Threat Level: green Handler on Duty: Kevin Liston

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Day 22 - Wiping Disks and Media

Published: 2008-10-22
Last Updated: 2008-10-31 02:04:14 UTC
by Johannes Ullrich (Version: 1)
3 comment(s)

The last couple days we talked about getting rid of rootkits, spyware, bots and such. One common suggestion was to "wipe and rebuild". There are other reasons to wipe disks: Are you donating an old computer to charity? Better get rid of that data first! What are your procedures and tricks to quickly and securely erase data. With > 1TB disks on the horizon, the time it takes to erase a disk with "Boot and Nuke" is getting longer and longer.

In particular:

  • multiple overwrites? myth or necessity
  • physical destruction? shredding? demagnetizing? sledge hammer?
  • drive firmware: how do you validate it after a compromise?
  • USB disks, SIM cards and other "exotic" media.
  • what distance do you keep to the disk on the range to avoid lead backsplatter? ;-)

 

 

-----
Johannes B. Ullrich, Ph.D.
SANS Technology Institute

Keywords: Awareness2008
3 comment(s)

Day 23 - Turning off Unused Services

Published: 2008-10-22
Last Updated: 2008-10-23 00:03:58 UTC
by Chris Carboni (Version: 1)
0 comment(s)

If it's not installed, it can't be exploited.  It's as simple as that.

Does IIS really need to be running on that server?
Are you using SNMP to monitor that server?
Is File and Print Sharing (or Samba) necessary for that server to perform it's role?

Unused services are a sometimes overlooked avenue of exposure that all too often provides a surface to attack.

But how do you know what is "needed"?

Have you done the research for a file and print server? A web only server?  A mail server?
Do you use a published checklist?

Let us know how -you- know what services you do and don't need.

- Chris Carboni

Keywords: Awareness2008
0 comment(s)

Opera 9.6.1 Released

Published: 2008-10-22
Last Updated: 2008-10-22 20:38:22 UTC
by Mari Nichols (Version: 1)
0 comment(s)

One of our readers, David, wrote in to let us know that Opera has released version 9.6.1 for Windows which is a recommended security upgrade.  Some of the Opera rated "extemely and highly severe" issues fixed include revealing browser history and news feeds as well as a Fast Forward cross-site scripting vulnerability.  You can view the changelog here: http://www.opera.com/docs/changelogs/windows/961/

Mari Nichols     iMarSolutions

Keywords: Opera
0 comment(s)

Podcast Episode Eleven Posted

Published: 2008-10-22
Last Updated: 2008-10-22 17:21:55 UTC
by Joel Esler (Version: 1)
0 comment(s)

Hey everyone, sorry it has taken so long to get around to recording another podcast episode.  Travel schedules have been very crazy between us lately.  Anyway, enough excuses, here is episode eleven.  Thanks for all the emails asking me where it is!  :)  It helps to remind me....


All the podcasts

Just this podcast

Podcast through iTunes

-- Joel Esler http://www.joelesler.net

Keywords: podcast
0 comment(s)

F-Secure and Trend Micro Release Critical Patches

Published: 2008-10-22
Last Updated: 2008-10-22 17:14:58 UTC
by Mari Nichols (Version: 1)
0 comment(s)

US-CERT has released information on two critical patches for F-Secure and Trend Micro security software.  As one of our readers, Roseman put it, time to keep your "keep-you-safe" software safe!  
 
Today, Trend Micro released patches affecting Office Scan versions 7.3 and 8.0.  The patches address a stack-based buffer overflow via HTTP request to server CGI modules. You can get further information about the respective patches here:

http://www.trendmicro.com/ftp/documentation/readme/OSCE_7.3_CriticalPatch_B1374_readme.txt

http://www.trendmicro.com/ftp/documentation/readme/OSCE_8.0_sp1p1_CriticalPatch_B3110_readme.txt
 

Yesterday, F-Secure released Security Bulletin FSC-2008-3 which addresses a RPM parsing vulnerability in which specially-made compressed file archives cancause an integer overflow.  This would apply if your program scans compressed files.  Read more about it here.

Mari Nichols    iMarSolutions

Keywords: FSecure Trend Micro
0 comment(s)
Diary Archives