My Backtrack 4 – USB/Persistent Changes/Nessus How-To has been updated again. Changes below

  1. Updated Nessus install procedures for version 4.2.0.
  2. Moved the 'apt-get upgrade' section to before the Truecrypt volume creation section. We now have enough updates that the initial update runs out of disk space before completing if the Truecrypt volume was created first.

The updated version is here.

The pdf has also been updated and can be found here.

I have, however, also kept the previous version available and it can be found here.

As usual, let me know if you find any issues or problems.



I'm sitting at home this evening and I should have been doing any number of productive things, but foremost on my mind for some bizarre reason was the question "What kinds of stats can I generate from my bits posts?" I know, I know, you were thinking the exact same thing πŸ™‚

So, with the help of a quick wget call to Delicious (wget --no-check-certificate -O <output.file> https://<username>:<password><tagyouwant>), a little awk, sort, and uniq magicΒ  plus a pivot table in Excel I bring you stats!

Current Number of Interesting Information Security Bits Posts = 1687

Number of Unique Sites = 428

Number of Links to Most Frequently Referenced Site = 60

Most Frequently Referenced Site =

This is a bit distorted. For some reason all the direct links go to instead of the blog from which they came.

Number of Links to Most Frequently Referenced Non-"news" Site = 46

Most Frequently Referenced Non-"news" Site =

Number of Links to Most Infrequently Referenced Site = 1 ( 230 sites tied)

The top 20 non-"news" sites:

What does all this tell us? I have no idea, but it was fun to do πŸ˜‰ I will be creating a blog roll that contains the Top 20 referenced non-"news" sites and updating it periodically for those who are interested.



I was looking at my checking account on-line a few days ago and saw something that sparked this blog post.Fingerprint

My bank has a very handy service where they scan the checks we write (yes, checks are still used in some cases :)) and you can view them online for a limited time. Very cool. Nothing wrong with that, right?

I didn't think so until recently.

We wrote a check to an individual recently and they cashed it at their bank. Somewhere along the line a fingerprint was put on the check, a very well done, clean, and clear fingerprint. I'm assuming that the fingerprint belongs to the individual who the check was written to, but I have not verified that.

First, why is the bank taking a finger print? Seems a bit extreme to me.

Second, why are they sticking it on a check that they know is going to be out of their control at some point?

This seems like a recipe for disaster to me. What do you think?


Reblog this post [with Zemanta]


There is a new post up on the RSA Security Blogger Meetup blog with a few more details and an action that needs to be taken if you are interested in attending. Go check it out.

Things Are Shaping Up



RSA Europe 2009 Security Blogger Meetup

by kriggins on August 26, 2009

in Announcement

Just a quick note to let you know there will be a Security Bloggers Meet-up at RSA Europe 2009. For slightly more detail, check out this post on the RSA Security Bloggers Meet-up blog.


Disclaimer: I am involved in setting this up along with Benny and Dale Pearson.


Backtrack 4 USB Thumb Drive PDF

by kriggins on August 23, 2009

in Announcement

I thought some might like to have a PDF of the how-to that could be used off-line.

Therefore, I made one.

The link is here (PDF). It is also linked to at the top of the how-to page itself.



Hi folks.

The Backtrack 4 USB Drive How-to has undergone a huge re-write. One of the largest changes is that we are no longer using UNetBootin except for one minor thing and then only if you want to. Everything is done from within Backtrack itself now.

Another change is that I have added instructions on setting up encryption with Truecrypt directly into the how-to. Finally, I have added some interesting tweaks such as mounting the Truecrypt volume on boot, changing root's home directory to the encrypted volume on the fly and setting nessus up to log to the encrypted directory.

It still lives in the same place.

If you were using the old how-to and don't want to start over, it is living here now. The parts of the new how-to on encryption and tweaks will still work with the old how-to if you just want to add that bit.

As always, let me know of any problems, typos, mistakes, etc. of which I am sure there are plenty. πŸ™‚



I participated in the Nebraska CERT Conference this week and gave a talk on Building the Perfect Backtrack 4USB Thumb Drive. Below is the slide deck from my talk.

Let me know if you have any comments or questions.



250th Interesting Bits Post

by kriggins on August 6, 2009

in Announcement, General

Well how about that? The August 6th Interesting Bits post was number 250.

I never dreamed I would hit 250 when I first started doing these posts. It just seemed like a good way to post regularly πŸ™‚

Many of you have mentioned that you appreciate these posts and I thank you for those thoughts.

The Interesting Bits posts have become a mainstay of this site and will continue for the foreseeable future.

On that note, feel free to send me links you think I might like to include. I don't promise to include every one, but I do promise to check every one out. You can email them to me (kriggins _at_ infosecramblings _dot_ com) or send them to me via twitter @kriggins.

Thanks for reading and as always drop me a line or leave a comment with your thoughts.



Well, there I go again, I keep saying I am going to get back to it and then leave you hanging. No real excuse this time other than being mondo busy.

As usual, all the posts in this series can be found on this page if you want a refresher or are just now jumping on the band wagon.

Anyway, last time we started talking about the taxonomy and the definition of risk from FAIR's perspective. As mentioned, we are going to leave those alone for a bit. We are going to build the taxonomy from the ground up. So, without further ado, here is where we are starting.

Threat Event Frequency

We start with the first component of Loss Frequency which is threat event frequency (TEF.) From the introduction, threat event frequency is:

The probable frequency, within a given timeframe, that a threat agent will act against an asset.

In other words, how many times within some amount of time will the bad guy try to do something evil to our treasured asset. This is important to know in determining how often we might actually suffer a loss.

So, to figure out the how many in how much part of the equation, we need to look at a couple things, contact and action. However, we are not talking about binary definitions here such as 'was there contact or not'.

First let's talk contact. From the introduction, contact is:

The probable frequency, within a given timeframe, that a threat agent will come into contact with an asset.

There are three things we want to consider. We are interested in whether the bad guy has regular or random contact with our treasure. Is contact the result of just random chance or is there some regularity to the contact? We are also really interested in whether the contact is intentional or not. Is the bad guy looking specifically for the types of treasure you have or are we target of opportunity.

Now action. From the introduction, action is:

The probability that a threat agent will act against an asset once contact occurs.

Again, we want to look at three things, asset value, vulnerability, and risk. Is it worth it to the bad guy to try something, i.e. is the value of the asset high enough. How vulnerable does the bad guy perceive the treasure to be. Our treasure is much less vulnerable sitting in a bank vault than it is sitting unwatched on a table in a crowded room. Finally, what is the risk to the bad guy. How likely is he to get caught if he tries to make contact.

All these factors must be taken into consideration when we we are thinking about threat event frequency.

Next we will explore the other half of loss frequency, vulnerability. I'll tell you right now that it is not what you think it is, unless, of course, you are already familiar with the FAIR Taxonomy. πŸ™‚

As usual, drop me a note or leave me a comment with your thoughts.