Jul 30, 2008

Out of Cycle Security Update from Oracle

For the first time since the introduction of its quarterly Critical Patch Update process in 2005, Oracle has released an emergency alert to offer mitigation for a zero-day vulnerability that's been published on the Internet.

The emergency workaround, available here, addresses an unpatched vulnerability that's remotely exploitable without authentication (no username and password required to exploit over the network) and can result in compromising the confidentiality, integrity, and availability of the targeted system.

Oracle's Eric Maurice says the vulnerability carries a CVSS Base Score of 10.0, the maximum severity rating.

This IBM ISS alert provides some technical details:

Oracle WebLogic Server (formerly known as BEA WebLogic Server) is vulnerable to a buffer overflow, caused by improper bounds checking by the Apache Connector. By sending a specially-crafted HTTP POST request, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the server to crash.

Attributes in NTFS

How many attributes do you know in NTFS?

Normally we will used to a few common attributes: Readonly, Archive, System, and Hidden. There are more than these actually. According to the documentation, we can have the following attributes for a file in NTFS: RASHCNETO.
  • Readonly:
  • For a file, applications can read the file, but cannot write to it or delete it.Applications can read the file but cannot write to it or delete it. For a directory, applications cannot delete it. * See here for more detail.
  • Archive:
  • The file or directory is an archive file. Applications use this attribute to mark files for backup or removal.
  • System:
  • The file or directory is part of the operating system, or is used exclusively by the operating system.
  • Hidden:
  • The file or directory is hidden. It is not included in an ordinary directory listing.
  • Compress:
  • The file or directory is compressed. For a file, this means that all of the data in the file is compressed. For a directory, this means that compression is the default for newly created files and subdirectories.
  • Not content indexed:
  • The file or directory is not to be indexed by the content indexing service.
  • Encrypted:
  • The file or directory is encrypted. For a file, this means that all data in the file is encrypted.For a directory, this means that encryption is the default for newly created files and subdirectories.
  • Temporary:
  • The file is being used for temporary storage. File systems avoid writing data back to mass storage if sufficient cache memory is available, because often the application deletes the temporary file shortly after the handle is closed. In that case, the system can entirely avoid writing the data. Otherwise, the data is written after the handle is closed.
  • Offline:
  • The data of the file is not immediately available. This attribute indicates that the file data has been physically moved to offline storage. This attribute is used by Remote Storage, the hierarchical storage management software. Applications should not arbitrarily change this attribute.
You can check all these from here and here. See also Potential issues involved in updating Windows NT IFS drivers to Windows 2000.
FILE_ATTRIBUTE_OFFLINE

When this new attribute is set on a file, the network timeout on the file is extended from 45 seconds to 1000 seconds. (This new default value can in turn be changed via the registry setting System\CurrentControlSet\Services\LanmanWorkStation\Parameters\ OffLineFileTimeoutInterval.) This new attribute is supported in the Windows 2000 redirector (RDR). It may also be backported to a Windows NT 4.0 service pack at some point (it is not in SP4), and possibly a Windows 98 service pack. It is intended for use by devices with high latencies, such as tape or optical disk libraries.

Use and interpretation of FILE_ATTRIBUTE_OFFLINE is optional, except for filter drivers that perform volume scans. Such drivers should ignore offline files by default, although they may offer advanced users the option of including offline files in the scan.

Jul 28, 2008

Security Engineering - The Book

A book called Security Engineering (1st Ed.), by Ross Anderson, is free for download at here (41MB). You can also download the each of the chapter below from his site. Here's the table of content:

The foreword, preface and other front matter
  1. What is Security Engineering?
  2. Protocols
  3. Passwords
  4. Access Control
  5. Cryptography
  6. Distributed Systems
  7. Multilevel Security
  8. Multilateral Security
  9. Banking and Bookkeeping
  10. Monitoring Systems
  11. Nuclear Command and Control
  12. Security Printing and Seals
  13. Biometrics
  14. Physical Tamper Resistance
  15. Emission Security
  16. Electronic and Information Warfare
  17. Telecom System Security
  18. Network Attack and Defense
  19. Protecting E-Commerce Systems
  20. Copyright and Privacy Protection
  21. E-Policy
  22. Management Issues
  23. System Evaluation and Assurance
  24. Conclusions
  25. Bibliography

Six sample chapters from his 2nd ed. can be downloaded for free too. The 2nd ed. of his book is available at Amazon. Have a look at his homepage for more information.
  • Table of contents
  • Preface
  • Acknowledgements
  • Chapter 2: Usability and Psychology
  • Chapter 10: Banking and Bookkeeping
  • Chapter 11: Physical Protection
  • Chapter 18: API Security
  • Chapter 23: The Bleeding Edge
  • Chapter 24: Terror, Justice and Freedom
  • Bibliography
  • Index

Jul 25, 2008

The New iGoogle

The new version of iGoogle, currently available for a small number of randomly-selected users and for developers (called sandbox), will bring together all the Google services in a single fluid interface. At some point, iGoogle was a part of an initiative called Fusion that allowed users to combine content from across the web. The next major iteration of iGoogle goes further and it lets you actually access the full content, monitor the updates and share them with your friends.

See Access GMail with Google Sandbox.

Quick tip to switch between the new iGoogle, first goto http://ww.google.com/ig
  • To switch to the new version, paste this in the address bar: javascript:_dlsetp('v2=1');
  • To switch back to the old version, paste in the address bar: javascript:_dlsetp('v2=0');

System Administrator Appreciation Day

Do you know that today is the 9th Annual of System Administrator Appreciation Day (Last Friday Of July)?

If you can read this, thanks to your sysadmin. If you want to know more what have your System Administrator do, click here.

Jul 24, 2008

2008 Data Breach Investigations Report

A study on data breach was conducted by the Verizon Business RISK Team. It is the most comprehensive and detailed report on data breaches as it covers around 4 years of forensic researches.

This data breach report found that 73% of the breaches were caused by external sources. However, the impact caused by the insiders were much larger when they did occur. The report shows that 59% of the breaches involve hacking. Of those (hacking) the breakdown is this:

  • Application/Service layer -39%
  • OS/Platform layer - 23%
  • Exploit known vulnerability -18%
  • Exploit unknown vulnerability - 5%
  • Use of back door -15%

"Attacks targeting applications, software, and services were by far the most common technique, representing 39 percent of all hacking activity leading to data compromise. This follows a trend in recent years of attacks moving up the stack. Far from passé, operating system, platform, and server-level attacks accounted for a sizable portion of breaches. Eighteen percent of hacks exploited a specific known vulnerability while 5 percent exploited unknown vulnerabilities for which a patch was not available at the time of the attack. Evidence of re-entry via backdoors, which enable prolonged access to and control of compromised systems, was found in 15 percent of hacking-related breaches. The attractiveness of this to criminals desiring large quantities of information is obvious."

So if we multiply 59% times 39% we get 23% of those data breaches are due to attackers hacking applications. It is clear that securing applications is a significant part of protecting against data breaches. And data breaches have been moving to upper stack of the the OSI model.

>>> http://www.veracode.com/blog/?p=107

The Challenge of Virtualization Security

This is one of the excellent articles that I've seen this year. It is great, and it tells the root cause for most of the problems we faced nowadays.

The real problem of security in a virtualization world is not technical, it is organizational and operational.
With the consolidation of applications, operating systems, storage, information, security and networking -- all virtualized into a single platform rather than being discretely owned, managed and supported by (reasonably) operationally-mature teams -- the biggest threat we face in virtualization is now we have lost not only visibility, but the clearly-defined lines of demarcation garnered from a separation of duties we had in the non-virtualized world.
See the full article at:
>>> http://rationalsecurity.typepad.com/blog/2008/03/the-challenge-o.html

Jul 23, 2008

"Dig" Your Resolver Source Port Behavior

Recently, CERT VU#800113 announces a new DNS vulnerability which affects almost all DNS vendors (one exception is DJBdns). The root cause is the resolvers should use random source source ports when sending queries. At OARC, a special crafted DNS name and server that you can query to learn whether or not your own resolver is using random ports.

$ dig @ns1.example.net +short porttest.dns-oarc.net TXT
You should get back an answer that looks like this:

z.y.x.w.v.u.t.s.r.q.p.o.n.m.l.k.j.i.h.g.f.e.d.c.b.a.pt.dns-oarc.net.
"169.254.0.1 is FAIR: 26 queries in 0.1 seconds from 25 ports with std dev 3843.00"
Your resolver's randomness will be rated either GOOD, FAIR, or POOR, based on the standard deviation of observed source ports. In order to receive a GOOD rating, the standard deviation must be at least 10,000. For FAIR it must be at least 3,000. Anything less is POOR. The best standard deviation you can expect to see from 26 queries is in the 18,000-20,000 range.

DNS records used in this test are given 60 second TTLs. To repeat the test you should wait at least 60 seconds.

>>> https://www.dns-oarc.net/oarc/services/porttest

Quick take away:
  • Patch your DNS ASAP.
  • Disable recursion on DNS helps reducing the risk on being attacked.
  • Using SSL (e.g. HTTPS) helps in reducing the risk on being cache poisoning.
Notes:
  • It only takes 5~10 seconds to poison the cache.
  • A recursive servers behind a NAT gateway: a good caching nameserver hidden behind a firewall that's undoing the port randomisation leaves your server vulnerable.
  • Nameservers that are authoritative only are not vulnerable.
  • Setting high TTL for your authoritative zone won't help vulnerable resolvers from being poisoned.
  • DNS client (running at most workstations/servers that resolve to upstream nameservers) need to be patched too.
  • Exploit and patch are available for download now.
References:

Tips for Your Torrent Download

Here are what you could take some simple steps to optimize your speeds.

  1. Cap your upload (most important). Set your upload speed to approximately 80 percent of your maximum upload rate. 
  2. Hack the max TCP connections (XP SP2 and above). The default TCP connections are limited to a maximum of 10. This seriously hurts your downloading speed because it limits you connect to a high amount of IP numbers. It is supposed to slow down viruses because their spreading strategy. A nice way to fix this is to download this patch, it allows you to set the maximum allowed connections to any number you want. Any number between 50 and 100 is OK.
  3. Check seeds and peers. Check torrents with the best seed/peer ratio. The more seeds (compared to peers) the better. So 50/50 ratio is better than 500/1000.
  4. Change the default port. By default, BitTorrent uses a port 6881-6999. ISP limits the connection offered on the these ports. Change these to another range. If you're behind a router, make sure you have the ports forwarded or UPnP enabled.
  5. Disable Windows Firewall. Windows Firewall hates P2P. So disable it and get yourself a decent firewall, Kerio or Zone Alarm for example.

Jul 22, 2008

Access GMail with Google Sandbox

Below is the steps to bypass proxy blocking to access GMail. You must be able to login to iGoogle at least.
  1. Sign in to iGoogle with your Google account.
  2. Sign up for iGoogle sandbox service from here.
  3. Add the Gmail gadget.
  4. If you still can't access at this stage (because your proxy may block any url that contains the word gmail), then try https://www.google.com/ig/gmailmax
Good luck.

Jul 18, 2008

What Organizations Are Spending on IT Security

In March 2008, Gartner updated a document to provides an insight into information security budgets. The objective of this document is to help managers compare their information security spending with that of their peer organizations. It examines how information security spending will grow, and where organizations have and continue to make investments.

By 2008, the most-efficient and secure enterprises will safely reduce the share of security in their IT budgets to between 3% and 4%.

Mitigating DNS Cache Poisoning Attack

There is a well known DNS vulnerability disclosed by Dan Kaminsky. The CERT advisory highlights 3 issues in the existing DNS infrastructure:
  1. Lack of sufficient randomness in the selection of source ports for DNS queries.
  2. DNS transaction ID values that also exhibit insufficient randomness.
  3. Multiple outstanding requests for the same resource record.
There is an easy way to thwart the attack for those DNS servers that are protected either by Linux IPTables or OpenBSD PF, without patching the DNS server (which is preferable of course).

Maximize iPhone Battery Life

Do you wanna have longer battery lifespan and battery life for your iPhone? The most important thing is to keep your iPhone out of the sun or a hot car (including the glove box). Heat will degrade your battery's performance the most.

"Battery life" means the time your iPhone will run before it must be recharged. "Battery lifespan" means the total amount of time your battery will last before it must be replaced.
iPhone Temperate Zone.
Your iPhone works best from 32° to 95° F. You should store it in environments of -4° to 113° F. That's 0° to 35° C and -20° to 45° C for the metrically inclined. Keeping your iPhone as near room temperature as possible (72° F or 22° C) is ideal.
The tips below apply to an iPhone running iPhone 2.0 or later software and may help extend your battery life.
  • Turn off 3G.
  • Minimize use of location services.
  • Fetch new data less frequently.
  • Turn off push mail and lower email accounts auto-check.
  • Minimize use of third-party applications.
  • Turn off Wi-Fi, Bluetooth.
  • Use Airplane Mode in low- or no-coverage areas (wouldn't be able to make/receive calls).
  • Dimming/Adjust the brightness.
  • Turn off EQ or equalizer setting to song playback.
  • Lock Your iPhone
  • Turn off Vibrate in Games.
  • Limit use of A-GPS tracking.
  • Use programs with 3D less often.
Mostly taken from http://www.apple.com/batteries/iphone.html and How To Maximize Your iPhone 3G's Questionably Adequate Battery Life.

Jul 16, 2008

Save All Media Files (images, icons, embed flash) on a Web Page in Firefox 3

Firefox 3 can save all of media files (graphics, pictures, photos, images, embedded flash video, icons) on the web page altogether at once simultaneously, without any plugin, extension, add-on or third party programs.

To do so:
  • Click on the Site identification icon to the left of the Location Bar. Firefox Site Identification dialog is shown.
  • Click on the More Information… button to open "Page Info" dialog panel, follow by the Media tab.
  • Now, All elements such as background, image, icon and embed on the web pages are listed in the elements listing, together with their respective address link location. Some graphics come with a preview.
  • To download and save all file elements, press Ctrl-A to select all, then click on Save As.

Word Cloud

Wordle.net. Wordle is a site that generates word clouds (similar to the tag clouds) off any text, RSS feed, del.icio.us tag or URL you provide. The clouds give greater prominence to words that appear more frequently in the source text.

You can tweak your clouds with different fonts, layouts, and color schemes. The images you create with Wordle are yours to use however you like. You can print them out, or save them to the Wordle gallery to share with your friends.


55 Most Beautiful Apple iPhone Wallpapers


55 Most Beautiful Apple iPhone Wallpapers.

Here's collection of some of the finest and most beautfifully designed Apple iPhone wallpapers for your desktop.

70+ Nice and Beautiful Firefox Wallpapers

70+ Nice and Beautiful Firefox Wallpapers

Good news for Firefox fans out there. If you are getting bored with your wallpaper, get something cool to spice up your desktop here.

Jul 11, 2008

Microsoft Security Advisory (953635)

Common Name: Microsoft Word XP/2002 SP3 Exploit  
Date Disclosed: 7/8/2008
Application: Microsoft Word XP/2002 SP3  

Description:
An unspecified vulnerability exists within Microsoft Word XP / 2002 which may possibly allow for a remote attacker to execute arbitrary code under the context of the logged in user. This vulnerability requires user interaction. In a web-based scenario (e-mail, Web site), a user would still have to open a file manually, as it would not be auto-opened. From 

http://research.eeye.com/html/alerts/zeroday/20080708.html

Jul 6, 2008

Gentoo Linux 2008.0 Released

The 2008.0 final release is out! It is one of my favorite linux distribution.



This release contains numerous new features including an updated installer, improved hardware support, a complete rework of profiles, Xfce (instead of GNOME) on the LiveCD (i686 only), and many updated packages.




Get the new release from "Get Gentoo!" page.

Download YouTube Videos as MP4 Files


Do you love some of the videos at YouTube? You can download them in MP4 format if you want, by following the instruction at Google System.

Jul 3, 2008

Guinness World Record for Firefox

Firefox is now holding a Guinness World Record for the most software downloaded in 24 hours. From 18:16 UTC on June 17, 2008 to 18:16 UTC on June 18, 2008, 8,002,530 people downloaded Firefox 3.
Yeah!! I'm now now part of a World Record and the proud owner of the best version of Firefox!
Here's the certificate I downloaded for helping in set a Guinness World Record. Don't forget to download your very own certificate too!!

Funny Google

More Google:
  • Holiday Logo: http://www.google.com/holidaylogos.html
  • Tribute to Our Moms: http://www.google.com/moms/index.html
  • Heart: http://www.google.com/heart/feature_cons.html
  • Easter: http://www.google.com/intl/en/Easter/feature_easter.html
  • Google in Klingon : http://www.google.com/intl/xx-klingon/
  • Google in Pig Latin: http://www.google.com/intl/xx-piglatin/
  • Google in the Mirror (elgooG): http://elgoog.rb-hosting.de/index.cgi
Special Searches:
  • http://www.google.com/intl/en/options/specialsearches.html
  • http://www.google.com/bsd
  • http://www.google.com/windows
  • http://www.google.com/microsoft.html
  • http://www.google.com/linux
  • http://www.google.com/mac.html
Language:
  • http://www.google.com/language_tools?hl=en
  • http://www.google.com/intl/xx-hacker/
  • http://www.google.com/intl/xx-elmer/
  • http://www.google.com/unclesam
  • http://www.google.com/intl/xx-piglatin/

Null: http://www.google.com/search?hl=en&q=+&btnG=Google+Search

Type 'find chcuk norris' and hit feeling lucky.

Jul 1, 2008

RSS 2.0 Vs ATOM 1.0

Blogs, wikis, newsfeeds are parts of the Web 2.0. Web 2.0 has been known as the new trend nowadays in world wide web technologies which aims to enhance creativity, information sharing, and, most notably, collaboration among users.Today, for those who generate syndication feeds have a choice of feed formats: RSS 2.0 or ATOM 1.0. Here's an article to compare between the 2 formats.

For your information, the initials "RSS" are used to refer to the following formats:
  • Really Simple Syndication (RSS 2.0)
  • RDF Site Summary (RSS 1.0 and RSS 0.90)
  • Rich Site Summary (RSS 0.91)
There's an interesting article posted by Ed Kohler (July 28, 2007) after he observed how some application handles the feed subscription option, at Why Do FireFox and Google Subtly Default to Atom Feeds?

References:
  • http://en.wikipedia.org/wiki/RSS_(file_format)
  • http://en.wikipedia.org/wiki/Atom_(standard)