The Security Skeptic

K. K. Mookhey and the folks at NII Consulting have begun a security blog. Checkmate focuses on forensics and penetration testing. KK invited me to visit the blog and "give it a quick read-over and your feedback as well". The first article I read - LINReS, An open source Linux Incident Response Tool - more than convince me that this is definitely a security blog worth visiting. The authors are competent and write well. The blog items are nicely presented, with abstracts that tease you into reading the full articles. And the articles address a nice mix of host and network security issues. On my first visit, I read articles about incident response software for Linux systems that is entirely self-contained, ways to secure password files against rainbow table attacks, and some details on the alternate data stream in the Windows NTFS file system.

If you enjoy good technical writing on a range of security subjects, add Checkmate to your RSS feed. The RSS feed can be found at http://www.niiconsulting.com/checkmate/feed/.

Archived at http://www.securityskeptic.com/arc20060701.htm#BlogID541 by Dave Piscitello  

I received an email today from a blog visitor who was performing research for an article on VoIP security for Telecom Asia. I've transcribed the three questions he asked and share my replies below...

Do you see the recent hacking/fraud incident with Net2phone as a wake-up call for VoIP security? (the hacking case in Miami)

If you follow public mailing lists like pen-test@securityfocus.com and bug-traq@securityfocus.com you will have noticed a trend. Increasingly, more VOIP product vulnerabilities are being reported and more inquiries are made about how to penetrate networks through VoIP protocols and SIP/IPBX configurations. This tells me that VoIP is large enough and there is a financial motivation (e.g., toll fraud) to make it a serious target.

Are these incidents common but the industry doesn't want them to become public?

Yes, but this is in my opinion merely consistent with the pattern for data that's been present for years. Few organizations want the negative exposure, tarnish of brand, and loss of consumer/customer confidence associated with security incidents.

What will be the biggest security-related problem with VoIP in future?

User and proxy authentication first, then confidentiality.

Archived at http://www.securityskeptic.com/arc20060701.htm#BlogID540 by Dave Piscitello  

Between December 2005 and March 2006, some DNS (Domain Name System) root and Top Level Domain (TLD) name server operators were subjected to numerous denial of service (DoS) attacks. These attacks seriously disrupt name resolution service by directing an overwhelming amount of traffic at the communications links that name server operators use to provide service.

The targets for such attacks are not limited to root and TLD name servers; major financial and eCommerce name servers may be even more vulnerable, and the consequent disruption to name resolution in such focused attacks have grave economic consequences. Law enforcement agencies and governments worldwide should treat these incidents as serious attacks, deliberately launched against very high profile targets, by parties who may be politically or financially motivated.

Read the rest of this article in the ENISA Quarterly June 2006.

Archived at http://www.securityskeptic.com/arc20060701.htm#BlogID539 by Dave Piscitello