Security

PWN to OWN contest happened here in Vancouver

Kent J. Chen — Sat, 29 Mar 2008 14:10:14 GMT

The three-day PWN to OWN contest at the CanSecWest security conference finished today here in Vancouver. The contest this year includes three laptops, running the most up to date and patched installations of MacOS X Leopard, Windows Vista, and Ubuntu Linux on MacBook Air, Fujitsu U810, and Sony VAIO, respectively.

All of them are survived after day 1 which only allows remote pre-auth type attack. MacBook Air was the only one compromised on day 2 because of one vulnerability in Safari browser. Vista was defeated almost the last minute in the last day because of the hole in Adobe Flash. Sony VAIO with Ubuntu smiles in the end.

Not bad, all OS are very good in security. I thought Vista might be the first one being compromised but thank to IE7 team who did a good job to lock down the browser, which kept Vista alive for the first 2 days in the contest. The result should give more people the confident to use computer but also warned that human, not computer self, is the most thread to the computer system. It also sent message to all 3rd party software providers that be careful of designing your products or you will be next one to blame.

Why can't get my wireless identified in Vista?

Kent J. Chen — Thu, 20 Mar 2008 05:52:55 GMT

How often does your wireless connection get dropped, if you are using Vista? If you are same as me, facing this kind of annoying problem every day, blame on Vista. It's one of those Vista-incompatible devices on your network causing this problem, the wireless router in particular.

Vista validates your network connection every time when the computer tries to connect to the network. If your router is not Vista-compatible and you are trying to connect via wireless, it most likely will not get identified the first place and won't be assigned a valid IP address as the result. In order to get work, you will need to go through the diagnose process to manually request for the IP address. Or, if you are tired of doing so, you can either look at your wireless router vendor's website to see if you are lucky to find the latest firmware that works for Vista, or end up buying a brand new one. Check to make sure it's Vista-compatible before pulling out your wallet.

7 things I don't want you to know

Kent J. Chen — Fri, 11 Jan 2008 08:39:41 GMT

PCWorld.ca has an article today that tells 7 things your company's IT department doesn't want you to know which technically I agree most of them. And it's true that with so many useful awesome online applications out there it's nearly impossible for IT department to restrict their employees' use of work PCs and networks to lock down the system and compliant with their policy. However, spreading words like this on a popular site like PCWorld makes our life way much harder, which is why I don't include the link here.

It's always true that the most threat to the network are from inside the office. While it's hard to technically lock system down it would be more efficient and useful to have a more strict and seriously detailed policy in place. And be sure that the words about the policy get to people's attention.

[updated on Jan 11, 2008] Apparently, people in PCWorld reviewed and realized the potential risk of this original post (note that I included the link here now) as it has been removed off the website but maybe still archived somewhere in their storage.

Secunia Personal Software Inspector

Kent J. Chen — Thu, 03 Jan 2008 07:40:35 GMT

Thanks to LifeHacker for discovering this nice little free tool that will keep all applications running on my computer up-to-date.

Freeware application Secunia Personal Software Inspector is sort of like Windows Update for your installed software, monitoring your installed apps and notifying you of available security updates. When you run your first scan after installing Secunia, you'll be presented with a list of insecure apps that have available updates, "end-of-life" apps that are no longer being supported by the developer, and patched apps that have the latest security updates. Keep in mind that Secunia is not an anti-virus software, but more of a preventative tool for ensuring that your software is secure as it can be.

I downloaded and installed on my computer right after I read its post. The first scan only tool a few minutes and discovered that I have 7 in-secure applications that need to be updated. Simply clicking the download solution icon will either direct you to the website that provides the patch or download the patch right away. Pretty neat.

Check and download Secunia PSI right here

Breakthrough technology redefines spam protection

Kent J. Chen — Mon, 10 Dec 2007 07:58:34 GMT

My boss forwarded this link the other day and commented that hopefully it's true. Yes, I hope it is true too but will it really become true?

The majority of today's anti-spam products on the market detect spam by analyzing the sender, i.e. DNSBL, SPF, Header Checking, etc., or email content, i.e. Bayesian. This so-called breakthrough technology developed by Abaca didn't use any of those, instead, it detects the spam based on its new, unique, and revolutionary receiver-reputation formula. It works quite awesome according to what the testimonials say on its website.

I have been fighting with Spam for last past 5 years by utilizing various technologies and tools. It's way less than perfect but still manageable, which is why I hope a new revolutionary system like this that dumped all old technologies would win the game overall.

Greylisting - Another Spam Killer

Kent J. Chen — Mon, 10 Sep 2007 07:22:23 GMT

Greylisting, a method of defending email users against email spam, actually hasn't been widely adopted in most of modern anti-spam system. I am so impressed honestly, even at the first time when I heard of it. It greylists any emails from a non-recognized sender for a short time and temporarily rejects it. The assumption is that since temporary failures are built into the RFC specifications for e-mail delivery, a legitimate server will attempt to connect again later on to deliver the e-mail. Why would it work to against the spam? Because if the email is from a spammer, it will probably not bother to be retried.

Sounds good but how can I implement it? It depends on what kind of mail server you are running. Greylisting implementations have a pretty full list how to implement it based on the platform. We are running Exchange server so basically this Grynx Greylist Freeware works for us.

Installation is easy, download the package and extract it onto the server where SMTP server runs, but the configuration is a little bit tricky. First of all, I don't want it run on the same Exchange server so I have to load another Windows 2003 Server with SMTP service enabled, and configure it to relay all incoming emails to the internal Exchange server. Secondly, configure it to use SQL database rather than an Access database. Finally, updating the firewall so from now on all incoming emails will go to the new SMTP gateway with Greylisting enabled first before hitting to the internal Exchange server.

Everything runs beautifully, it has blocked over 4,000 from coming into our mail server just about 10 hours after I implemented it. There is a big issue that could cause it not being used eventually in our organization.

The most significant disadvantage of greylisting is the fact that, like all spam mitigation techniques, it destroys the near-instantaneous nature of email people have come to expect, and throws email back to the early days when it was slow and unreliable. A customer of a greylisting ISP can not always rely on getting every email in a small amount of time. Thus email loses its function as easy and effortless vehicle to transfer electronic information instantaneously.

Because of this, I have to take a step back and put the schedule on the firewall so the rule that redirects emails to the greylisting enabled SMTP server will be only on after hours. It's still a huge help because it reduces a huge amount of spams that we need to monitor. Whoever monitors all filtered spam for any false positives still owes me a big thank-you.

[advertisement] If you happen to be a fan of mini moto or pocket bike and are looking for a parts for your toy, check it out these parts listed on kncnet's eBay store

Top 10 Security Mistakes

Kent J. Chen — Sun, 02 Sep 2007 08:10:14 GMT

As an IT Pro, it's never enough to know what's important in terms of the security in your organization, and it's never late to get started to know what you haven't been aware of. And the most important, it's never end. You will never be able to get rid of it unless you want to quit. Here is the summary of Top 10 Security Mistakes, a nice post on Canadian IT Professional Blog a few month back.

1. Password Management - Issues include poor password policies or enforcement of those policies, re-use of passwords, and password storage.

2. Patches and Upgrades - Some issues here include no inventory (how do you know what to patch?), no reporting on status of patch deployment, legacy applications that are no longer patched, and the "deploy and forget" methodology of software deployment.

3. NTFS and Share Permissions - Remember that permissions are cumulative (except Deny always wins), never grant permissions to users and always use groups, install Windows 2003 fresh rather than upgrade and use security templates and GPO's to set and maintain security. Everyone having Full Control everywhere is never good, remember Anonymous is part of Everyone!

4. Too Much Privilege - Always follow the rule of least privilege! And never use a domain or enterprise admin account to run services.

5. Administrative Practices- NEVER use a domain or enterprise admin account for your day to day activities and don't use those accounts to login from a standard workstation. (in my own practice, bad, I haven't gotten started to use this principle that I have known for years)

6. Unused Services - needless to say, removing unnecessary services will reduce the attack surface.

7. Auditing and Logging - Auditing is crucial but it is also important only to audit what is important. (That is something I really need to focus on, really)

8. Backups - Always test your DR plan as well as your recovery procedures. And remember that backups are only part of your DR plan.

9. Security Education - It's a key to a secure environment.

10. Incident Response - NEVER touch the compromised computer, delete any files, or do anything without the approval of your security officer. Doing so could destroy the evidence needed to determine what happened and how to prevent it from happening again.

[A Reader's Toolbox] Latest file sharing applications have made it possible to share your documents across globe. The advent of data recovery program has enabled companies to recover their data if it is deleted. However data recovery is very useful because it can save all of your precious data. If you do not backup your data then you must have recovery programs. You will find bundle of software in data recovery group.

Network Magic - Home Networking Software

Kent J. Chen — Wed, 08 Aug 2007 04:45:36 GMT

My D-Link WBR-1310 Wireless G Router at home doesn't work very well recently. It keeps losing the connection to the Internet. I thought it might be the time to upgrade the firmware. So I went to their support site and tried to look for the new release of the firmware for my quite new router. I found this home networking software instead. The ads banner is located in various pages on D-Link website, stating that this essential home networking tool really can ease the pain for the people who wants to set up their own home network but lack some essential knowledge.

I am curious about how this works. So I downloaded and installed it on my computer. Guess what? It's true. The little tool offers some wonderful wizards from which almost all level of users can easily set up their own home network without any help from computer pros. The network map feature looks cool. It gives you a whole picture of how many computers are on your network. Any intruders can be identified easily from the map.

The software comes with two editions, the free version has the basic features that might not be enough to set up a fully operational home network because the more advanced features like printer sharing, file sharing, and add a device wizard are in the premium version which costs at least $29.99.

[advertisement] If you happen to be a fan of mini moto or pocket bike and are looking for a parts for your toy, check it out these parts listed on kncnet's eBay store

Wondering what portable devices has been connected to your computer?

Kent J. Chen — Mon, 30 Jul 2007 06:27:25 GMT

This is a really good question, at least, I have no idea what had been plugged into my computer. EndPointScan, a free web utility released by GFI a few month back, allows you to check what devices are or have been connected to computers on your network and by whom.

Using this diagnostic tool, you can identify those areas where the use of portable storage devices could pose a risk to the integrity of the company’s systems.

EndPointScan carries out granular checks across all types of ports – USB, Firewire, Bluetooth, Infrared, PCMIA and Wi-Fi – on all machines. This utility provides complete and thorough information about all portable devices and can scan multiple computers simultaneously.

And as most of other online web services, you will have to install an ActiveX control, which I am assuming it must be run in IE.

Wondering what portable devices has been connected to your computer? Check it now.

More detail of this free web utility can be found here.