchestria (Now acquired by CA)

Content Security
Esafe (Aladdin)
Websense
Trendmicro

Security Monitoring
Snare (Free)
ArcSight
RSA enVision
Cisco Secure MARS
TriGeo
OSSIM (Open Source SIM)
Nitrosecurity

Log Management
LogLogic
Nitrosecurity
Proxy Software
Squid Cache (Open Source)
Apache (mod_proxy) (Open Source)
Microsoft ISA Server

Intrusion Detection/Prevention System
OSSEC (OpenSource HIPS)
Snort (OpenSource NIPS)
Cisco Security Agent
Cisco
Nitrosecurity

Anti-Malware
McAfee
TrendMicro

Network Monitoring/Analysis
SolarWinds
Nagios (Open Source)
Ntop (Open Source)
ManageEngine
Packeteer
Fluke Networks

Vulnerability Management
OSVDB
Nessus (Open Source)
QualysGuard
McAfee Foundstone

Security Audit
Nipper

IT-GRC Tools
Archer Technologies
Agiliance

Firewall Analysis/Compliance
Algosec
Athena Firepac

Database Security
Guardium
Sentrigo
Nitrosecurity
Secerno
AppSec

DDOS Prevention
Cisco Guard/Detector
Prolexic Technologies
RioRey

Security Management
Solsoft Change Manager
Cisco Security Manager (for Cisco products)
Checkpoint SmartCenter (for Checkpoint Products)

Web Application Security
Acunetix

Email Security
Sender Policy Framework
Untangle (Open source)

Encryption Tools
GnuPG
PGP.com
PGP.org

Network Management
ZipTie (Open Source)

Other Interesting Sites
http://www.ocsinventory-ng.org/ (Inventory Management)