Here are today's Interesting Information Security Bits from around the web.

• TippingPoint | DVLabs | Honeypotting the Cloud

  Honeypots in the cloud. Cool. Very interesting article.

  • cloud
  • honeypot

• IBM Rational Application Security Insider: DNS poisoning via Port...

  Hmm. Remote DNS poisoning via Java applets. That's not good.

  • dns
  • exploit

• Stop OS X from transmitting on fragile networks

  If you are going to plug your nice shiny Mac into a SCADA network, you probably want to read this post and takes some or all of the steps it suggests.

  • scada
  • osx

• SCADA Security Scientific Symposium S4 Preliminary Agenda

  The 5th edition of S4 is happening in January.

  • conference
  • scada

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

This is the weekly recap of things that happened on the SecurityTwits feed for August 31st - September 6th, 2011.

What's in the recap?

It contains most of the tweets/retweets made by SecurityTwits and many of the responses that carbon SecurityTwits. That of course means that if you respond to a SecurityTwits tweet make sure to include both the original poster and SecurityTwits so everybody can learn from the conversation.

The format will be original tweet/retweet left justified and then any responses indented just under that tweet.

I hope you find this helpful and I welcome suggestions on how to make these recaps even better.

InfoSec Questions

RT @jkvester: @securitytwits anyone got the bypassuac metasploit post module working on Windows 7? (If so, which patchlevel?)

RT @pwpslade: Does anyone have stats for the number of organisations using multi-factor authentication? #infosecq

InfoSec Call for Presentations

RT @hackinparis: #hackinparis Call For Papers now online, feel free to send your talk and workshop proposals ! http://bit.ly/oBmbLg

RT @shmoocon: Oh, hi! How about a CFP? http://www.shmoocon.org/

InfoSec Meet-ups/Tweet-ups

My how-to for installing Backtrack 5 to a USB thumb drive or hard drive has been published. There are several changes from the Backtrack 4 how-to, but nothing catastrophic. I do plan to create an updated persistent install how-to also, but it will be a day or two before I can get to that.

Backtrack 5 – Bootable USB Thumb Drive with “Full” Disk Encryption

As usual, please let me know if you notice any problems or typos. You can do so by emailing me at kriggins@infosecramblings or leaving comments on the page itself.

-Kevin

My Backtrack how-tos will be updated this weekend with specifics for Backtrack 5.

The full disk encryption how-to appears to work fine as long as you increase the boot partition size. The exact size is unknown at this time, but 1000MB works. Details this weekend.

http://www.infosecramblings.com/backtrack/backtrack-4-bootable-usb-thumb-drive-with-full-disk-encryption/

The USB how-to should work as is except you do not need to install Nessus. It is now included in the distribution.

http://www.infosecramblings.com/backtrack/backtrack-4-usbpersistent-changesnessus/

Kevin

Note: Some of the suggestions for What to Read Wednesday will be corporate sites/blogs. I do not receive any financial or other compensation for these suggestions. They are based solely on my belief that you should be reading what they provide.

If you are looking for in-depth research that you can actually use, you can't go wrong with the stuff that Securosis turns out. I know almost all the folks at Securosis and they all generate exceptional content.

And as a bonus, Securosis provides all their research free to you and me. We just can't beat that price

I have had the pleasure of meeting Rich Mogull, Mike Rothman, David Mortman, Gunnar Peterson and Dave Lewis in the person and have enjoyed communicating with them and James Arlen online. I have not met Chris Pepper or Adrian Lane although I have been in the same room as Adrian

There are a couple ways to consume their content. There is a blog, both a highlights version and full version, and their research library.

Here are a few items to give you a taste of what they can provide:

Project Quant: a metrics model for measuring the costs and effectiveness of patch management

Friday Summary: December 24, 2010

Incite 12/22/2010: Resolution

Pop the feeds in your reader and bookmark their research page. You'll be happy you did.

You can also follow all the Securosis staff on twitter too. I do.

Rich Mogull (@rmogull)

Mike Rothman (@securityincite)

Dave Lewis (@gattaca)

David Mortman(@mortman)

Gunnar Peterson (@oneraindrop)

Adrian Lane (@adrianlane)

James Arlen (@myrcurial)

Chris Pepper (@reppep)

Mellissa Schott (@geekgrrl)

As always, comments welcome below or you can email me: kriggins@infosecramblings.com

If you are interested in getting my content regularly, go ahead and subscribe to my RSS feed. You can also subscribe have posts emailed to you if you prefer.

-Kevin

I am at the RSA conference again this year. At the same time and nearby, Security BSides is holding an event.

Most of you are are probably aware of the RSA conference, but many may not be familiar with Security BSides. From the site:

What is BSides?

BSides is a community driven unconference built for and by information security community members.  The goal is to expand the spectrum of conversation beyond the traditional confines of space and time.  It creates opportunities for individuals to both present and participate in an intimate atmosphere that encourages collaboration. It is an intense event with discussions, demos and interaction from participants. It is where conversations for the next-big-thing are happening.  We've followed the BarCamp format... because it works.

The format is intimate, i.e. small, and the content is voted on by the community. This was my first opportunity to participate in this type of conference and I found it a great environment for learning and interacting with peers.

Security BSides

I spent the morning at BSides and it was time well spent.

Life on the InfoSec D-list by Andrew Hay

The opening keynote was delivered by Andrew Hay. Andrew started a series of interviews called the D-list a while back and I consider myself fortunate to have been included. Before you take umbrage at the name D-list, you need to understand what Andrew means.

Being on the D-list means you are in the trenches getting the work done. You are contributing to the field and active in the community. You may not be a "star", but you care and are committed to the profession.

He talked about the importance of community and gave some tips on ways to possibly move up the chain should you be so inclined.

I thought it was a great keynote and that perspective is in no way influenced by the fact that I consider Andrew a good friend   We all have ways we can contribute to the profession and community and being on the D-list is not to be scoffed at.

Preparing for a PCI forensic investigation by David Barnett

After Andrew's keynote, David Barnett delivered a talk about PCI investigations. David is an ex-QIRA. For those who don't know, a QIRA is a Qualified Incident Response Assessor. This is the individual that will show up to perform the incident response assessment in the event you are involved in a PCI DSS breach.

David shared what is involved when a QIRA comes on site and also offered some tips on how to manage an incident in a manner that will make it much less painful. From his talk description:

Reviewing lessons learned from dozens of past forensic cases,  this presentation will highlight how to prepare for a PCI mandated forensics investigation including;  what steps should be taken to limit fines and fees, how to ensure you have proper legal representation, how to limit the scope of the investigation, and what questions to ask before deciding on who will conduct the forensic investigation.

This was an interesting talk with a great deal of information in it. I hope to get the slide deck and will offer other thoughts after that.

So what's the Alternative by Michael Santarcangelo, JJ (Jennifer Jabbusch), Marisa Fagan

This talk was a panel that explored what can be done to remove the inherent risk that  passwords bring to the table. It was a lively discussion and was particularly interesting since Michael attended via Skype. His head was huuuuge

Of particular note to me was the discussion about the difference between identity and authentication and how in most cases we have merged the two. Very interesting stuff. The conversation continues on Twitter. Join in here.

Moving venues

After the password panel, I moved from BSides, which was held in a co-working site not too far from the Moscone center, over to RSA.  Transportation back and forth was generously provided by BigFix. I hopped on the bus and enjoyed a nice ride back to the conference site.

Security "Groundhog Day" – Third Time's a Charm with Martin McKeay, Rich Mogull, Ron Woerner, Dave Lewis and Mike Rothman.

This was the second time I attended this panel and its third iteration. It is a fun and informative discussion about what is going on in the security industry and that we can't keep doing the same things and expecting a different outcome. There was a lot of ground covered from APT to what technologies should die to several other topics. Very interesting stuff.

Case m00p by Mikko Hypponen

After repeating my Groundhog Day experience , I went to a talk given by Mikko Hypponen of F-Secure. Mikko’s talk was a walk-through of the investigation and eventual apprehension, at least of some members, of the computer hacking  gang called m00p. Mikko is a very engaging speaker and this was a very interesting talk.

Nothing cutting edge because the case itself was a little older, but very interesting to see the steps that Mikko went through to track these folks down. The most amusing part about the story was the gang’s constant need to tell what they did and their naiveté in thinking that Mikko would not share that information with law enforcement.

Winnovation- Security Zen through Disruptive Innovation and Cloud Computing by Christofer Hoff and Rich Mogull

This rapid-fire information onslaught was an extension of a talk Chris and Rich gave last year. It focused on the fact that innovation is often disruptive and that cloud computing is acting as such an agent right now. Chris and Rich are fun to watch and at the same time introduce a great deal of information.

One of the biggest takeaways I had from this talk is not necessarily new, but still very important. We have to talk to the business in a manner that shows we are supporting their effort, but at the same time help them understand we want to do so in as secure a manner as is appropriate. Rich offered up some tips and good questions to ask and hopefully I can get the slide deck later so they can be shared more widely.

Speaker’s Dinner

The final event for the first day of RSA/BSides for me was the speaker’s dinner. I attending as a speaker this year. I led a peer-2-peer session on Wednesday that I will talk about in a separate post. I enjoyed the dinner and discussion even though the drinks and hors d’ oeuvres time was packed, hot and loud

I thought the first day of both conferences was fantastic and the rest followed along the same path. More on that later.

-Kevin

I apologize for the downtime today. It was entirely my fault.

Things should be okay now.

Kevin

I have published my latest Backtrack 4 how-to.

Backtrack 4 - Bootable USB Thumb Drive with "Full" Disk Encryption

This is a step-by-step guide showing how to create a encrypted bootable Backtrack 4 USB thumb drive. I put quotes around full in the title because technically the whole disk isn't encrypted.

We use LVM and the native encryption routines included in Ubuntu 8.10 to encrypt all partitions except for a small boot partition that never contains any data.

This how-to is a departure from the persistent install method I have documented in the past. It also means we don't have to mess with Truecrypt or do the home directory shennanigins we were going through. I will be incorporating it into the main how-to in the near future.

As always, I am interested in your thoughts and feedback.

-Kevin

I was looking at my checking account on-line a few days ago and saw something that sparked this blog post.

My bank has a very handy service where they scan the checks we write (yes, checks are still used in some cases ) and you can view them online for a limited time. Very cool. Nothing wrong with that, right?

I didn't think so until recently.

We wrote a check to an individual recently and they cashed it at their bank. Somewhere along the line a fingerprint was put on the check, a very well done, clean, and clear fingerprint. I'm assuming that the fingerprint belongs to the individual who the check was written to, but I have not verified that.

First, why is the bank taking a finger print? Seems a bit extreme to me.

Second, why are they sticking it on a check that they know is going to be out of their control at some point?

This seems like a recipe for disaster to me. What do you think?

-Kevin

There is a new post up on the RSA Security Blogger Meetup blog with a few more details and an action that needs to be taken if you are interested in attending. Go check it out.

Things Are Shaping Up

-Kevin