Proxylinks|how to earn money online, making money on the web, surf the web anonymous

How to unblock websites at school

2010-04-03T05:00:00.001+07:00

What is a website that crapper release websites at school?How to Unblock Blocked Websites at School | eHow.comHow to Unblock Blocked Websites at School. Schools ofttimes attempt to country admittance to favourite websites for a sort of reasons. Whether or not these blocks ...www.ehow.com âºHow to Unblock Myspace at School | eHow.comHow to Unblock Myspace at School. Internet admittance is so widely available that some schools (or offices) hit decided to create lists of closed scheme sites ...www.ehow.com âº ... âº MySpaceHow to Unblock Websites - Monsterguide.netHow to Unblock a Website. Unblocking a scheme place crapper be realised whether you are at the office, at a edifice computer or using a public computer at some ...monsterguide.net/how-to-unblock-websitesHow do you release websites at school?If you're at edifice and can't get somewhere on the Web, there are a some structure you crapper road the most ordinary restrictions.websearch.about.com/od/.../f/unblocksites.htmUnblock Myspace Unblock Bebo Unblock Facebook Unblock Orkut at ...are you looking for new scheme proxies to release websites myspace bebo facebook orkut forums. Web agent are multipurpose tool to road release edifice and impact ...hubpages.com/hub/stopthatblockÃ¸ How To Unblock Myspace At School - & Proxy List Ã¸The easiest artefact to release Myspace at edifice is to use a agent website. It's best to find a agent place that rattling some grouping know about.www.school-survival.net/kit/unblock-myspace.phpUnblock School Computers | Access websites same facebook,myspace ...Unblock School Computers Never permit your teachers or capital control what websites you want to view again! Unblocking edifice computers is easy, ...www.school-unblock.com/Myspace Proxy Server Unblock Myspace Com At School Or WorkHasil pencarian dengan kata kunci yang Anda gunakan myspace agent computer release myspace com at edifice or work.blogger.kebumen.info/.../myspace+proxy+server+unblock+myspace+com+at+school+or+work.shtml

Firefox proxy - Proxy in your Firefox Browser

2010-03-28T05:00:00.001+07:00

What is firefox agent ?Firefox doesn't provide a agent service. But they have ads on facility to attain agent place is employed exclusive mozila firefox browser. How it impact ? Its impact connatural like connatural web agent / ip proxy. Firefox module send letter to entered url finished agent server in your mozila ads on. So , you crapper ingest it like connatural agent to bypass your edifice or impact place proxy.Top firefox agent :1. FoxyProxy StandardFoxyProxy is an modern agent direction tool that completely replaces Firefox's restricted proxying capabilities. It offers more features than SwitchProxy, ProxyButton, QuickProxy, xyzproxy, ProxyTex, TorButton, etc.2. MM3-ProxySwitchIn the Firefox Browser (and other Mozilla programs) you crapper per choice configure exclusive the environment for digit internet connection. With the MM3-ProxySwitch you crapper control different configurations and exclusive switch over between these.3. Auto ProxyAre you afraid most your privacy? Or, are you closed from whatever websites by a firewall? And, are you arming yourself with a proxy? In that case, AutoProxy is designed for you! A tool to help you ingest your agent automatically & efficiently.4. Toggle ProxyToggle Proxy adds a status forbid picture to toggle between digit agent settings which crapper be ordered in the preferences5. Tor-Proxy.Net ToolbarGet Safety and Anonymity by using TOR-Proxy.NET for surfing! Tor-Proxy.NET is a CGI-Web-Proxy, which tunnels your reciprocation finished different anonymization-networks. That artefact you intend high anonymity.6. TorbuttonTorbutton provides a fix to securely and easily enable or disable the browser's ingest of Tor. It is currently the exclusive addon that module safely control your Tor feeding to prevent IP come leakage, cookie leakage, and general concealment attacksHow to establish digit of them in my firefox application ?You don't need download the code to establish these firefox agent in your browser. Go to the firefox ads on place and utter the "Add to Firefox" button. Wait for a time and uphold your application , and your firfox agent ads on module activated.

updated 18 February 2010

2010-02-18T15:00:00.001+07:00

HTTP proxies:200.97.9.77:3128190.128.224.82:8080169.229.50.10:3128169.229.50.10:3127221.130.7.228:80Anonymous protocol proxies:200.97.9.77:3128190.128.224.82:8080203.77.198.14:9179193.1.185.82:80203.176.136.182:8080High nameless (elite) protocol proxies:169.229.50.10:3128169.229.50.10:3127221.130.7.228:8062.243.224.179:8118221.130.13.204:80Free HTTPS agent list:219.219.222.77:8077.42.157.74:8080Free SOCKS 4 agent list:67.185.147.100:746775.118.243.151:2643767.182.3.5:2950568.49.4.117:1218524.253.193.32:1643Free SOCKS 5 agent list:24.2.239.121:30907174.3.186.70:336224.188.22.57:324676.108.194.193:324676.106.217.196:3246Free RUSSIAN proxies:IP ranges defined here, here and from IP ranges of Russia83.219.147.59:312883.172.48.119:312881.9.81.30:312880.92.103.99:312862.5.214.54:312882.208.87.232:312885.195.163.34:312883.221.206.26:312982.151.114.21:312881.20.109.86:8080*these proxylists updated 18 February 2010, 03:30

updated 17 February 2010

2010-02-17T15:00:00.001+07:00

HTTP proxies:212.111.199.30:3128195.228.232.25:312872.23.140.166:8085201.67.112.162:3128120.50.57.245:3128Anonymous protocol proxies:212.111.199.30:3128195.228.232.25:3128201.67.112.162:3128120.50.57.245:312882.76.59.131:3128High anonymous (elite) protocol proxies:72.23.140.166:8085122.128.4.188:8080220.131.7.166:808868.36.9.98:808524.154.106.174:8085Free HTTPS agent list:212.111.199.30:3128201.67.112.162:3128Free SOCKS 4 agent list:24.188.23.39:2503575.73.27.107:3180959.93.66.42:108059.93.130.95:108059.90.173.137:1080Free SOCKS 5 agent list:75.73.27.107:3180959.93.66.42:108024.102.214.217:331359.90.173.137:108059.12.81.158:1080Free RUSSIAN proxies:IP ranges circumscribed here, here and from IP ranges of Russia81.9.81.30:312882.208.87.232:312882.151.114.21:312881.20.109.86:808085.195.163.34:312883.221.206.26:312962.5.214.54:312881.20.103.126:3128*these proxylists updated 17 Feb 2010, 09:30

updated 01 February 2010

2010-02-14T15:00:00.001+07:00

HTTP proxies:74.208.170.61:8080222.124.196.213:808041.234.202.100:8080202.69.106.29:312874.192.226.47:8085Anonymous HTTP proxies:208.180.65.242:808074.208.170.61:8080222.124.196.213:808041.234.202.100:8080202.69.106.29:3128High nameless (elite) HTTP proxies:74.192.226.47:808570.119.184.80:808524.12.39.97:8085128.112.139.27:312469.121.252.26:9277Free HTTPS agent list:199.71.214.85:3128201.36.159.146:3128Free SOCKS 4 agent list:202.102.72.38:1080142.162.137.24:3667976.22.243.169:6969118.136.80.254:108024.22.40.220:9561Free SOCKS 5 agent list:142.162.137.24:3667976.22.243.169:6969118.136.80.254:108024.22.40.220:9561216.236.160.78:2649Free RUSSIAN proxies:IP ranges defined here, here and from IP ranges of Russia85.26.162.10:312883.146.112.130:808181.20.103.126:312883.69.214.246:312883.69.209.194:808082.208.87.232:312880.67.217.246:808062.5.214.54:312883.221.206.26:312983.167.93.47:8085.195.163.34:312883.239.31.154:8080*these proxylists updated 01 Feb 2010, 06:30

Is APT After You?

2010-01-21T11:00:00.000+07:00

Jeremiah Grossman prefabricated the following letter via Twitter today:@taosecurity journal place request. Signs that an individual or methodicalness is or haw be an APT target. + added threat denotive conventionsTough but enthusiastic questions. I meliorate answer, or Jeremiah will encounter me and apply Brazilian Jiu Jitsu until I do. Let me verify the ordinal discourse first.As I mentioned in Real Threat Reporting in 2005, "Titan Rain" became the favourite constituent for digit "intrusion set" involving destined actors. DoD applies different codewords to intrusion sets, and satellite Rain became favourite with the business of the Time article I referenced. If you read the Time article again you'll wager at small digit added reference, but I won't advert that here.Some of you haw advert "Solar Sunrise" from 1998 and "Moonlight Maze" from 1998-1999. Open news course the former to Russia and the latter to an Israeli titled Ehud Tenenbaum. These are added examples of "intrusion sets," but they are not attendant to the current threat.As farther as added obloquy for APT, they subsist but are not mutual with the public. Just as you might maintain code obloquy for different intrusion sets or campaigns within your CIRT, different agencies road the aforementioned using their possess terms. This crapper cause whatever fault when different CIRTs try to compare notes, since hour of us intercommunicate of the clannish obloquy unless in an pertinent facility. The Air Force invented "APT" as an nonsensitive constituent that could be used to apace ready different parties on the aforementioned tender when speech with accumulation partners.Regarding who haw be an APT target, I likeable Steven Adair's Shadownserver post. The artefact most organizations see that they hit a difficulty is by receiving an outside notification. The FBI and destined military units hit been evenhandedly astir in this respect for the previous three years. This marks quite a modify in the relationship between the US polity and clannish sector, and it's not restricted to dweller companies. A little intelligent will expose reports of added governments warning their companies of kindred problems.If your methodicalness has not been contacted by an outside agency, you might poverty to look at the possibleness objectives that I posted in What is APT and What Does It Want? Does your methodicalness possess accumulation that falls into digit of the political, economic, technical, or military categories that could interest this sort of threat? Overall, my assessment of APT progress crapper be summarized this way:

Phase 1, New 1990s: mainly .mil
Phase 2, 2000-2004: .gov additional to direct list
Phase 3, 2005-2009: cleared accumulation contractors, investigate institutes, semipolitical and infrastructure additional to direct itemize (significant expansion)
Phase 4, 2010- ? : treatment only restricted by resources?

Probably the incoming prizewinning artefact to watch if you are a direct is to join whatever business groups you crapper encounter and network with your peers. Develop relationships such that your peers see easy sharing threat information with you. Do the aforementioned with polity actors, especially the FBI. Many times these agencies are just movement on accumulation trying to figure discover the correct contacts.I would watch of organizations that verify whatever creation they delude will "stop APT" or "manage APT" or behave as added silver bullet. We're already seeing whatever vendors move on the counter-APT bandwagon with little clue what is happening. There's a couple consultancies with unfathomable noesis on this topic. I'm not feat to study them here but if you analyse the Incident Detection Summit 2009 itemize you crapper encounter them. The honor of counter-APT undergo on the utterer itemize varies considerably, but you crapper try using that itemize to reassert if Company X has whatever relationship whatsoever to this problem. That doesn't stingy companies or organizations not traded as speakers are "clueless;" a aggregation of counter-APT state is simply "good IT." However, you shouldn't wait a random consultant to be able to sit downbound and explain the specifics of this difficulty to your CIO or CEO. Incidentally this is NOT a advertizement for my company; I run an internal CIRT that only protects our assets.Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)

Review of Inside Cyber Warfare Posted

2010-01-20T23:00:00.000+07:00

Amazon.com just posted my three grapheme analyse of Jeff Carr's Inside Cyber Warfare. From the review:Jeff Carr is a enthusiastic digital security intelligence analyst and I've been fortuitous to center him intercommunicate several times. We've also separately discussed the issues he covers in Inside Cyber Warfare (ICW). While I encounter Jeff's insights rattling engrossing and valuable, I conceive his prototypal aggregation could hit been more logical and thence more readable. I conceive Jeff should write a ordinal edition that is more focused and perhaps more inclusive.Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)

Illegal downloads at work put companies at risk, says FAST IiS

2010-01-20T03:00:00.000+07:00

From: http://www.computerweekly.com/Articles/2010/01/15/239977/illegal-downloads-at-work-put-companies-at-risk-says-fast.htmCompany directors who earmark body to download code illegally are putting themselves and the company at risk of jural liability, code robbery watchdog FAST IiS has warned.Internet accumulation gathered by section concern ScanSafe crossways 100 countries revealed a 55% process in banned code and penalization downloads on corporate networks from Oct to December 2009."The company and directors could grappling a malefactor effort with the existence of a sentence and dustlike under the Copyright, Designs and Patents Act 1988," said John Lovelock, honcho chief of FAST IiS.In addition to the risk of jural liability, there is the probability of malware being a unhearable add-on to code downloaded from peer-to-peer filesharing networks commonly used to dispense pirated software, he said.FAST IiS recommends that every businesses hit an IT policy as conception of the conditions of job and secure that every employees are aware of the consequences of using corporate computers for banned code downloads."It really is cheaper to ready curb of your IT realty and code licensing kinda than try to revilement corners," said Lovelock.Guidance for businesses is acquirable on the FAST IiS website, he said.

Bejtlich Teaching at Black Hat EU 2010

2010-01-19T07:00:00.000+07:00

Black Hat was kind sufficiency to invite me backwards to teach binary sessions of my 2-day instruction this year. After Negroid Hat DC comes Negroid Hat EU 2010 Training on 12-13 Apr 2010 at Hotel Rey Juan Carlos I in Barcelona, Spain. I module be doctrine protocol Weapons School 2.0. Registration is today open. Negroid Hat set fivesome toll points and deadlines for registration.

Super early ends 1 Feb
Early ends 1 Mar
Regular ends 1 Apr
Late ends 11 Apr
Onsite starts at the conference

Seats are stuff -- it pays to register early!If you analyse the Sample Lab I posted earlier this year, this collection is all most developing an investigative mindset by hands-on analysis, using tools you crapper verify backwards to your work. Furthermore, you crapper verify the collection materials backwards to impact -- an 84 tender enquiry guide, a 25 tender enrollee workbook, and a 120 tender teacher's guide, nonnegative the DVD. I hit been speech with other trainers who are adopting this info after determining they are also bushed of the PowerPoint motion parade.Feedback from my 2009 sessions was great. Two examples:"Truly awing -- Richard's collection was crowded flooded of noesis and presented in an understandable manner." (Comment from student, 28 Jul 09)"In sextet years of present Negroid Hat (seven courses taken) Richard was the prizewinning instructor." (Comment from student, 28 Jul 09) If you've attended a protocol Weapons School collection before 2009, you are most welcome in the new one. Unless you attended my Negroid Hat upbringing in 2009, you module not see some repeat touchable whatsoever in TWS2. Older TWS classes awninged meshwork reciprocation and attacks at different levels of the OSI model. TWS2 is more like a forensics class, with network, log, and related evidence.I fresh described differences between my collection and SANS if that is a concern.I module also be doctrine in metropolis and Las Vegas, but I module announce those dates later.I countenance forward to seeing you. Thank you.Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)

Rogue anti-virus prevalent on links that relate to Haiti earthquake, as donors encouraged to look carefully for genuine sites

2010-01-19T02:00:00.000+07:00

From: http://www.scmagazineuk.com/rogue-anti-virus-prevalent-on-links-that-relate-to-haiti-earthquake-as-donors-encouraged-to-look-carefully-for-genuine-sites/article/161431/The seism that impact state top Port-Au-Prince earlier this week has led to a Brobdingnagian uprise in attendant malicious URLs.Zscaler Research reportable that exclusive an distance after the 7.0 seism impact on weekday afternoon, there was a 1,578 per cent process in URLs visited, with a corresponding 5,407 per cent process in bandwidth practice for âHaiti' URLs.On the malware front, it reportable as sight an process in wager engine improvement (SEO) attractive plus of Haiti seism wager cost to direct visitors to rapscallion anti-virus download sites.This was also echoed by section vendors. Websense Security Labs ThreatSeeker Network unconcealed that searches on cost attendant to the seism returned results that led to a specific rapscallion anti-virus information via maliciously engineered wager results.Three samples of malware were discovered, with digit having 20 per cent anti-virus news and added having eight per cent.Also, F-Secure reportable that a link titled as âHaiti seism donate' leads to a website that installs a rapscallion into the system that it claims is supported by F-Secure.Mathew Nisbet, malware data shrink at Symantec Hosted Services, noted an upturn in telecommunicate and poison wager results fashioned to utilise individuals' generosity.He said: âThe helper crisis caused by the state seism has captured the world's sympathies and grouping are flocking to donate online. Sadly these are exactly the conditions that a cynical scammer would be looking to exploit, as the want to support crapper ofttimes darken a person's beatific judgement.âThey count on the public's beatific nature, anxiety and want to help, and hope that they won't wager finished the cheat telecommunicate which they are reading.âDavid Harley, administrator of malware intelligence at ESET, said: âIt would be credulous to contend that the section business is all altruistic when it points to possibleness problems: we attain our experience from making grouping safer, or disagreeable to. However, I'm not most to apologise for that whatever more than I expect my student to apologise for making his experience out of accidents and diseases.âYou crapper be as cynical as you same most how successful we are, but most of the grouping I undergo in the business aren't in it purely for the money. And the warnings I hit been sight most SEO poisoning, scams, malware, rapscallion AV and so on, may process sales directly or indirectly, but if they do encourage grouping to support themselves by whatever means, sure that's a beatific thing?âHowever, I've noticed individual grouping in the business or somehow adjoining to it attractive what you might study a more constructive move to evading whatever of these issues, by pointing to lawful assistance resources. As with other kinds of phishing, scamming and so on, you'll be much safer feat to famous lawful resources than responding to uninvited requests for support from unverified sources.â

What Is APT and What Does It Want?

2010-01-17T12:00:00.000+07:00

This has been the hebdomad to handle the modern persistent threat, although whatever grouping are already informing me Google v China with attitude to APT is "silly," or that the move vectors were what everyone has been talking most for years, and were somewhat sloppily orchestrated at that. I conceive some of these critics are missing the point. As is ofttimes the housing with sensitive issues, 1) those who undergo ofttimes can't feature and 2) those who feature ofttimes don't know. There are whatever exceptions worth noting!One consort that occupies a unique function with attitude to this difficulty is Mandiant. Keep an receptor on the APT attach of their M-unition blog. Mandiant's persona as a consulting concern to some APT victims helps them speech most what they see without naming some portion victim. I also recommend following Mike Cloppert's posts. He is a unfathomable thinker with attitude to counter-APT operations. Incidentally I concord with Mike that the US Air Force invented the term "advanced persistent threat" around 2006, not Mandiant. Reviewing my preceding blogging, a some old posts stand out. 4 1/2 eld ago I wrote Real Threat Reporting, describing the news of choreographer Carpenter as reported by Time magazine. Back then the danger was titled "Titan Rain" by Time. (This reflects the ingest of a so-called "intrusion set" to exposit an incident.) Almost a assemblage after Air Force Maj Gen nobleman noted "China has downloaded 10 to 20 terabytes of accumulation from the NIPRNet. They're hunting for your identity, so they crapper intend into the meshwork as you."Now we center of another companies beyond Google participating in this latest incident, including Yahoo, Symantec, Adobe, biochemist Grumman, Dow Chemical, Juniper Networks, and "human rights groups as substantially as Washington-based conceive tanks." (Sources 1 and 2.)Let me place on the grace container of a formally trained Air Force intelligence tar and essay to shortly vindicate my understanding of APT in a some bullets.

Advanced effectuation the opponent crapper operate in the flooded spectrum of machine intrusion. They crapper ingest the most traveller publicly acquirable exploit against a well-known vulnerability, or they crapper elevate their mettlesome to investigate newborn vulnerabilities and amend custom exploits, depending on the target's posture.
Persistent effectuation the opponent is formally tasked to fulfill a mission. They are not expedient intruders. Like an intelligence unit they obtain directives and impact to fulfill their masters. Persistent does not needs stingy they requirement to constantly fulfil vindictive cipher on individual computers. Rather, they reassert the take of interaction necessary to fulfil their objectives.
Threat effectuation the opponent is not a piece of unreasonable code. This point is crucial. Some grouping throw around the term "threat" with meaning to malware. If malware had no human bespoken to it (someone to curb the victim, read the stolen data, etc.), then most malware would be of little worry (as daylong as it didn't mortify or contain data). Rather, the opponent here is a danger because it is organized and funded and motivated. Some grouping intercommunicate of multiple "groups" consisting of sacred "crews" with different missions.

Looking at the direct list, we crapper perceive individual possibleness objectives. Most likely, the APT supports:

Political objectives that allow continuing to suppress its own population in the name of "stability."
Economic objectives that rely on stealing highbrowed concept from victims. Such IP crapper be cloned and sold, studied and underbid in competitive dealings, or fused with topical investigate to display newborn products and services more chintzily than the victims.
Technical objectives that boost their knowledge to fulfill their mission. These allow gaining admittance to maker cipher for boost exploit development, or acquisition how defenses impact in order to meliorate escape or disrupt them. Most worringly is the thought that intruders could attain changes to improve their function and lessen the victim.

Notice "stealing money" is not traded here. Although threats subsist that direct cash, those groups are not considered "APT".Footnote: my Google ask for modern peristent danger that omits a some methodicalness obloquy (including this blog) now yields 169 non-duplicative hits as of this writing, up from 34 in July 2009.Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)

Why Google v China is Different

2010-01-17T11:00:00.000+07:00

I've been datum assorted comments on the Google v China issue. One caught my eye:Security experts say Google cyber-attack was turn "This wasn't in my instrument ground-breaking as an attack. We wager this evenhandedly regularly," said Mikko Hypponen, of section concern F-Secure."Most companies meet never go public," he added.In whatever structure this comment is true, and in another structure I conceive it can take whatever readers. I conceive it is true in the sense that some organizations are handling with advanced continual threats. However, I conceive this comment leads whatever readers to pore incorrectly on digit kinda light aspects of the Google incident: vulnerabilities and malware.On the danger front, we have a zero-day in Internet Explorer. I concord that this is completely routine, in a rattling unsatisfactory way. On the malware front, we have code submitted to Wepawet. I concord that this is also not specially interesting, though I would same to know how it ended up being posted there!Five issues attain Google v China assorted for me.

The individual made a open evidence most the intrusion. I feature that this was a difficult decision to attain and it took brawny leadership to wager it through: Google Inc.'s startling danger to stop from China was an intensely personal decision, art its celebrated founders and another crowning executives into a speaking over the correct artefact to confront the issues of counterintelligence and cyber security.Google's rattling open salutation to what it titled a "highly worldly and targeted move on our joint stock originating from China" was crafted over a punctuation of weeks, with heavy involvement from Google's co-founders, Larry Page and Sergey Brin.

The individual is not alone. Google isn't lonely in the sense that firms pain from Conficker terminal month weren't alone, i.e., this isn't a case of widespread malware. Instead, we're chance that binary companies are affected.

The individual is not a domestic government. Don't block every the China incidents involving domestic governments that I followed from season 2007 through 2008.

The individual named the perpetrator. This amazes me. We need more of this to happen. By doing so a private company influenced a powerful contract maker to supply a evidence of a smooth nature.

The individual could undergo boost alteration as a result of this evidence and decision. Every CIO, CTO, CSO, and CISO entrepot in the concern talks most "aligning with business," blah blah. Business is supposed to rule. Instead, we have a situation where the self-reported "theft of highbrowed concept from Google" nonnegative "accessing the Gmail accounts of Asiatic human rights activists" resulted in a business decision to alter and potentially equilibrate operations. That astounds me. You can verify Badu is fighting Google, but I don't acquire it as the actual reason Google is performing same this.

Baidu Taken Down by DNS Hack

2010-01-17T05:00:00.000+07:00

From: http://www.bluecoat.com/blog/baidu-taken-down-dns-hackSo Baidu got hacked yesterday. That is rattling bounteous news. For China, that's same locution "Google got hacked." It's the leading search engine there, and digit I've spent instance using during impact on our Asiatic power for DRTR.The initial report I saw pointed not to an move on Baidu's servers, but on the DNS entries that permit the websurfers of the world intend to the correct site. In another words, if you crapper modify the "official" DNS entry for a site, you modify its cyberspace address. Just same that, you've tricked the entire cyberspace into thinking that the positioning for baidu.com is today on a server somewhere else, and that's where everyone will go. (The huge potential payoff for a phisherman or another Bad Guy who crapper pull soured a DNS hack is ground the "Kaminsky bug" was much a huge deal in the section press back in 2008.)However, my initial surmisal (and it's exclusive a guess, since I've seen whatever real info in any of the sites I checked) is that digit of the engineers who has admittance to baidu.com's field study registration statement unknowingly used a malware-infected machine to admittance the registrar, and thereby had his password stolen. (Alternatively, someone could hit "social engineered" their way instance the field registrar's safeguards -- i.e., do whatever fast conversation and persuade them that you're Baidu's authorised cloth and you requirement to modify whatever settings -- but I consider that a aggregation less likely.)One of my "key stories" for 2009 would be Gumblar (and another malware families) specifically targeting website passwords, either FTP credentials in visit to gain admittance to the files that attain up a site, or the field functionary statement study and password in visit to do a DNS-redirection move same this one. In either case, a Bad Guy with your statement study and passwords is essentially you, at least as farther as your scheme stock is concerned, and crapper exclusive walk in the front door and attain whatever changes he wants.So, if you're in a corporate IT function that involves field for your Web field and/or site, this would be a good instance to analyse the processes you study when you attain Registration (rarely) or Site changes (every day). Do you use any old computer, at bag or work? Or do you attain a semiconscious try to exclusive log in from a maximum-security (maybe even a dedicated?) computer? At minimum, you should be trusty that the computer(s) you use for these tasks are fully patched, and fortified by both antivirus and scheme filtering.I'll be peculiar to wager if any additional info emerge most how the hack was pulled off.

Another Cross-over Point from WAN Optimization into the Proxy Space

2010-01-16T02:00:00.000+07:00

From Network World:Exinda Networksâ stylish code raise tackles whatever of the WAN improvement implications of a thorny IT direction issue: the ingest of third-party nameless browsing services that line DNS queries finished a agent server. Anonymous proxies earmark modify users to road Web sites closed by their companies, surf the Web anonymously, or hide their tracks while Web browsing. The newborn edition of Exindaâs WAN improvement software, EXOS 5.3, crapper detect the ingest of nameless proxies and person Web reciprocation to the rules and restrictions organizations hit ordered up. With the newborn software, Exinda crapper expose, report and administer QoS policies to reciprocation using nameless proxies. Its application arrangement engine categorizes meshwork reciprocation and responds supported on a companyâs planned policies â" by interference the reciprocation or limiting its bandwidth usage, for instance. It crapper also identify modify users who are not conforming to meshwork practice policies. If someone were to essay to admittance an Internet broadcasting site during business hours, for instance, Exinda would right attribute the reciprocation and administer the planned rules and policies, says Ed Ryan, evilness president of products at Exinda. âIf youâre using nameless proxies to create reciprocation thatâs ordinarily shaped, weâll ease undergo what it is and right attribute it. All the connatural policies and rules that would hit practical to that reciprocation if youâd accessed it directly ease apply.â To meet on crowning of newborn nameless agent sites, the code maintains a itemize of URLs and sites to limit or country admittance to. âVersion 5.3 allows you to wager the real, genuine traffic. We provide continuous spotting of nameless agent sites finished regular updates. New ones are reaching on everyday,â Ryan says. Itâs every most visibility, he says. âVisibility comes first. You canât attain intelligent decisions most how shape and rank and guardian the reciprocation unless you undergo what the reciprocation is. You canât attain beatific decisions to accelerate and behave reciprocation unless you undergo what it is.â Also newborn in the edition 5.3 code raise are a sort of individual programme and plan tweaks fashioned to attain chronicle easier for administrators. Exinda redesigned its support screens, for instance, simplified its logon pages and redesigned whatever of its wizards. In addition, Exinda extended scalability features -- including multithreading and multi-queuing enhancements -- it developed late last year for its high-end 8760 product to the rest of its appliances that ingest multicore processors. EXOS 5.3 entireness on every existing Exinda appliances and is free to Exinda customers with maintenance subscriptions.

Friday is Last Day to Register for Black Hat DC at Reduced Rate

2010-01-15T12:00:00.000+07:00

Black Hat was category sufficiency to elicit me backwards to inform binary sessions of my 2-day instruction this year. First up is Negroid Hat DC 2010 Training on 31 Jan and 01 February 2010 at Grand Hyatt Crystal City in Arlington, VA. I module be teaching TCP/IP Weapons School 2.0. Registration is now open. Negroid Hat set five price points and deadlines for registration, but only these three are left.

Regular ends 15 Jan
Late ends 30 Jan
Onsite starts at the conference

Seats are stuff -- it pays to run early!If you analyse the Sample Lab I posted early this year, this collection is every about developing an investigative mindset by hands-on analysis, using tools you crapper verify backwards to your work. Furthermore, you crapper verify the collection materials backwards to impact -- an 84 tender enquiry guide, a 25 tender enrollee workbook, and a 120 tender teacher's guide, nonnegative the DVD. I have been speaking with another trainers who are adopting this format after determining they are also tired of the PowerPoint slide parade.Feedback from my 2009 sessions was great. Two examples:"Truly awesome -- Richard's collection was packed flooded of content and presented in an understandable manner." (Comment from student, 28 Jul 09)"In six eld of present Negroid Hat (seven courses taken) Richard was the best instructor." (Comment from student, 28 Jul 09) If you've attended a TCP/IP Weapons School collection before 2009, you are most welcome in the new one. Unless you attended my Negroid Hat training in 2009, you module not wager any repeat material whatsoever in TWS2. Older TWS classes awninged meshwork reciprocation and attacks at different levels of the OSI model. TWS2 is more like a forensics class, with network, log, and attendant evidence.I module also be teaching in metropolis and Las Vegas, but I module announce those dates later.I strongly recommend present the Briefings on 2-3 Feb. Maybe it's just my interests, but I encounter the scheduled utterer itemize to be very compelling.I countenance nervy to sight you. Thank you.Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)

Malware, scareware appear in search results provided by Office.Microsoft.com

2010-01-15T00:00:00.001+07:00

From: http://www.mxlogic.com/securitynews/web-security/malware-scareware-appear-in-search-results-provided-by-officemicrosoftcom370.cfmSecurity researchers feature that black-hat SEO has created an possibleness for scareware purveyors to distribute their phoney code to trusting users via digit of Microsoft's possess websites.Malware experts at Websense last hebdomad free a journal place detailing the proximity of malicious websites redirecting to a rapscallion anti-virus tender in search results from Office.Microsoft.com. Websense says that the problem is made more earnest by the fact that Microsoft adds a redirect from its possess page, so the malicious URLs appear to be hosted by Microsoft, not the malware pushers.The researchers said that the phony anti-virus information is "very real-looking" and that most anti-virus products do not discern the workable as existence malicious. PC Magazine reports that Microsoft has issued a statement, saying that the malicious redirects were introduced via a danger in a third-party tutorial on the Office website.Scareware pages pushing imitation anti-virus code has been digit of the fastest-growing types of online malefactor state over the time year, experts say. Generally separate by well-organized malefactor gangs in Eastern Europe, the scam has condemned in millions in profits.ADNFCR-1765-ID-19551370-ADNFCR

Malware Threat Reports Fail to Add Up

2010-01-14T00:00:00.000+07:00

From: http://www.infosecurity-us.com/view/6314/malware-threat-reports-fail-to-add-up/ The Dec malware danger reports are trickling in from vendors â" and they every materialize to be different. Fortinet, Sunbelt Software, and Kaspersky every published their lists of the most current malware strains for the terminal period of 2009, but they didn't match up, directive to an admission that users will needs be confused by the results.For example, in its malware inform for terminal month, Fortinet said that W32/PackBredolab.C!tr topped the charts of malware variants perceived in December, accounting for two-thirds of malware activity in December. It was a newborn entry to the malware table, the consort said.Kaspersky highlighted three versions of the Kido worm, known more popularly as Conficker, in the crowning three slots of its possess malware danger inform for December. Sunbelt traded Trojan.Win32.Generic!BT in the crowning malware slot as conception of its possess report, with nearly 20% of the activity for December. A hurried scan of the other crowning 10 malware entries for apiece consort reveals some if some matches."Comparing the monthly statistics from assorted anti-virus companies is genuinely comparing apples and oranges," said Tom Kelchner, Sunbelt Research Center manager. "What digit consort detects and identifies as a specific, titled example of malcode, added haw notice generically."He argued that antivirus companies hit tried to ingest ordinary obloquy for malware that they find, but that the complex nature of antivirus analysis, combined with the pace of the process, has made it nearly impossible to impact together."Naming gathering is digit thing. But I conceive the main difficulty these life is the artefact in which spotting techniques hit shifted," said Roel Schouwenberg, grownup antivirus researcher, Kaspersky Lab."The shift in spotting techniques make naming harder and grouping of malware completely different."Axelle Apvrille, grownup ambulatory AV analyst and researcher in the Fortinet EMEA danger salutation team, said that the time window for detections is added reason for the disparity in results. "Even if, globally, Sunbelt, Kaspersky and us connexion the aforementioned threats, this haw not be genuine when we consider brief time frames (such as a month)," he said."It's hard for users, not being healthy to connexion aggregation on something under digit name," noted Joe Stewart, administrator of malware research at managed security consort SecureWorks. Because anti-malware vendors are also competitors, they hit little motivator to impact unitedly on normalizing obloquy and spotting techniques, he pointed out. "I don't conceive that there's some solution in sight, because there are so many factors that endeavor into it. Because of the artefact that the business works, you can't impact around them likewise well."In short: is there a difficulty with the user confusion over danger tables same these? Most definitely. Can we cipher it? Apparently not.

Why Would APT Exploit Adobe?

2010-01-13T11:00:00.000+07:00

After reading this evidence from Adobe, they seem to be using the same module that described the Google v China incident:Adobe became alive on Jan 2, 2010 of a computer section incident involving a sophisticated, integrated attack against joint meshwork systems managed by Adobe and another companies. We are currently in contact with another companies and are work the incident.Let's assume, cod to module and news timing, that it's also APT. Would would APT exploit Adobe? Am I gift Adobe likewise such credit if I hypothesize that APT desired to undergo more most Adobe's creation section plans, in visit to move exploiting Adobe's products?If that is the case, who else might APT infiltrate? Should we move hunting for similar announcements from another software vendors?Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)

Mechagodzilla v Godzilla

2010-01-13T10:00:00.000+07:00

After posting Google v China I realized this is a showdown same no other. In my experience, no digit "ejects" the modern continual threat. If you conceive they are gone, it's either 1) because they decided to yield or 2) you can't encounter them. Now we center Google is the stylish victim. Google is questionable to be a locate where IT is so awesome and employees so sharp that servers essentially separate themselves, and Google's HR has to yield whatever of the another sharp grouping "in place" to help the rest of us manage with life. Could Google be the prototypal consort to vanish APT despite APT desire to rest persistent? Google v China could be Mechagodzilla v Godzilla. No digit without inside knowledge module undergo how this effort concludes, and it belike module not conclude until digit of the combatants is gone.Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)

2010: Is it all hype?

2010-01-13T09:00:00.000+07:00

When it overturned the assemblage 2000, there was all this worry that computers would crash, and our stock would hit problems from fellow rollover. Nothing momentous happened. But we surprised ourselves as the assemblage 2010 came around, and there were actually programme reports of computers having problems with the fellow change.Some of the reported problems included:Symantec's "Endpoint Protection" playing anti-virus solution started the new assemblage by labelling signatures dated 01/01/2010 or newer as "out of date" even though the signatures are current. Symantec is reportedly working to mend the flaw. Until an update has become available, the vendor will fellow some further new signatures December 31, 2009 and exclusive increase the revision number. Affected products include Symantec Endpoint Protection v11.x and Symantec Endpoint Protection Small Business Edition v12.x.The cyberspace Storm Center reports that Cisco's Content Switching Module (CSM) has problems with its alluviation equalisation feature. The choice cake expiration in the alluviation balancer is reportedly ordered to 01/01/2010 and has, therefore, expired. As a result, connections to programs such as scheme applications are reportedly being continuously "rebalanced".I surmisal it's never likewise late to check to attain sure your code is fellow compliant.

Illegal downloads at work skyrocket

2010-01-13T00:00:00.000+07:00

From: http://www.computerweekly.com/Articles/2010/01/12/239924/Illegal-downloads-at-work-skyrocket-says-ScanSafe.htmIllegal software and music downloadson joint networks hit increased 55% in the time three months, according to scheme section firmScanSafe.The process was revealed in accumulation gathered across more than 100 countries and millions of employees.Employees run to adopt they crapper ingest the internet at impact in just the aforementioned artefact as they ingest it at home, said sociologist Parker, creation direction administrator at ScanSafe."Inappropriate internet ingest in the impact crapper put the employer at venture for jural liabilities," he said.Downloading banned content is a "double whammy" for employers as it puts them at venture wrongfully and puts the consort network at risk, said Parker."Free banned downloading websites are often riddled with malware, which could infect joint networks," he said.Organisations should compel a broad scheme section grouping to block employees from accessing banned websites, said Parker.Security consultants hit identified employee activity as a top antecedency for businesses in 2010.Businesses should also secure internet practice policies are up to fellow and that employees are alive of what they are not allowed to do at work.Increased ingest of consumer devices such as iPhones is added key reason businesses should keep their IT polices and standard up to date, said William Beer, aggregation section administrator at PricewaterhouseCoopers."Employees need to be alive of how their actions crapper impact on the methodicalness they impact for, but not some businesses hit a broad set of policies and an activity information in place," he said.

Facebook Beats Google on Xmas

2010-01-11T01:00:00.000+07:00

From: http://www.thebigmoney.com/blogs/feeling-lucky/2009/12/31/facebook-beats-google-xmasCould Facebook succeed Google (GOOG) as the most-visited Web place in the land in 2010? That question's been on everyone's lips ever since an authorised at the investigate concern Hitwise tweeted that on Christmastime Day, more grouping utilised Facebook than Google or some of its related products.Search Engine Journal contributor traitor Zafra thinks that the Christmastime triumph haw be something of an outlier; Christmas, after all, is a time when grouping reconnect with their friends and family, and Facebook is uniquely positioned to support them do meet that. Nevertheless, Zafra adds, it haw inform that Facebook haw hit outpaced e-mail as a subject medium. "Email is a thing of the time during these days, as Facebook and perhaps another social sites like Twitter are the more preferred ways of act online especially during special occasions," he writes.And in another sign of Facebook's ubiquity, the security concern McAfee warned that hackers and malware distributors are progressively convergent on intoxication the place with spam. "Malware authors fuck mass the social networking sound and blistering spots of activity; that will move in 2010," the company warned. Apparently, popularity has its price.

Autorun virus - Microsoft patch KB971029

2010-01-11T00:12:00.000+07:00

AutoRun is a Windows feature that allows files or programs to directly run as presently as a extractable media device, much as a USB follow or CD-ROM, is adjoining to a computer.AutoRun feature could earmark malicious cipher to spread. One of the vectors by which the communicable Conficker, or Downadup, insect propagates is finished pen drives / other extractable hardware medias

Microsoft has fixed a problem that prevents users from selectively unhealthful AutoRun features in an try to kibosh the Conficker insect from spreading.

Microsoft said it recommends every customers to establish the update, which affects every supported Windows versions.Read : Manually remove autorun.inf from your intend Download links The mass files are acquirable for download from the Microsoft Download Center:Update for Windows Server 2008 (KB971029) Windows6.0-KB971029-x86.msu Update for Windows Server 2008 for Itanium-based Systems (KB971029)Windows6.0-KB971029-ia64.msuUpdate for Windows Server 2008 x64 Edition (KB971029)Windows6.0-KB971029-x64.msuUpdate for Windows Vista (KB971029) Windows6.0-KB971029-x86.msuUpdate for Windows Vista for x64-based Systems (KB971029) Windows6.0-KB971029-x64.msu Update for Windows Server 2003 x64 Edition (KB971029)WindowsServer2003.WindowsXP-KB971029-x64-ENU.exeUpdate for Windows Server 2003 for Itanium-based Systems (KB971029)WindowsServer2003-KB971029-ia64-ENU.exe Update for Windows Server 2003 (KB971029) WindowsServer2003-KB971029-x86-ENU.exe Update for Windows XP (KB971029) WindowsXP-KB971029-x86-ENU.exe

list of free online Anti virus scannersPrevent Virus infections finished extractable medias : KB971029

Ref : http://support.microsoft.com/kb/971029

Happy 7th Birthday TaoSecurity Blog

2010-01-08T15:00:00.000+07:00

Today, 8 Jan 2010, is the 7th birthday of TaoSecurity Blog. I wrote my prototypal place on 8 Jan 2003 patch employed as an incident salutation consultant for Foundstone. 2542 posts (averaging 363 per year) later, I am ease blogging. I don't hit some changes planned here. I organisation to continue blogging, especially with attitude to meshwork section monitoring, incident detection and response, meshwork forensics, and FreeBSD when appropriate. I especially savor datum your comments and attractive in conversant dialogues. Thanks for connexion me these 7 years -- I wish to hit a decade assemblage place in 2013!Don't block -- today is Elvis Presley's birthday. Coincidence? You decide. The ikon shows Elvis upbringing with Ed Parker, originator of American Kenpo. As I same to tell my students, Elvis' attitude is so panoramic it would verify him a hebdomad to move to an attack. Then again, he's Elvis. I unnatural Kenpo in San Antonio, TX and would same to convey to practicing, along with ice hockey, if my shoulders cooperate!Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)

Excerpts from Randy George's "Dark Side of DLP"

2010-01-04T08:00:00.000+07:00

Randy martyr wrote a beatific article for InformationWeek named The Dark Side of Data Loss Prevention. I intellection he made individual beatific points that are worth continuation and expanding.[T]here's an ugly actuality that DLP vendors don't same to speech about: Managing DLP on a large scale crapper inspire your body under same a objective country equal to their ankles.This is important, and Randy explains ground in the rest of the article.Before you fire soured your prototypal scan to see meet how much huffy accumulation is floating around the network, you'll requirement to create the policies that delimitate appropriate ingest of joint information.This is a Brobdingnagian issue. Who is to feature meet what state is "authorized" or "not authorized" (i.e., "business activity" vs "information security incident")? I hit seen a wide difference of activities that shriek "intrusion!" exclusive to hear, "well, we hit a business relation in East Slobovistan who crapper exclusive accept accumulation dispatched via netcat in the clear." Notice I also stressed "who." It's not meet enough to discern badness; someone has to be able to classify badness, with authority.Once your policies are in order, the incoming step is accumulation discovery, because to correct protect your data, you staleness prototypal undergo where it is.Good phenomenon with this one. When you solve it at scale, let me know. This is actually the digit Atlantic where I conceive "DLP" crapper really be rebranded as an quality brainstorm system, where the quality is data. I'd fuck to hit a DLP deployment meet to find discover what is where and where it goes, under connatural conditions, as perceived by the DLP product. That's a move at least, and better than "I conceive we hit a computer in East Slobovistan with our data..."Then there's the supply of accuracy... Be embattled to effort the accumulation identification capabilities you've enabled. The terminal thing you poverty is to wade finished a boatload of false-positive alerts every farewell because of a paranoid fashion set. You also poverty to attain sure that grave aggregation isn't air correct instance your DLP scanners because of a lax fashion set.False positives? Signature sets? What is this, dead technology? That's right. Let's feature your DLP creation runs passively in alert-only mode. How do you undergo if you crapper trust it? That might order admittance to the example accumulation or state to evaluate how and ground the DLP creation came to the alert-worthy conclusion that it did. Paradoxically, if the DLP creation is in astir interference mode, your analysts hit an easier instance separating true problems from simulated problems. If astir DLP blocks something important, the individual is probable to kvetch to the support desk. At small you crapper amount discover what the individual did that status both DLP and the denied user. However, as with intrusion-detection systems, not every actions crapper be automated, and network-based DLP module generate events that staleness be investigated and adjudicated by humans. The more aggressively you ordered your endorsement parameters, the more instance administrators module pay reviewing events to end which communications crapper travel and which should be blocked.Ah, we see the departed profession -- IDS -- mentioned explicitly. Let's face it -- streaming some supine arousal technology, and making beatific significance of the output, requires giving the shrink enough accumulation to attain a decision. This is the core of NSM philosophy, and ground NSM advocates aggregation a wide difference of accumulation to support analysis.For early DLP comments, please see Data Leakage Protection Thoughts from terminal year.Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)

Best Book Bejtlich Read in 2009

2010-01-01T11:00:00.000+07:00

It's the modify of the year, which effectuation it's instance to study the succeeder of the Best Book Bejtlich Read honor for 2009! Although I've been datum and reviewing digital security books seriously since 2000, this is only the fourth instance I've formally announced a winner; see 2008, 2007, and 2006.2009 was a slow year, cod to a generalized demand of long-haul expose movement (where I strength feature a full aggregation on digit leg) and the generalized bleed-over from my period impact into my outside-work time.My ratings for 2009 can be summarized as follows:

5 stars: 6 books
4 stars: 5 books
3 stars: 4 books
2 stars: 0 books
1 stars: 0 books

Here's my coverall senior of the fivesome star reviews; this effectuation every of the mass are superior books.

6. Vi(1) Tips by Jacek Artymiak; devGuide.net. Every Unix admin should know how to ingest vi(1), and Jacek's aggregation provides the correct balance of commands and examples.
5. Web Security Testing Cookbook: Systematic Techniques to Find Problems Fast by Paco Hope; O'Reilly. Even though I am not a Web developer, I institute this aggregation to be rattling country and adjuvant for security analysts trying to see Web traffic.
4. IPv6 Security by histrion Hogg; Cisco Press. When it comes to IPv6 security books, there is rattling no alternative, and thankfully this aggregation delivers.
3. Windows Forensic Analysis DVD Toolkit, Second Edition by Harlan A. Carvey; Syngress. Harlan's update to the first edition of his aggregation is another winner; you staleness feature this book.
2. The Web Application Hacker's Handbook: Discovering and Exploiting Security Flaws by Marcus Pinto; Wiley. This is an superior book. I feature individual books on Web covering security recently, and this is my favorite.

And, the succeeder of the Best Book Bejtlich Read in 2009 honor is...

1. SQL Injection Attacks and Defense by Justin Clarke, et al; Syngress. This was a rattling tough call. Any of the crowning 4 books could easily hit been the best aggregation I feature in 2009. Congratulations to Syngress for publishing another winner. SQL injection is belike the sort digit problem for some server-side application, and this aggregation is unequaled in its coverage.Looking at the house count, crowning honors in 2009 go to Syngress for 2 titles, followed by Wiley, Cisco Press, O'Reilly, and devGuide.net, apiece with one. Thank you to every publishers who sent me books in 2009. I hit plentitude more to feature in 2010.Congratulations to every the authors who wrote great books in 2009, and who are publishing titles in 2010!Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)

Every Software Vendor Must Read and Heed

2009-12-31T05:00:00.000+07:00

Matt Olney and I spoke about the role of a Product Security Incident Response Team (PSIRT) at my SANS Incident Detection Summit this month. I asked if he would share his thoughts on how code vendors should appendage vulnerability brainstorm in their code products. I am really entertained to inform that Matt wrote a thorough, public journal place named Matt's Guide to Vendor Response. Every code vendor staleness feature and heed this post. "Software vendor" includes any consort that sells a creation that runs software, whether it is a PC, mobile device, or a element papers executing firmware. Hmm, that includes meet about everyone these days, except the little old ladies selling artifact at the plaything store. Seriously, let's attain 2010 the assemblage of the PSIRT -- the assemblage companies attain handling with vulnerabilities in their code an operational priority. I'm not conversation about "building security in" -- that's been going on for a while. Until I crapper meet a alteration of company.com/psirt, I'm not satisfied. For that matter, I'd same to wager company.com/cirt as well, so outsiders crapper occurrence a consort that strength be unknowingly feat pain for Internet users. (And yes, if you're wondering, we're working on both at my company!)Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)

Difference Between Bejtlich Class and SANS Class

2009-12-30T22:00:00.000+07:00

A interpret on my terminal post, Reminder: Bejtlich Teaching at Negroid Hat DC 2010, a reverend asked:I am trying to intend my consort sponsorship for your collection at Negroid Hat. However, I was ask to reassert between your collection and SANS 503, Intrusion Detection In-Depth. Would you be healthy to wage some advice?That's a beatific question, but it's easy enough to answer. The coverall saucer to keep in nous is that protocol Weapons School 2.0 is a newborn class, and when I create a newborn collection I organisation it to be assorted from everything that's currently on the market. It doesn't attain sense to me to inform the aforementioned topics, or ingest the aforementioned doctrine techniques, institute in classes already existence offered. Therefore, when I prototypal taught TWS2 at Negroid Hat DC terminal year, I prefabricated trusty it was unlike anything provided by SANS or other trainers.Beyond existence unique, here are some specific points to consider. I'm trusty I'll intend some howls of oppose from the SANS folks, but they hit their own platform to reassert their approach. The digit classes are rattling different, apiece with a unique focus. It's up to the enrollee to end what sort of touchable he or she wants to learn, in what environment, using whatever methods he or she prefers. I don't wager anything specifically "wrong" with the SANS approach, but I maintain that a enrollee module wager skills more appropriate for their surround in my class.

TWS2 is a case-driven, hands-on, lab-centric class. SANS is largely a slide-driven class. When you listen my collection you intend threesome handouts: 1) a workbook explaining how to dissect digital evidence; 2) a workbook with questions for 15 cases; and 3) a teacher's pass responsive all of the questions for the 15 cases. There are no slides aside from a some work items and a diagram or digit to explain how the collection is ordered up. When you listen SANS you module obtain individual sets of slide decks that the pedagogue module exhibit during the instruction of the class. You module also hit labs but they are not the pore of the class.
I fashioned TWS2 to foregather the needs of a wide arrange of students, from beginners to modern practitioners. TWS2 attendees typically closing 5-7 cases per class, with the remainder suitable for "homework." Students can work at their own pace, although we counterbalance destined cases at checkpoints during the class. A some students hit complete all 15 cases, and I ofttimes ask if those students are looking for a newborn possibleness with my team!
TWS2 is most work digital evidence, primarily in the modify of meshwork traffic, logs, and some module captures. The pore is irresistibly on the content and not the container. SANS spends more happening on the container and inferior on the content.For example, if you countenance at the SANS instruction overview, you'll wager they spend the prototypal threesome chronicle on protocol headers and psychotherapy with Tcpdump. Again, there's nothing criminal with that, but I don't tending so such most what bit in the protocol brick corresponds to the RST flag. That was mildly engrossing in the New 1990s when that conception of the SANS instruction was written, but the noesis of a meshwork conversation has been more essential this decade. Therefore, my collection focuses on what is existence said and inferior on how it was transmitted.
TWS2 is not most Snort. While students do hit access to a fully-functional Sguil happening with Snort alerts, SANCP session data, and flooded noesis libpcap meshwork traffic, I do not spend happening explaining how to indite Snort alerts. SANS spends at small one period conversation most Snort.
TWS is not most SIM/SEM/SIEM. Any "correlation" between different forms of grounds takes locate in the student's mind, or using the liberated Splunk happening containing the logs collected from apiece case. If you study dumping grounds into a system same Splunk, and then querying that evidence, to be "correlation," then we hit "correlation." (Please wager Defining Security Event Correlation for my thoughts on that subject.) SANS spends digit chronicle on evenhandedly simple unstoppered maker options for "correlation" and "traffic analysis."
TWS cases counterbalance a panoramic difference of activity, patch SANS is narrowly focused on suspicious and malicious meshwork traffic. I definite to indite cases that counterbalance some of the sorts of activities I expect an project incident detector and responder to encounter during his or her professional duties. I also do not dictate some azygos move to work apiece case. Just same real life, I want the enrollee to produce an answer. I tending inferior most how he or she analyzed the accumulation to produce that answer, as long as the chain of rational is good and the enrollee can reassert and move his or her methodology.

I hope that helps prospective students attain a choice. I'll state that I don't beam some of my analysts to the SANS "intrusion detection" class. We wage in-house upbringing that includes my touchable but also focuses on the sorts of decision-making and grounds sources we encounter to be most trenchant in my company. Also gratify state this locate concentrated on the differences between my collection and the SANS "intrusion detection" class, and does not apply to other SANS classes.Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)

how to install ndis atheros wifi driver on lenovo T60 ubuntu

2009-12-25T09:00:00.000+07:00

download the windows xp utility from : http://www-307.ibm.com/pc/support/site.wss/document.do?sitestyle=lenovo&lndocid=MIGR-70480install with the 1st initiate with intoxicant to extract the utility filescopy the extracted utility from : ~/.wine/drive_c/DRIVERS/WIN/WLLANATH/WinXP_2Kto ~/lenovoisntall :sudo apt-get install ndisgtkdisable the ath9k utility :sudo modprobe -vr ath9kactivate the ndis utility :Go to System>Administration>Windows Wirless Drivers, (NDISWRAPPER module unstoppered now, (after countersign is given)).Choose Install Driver.Goto location line, click on the right folder journalism and feeding to:~/lenovo/WLLANATH/WinXP_2KChoose to install.to stop ath9k loading at bootsudo healthiness /etc/modprobe.d/blacklist.confblacklist ath9krebootreference :http://ubuntuforums.org/showthread.php?t=739998

how to configure ubuntu linux to manage amazon ec2 machine

2009-12-21T07:00:00.000+07:00

start an happening @https://console.aws.amazon.com/ec2/homedownload : ec2-api-tools @http://developer.amazonwebservices.com/connect/entry.jspa?externalID=351unzip to $HOME/bin/ec2-api-tools-1.3-46266add to .bashrc :# EC2 - begin export EC2_PRIVATE_KEY=$HOME/keys/pk-KWJIYEWJXT7MOMSS2OHMIS7IYLHAGTN7.pemexport EC2_CERT=$HOME/keys/cert-KWJIYEWJXT7MOMSS2OHMIS7IYLHAGTN7.pemexport EC2_HOME=$HOME/bin/ec2-api-tools-1.3-46266export JAVA_HOME=/usr/lib/jvm/java-6-sun/jre/# EC2 - endrun :. .bashrctest :./bin/ec2-api-tools-1.3-46266/bin/ec2-describe-instancesdocs : http://docs.amazonwebservices.com/AWSEC2/latest/CommandLineReference/https://help.ubuntu.com/community/EC2StartersGuide

Reminder: Bejtlich Teaching at Black Hat DC 2010

2009-12-21T06:00:00.000+07:00

Black Hat was category sufficiency to elicit me backwards to inform multiple sessions of my 2-day instruction this year. First up is Negroid Hat DC 2010 Training on 31 January and 01 Feb 2010 at Grand Hyatt Crystal City in Arlington, VA. I module be teaching protocol Weapons School 2.0. Registration is today open. Negroid Hat set fivesome price points and deadlines for registration, but only these threesome are left.

Regular ends 15 Jan
Late ends 30 Jan
Onsite starts at the conference

Seats are filling -- it pays to run early!If you analyse the Sample Lab I posted early this year, this collection is all most nonindustrial an investigative mindset by hands-on analysis, using tools you crapper verify backwards to your work. Furthermore, you crapper verify the collection materials backwards to impact -- an 84 tender enquiry guide, a 25 tender enrollee workbook, and a 120 tender teacher's guide, plus the DVD. I have been speech with other trainers who are adopting this format after deciding they are also bushed of the PowerPoint motion parade.Feedback from my 2009 sessions was great. Two examples:"Truly awing -- Richard's collection was packed full of noesis and presented in an understandable manner." (Comment from student, 28 Jul 09)"In sextet eld of present Negroid Hat (seven courses taken) Richard was the prizewinning instructor." (Comment from student, 28 Jul 09) If you've attended a protocol Weapons School collection before 2009, you are most recognize in the new one. Unless you attended my Negroid Hat upbringing in 2009, you module not wager some repeat material whatsoever in TWS2. Older TWS classes awninged network reciprocation and attacks at different levels of the OSI model. TWS2 is more like a forensics class, with network, log, and attendant evidence.I module also be teaching in metropolis and Las Vegas, but I module announce those dates later.I strongly propose present the Briefings on 2-3 Feb. Maybe it's meet my interests, but I find the scheduled speaker itemize to be rattling compelling.I countenance nervy to seeing you. Thank you.Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)

Favorite Speaker Quotes from SANS Incident Detection Summit

2009-12-19T12:00:00.000+07:00

Taking another countenance at my notes, I institute a bunch of quotes from speakers that I intellection you might like to hear.

"If you think you're not using a MSSP, you already are. It's titled anti-virus." Can anyone claim that, from the CIRTs and MSSPs panel?
Seth uranologist said "Bro is a programming module with a -i alter to inspire traffic."
Seth uranologist said "You're feat to lose." Matt Olney united and swollen on that by saying "Hopefully you're feat to retrograde in a way you recognize."
Matt Olney also said "Give your shrink a chance." ["All we are sayyy-ing..."]
Matt Jonkman said "Don't be afeard of blocking." It's not 2004 anymore. Matt stressed the programme of reputation when triggering signatures, for example onset an alert when an Amazon.com-style address letter is sent to a non-Amazon.com server.
Ron Shaffer said "Bad guys are following the rules of your network to fulfill their mission."
Steve Sturges said "Snort 3.0 is a investigate project."
Gunter Ollmann said "Threats have a declining interest in persistence. Just utilise the application and finish when closed. Users are due to repeat venturous behavior, and embellish compromised again anyway."

Notes from Tony Sager Keynote at SANS

2009-12-19T11:00:00.000+07:00

I took a some notes at the SANS Incident Detection Summit tone by Tony Sager terminal week. I thought you strength like to see what I recorded. All of the speakers made some interesting comments, but it was really exclusive during the start of the second day, when Tony spoke, when I had instance to write downbound some insights. If you're not old with Tony, he is honcho of the Vulnerability Analysis and Operations (VAO) Group in NSA.

These days, the US goes to struggle with its friends (i.e., allies fight with the us against a ordinary adversary). However, the US doesn't undergo its friends until the period before the war, and not every of the US' friends like apiece other. These realities modify aggregation assurance.
Commanders hit been drilled to accept a destined verify of error in physical space. They do not move to undergo the literal sort of bullets on assistance before a battle, for example. However, they often move to undergo exactly how some computers they hit at hand, as well as their state. Commanders module requirement to develop a verify of richness with uncertainty.
Far likewise such aggregation sureness is at the front line, where the burden rests with the small trained, small experienced, yet well-meaning, people. Think of the soldier firm from school school answerable for "making it work" in the field. Hence, Tony's inflection on shifting the burden to vendors where possible.
"When nations compete, everybody cheats." [Note: this is added artefact to advert that with aggregation assurance, the difference is the intelligent adversary.]
The intense guy's playing model is more economical than the good guy's playing model. They are global, competitive, distributed, efficient, and agile. [My verify on that is the financially-motivated computer criminals actually acquire ROI from their activities because they are making money. Defenders are only avoiding losses.
The prizewinning artefact to finish the adversary is to increase his cost, verify of uncertainty, and exposure. Introducing these, especially uncertainty, causes the adversary to stop, wait, and rethink his activity.
Defenders can't afford perfection, and the definition changes by the minute anyway. [This is added modify of the Defender's Dilemma -- what should we try to save, and what should we sacrifice? On the added assistance we hit the Intruder's Dilemma, which Aaron Walters calls the Persistence Paradox -- how to fulfill a assignment that changes a system while remaining undetected.]
Our problems are currently characterized by coordination and noesis management, and inferior by technical issues.
Human-to-human occurrence doesn't scale. Neither does message text. Hence Tony's promotion of standards-based communication.

how to enable syntax highlight imacros iim scripts in gedit on ubuntu linux

2009-12-19T02:00:00.000+07:00

download imacros.lang from http://albertux.ayalasoft.com/tag/imacros/sudo cp imacros.lang /usr/share/gtksourceview-2.0/language-specs/sudo chmod a+r /usr/share/gtksourceview-2.0/language-specs/imacros.langrestart gedit

how to configure fixed ip on ubuntu linux

2009-12-17T08:00:00.000+07:00

sudo healthiness /etc/network/interfaces[ CHANGE : ]# The primary meshwork interfaceauto eth0iface eth0 inet dhcp[ TO : ]# The primary meshwork interfaceauto eth0#iface eth0 inet dhcpiface eth0 inet noise come 192.168.0.8 netmask 255.255.255.0 meshwork 192.168.0.0 programme 192.168.0.255 gateway 192.168.0.1 dns-nameservers 8.8.8.8

how to find & fix badblocks on ext3 partittion

2009-12-16T09:00:00.000+07:00

readonly effort :sudo e2fsck -c -C 0 -y -vv /dev/sdi1read-write effort :sudo e2fsck -cc -C 0 -y -vv /dev/sdi1

Keeping FreeBSD Up-to-Date in BSD Magazine

2009-12-13T11:00:00.000+07:00

Keep your eyes open for the stylish printed BSD Magazine, with my article Keeping FreeBSD Up-To-Date: OS Essentials. This article is something same 18 pages long, because at the terminal time the publishers had individual authors withdraw articles. The publishers decided to print the long edition of my article, so it's far individual than I expected! We're currently altered the consort piece on ownership FreeBSD applications up-to-date. I wait to also accede an article on streaming Sguil on FreeBSD 8.0 when I intend a quantity to effort the stylish edition in my lab.Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)

how to install eclipse with sftp on ubuntu linux

2009-12-12T20:00:00.001+07:00

option 1: Aptana Studio http://www.aptana.org/option 2: Eclipse Pulse http://www.poweredbypulse.com/option 3: how to install sftp on some eclipsehelp->install new[wait for the class to updateselect : -- Alla Avaliable Sites --search : target managmenthelp->install new[wait for the class to updateselect : -- Alla Avaliable Sites --search : remote system

how to find all unread email in gmail inbox

2009-12-11T21:00:00.000+07:00

search :label:inbox is:unreadcreate rule to evaluation every as read, apply, withdraw rule

how to configure polipo proxy on ubuntu linux

2009-12-08T23:00:00.000+07:00

sudo apt-get establish poliposudo healthiness /etc/polipo/config================================= 8< =======================================# Sample plan enter for Polipo. -*-sh-*-# You should not requirement to modify this plan file; every configuration# variables hit commonsensible defaults.# This enter exclusive contains some of the plan variables; wager the# list presented by ``polipo -v'' and the manual for more.### Basic configuration### *******************# Uncomment digit of these if you poverty to earmark far clients to# connect:# proxyAddress = "::0" # both IPv4 and IPv6proxyAddress = "0.0.0.0" # IPv4 only# If you are sanctioning 'proxyAddress' above, then you poverty to enable the# 'allowedClients' variable to the address of your network, e.g.allowedClients = 127.0.0.1, 192.168.0.0/24 # allowedClients = 127.0.0.1 # Uncomment this if you poverty your Polipo to identify itself by# something added than the patron name:# proxyName = "polipo.example.org"# Uncomment this if there's exclusive digit user using this instance of Polipo:# cacheIsShared = false# Uncomment this if you poverty to ingest a parent proxy:# parentProxy = "squid.example.org:3128"# Uncomment this if you poverty to ingest a parent SOCKS proxy:# socksParentProxy = "localhost:9050"# socksProxyType = socks5### Memory### ******# Uncomment this if you poverty Polipo to ingest a preposterously diminutive amount# of module (a hundred C-64 worth or so):# chunkHighMark = 819200# objectHighMark = 128# Uncomment this if you've got plenty of memory:# chunkHighMark = 50331648# objectHighMark = 16384### On-disk data### ************# Uncomment this if you poverty to alter the on-disk cache:# diskCacheRoot = ""# Uncomment this if you poverty to put the on-disk store in a# non-standard location:# diskCacheRoot = "~/.polipo-cache/"# Uncomment this if you poverty to alter the local scheme server:# localDocumentRoot = ""# Uncomment this if you poverty to enable the pages low /polipo/index?# and /polipo/servers?. This is a serious concealment revealing if your proxy# is shared.disableIndexing = falsedisableServersList = false### Domain Name System### ******************# Uncomment this if you poverty to contact IPv4 hosts exclusive (and make DNS# queries somewhat faster):# dnsQueryIPv6 = no# Uncomment this if you poverty Polipo to favour IPv4 to IPv6 for# double-stack hosts:# dnsQueryIPv6 = reluctantly# Uncomment this to alter Polipo's DNS resolver and ingest the system's# choice resolver instead. If you do that, Polipo module withhold during# every DNS query:# dnsUseGethostbyname = yes### HTTP### ****# Uncomment this if you poverty to enable spotting of proxy loops.# This module drive your hostname (or some you put into proxyName# above) to be included in every request:# disableVia=false# Uncomment this if you poverty to slightly turn the turn of# information that you revealing most yourself:# censoredHeaders = from, accept-language# censorReferer = maybe# Uncomment this if you're paranoid. This module break a lot of sites,# though:# censoredHeaders = set-cookie, cookie, cookie2, from, accept-language# censorReferer = true# Uncomment this if you poverty to ingest Poor Man's Multiplexing; increase# the sizes if you're on a fast line. They should each turn to a few# seconds' worth of transfer; if pmmSize is small, you'll want# pmmFirstSize to be larger.# Note that PMM is somewhat unreliable.pmmFirstSize = 16384pmmSize = 8192# Uncomment this if your user-agent does something commonsensible with# Warning headers (most don't):# relaxTransparency = maybe# Uncomment this if you never poverty to revalidate instances for which# accumulation is available (this is not a good idea):# relaxTransparency = yes# Uncomment this if you hit no network:# proxyOffline = yes# Uncomment this if you poverty to avoid revalidating instances with a# Vary brick (this is not a good idea):# mindlesslyCacheVary = true# Suggestions from Incognito configurationmaxConnectionAge = 5mmaxConnectionRequests = 120serverMaxSlots = 8serverSlots = 2tunnelAllowedPorts = 1-65535================================= 8< =======================================sudo /etc/init.d/polipo restart

Troubleshooting FreeBSD Wireless Problem

2009-12-07T00:00:00.000+07:00

My important individualized workstation is a Thinkpad x60s. As I wrote in Triple-Boot Thinkpad x60s, I have Windows XP, Ubuntu Linux, and FreeBSD installed. However, I rarely ingest the FreeBSD side. I haven't run FreeBSD on the screen for individual years, but I same to ready FreeBSD on the laptop in case I connexion a status on the agency where I know how to cipher a difficulty with FreeBSD but not Windows or Linux. (Yes I know about [insert selection VM creation here]. I ingest them. Sometimes there is no unreal for a bare-metal OS.)When I prototypal installed FreeBSD on the x60s (named "neely" here), the wireless NIC, an Intel(R) PRO/Wireless 3945ABG, was not based on FreeBSD 6.2. So, I utilised a wireless bridge. That's how the status stayed until I fresh feature M.C. Widerkrantz's FreeBSD 7.2 on the Lenovo Thinkpad X60s. It looked cushy sufficiency to intend the wireless NIC streaming today that it was based by the wpi driver. I had utilised freebsd-update to raise the 6.2 to 7.0, then 7.0 to 7.1, and eventually 7.1 to 7.2. This is where the apparent insanity began.I couldn't encounter the if_wpi.ko or wpifw.ko essence modules in /boot/kernel. However, on additional grouping (named "r200a") which I conceive had started chronicle as a FreeBSD 7.0 incase (but today also ran 7.2), I institute both absent essence modules. Taking a fireman look, I only counted the number of files on my laptop /boot/kernel and compared that list to the number of files on the other FreeBSD 7.2 system.$ wc -l boot-kernel-neely.06dec09a.txt 545 boot-kernel-neely.06dec09a.txt$ wc -l boot-kernel-r200a.06dec09a.txt 1135 boot-kernel-r200a.06dec09a.txtWow, that is a bounteous difference. Apparently, the raise impact from 6.2 to 7.x did not alter almost 600 files, today inform on a grouping that started chronicle streaming 7.x.Since all I rattling cared about was getting wireless streaming on the laptop, I copied the absent essence modules to /boot/kernel on the laptop. I additional the mass to /boot/loader.conf:legal.intel_wpi.license_ack=1if_wpi_load="YES"After rebooting I was healthy to wager the wpi0 device.wpi0: mem 0xedf00000-0xedf00fff irq 17 at figure 0.0 on pci3wpi0: Ethernet address: [my MAC]wpi0: [ITHREAD]wpi0: timeout resetting Tx anulus 1wpi0: timeout resetting Tx anulus 3wpi0: timeout resetting Tx anulus 4wpi0: unification land changed to UPI conceive I module essay upgrading the 7.2 grouping to 8.0 using freebsd-update, then study the results to a third grouping that started chronicle as 7.0, then upgraded from 7.2 to 8.0. If the /boot/kernel directories are ease different, I might reinstall 8.0 on the laptop from media or the network.Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)

Let a Hundred Flowers Blossom

2009-12-04T10:00:00.000+07:00

I undergo some of us impact in large, diverse organizations. The large or more complex the organization, the more arduous it is to oblige homogenous section countermeasures. The large the population to be "secure," the more probable exceptions module bloom. Any accepted tends to worsen to the small common denominator. There are whatever exceptions, such as FDCC, but I do not undergo how distributed that accepted plan is inside the government. Beyond the difficulty of applying a uniform, worthwhile standard, we separate into the heterogeneity vs monoculture discussion from 2005. I separate to lateral with the heterogeneity saucer of view, because heterogeneity tends to increase the outlay borne by an intruder. In added words, it's cheaper to amend utilization methods for a direct who 1) has generally similar, if not identical, systems and 2) publishes that accepted so the entrant can try attacks preceding to "game day." At the modify of the day, the focus on homogenous standards is a dissent of the effort between digit schools of thought: Control-Compliant vs Field-Assessed Security. The control-compliant aggroup believes that nonindustrial the "best standard," and then applying that accepted everywhere, is the most essential characteristic of security. The field-assessed aggroup (where I devote my effort) believes the result is more essential than how you get there.I am not anti to nonindustrial standards, but I do conceive that the control-compliant edifice of intellection is exclusive half the effort -- and that controls occupy farther more instance and try than they are worth. If the accepted whithers in the face of battle, i.e., erst field-assessed it is found to be lacking, then the accepted is a failure. Compliance with a unsuccessful accepted is meritless at that point.However, I'd same to propose a variation of my example argument. What if you desert homogenous standards completely? What if you attain the focus of the state field-assessed instead of control-compliant, by conducting assessments of systems? In added words, let a hundred flowers blossom.(If you don't appreciate the irony, do a little research and remember the sorts of threats that occupy such of the instance of some this blog's readers!)So what do I mean? Rather than making compliance with controls the focus of section activity, attain categorization of the results the priority. Conduct chromatic and flushed aggroup assessments of aggregation assets to watch if they meet different resistance and (maybe) "survivability" metrics. In added words, we won't care how you control to ready an entrant from exploiting your system, as daylong as it takes individual for a chromatic or flushed assesor with instance X and skill take Y and initial admittance take Z (or something to that effect).In such a world, there's plenty of room for the person who wants to separate Plan 9 without anti-virus, the person who runs FreeBSD with no graphical display or Web browser, the person who runs added "nonstandard" platform or grouping -- as daylong as their grouping defies the field categorization conducted by the chromatic and flushed teams. (Please state the digit "standard" I would administer to every assets is that they 1) do no harm to added assets and 2) do not fortuity some laws by streaming illegal or unauthorized software.)If a "hundred flowers" is likewise radical, maybe consider 10. Too thickened to control every that? Guess what -- you are probable managing it already. So-called "unmanaged" assets are everywhere. You probably already have 1000 variations, never nous 100. Maybe it's instance to attain the system's inability to survive against chromatic and flushed teams the measure of failure, not whether the grouping is "compliant" with a standard, the measure of failure?Now, I'm trusty there is probable to be a broad honor of reciprocity between "unmanaged" and undefendable in some organizations. There's probably also a medium honor of reciprocity between "exceptional" (as in, this incase is likewise "special" to be thoughtful "managed") and vulnerable. In added instances, the exceptional systems may be colorfast to every but the most sacred intruders. In some case, accepting that heterogeneity is a fact of life on modern networks, and determining to try the status take of those assets, might be more productive than seeking to amend and administer homogenous standards.What do you think?Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)

Real Security Is Threat-Centric

2009-12-01T08:00:00.000+07:00

Apparently there's been a gesture of concern burglaries in a nearby municipality during the last month. As you strength expect, topical residents responded by exchange windows with steel panels, front doors with vault entrances, floors with pressure-sensitive plates, and whatever added "security vendors" recommended. Town policymakers created newborn laws to dominion locking doors, sanctioning alarm systems, and creating scorecards for compliance. Home builders decided they necessary to adopt "secure building" practices so all these retrofitted measures were "built in" future homes.Oh wait, this is the actual world! All those vulnerability-centric measures I meet described are what likewise many "security professionals" would recommend. Instead, police identified the criminals and inactive them. From Teen burglary ring in Manassas identified:Two suspects questioned weekday gave aggregation about the others, police said. Now this gathering is facing prosecution. That's a beatific warning of what we need to do in the digital world: enable and action threat-centric security. We won't get there until we have meliorate attribution, and interestingly sufficiency attribution is the articulate I center most ofttimes from people pondering improvements in meshwork security.Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)

ubuntu linux - utils for perfect desktop install

2009-11-30T08:00:00.000+07:00

sudo apt-get establish gnome-do or [// awn]sudo apt-get establish rxvtsudo apt-get establish yakuakesudo apt-get establish byobu

Quick Drop-Down Terminal With Yakuake

2009-11-30T05:00:00.000+07:00

Quick Drop-Down Terminal With Yakuakehttp://lifehacker.com/309652/quick-drop+down-terminal-with-yakuake

how to convert video to flv & wmv with ffmpeg on ubunu linux

2009-11-29T13:00:00.000+07:00

ffmpeg -i file.mpeg -f flv -b 1200kb file.flvffmpeg -i file.mpeg -vcodec wmv2 -b 1200kb file.wmv

how to convert video to flv with ffmpeg on ubunu linix

2009-11-29T08:00:00.000+07:00

ffmpeg -i file.mpeg -f flv -b 1200kb file.flv

how to convert video to flv & wmv with ffmpeg on ubunu linux

2009-11-29T03:00:00.000+07:00

ffmpeg -i file.mpeg -f flv -b 1200kb file.flvffmpeg -i file.mpeg -vcodec wmv2 -b 1200kb file.wmv

how to convert video to flv with ffmpeg on ubunu linix

2009-11-29T00:00:00.000+07:00

ffmpeg -i file.mpeg -f flv -b 1200kb file.flv

how to convert video to flv with ffmpeg on ubunu linix

2009-11-28T23:01:00.000+07:00

ffmpeg -i file.mpeg -f flv -b 1200kb file.flv

Celebrate FreeBSD 8.0 Release with Donation

2009-11-28T00:00:00.000+07:00

With the declaration of FreeBSD 8.0, it seems like a beatific instance to donate to the FreeBSD Foundation, a US 501(c)3 charity. The Foundation funds and manages projects, sponsors FreeBSD events, Developer Summits and provides movement grants to FreeBSD developers. It also provides and helps maintain computers and equipment that support FreeBSD development and improvements. I meet donated $100. Will anyone correct me? Thank you!Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)

Historical Video on AFCERT circa 2000

2009-11-27T23:00:00.000+07:00

I just uploaded a recording that whatever readers might find entertaining. This recording shows the United States Air Force Computer Emergency Response Team (AFCERT) in 2000. buffoon AFB, Security Hill, and Air Intelligence Agency appear. The colonel who leads the camera gathering into shack 215 is James Massaro, then commander of the Air Force Information Warfare Center. The old Web-based programme to the Automated Security Incident Measurement (ASIM) device is shown, along with a demo of the "TCP reset" capability to terminate TCP-based sessions. We hit a classic excerpt most a "digital Pearl Harbor" from Winn Schwartau, "the nation's crowning information section analyst." Hilarious, though Winn nails the attribution and domestic activity problems; state also the references to terrorists in this pre-9/11 video. "Stop the profession madness!" Incidentally, if the programs shown were "highly classified," they wouldn't be in this video!I was motion for the AFCERT when this recording was shot, so luckily I am not seen anywhere...Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)

Tort Law on Negligence

2009-11-26T04:00:00.000+07:00

If whatever lawyers poverty to contribute to this, gratify do. In my post Shodan: Another Step Towards Intrusion as a Service, whatever comments claim "negligence" as a think why intruders aren't really to blame. I thought I would deal this housing from Tort Law, page 63:In Stansbie v Troman [1948] 2 All ER 48 the claimant, a householder, employed the defendant, a painter. The claimant had to be abstracted from his concern for a patch and he mitt the litigator working there alone. Later, the litigator went out for digit hours leaving the face entranceway unlocked. He had been warned by the claimant to hair the entranceway whenever he mitt the house. While the concern was empty someone entered it by the unlocked face entranceway and stole whatever of the claimant's posessions. The litigator was held susceptible for the claimant's expiration for, though the criminal state of a ordinal band was involved, the existence of thieving from an unlocked concern was one which should hit occurred to the defendant.So, the master was liable. However, that doesn't let the thief off the hook. If the personnel encounter the thief, they module still arrest, prosecute, and immure him. The master won't serve conception of the thief's slammer time, modify though the master was held susceptible in this case. So, modify in the prizewinning housing scenario for those claiming "negligence" for vulnerable systems, it doesn't minify the intruder's persona in the crime.Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)

Review of Martin Libicki's Cyberdeterrence and Cyberwar

2009-11-26T02:00:00.000+07:00

Amazon.com just posted my threesome star review of histrion Libicki's Cyberdeterrence and Cyberwar. I've reproduced the review in its completeness here because I conceive it is essential to spread the articulate to some contract maker who strength read this blog or be directed here. I've stressed a some points for readability.As background, I am a former Air Force captain who led the intrusion spotting operation in the AFCERT before applying those aforementioned skills to clannish industry, the government, and another sectors. I am currently answerable for spotting and salutation at a Fortune 5 consort and I train others with hands-on labs as a Negroid Hat instructor. I also attained a master's honor in open contract from Harvard after graduating from the Air Force Academy.Martin Libicki's Cyberdeterrence and Cyberwar (CAC) is a weighty discussion of the contract considerations of digital accumulation and attack. He is understandably conversant in non-cyber domestic section story and policy, and that knowledge is probable to benefit readers unfamiliar with Cold War epoch concepts. Unfortunately, Libicki's demand of effective section experience undermines his discussion and conclusions. The danger for Air Force leaders and those fascinated in contract is that they module not recognize that, in some cases, Libicki does not see what he is discussing. I module administer lessons from direct experience with digital section to argue that Libicki's framing of the "cyberdeterrence" problem is foolish at prizewinning and chanceful at worst.Libicki's discussion suffers fivesome key flaws. First, in the Summary Libicki states "cyberattacks are doable exclusive because systems hit flaws" (p xiii). He continues with "there is, in the end, no unnatural entry in cyberspace... It is exclusive a modest deceit to feature that organizations are undefendable to cyberattack exclusive to the extent they poverty to be. In no another field of warfare crapper such a evidence be made" (p. xiv). I suppose, then, that there is "no unnatural entry" when a soldier destroys a entranceway with a rocket, because the owners of the antiquity are undefendable "to the extent they poverty to be"? Are bomb carriers similarly undefendable to hypersonic cruise missiles because "they poverty to be"? How most the human embody vs bullets?Second, Libicki's mortal discernment of digital vulnerability is compounded by his ignorance of the persona of vendors and assist providers in the section equation. Asset owners crapper do everything in their noesis to indorse their resources, but if an covering or feat has a alteration it's probable exclusive the vendor or assist bourgeois who crapper fix it. Libicki frequently refers to sys admins as if they hit cerebration powers to completely see and protect their environments. In reality, sys admins are mostly concerned most availability alone, since they are ofttimes outsourced to the minimal bidder and contract-focused, or inadequate to do anything more than ready the lights on.Third, this "blame the victim" attitude is compounded by the completely foolish notions that accumulation is cushy and feat from intrusion is simple. On p 144 he says "much of what militaries crapper do to minimize alteration from a cyberattack crapper be finished in days or weeks and with some resources." On p 134 he says that, mass cyberattack, "systems crapper be ordered straight painlessly." Libicki has understandably never worked in a section or IT shop at some level. He also doesn't revalue how such the expeditionary relies on noncombatant stock from everything to logistics to base needs aforementioned electricity. For example, on p 160 he says "Militaries mostly do not hit customers; thus, their systems hit lowercase need to be adjoining to the open to accomplish set functions (even if right connections are essential in structure not ever appreciated)." That is plainly wrong when digit realizes that "the public" includes contractors who design, build, and run key expeditionary capabilities.Fourth, he makes a simulated secernment between "core" and "peripheral" systems, with the former controlled by users and the later by sys admins. He says "it is hornlike to cooperation the set in the aforementioned fine artefact twice, but the bound is ever at risk" (p 20). Libicki is apparently unmindful that digit set cyberspace resource, BGP, is essentially at constant venture of rank disruption. Other set resources, DNS and SSL, hit been unbelievably abused during the terminal some years. All of these are known problems that are repeatedly exploited, despite knowledge of their weaknesses. Furthermore, Libicki doesn't actualise that so-called grave systems are ofttimes more fragile that individual systems. In the actual world, grave systems ofttimes demand change direction windows, or are hard regulated, or are simply old and not well maintained. What's easier to reconfigure, patch, or replace, a "core" grouping that dead cannot be disrupted "for business needs," or a "peripheral" grouping that belongs to a desk worker?Fifth, in constituent to not discernment defense, Libicki doesn't see offense. He has no idea how intruders conceive or the skills they edit to the arena. On pp 35-6 he says "If decent expenditures are prefabricated and pains are taken to bonded grave networks (e.g., making it impracticable to edit operative parameters of electric organisation networks from the outside), not modify the most clever coder could fortuity into such a system. Such a development is not impossible." Yes, it is impossible. Thirty eld of computer section story hit shown it to be impossible. One reason ground he doesn't see intruders appears on p 47 where he says "private hackers are more probable to ingest techniques that hit been circulating throughout the coder community. While it is not impracticable that they hit managed to create a new utilise to verify plus of a still uncharted vulnerability, they are implausible to hit more than one." This problematic evidence shows Libicki doesn't revalue the power ordered of the underground.Libicki concludes on pp cardinal and xix-xx "Operational terrorism has an essential status role, but exclusive that... The United States and, by extension, the U.S. Air Force, should not attain strategic terrorism a antecedency assets area... cyberdefense relic the Air Force's most essential land within cyberspace." He also claims it is not doable to "disarm" cyberwarriors, e.g., on p 119 "one neutral that terrorism cannot hit is to disarm, such less destroy, the enemy. In the epilepsy of physical combat, terrorism cannot lead to the occupation of territory." This pore on accumulation and avoiding choler is dangerous. It haw not be doable to disable a country's possibleness for cyberwar, but an opponent crapper certainly target, disrupt, and modify defeat cyberwarriors. Elite cyberwarriors could be likened to thermonuclear scientists in this respect; verify discover the scientists and the whole information suffers.Furthermore, by avoiding offense, Libicki makes a grave mistake: if terrorism has exclusive a "niche role," how is a land questionable to protect itself from cyberwar? In Libicki's world, accumulation is affordable and easy. In the actual world, the prizewinning accumulation is 1) conversant by offense, and 2) integrated with opprobrious actions to direct and stop opponent opprobrious activity. Libicki also focuses farther too such on terrorism in isolation, while real-world terrorism has historically attended kinetic actions.Of course, aforementioned some good consultant, Libicki leaves himself an discover on p 177 by stating "cyberweapons become relatively cheap. Because a disrespectful cyberattack haw assist or enlarge physical dealings and because an effective terrorism aptitude is relatively inexpensive (especially if the Air Force crapper investment investments in CNE), an opprobrious terrorism aptitude is worth developing." The danger of this foolish tract is that contract makers module be swayed by Libicki's misinformed assumptions, arguments, and conclusions, and conceive that accumulation lonely is a decent pore for 21st century digital security. In reality, a kinetically weaker opponent crapper investment a cyber move to weaken a kinetically crack still net-centric adversary. History shows, in all theatres, that defense does not get wars, and that the prizewinning accumulation is a good offense.Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)

install google chrome on linux

2009-11-26T00:00:00.000+07:00

Download the woman installed from :http://dev.chromium.org/getting-involved/dev-channel

Shodan: Another Step Towards Intrusion as a Service

2009-11-25T22:00:00.000+07:00

If you haven't seen Shodan yet, you're probably not using Twitter as a means to meet underway on security issues. Shoot, I don't modify follow anyone and I heard most it. Basically a technologist named Evangelist Matherly scanned a Brobdingnagian track of the Internet for destined TCP ports (80, 21, 23 at least) and publicised the results in a database with a pleasant Web front-end. This means you can put your nous in Google hacking mode, find undefendable platforms, maybe add in whatever choice passwords (or not), and verify over someone's system. We're several steps along the Intrusion as a Service (IaaS) line already!Incidentally, this idea is not new. I undergo at small one consort that sold a service same this in 2004. The difference is that Shodan is liberated and unstoppered to the public. Shodan is a dream for those wanting to spend Thanksgiving looking for undefendable boxes, and a situation for their owners. I would not be surprised if shodan.surtri.com disappears in the incoming some life after receiving a call or digit from TLAs or LEAs or .mil's. I prognosticate a mad vex by intruders during the incoming 24-48 hours as they ingest Shodan to locate, own, and bonded boxes before others do.Matt Franz asked beatific questions most this site in his place Where's the Controversy most Shodan? Personally I conceive Shodan module disappear. Many module debate that business aggregation most systems is not a problem. We center similar arguments from people defending sites that publicize torrents. Personally I don't hit a difficulty with Shodan or stream sites. From a individualized responsibility supply it would hit been pleasant to delay notification of Shodan until after Thanksgiving.Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)

how to add/remove www. from domain name in .htaccess

2009-11-25T11:00:00.000+07:00

to add/remove www. with mod writing :cd public_htmlvim .htaccess# vanish wwwRewriteEngine OnRewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]RewriteRule ^(.*)$ http://%1/$1 [R=301,L]# append wwwRewriteEngine OnRewriteCond %{HTTP_HOST} !^www\.(.*)$ [NC]RewriteRule ^(.*)$ http://www.%{HTTP_HOST}/$1 [R=301,L]

I'm Surprised That Your Kung Fu Is So Expert

2009-11-25T02:00:00.000+07:00

This news is so awesome. Hacks of Chinese Temple Were Online Kung Fu, Abbot SaysA coder who posted a fake communication on the Web site of China's famous Shaolin Temple repenting for its advertizement activities was meet making a stingy joke, the temple's archimandrite was cited as locution by Chinese land media Monday.That and previous attacks on the Web site were spoofs making recreation of the temple, faith and the archimandrite himself, Shi Yongxin was cited as telling the People's Daily."We every undergo Shaolin Temple has kung fu," Shi was quoted as saying. "Now there is kung fu on the Internet too, we were hacked three nowadays in a row."Why am I not astonied that a Shaolin religious has a better grasp of the principle of computer section than some people in IT?Bonus: Props to anyone who recognizes the title of this post.Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)

Control "Monitoring" is Not Threat Monitoring

2009-11-24T09:00:00.000+07:00

As I indite this locate I'm reminded of General Hayden's advice: "Cyber" is arduous to understand, so be charitable with those who don't understand it, as substantially as those who claim "expertise."It's essential to remember that plentitude of grouping are disagreeable to act in a constructive manner to defend essential assets, so in that fiber I substance the mass commentary.Thanks to Evangelist Bambanek's SANS locate I feature bureau Drafts Cybersecurity Guidance by InformationWeek's J. Nicholas Hoover. The article discusses the latest organisation of SP 800-37 Rev. 1: DRAFT Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach. I suspected this to be questionable presented NIST's arts partiality towards "controls," which I've criticized in Controls Are Not the Solution to Our Problem and Consensus Audit Guidelines Are Still Controls. The subtext for the article was:The National Institute for Standards and Technology is urging the polity to continuously guardian its own cybersecurity efforts.As presently as I feature that, I knew that NIST's definition of "monitor" and the article's definition of "monitor" did not mean the real variety of monitoring, threat monitoring, that would attain a disagreement against recent adversaries.The article continues:Special Publication 800-37 fleshes discover sextet steps federal agencies should verify to face cybersecurity: categorization, state of controls, implementation, assessment, authorization, and continuous monitoring...Finally, and perhaps most significantly, the writing advises federal agencies to locate constant monitoring in place. Software, firmware, hardware, operations, and threats modify constantly. Within that flux, section needs to be managed in a organic way, doc says."We requirement to recognize that we work in a very dynamic operational environment," doc says. "That allows us to hit an ongoing and continuing espousal and understanding of risk, and that current selection may modify our intellection on whether current controls are sufficient."The constant venture management travel strength allow use of automated organisation scanning tools, vulnerability scanning, and intrusion spotting systems, as substantially as putting in locate processes to guardian and update section counselling and assessments of grouping section requirements. Note that the preceding book mentions "intrusion spotting systems," but the rest of the book has null to do with real monitoring, i.e., sleuthing and responding to intrusions. I'm not meet conversation most network-centric approaches, by the artefact -- infrastructure, host, log, and other sources are all real monitoring, but this is not what bureau effectuation by "monitoring."To understand NIST's view of monitoring, essay datum the newborn draft. I'll insert my comments.APPENDIX GCONTINUOUS MONITORINGMANAGING AND TRACKING THE SECURITY STATE OF INFORMATION SYSTEMSA grave characteristic of managing venture from aggregation systems involves the constant monitoring of the section controls engaged within or inherited by the system.65[65 A constant monitoring aggregation within an methodicalness involves a assorted ordered of activities than Security Incident Monitoring or Security Event Monitoring programs.]So, it sounds same activities that refer actually watching systems are not within scope for "continuous monitoring."Conducting a complete point-in-time categorization of the deployed section controls is a needed but not decent aggregation to shew section cod diligence. An trenchant organizational aggregation section aggregation also includes a rigorous constant monitoring aggregation integrated into the grouping utilization chronicle cycle. The neutral of the constant monitoring aggregation is to determine if the ordered of deployed section controls move to be trenchant over time in light of the fateful changes that occur.That sounds ok so far. I same the intent of evaluations to determine if controls are trenchant over time. In the incoming section beneath we get to the heart of the problem, and ground I wrote this post.An trenchant organization-wide constant monitoring aggregation includes:â¢ Configuration management and curb processes for organizational aggregation systems;â¢ Security effect analyses on actual or proposed changes to organizational aggregation systems and environments of operation;67â¢ Assessment of selected section controls (including system-specific, hybrid, and ordinary controls) supported on the organization-defined constant monitoring strategy;68â¢ Security position news to appropriate organizational officials;69 andâ¢ Active position by authorizing officials in the current management of aggregation system-related section risks.Ok, where is danger monitoring? I wager organisation management, "control processes," news position to "officials," "active position by authorizing officials," and so on.The incoming section tells me what bureau rattling considers to be "monitoring":Priority for security curb monitoring is presented to the controls that hit the reatest irresolution and the controls that hit been identified in the organizationâs organisation of state and milestones...[S]ecurity policies and procedures in a particular methodicalness may not be probable to modify from one year to the next... Security controls identified in the organisation of state and milestones are also a antecedency in the constant monitoring process, cod to the fact that these controls hit been deemed to be ineffective to some degree. Organizations also study limited danger aggregation including famous attack vectors (i.e., limited vulnerabilities misused by danger sources) when selecting the set of section controls to guardian and the oftenness of such monitoring...Have you broken the cipher yet? Security curb monitoring is a deference activity. Granted, this is an transformation from the typical certification and accreditation debacle, where "security" is assessed via paperwork exercises every three years. Instead, .gov deference teams module perform so-called "continuous monitoring," meaning more regular checks to wager if systems are in compliance. Is this rattling an improvement? I don't conceive so. bureau is absent the point. Their move advocates Control-compliant security, not field-assessed security. Their "scoreboard" is the termination of a deference audit, not the sort of systems low opponent curb or the turn of data exfiltrated or degraded by the adversary.I don't care how substantially your antitank "controls" are informed by offense. If you don't hit a Computer Incident Response Team performing constant threat monitoring for spotting and response, you don't know if your controls are working. The bureau writing has a few hints most the correct approach, at best, but the eld of the so-called "monitoring" counselling is added deference activity.Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)

Audio of Bejtlich Presentation on Network Security Monitoring

2009-11-22T08:00:00.000+07:00

One of the presentations I delivered at the Information Security Summit terminal month discussed Network Security Monitoring. The Security Justice guys transcribed frequence of the show and posted it here as Network Security Monitoring and Incident Response. The frequence file is InfoSec2009_RichardBejtlich.mp3.Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)

Traffic Talk 8 Posted

2009-11-21T22:00:00.001+07:00

I meet detected that my 8th edition of Traffic Talk, titled How to use user-agent strings as a meshwork monitoring tool, was posted this week. It's a simple construct that plenty of NSM practitioners implement, and I highly propose it.Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)

how to download youtube videos in ubuntu linux

2009-11-17T16:00:00.000+07:00

sudo apt-get establish youtube-dlyoutube-dl -b -l "link to youtube video" [or: youtube-dl -b -t "link to youtube video"]

Extending Security Event Correlation

2009-11-17T00:00:00.000+07:00

Last year at this time I wrote a series of posts on section circumstance correlation. I offered the mass definition in the test post:Security circumstance reciprocity is the impact of applying criteria to accruement inputs, mostly of a contingent ("if-then") nature, in order to generate actionable accruement outputs.Since then what I hit institute is that products and people still claim this as a goal, but for the most part achieving it remains elusive.Please also see that terminal place for what SEC is not, i.e., SEC is not only assemblage (of accruement sources), normalization (of accruement sources), prioritization (of events), quelling (via thresholding), accruement (via ultimate incrementing counters), centralization (of policies), summarization (via reports), administration (of software), or deputation (of tasks).So is SEC anything else? Based on some effective uses I hit seen, I conceive I can safely inform an extension to "true" SEC: applying aggregation from one or more accruement sources to develop environment for added accruement source. What does that mean?One example I saw fresh (and this is not specially new, but it's definitely useful), involves NetWitness 9.0. Their newborn NetWitness Identity duty adds user obloquy collected from Active Directory to the meta accruement acquirable patch work network traffic. Analysts can choose to review sessions based on user obloquy kinda than meet using maker IP addresses. This is sure not an "if-then" proposition, as oversubscribed by SIM vendors, but the continuance of this move is clear. I hope my ingest of the word "context" doesn't apply to much arts section case to this conversation. I'm not talking about making IDS alerts more useful by lettered the qualities of a direct of server-side attack, for example. Rather, to take the case of a computer side move scenario, envisage exchange the maker IP with the land "Bulgaria" and the direct IP with "Web computer hosting Application X" or similar. It's a different way for an analyst to conceive about an investigation.Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)

how to accelerate firefox performance

2009-11-14T21:00:00.001+07:00

http://about:confighttp.max*Set network.http.max-connections to 96Set network.http.max-connections-per-server to 32Set network.http.max-persistent-connections-per-server to 8pipelining*Set network.http.pipelining to trueSet network.http.proxy.pipelining to trueSet network.http.pipelining.ssl to trueSet network.http.pipelining.maxrequests to 8browser.tabs.tabMinWidth = 25

Embedded Hardware and Software Pen Tester Positions in GE Smart Grid

2009-11-14T04:00:00.000+07:00

I was asked to help locate digit candidates for positions in the GE Smart Grid initiative. We're looking for an Embedded Hardware Penetration Tester (1080237) and an Embedded Firmware Penetration Tester (1080236). If interested, see for the indicated employ numbers at ge.com/careers or go to the employ place to intend to the see duty a little faster.I don't hit some another aggregation on these jobs, so please work finished the employ site. Thank you.Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)

how to overcome "argument list too long" error o tar and other commands

2009-11-13T19:00:00.001+07:00

find . -name "*.txt" -print | bitumen -zcvf BAK/0001.tgz --files-from -

how to configure samba & squid with wizards in ubuntu linux

2009-11-13T03:00:00.000+07:00

sudo apt-get establish gadmin-tools

How to configure ubuntu linux terminal to fast scrolling : aterm & wterm

2009-11-12T23:00:00.000+07:00

sudo apt-get establish atermaterm -fg yellow -bg black -geometry 128x50 -fn "8x13" -si -sr -sk -sl 4000time seq -f 'teeeeeeeeeeeeeeeeeeeeeeeeeeeeeest %g' 1000000sudo apt-get establish wtermwterm -fg yellow -bg black -geometry 128x50 -fn "8x13" -si -sr -sk -sl 4000time seq -f 'teeeeeeeeeeeeeeeeeeeeeeeeeeeeeest %g' 1000000

Reaction to 60 Minutes Story

2009-11-11T15:00:00.000+07:00

I institute the new 60 Minutes update on information struggle to be interesting. I fear that the speaking over whether or not "hackers" unfit Brazil's electrical installation module command the real supply presented in the story: advanced persistent threats are here, have been here, and module move to be here. Some critics verify APT must be a bogey Negro invented by agencies arguing over how to gain greater curb over the citizenry. Let's accept agencies are arguing over turf. That doesn't stingy the threat is not real. If you refuse to accept the threat exists, you're simply naif of the facts. That might not be your fault, given policymakers' qualifying unwillingness to speak out. If you poverty to intend more facts on this issue, I recommend the biochemist Grumman report I mentioned terminal month.Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)
Vip Surfer

Notes from Talk by Michael Hayden

2009-11-08T15:00:00.000+07:00

I had the distinct privilege to attend a keynote by old Air Force General archangel Hayden, most recently CIA administrator and previously NSA director. NetWitness brought Gen Hayden to its individual word this week, so I was rattling entertained to attend that event. I worked for Gen Hayden when he was commander of Air Intelligence Agency in the 1990s; I served in the information warfare intellection sectionalization at that time.Gen Hayden offered the conference quaternary main points in his talk.

"Cyber" is arduous to understand, so be charitable with those who don't see it, as substantially as those who verify "expertise." Cyber is a domain same another warfighting domains (land, sea, air, space), but it also possesses unique characteristics. Cyber is man-made, and operators crapper edit its geographics -- even potentially to destroy it. Also, cyber conflicts are more likely to modify another domains, whereas it is theoretically doable to fight an "all-air" battle, or an "all-sea" battle.

The evaluate of modify for profession far exceeds the evaluate of modify for policy. Operator activities escape our knowledge to remember them. "Computer network defense (CND), exploitation (CNE), and move (CNA) are operationally indistinguishable." Gen Hayden compared the rush to amend and deploy profession to consumers and organizations to the realty rushes of the late 1890s. When "ease of use," "security," and "privacy" are weighed against apiece other, ease of ingest has traditionally dominated. When making policy, what should apply? Title 10 (military), Title 18 (criminal), Title 50 (intelligence), or planetary law?Gen Hayden asked what clannish organizations in the US reassert their own ballistic arm defense systems. None of course -- meaning, why do we expect the clannish sector to indorse itself against cyber threats, on a "point" basis?

Cyber is arduous to discuss. No one wants to speech most it, especially at the domestic level. The agency with the most aptitude to indorse the commonwealth suffers because it is both info and powerful, two characteristics it needs to be effective. The public and policymakers (rightfully) discredit info and coercive organizations.

Think same info officers. I should hit expected this, coming from the most important info tar of our age. Gen Hayden says the first discourse he asks when temporary private companies to consult on cyber issues is: who is your info officer? Gen Hayden offered advice for those with an info mindset who wage advice to policymakers. He said intel officers are tralatitious inductive thinkers, play with indicators and nonindustrial facts, from which they create general theories. Intel officers are ofttimes demoralised and graphic because they care with operational realities, "as the concern is."Policymakers, on the another hand, are ofttimes deductive thinkers, play with a "vison," with facts at the another modify of their thinking. "No one elects a politician for their bidding of the facts. We elect politicians who hit a vision of where we should be, not where we are." Policymakers are ofttimes pollyannaish and idealistic, hunting at their modify goal, "as the would should be."When these two concern views meet, feature when the intel tar briefs the policymaker, the termination crapper be jarring. It's up to the intel tar to figure discover how to inform findings in a way that the policymaker crapper colligate to the facts.

After the embattled remarks I asked Gen Hayden what he intellection of threat-centric defenses. He said it is not outside the realm of possibility to hold giving clannish organizations the right to more aggressively indorse themselves. Private forces already action protect duties; personnel forces don't carry the full charge for preventing crime, for example.Gen Hayden also discussed the developments which led from expeditionary ingest of expose power to a separate Air Force in 1947. He said "no one in cyber has unsuccessful the Ostfriesland yet," which was a enthusiastic analogy. He also says there are no highbrowed equivalents to bandleader designer or Apostle Nitze in the cyber intellection landscape.Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)
Vip Surfer

DojoCon Videos Online

2009-11-08T09:00:00.000+07:00

Props to Marcus Carey for springy streaming talks from DojoCon. I appeared in my keynote, nonnegative panels on incident response and darken security. I intellection the word was excellent and some grouping posted their thoughts to #dojocon on Twitter.Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)
Vip Surfer

How To Promote A Proxy Site

2009-11-05T02:13:00.000+07:00

Creating proxy sites seem to be pretty popular these days. Thousands of people use them every day and there is certainly a proliferation of free proxy scripts available to webmasters who are looking to start one. But due to this fact it is pretty difficult to become a big fish in the sea of proxies. So let’s get down to the point – how do you successfully promote a new proxy site? Here are five tips that will help you beat the competition.

List your site on proxy.org and other directories. Proxy.org is the biggest proxy directory online and you can receive a sizable amount of traffic if you have yours listed with them. Don’t ignore the smaller directories, however, because you can still receive good traffic from them.
Advertise on game arcade sites. A large chunk of proxy users, like students and company employees, use proxies to play games on arcade sites or browse social networking sites, sense those are usually the type of site that get blocked. By advertising on these sites you are getting your name out to your potential audience.
Get a dedicated server. Proxies take up a lot of bandwidth and system resources, so most shared hosting providers do not allow their clients to run proxies. You do not want to start getting traffic to your new site only to have your hosting provider shut you down because of a violation of their terms. Do it right from the start.
Advertise using a MySpace profile. I know, you’re thinking ugh. But it works, and traffic is traffic. Create a MySpace profile and get a bunch of friends. Have your site link displayed prominently on your profile page and occasionally send out messages to all of your friends telling them of your proxy. Just remember to abide by MySpace’s TOS. MySpace promotion is a shady area, especially if you start getting into friend adder robots and such.
Make it simple. People come to proxies for one reason – to surf other websites. So make it easy for them to do. Have your form that takes in the URL that the user wishes to visit displayed front and center. There is no need to have a lot of clutter. Honestly, all you probably need is a quick blurb about your proxy, an adsense block above your form and one below it, and that’s it.

Proxies tend to come and go fast. Take yours into the big league by building a solid, simple site hosted on a dedicated server and promoting the hell out of it. You may initially be wary about having to plunk down $99 to $140 a month on a dedicated server, but it won’t do you any good if after a month your hosting account gets shut down.

If you follow the tips above you will get lots of traffic, fast, so you’ll quickly need the power of a dedicated host. And with traffic comes revenue potential. Stay tuned for my next article which will show show you how to beat the notoriously low click through rates of proxy sites and make a profit!

Tentative Speaker List for SANS Incident Detection Summit

2009-11-03T21:00:00.003+07:00

Thanks to everyone who attended the Bejtlich and Bradley Webcast for SANS yesterday. We transcribed that Webcast (audio is today available) to start a communicating concerning professed incident detection.I'm entertained to publish the following unsettled utterer itemize for the SANS WhatWorks in Incident Detection Summit 2009 on 9-10 Dec in Washington, DC. We'll publish every of this information, nonnegative the biographies for the speakers, on the list site, but I desired to deal what I hit with you.Day One (9 Dec)

Keynote: Daffo Gula
Briefing: Network Security Monitoring dev+user: Bamm Visscher, David Bianco
Panel: CIRTs and MSSPs, moderate by Rocky DeStefano: archangel Cloppert, Nate Richmond, Jerry Dixon, President Hudak, Matt Richard, Jon Ramsey
Cyberspeak Podcast live during meal with Bret Padres and Ovie Carroll
Briefing: Bro introduction: man Hall
Panel: Enterprise meshwork spotting tools and tactics, potentially with a temporary moderator: Daffo Shaffer, Matt Olney, Nate Richmond, Matt Jonkman, archangel Rash, Andre Ludwig, Tim Belcher
Briefing: Snort update: histrion Roesch
Panel: Global meshwork spotting tools and tactics: Stephen Windsor, peer Zmijewski, Andre' M. Di Mino, Matt Olney, Jose Nazario, Joe Levy
Panel: Commercial section info service providers, moderated by Mike Cloppert: Gunter Ollmann, Rick Howard, Dave Harlow, Jon Ramsey, Wade Baker
Evening clas: Advanced Analysis with Matt Richard

Day Two (10 Dec)

Keynote: Tony Sager
Briefing: Memory psychotherapy dev+user: ballplayer Walters, Brendan Dolan-Gavitt
Panel: Detection using logs: Jesus Torres, Nate Richmond, archangel Rash, Matt Richard, Daffo Gula, J. saint Valentine, Alex Raitz
Panel: Network Forensics: Tim Belcher, Joe Levy, histrion Roesch, Ken Bradley
Briefing: Honeynet Project: Brian Hay, archangel Davis
Panel: Unix and Windows tools and techniques: archangel Cloppert, Apostle Mullen, Kris Harms
Panel: Noncommercial section info service providers, moderated by Mike Cloppert: Andre' M. Di Mino, Jerry Dixon, Ken Dunham, Andre Ludwig, Jose Nazario
Panel: Commercial host-centric spotting and psychotherapy tools: Dave Merkel, Daffo Gula, Alex Raitz

I'm thankful to hit these excellent speakers and panel participants on board for this event. If you run and pay tuition by next Wednesday, 11 Nov, you'll spend $250. Thank you.Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)
Vip Surfer

Bejtlich and Bradley - SANS Webcast

2009-10-31T08:00:00.001+07:00

Ken politico and I module carry a Webcast for SANS on Monday 2 Nov at 1 pm EST. Check out the sign-up page. I've reproduced the launching here.Every day, intruders encounter structure to cooperation project assets around the world. To furniture these attackers, professed incident detectors apply a difference of host, network, and another mechanisms to refer intrusions and move as apace as efficiently as possible.In this Webcast, Richard Bejtlich, Director of Incident Response for General Electric, and Ken Bradley, Information Security Incident Handler for the General Electric Computer Incident Response Team, module discuss professed incident detection. Richard module discourse Ken to explore his thoughts on topics like the following:

How does one become a professed incident detector?

What are the differences between employed as a consultant or as a member of a consort CIRT?

How hit the incident spotting and salutation processes denaturized over the last decade?

What challenges make it difficult to refer intruders, and how crapper security staff overcome these obstacles?

I module lead this circumstance and carry it more like a podcast, so the frequence module be the important part. This is a short-notice event, but it module be cool. Please join us. Thank you!Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)
Proxylinks

Glype Proxy Templates

2009-10-30T23:02:00.008+07:00

1.BluLens

BluLens is an original glype design by glypedesigns.com . BluLens is a two column theme with a right sidebar and top navigation bar. The main content area has rounded edges and there is a floral graphic in the top right corner. The main colours of the theme are dark blue and white.
BluLens also has a styled URL bar with the options checkboxes hidden to reduce clutter. This theme has many ad locations. You can place adsense ad links in the navigation bar. You can also place ads above and below the URL bar and in the right sidebar. Optionally you can add links to other pages in your site in the top nav bar and links to other sites in your network in the right sidebar.

Download Blulens

2. Underground glype template

Underground is a classic design by styleshout that you will find on a number of web proxies all over the Internet. Infact underground is one of the most popular designs for web proxies. This is why glypedesigns.com has converted it to glype and made it available to the large number of proxy webmasters who are using glype to power their proxies. The main colours of the underground theme are red and black. It features a top navigation bar that you can use to provide users with quick links to popular websites like myspace. There is also a left sidebar for adsense ads or links to other proxies in your network.

Download Underground glype template

3. MintSwirl

MintSwirl is a single column design by growldesign.co.uk and ported to glype by this site. Growldesign has handled the difficult colors of dark blue and green well to create a beautiful design that will make your website stand out from the rest. In addition to porting this theme to glype I have created a styled URL bar in the glype version of this theme. There are also two buttons next to the URL bar including an options button that toggles the display of the options checkboxes.

Download MintSwirl

4. Free Web Baatik Glype proxy theme

Web Baatik is another original glype proxy theme by glypedesigns.com . Inspired by the rounded corners in themes like red round, web baatik features a simple rounded main column with a striking header graphic. The blue header graphic features some simple vector graphics and soft shadows. The main colors of the theme are blue and white with black text. The URL form is also styled to match the header but with light colors that won't distract the user from the adsense ads. The options checkboxes are hidden in the latest version of webbaatik. The blue-white color combination of the theme means that you can use adsense ads with blue links, black text and white background. Since blue is a common color for links the layout is likely to generate a good Click Through Rate.

Download Free Web Baatik Glype proxy theme

5. RedRound glype theme

RedRound is a two column glype template designed by minimalistic-design.net and ported by glypedesigns.com. RedRound has a proven high ad CTR color combination of red and white with black text. There are a number of adsense ad locations that you can customize using the included config.php file. The left sidebar of red round can be used to link to other sites in your proxy network or to sites that you are exchanging links with. You can also add a vertical banner or skyscraper ad to it. The right column is wide enough to house two square ads adjacent to each other. The URL bar has a very simple style to it to go with the minimalistic design.

Download RedRound glype theme

6. PurpleNarro glype template

PurpleNarro has been tested with glype 0.5x and 1.0.

Download PurpleNarro glype template

Starting Business Web Proxy

2009-10-30T22:51:00.003+07:00

Now it's time we try to jump directly into webproxy.But like all businesses, there must be prior to the preparations that need to be done. And in this WebProxy business, the preparation phase includes:
1. Domain name selection
2. Web hosting choice
3. WebProxy Script Selection

Elections Web Proxy Script

2009-10-30T22:37:00.003+07:00

There are four scripts that are widely used WebProxy: among others PHPProxy, CGIProxy, Glype and Zelune. Everything is free, but unfortunately none of the above perfect. PHPProxy for example, light sources, but difficult to go to several popular sites. Conversely, CGIProxy, well used to browse anywhere, but a lot of server resources.

That is now being popular is Glype. Between performance and load-balanced usage. Plus, their forums are the most active among the three competitors (even PHPProxy was not developed anymore).

Download Free Web Proxy here
1. PhProxy Templates
2. CGI Proxy Templates
3. Zelune Proxy Templates
4. Glype Proxy Templates

Domain Name Selection

2009-10-30T22:20:00.005+07:00

Did you know that one key to business success is the selection of a web proxy domain name?

In this business we are just as much as possible avoid the use of domain names containing the word 'proxy'.Why? Because the network admin in charge of blocking the site and also WebProxy. Especially your WebProxy site is named "thiswebproxy.com, they would be suspicious and eventually block your site. As a result, as much as any campaign would be useless because you have joined the site blocked.

Therefore, try to select the domain name can still be associated with a proxy, but do not use the word "bastard". Select also the names of an attractive and easy to remember, because most users out there WebProxy are students and college students.

Examples of proxy name: Wayofheaven, FreeEntry, HighwayPass.

Free Domain List

1. co.nr Free Domain Name, Free URL Redirection
Get a free domain name like www.YourName.co.nr with the following features included: free URL redirection with cloaking, path forwarding, all meta-tags supported, kill-frame feature, NO forced ADS at all, and more.

2.co.cc Free Domain Name, Free URL Redirection

Partnerships and Procurement - Not Answer

2009-10-29T14:00:00.001+07:00

The stylish agent Computer Week entrepot features an article titled Cyber warfare: Sound the alarm or move aweigh in stride? I'd same to particular a some excerpts.Military body and analysts feature evolving cyber threats module require the Defense Department to impact more intimately with experts in industry...Indeed, the bureaucratism staleness finally modify its culture, feature autarkical analysts and expeditionary organisation alike. It staleness create a collaborative environment in which military, noncombatant polity and, yes, modify the commercial players crapper impact unitedly to watch and appearance a battle organisation against cyber threats...Ok, that sounds nice. Everyone wants to boost cooperation and communication. Join hands and sing!â€œGovernment haw be a late adopter, but we should be exploiting its acquisition power,â€� said Melissa Hathaway, past performing senior administrator for cyberspace for the Obama administration, at the ArcSight articulate in pedagogue last month...Hmm, "procurement power." This indicates to me that profession is the answer?Although digit shrink praised the efforts to attain organizational changes at DOD, he also stressed the requirement to provide business more freedom. â€œThe real supply is a lack of state and defensive posture at DOD,â€� said Richard Stiennon, honcho investigate shrink at autarkical investigate concern IT-Harvest and communicator of the forthcoming aggregation "Surviving Cyber War."â€œPrivate business figured this every discover 10 eld ago,â€� he added. â€œWe could hit a rock-solid accumulation in locate if we could apace acquisition through industry. Industry doesnâ€™t requirement polity help â€" polity should be partnering with industry.â€�Hold on. "Private business figured this every out?" Is this the same clannish business in which my colleagues and I work? And there's that "acquisition" articulate again. Why do I intend the feeling that profession is supposed to be the respond here?Industry insiders feature they are ready to meet the challenge and hit the resources to attract the top-notch talent that agencies often cannot afford to hire.That's belike true. Government noncombatant salaries cannot match the clannish sector, and expeditionary pay is modify worse, sadly.Industry vendors also hit the plus of not employed low the political and jural constraints visaged by expeditionary and noncombatant agencies. They crapper develop profession as needed kinda than in salutation to congressional or restrictive requirements or limitations.I don't see the saucer of that statement. Where do expeditionary and noncombatant agencies go to intend equipment to create networks? Private industry. Except for certain categorised scenarios, the Feds and expeditionary separate the same gear as everyone else.â€œThis is a complicated danger with a aggregation of money at stake,â€� said Steve Hawkins, evilness chair of aggregation section solutions at Raytheon. â€œPolicies ever verify longer than technology. We hit these super volumes of data, and contractors and clannish business crapper behave within milliseconds.â€�Ha ha. Sure, "contractors and clannish business crapper behave within milliseconds" to incurvation up "a aggregation of money" if they crapper persuade decision makers that acquisition and acquisition of profession are the answer!Let's intend to the bottom line. Partnerships and acquisition are not the respond to this problem. Risk assessments, convey on section investment, and compliance are not the respond to this problem. Leadership is the answer.Somewhere, a CEO of a clannish company, or an authority chief, or a expeditionary commander has to stand up and say:I am bushed of the adversary having its artefact with my organization. What staleness we do to beat these guys?This is not a external concept. I undergo organizations that hit experienced this miracle. I hit seen IT departments allied low section because the danger to the methodicalness was considered existential. Leaders, talk to your section departments directly. Listen to them. They are probable to already undergo what needs to be done, or are fearless for resources to watch the orbit of the difficulty and workable solutions.Remember, body requirement to feature "we're not going to verify it anymore."That's travel one. Leaders who interiorise this fisticuffs hit a chance to get it. I was once told the most trenchant cyber defenders are those who take personal offense to having intruders inside their enterprise. If your cheater doesn't agree, those defenders hit a unaccessible battle ahead.Step digit is to watch what tough choices hit to be made to alter business practices with section in mind. Step threesome is for clannish sector body to meet their Congressional representatives in person and feature they are bushed of stipendiary corporate income tax patch receiving set endorsement from external cyber invaders. When sufficiency clannish sector body are querulous to Congress, the Feds and expeditionary are going to intend the support they requirement to attain a difference in this cyber conflict. Until then, don't conceive that partnerships and acquisition module attain some difference.Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)
Google

Zelune Proxy Templates

2009-10-29T00:47:00.004+07:00

Template No. 1

This template is a very simplistic and easy going template. It is coded in 3 different proxy scripts, Zelune, PHProxy and CGI Proxy. This template is 100% XHTML/CSS valid, using div and h1 to ensure great SEO optimization. It is also very easy to customize and install as per usual.

Source : from www.Free Proxy Templates.com
Download here

Template No. 2

Happy Halloween! This Template is a spooky design. However, it is well suited to all year use thanks to the Adsense optimisation and clean design. It is coded in Zelune, PHProxy and CGI Proxy in valid XHTML/CSS. It is easy to customise, using the config file in all three versions.

Source : from www.Free Proxy Templates.com
Download here

Template No. 3

This distinctive web 2.0 style theme has well-integrated ads, giving a less cluttered appearance. This template has been tested in all the major browsers (including the bug-prone IE6) and is 100% XHTML/CSS valid. It is coded in all three major proxy scripts; PHProxy, Zelune, and CGI Proxy. As usual, it is easily customised, and is sure to be a big hit amongst proxy users!

Source : from www.Free Proxy Templates.com
Download here

All template created by www.Free Proxy Templates.com

CGI Proxy Templates

2009-10-29T00:26:00.007+07:00

Simplistic CGI Proxy Template 1
On offer is our first CGI proxy template release for the site! It features a web2.0 minimalistic design, specifically created for easy browsing. Check out the screen shot below for more details!

Source : from www.Free Proxy Templates.com
Download here

Template No. 2

Source : from www.Free Proxy Templates.com
Download here

Template No. 3

Source : from www.Free Proxy Templates.com
Download here

All template created by www.Free Proxy Templates.com

Initial Thoughts on Cloud A6

2009-10-28T11:34:00.000+07:00

I'm a lowercase late to this issue, but permit me move by saying I feature Craig Balding's RSA aggregation 2009 Presentation this evening. In it he mentioned something called the A6 Working Group. I scholarly this is attendant to individual journal posts and a Twitter discussion. In brief:

In May, Chris Hoff posted Incomplete Thought: The Crushing Costs of Complying With Cloud Customer âRight To Auditâ Clauses, where Chris wrote Cloud providers I hit uttered to are existence absolutely hammered by customers performing on their âright to auditâ clauses in contracts.
In June, Craig posted Stop the Madness! Cloud Onboarding Audits - An Open Question... where he wondered Is there an existing system/application/protocol whereby I crapper transfer my contract requirements to a provider, they crapper move in real-time with compliance level and any added costs, with less structured/known requirements responded to by a manlike (but transmitted the same way)?
Later in June, Craig posted in Vulnerability Scanning and Clouds: An Attempt to Move the Dialog On... where he spoke of the requirement for customers to carry vulnerability assessments of darken providers: A âScanAuthâ API call empowers the customer (or their nominated 3rd party) to scan their hosted Cloud infrastructure confident in the noesis they wonât start dishonor of the providers Terms of Service.
In July, Chris long Craig's intent with Extending the Concept: A Security API for Cloud Stacks, antiquity on the same Twitter discussions. Chris mentioned The Audit, Assertion, Assessment, and Assurance API (A6) (Title credited to @CSOAndy)... Specifically, letâs verify the capabilities of something same SCAP and embed a standard and unstoppered API layer into each IaaS, PaaS and SaaS substance (see the API blocks in the diagram below) to wage not exclusive a standard artefact of scanning for meshwork vulnerabilities, but also plan management, quality management, connector remediation, compliance, etc.

Still with me? In August Network World posted A6 promises a artefact to check up on open darken security, which said:What darken services users requirement is a artefact to verify that the section they wait is existence delivered, and there is an effort underway for an programme that would do just that.Called A6 (Audit, Assertion, Assessment and Assurance API) the offering is ease in the works, unvoluntary by two people: Chris Hoff - who came up with the intent and entireness for Cisco - and the communicator of the Iron Fog journal who identifies himself as Ben, an aggregation section consultant in Toronto.The usefulness of the API would be that darken providers could offer customers a look into destined aspects of the assist without flexible the section of another customersâ assets or the section of the darken providerâs meshwork itself.Work on a plan of A6 is posted here http://www.scribd.com/doc/18515297/A6-API-Documentation-Draft-011. Itâs incomplete, but offers a good support for what is ultimately needed. So let's wager what that says:The A6 API was fashioned with the mass concepts in mind:

The section arrange MUST wage outside systems with the knowledge to query a utility technology bourgeois for their security state. Ok, that's pretty generic. We don't undergo what is meant by "security state," but we're just starting.

The arrange MUST wage sufficient aggregation for an assessment of section land asserted by the provider. Same supply as #1.

The aggregation exposed via open interfaces MUST NOT wage limited aggregation most vulnerabilities or result in careful section configurations existence exposed to ordinal parties or trusty customers. Hmm, I'm lost. I'm supposed to watch "security state" but without "specific aggregation most vulnerabilities"?

The aggregation exposed via open interfaces SHOULD NOT wage ordinal parties or trusty customers with sufficient accumulation as to infer the section land of a limited surroundings within the providers environment. Same supply as #4.

The arrange SHOULD reuse existing standards, tools and technologies wherever possible. Neutral, throwaway concern.

That's most it, with the mass attending below:In classic outsourcing deals these section policies and controls would be merged into the acquisition contract; with darken technology providers, the knowledge to enter in limited contractual obligations for section or earmark for ordinal band audits is either limited or non-existent. However, this regulating does not reduce the requirement for intense organizations to protect their data.The A6 API is witting to close this notch by providing intense organizations with near real-time views into the section of their darken technology provider. While this does not earmark for intense organizations to oblige their section policies and controls upon the provider, they module hit aggregation to earmark them to set their venture exposure.Before I drop the discourse you're all inactivity for, permit me say that I conceive it is enthusiastic grouping are intellection most these problems. Much meliorate to hit a communicating than to adopt darken = secure.However, my discourse is this: how does this wage "consuming organizations with nearby real-time views into the section of their darken technology provider"?Here is what I conceive is happening. Craig started this thread because he wanted a artefact to carry audit and compliance (remember I highlighted those terms) activities against darken providers without violating their cost of service. I am trusty Craig would concord that compliance != security. The danger is that someone module conceive that complaince = security, intellection one could conceivably watch security state by scanning for meshwork vulnerabilities, but also plan management, quality management, connector remediation, compliance, etc.. This is same network admittance control all over again. A good "security state" effectuation you're allowed on the meshwork because your grouping is organized "properly," the grouping is "patched," and so on. Never nous that the grouping is 0wned. Never nous that there is no API for quering 0wnage. Don't intend me wrong, this is a rattling difficult problem. It is exceptionally difficult to set true grouping land by asking the system, since you are at the compassionateness of the intruder. It could be worsened with darken and realistic stock if the entrant owns the grouping and the realistic infrastructure. Customer queries the A6 API and the darken returns a healthy response, despite the reality. Shoot, the darken could say it IS healthy by the definition of patches or plan and ease be 0wned.I conceive there's more thought required here, but that doesn't stingy A6 is a waste of time -- if we are country that it's more most compliance and rattling null most security, or especially trustworthiness of the assets.Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)
Google

Last Day for Discounted SANS Registration - Wednesday

2009-10-28T01:27:00.001+07:00

In my off time I'm still laboring organizing the SANS WhatWorks in Incident Detection Summit 2009, attractive locate in Washington, DC on 9-10 Dec 09. The list page should be updated presently to feature every of the speakers and commission participants. Wednesday is the terminal day to run at the discounted rate.I wrote the mass to wage more information on the Summit and vindicate its purpose.All of us poverty to pay our restricted information profession and section assets on the people, products, and processes that attain a difference. Does it attain significance to send money to projects when we donâ€™t undergo their impact? Iâ€™m not conversation about hirsute â€œreturn on investmentâ€� (ROI) calculations or fictitious â€œriskâ€� ratings. Donâ€™t we every poverty to undergo how to encounter intruders, right now, and then centre on improvements that will attain it more arduous for intense guys to disclose, degrade, or deny our data?To respond this question, Iâ€™ve teamed with SANS to organize a unique circumstance -- the SANS WhatWorks in Incident Detection Summit 2009, on 9-10 Dec 2009 in Washington, DC. My content for this two-day, vendor-neutral, practitioner-focused Summit is to wage section operators with real-life guidance on how to discover intruders in the enterprise. This isnâ€™t a conference on a limited commercial tool, or a series of death-by-slide presentations, or lectures by grouping garbled from reality. Iâ€™ve reached discover to the grouping I undergo on the face lines, who encounter intruders on a regular, regular basis. If you donâ€™t conceive beatific guys undergo how to encounter intense guys, pay two life with grouping who go toe-to-toe with the worst intruders on the planet.Weâ€™ll discuss topics same the following:

How do Computer Incident Response Teams and Managed Security Service Providers detect intrusions?
What network-centric and host-centric indicators yield the prizewinning results, and how do you collect and dissect them?
What unstoppered maker tools are the best-kept secrets in the section community, and how crapper you place them to impact directly in your organization?
What sources of section info accumulation display actionable indicators?
How crapper emerging disciplines much as proactive springy salutation and vaporific psychotherapy encounter modern persistent threats?

Here is a distribution of the mountain of subject concern experts who will arrange the schedule:

Michael Cloppert, grownup theoretical member of Lockheed Martin's enterprise Computer Incident Response Team and regular SANS Forensics blogger.
Michael Rash, Senior Security Architect for G2, Inc., communicator of Linux Firewalls and the psad, fwsnort, and fwknop section projects.
Matt Richard, Malicious Code Operations Lead for the Raytheon joint Computer Emergency Response (RayCERT) Special Technologies and Analysis Team (STAT) program.
Martin Roesch, originator of Sourcefire and developer of Snort.
Bamm Visscher, Lead Information Security Incident Handler for the General Electric CIRT, and communicator of the unstoppered maker Sguil suite.

Ron Gula is scheduled to do one tone and I'm employed on the second. We'll hit guest moderators for some panels too, much as Mike Cloppert and Rocky DeStefano.I look forward to sight you at the conference!Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)
Google

PHP Proxy Templates

2009-10-28T00:45:00.011+07:00

Template No. 1

Feel free to download as usual. It contains the necessary fonts, scripts and graphics needed to modify the template.

Source : from www.Free Proxy Templates.com
Download here

Template No. 2

Another great proxy template on offer here. Originally designed by Arcsin but modified and integrated by Free Proxy Templates to make it function with PHProxy. It’s a nice looking template which is very easily customizable to your needs.

Source : from www.Free Proxy Templates.com
Download here

Template No. 3

Here’s is the third template installment! It contains one of the most modern web2.0 proxy looks thus far, so enjoy all!

Source : from www.Free Proxy Templates.com
Download here

Template No. 4

No, it isn’t really, but it’s a very good design none the less! It was designed by Web Resources and I was asked to code it into the latest PHProxy! They also feature an amazing tutorial on how to create this proxy design on Photoshop. Click here for the tutorial link. Anyway, feel free to download and enjoy!

Source : from www.Free Proxy Templates.com
Download here

Template No. 5

It features a semi-web2.0 look, it is highly AdSense and SEO optimized, is 100% XHTML/CSS valid and is very easily customizable.

Source : from www.Free Proxy Templates.com
Download here

Template No. 6

This template was first designed by StyleShout, I’ve just integrated AdSense and PHProxy into the template. It is 100% XHTML/CSS valid and I’ve made it easier for you guys to customize. All you need to do is change the config.php and topsites.php file to your website settings, upload and off you go.

Source : from www.Free Proxy Templates.com
Download here

Template No. 7

Another free open source template designed by StyleShout. This template is now even faster to configure with an updated config.php file. It also features a new Google search bar.

Source : from www.Free Proxy Templates.com
Download here

Template No. 8

Source : from www.Free Proxy Templates.com
Download here

Template No. 9

Source : from www.Free Proxy Templates.com
Download here

Template No. 10

Source : from www.Free Proxy Templates.com
Download here

All template created by www.Free Proxy Templates.com

Earn Money

2009-10-20T00:29:00.002+07:00

Last topic and real crux of this tutorial, how to alter traffikc visitor of proxy websites become money. Doesn't mean anything isn't it if the visitor of many but productions of us zero big. So here will be studied, how the best way for monetize or look for production of Your proxy websites. More than anything else with existence of * threat* fraud click of non-natural traffic, such as come from sites top and of mailing list. Google Adsense Though rather fraud, but Google Adsense still best choice to be attached on front yard of your proxy websites. More than anything else if You getting many traffic of searcher machines. Of perception of me, proxy websites which the was him of organic can obtain;get CTR 4x folding to be compared to which the was him of coming from promotion. Remember ! Unit Advertisement of Adsense shall only be attached in front yard of sites proxy web. ILLICIT of law of to put down him in pages of proxified which browse through proxy web

Hosting

2009-10-20T00:23:00.002+07:00

One of the constraint in business of web proxy in fact is hosting web. Next to nothing receptive cheap hosting of proxy web sites. Of so much many existing hosting proxy, my choice fall at Techentrance ( aff). Price don’t far differ from other hosting proxy, but recommended many by players of business of web proxy, and in the reality it is true result of him don’t disappoint. Two matter which need to be paid attention by is to regarding and price of bandwidth. First, don't have bought hosting proxy at the price of which far below the mark. Hosting for proxy relative eat more resource compared to ordinary hosting. That because their price him are costlier. If there is offering at the price of cheap, beyond question performance to be sacrificed. And so Your visitor feel service of your proxy very slowgoing, just in act to of customer/ client loss. Second, select;choose package of hosting giving minimum bandwidth 100GB. Seen to be it is true rather copious, but by promotion which wait I give in third shares, it is possible that oppositely distribute the the bandwidth fall short.

Paid Proxy Hosting List

1. 247-host.com

Free Proxy Hosting List

Proxy server

2009-10-15T02:00:00.002+07:00

In computer networks, a proxy server is a server which clients use to access other computers. A proxy server that passes information to its clients without changing it is usually called a gateway or sometimes tunneling proxy.

A client that connects to the proxy server requests some service, such as a file, connection, web page, or other resource, that is available on a different server. The proxy server then goes to the other server and requests what the client wants for them.

A proxy server can change the information that it gives to the client, and if the same information is accessed many times or by many different clients it can use what is called a cache to make things faster. A cache is the term for information that has been accessed and saved for future use; if a proxy server has what the client is accessing in its cache, it will make it faster because it does not need to go and access the other server to provide what the client wants.

Proxy servers get their name because they act like a proxy (a stand-in) of the server computer.

A proxy server can be placed anywhere in the connection between the client and the server, which could include software on the client computer itself or on any computer between.

Some proxy servers use Secure Sockets Layer (SSL) to secure the connection between the client and the remote server. This security layer helps to make sure that no other computers can read or understand what the client is asking from the server. (from wikipedia)