Items Tag › Josh Cooper LifeStream

Razorback

http://labs.snort.org/razorback/

Razorback is a framework for an intelligence driven security solution. It consists of a Dispatcher at the core of the system, surrounded by Nuggets of varying types.

July 28 2010, 12:38am | Comments »

I posted to delicious.com

Scapy

http://www.secdev.org/projects/scapy/

July 28 2010, 12:37am | Comments »

I posted to delicious.com

SecurityTube - Watch, Learn and Contribute Computer Security Videos

http://www.securitytube.net/

Tags:
security

September 16 2009, 9:55pm | Comments »

I posted to delicious.com

NetWitness Investigator Software Download

http://download.netwitness.com/download.php?src=DIRECT

August 24 2009, 10:56pm | Comments »

I posted to delicious.com

AlienVault - Creators of OSSIM - The OSS Correlation and Security Suite

http://www.alienvault.com/home.php

August 11 2009, 11:13pm | Comments »

I posted to delicious.com

Xplico - Internet Traffic Decoder

http://www.xplico.org/

August 10 2009, 11:41pm | Comments »

I posted to google.com

Cybercriminals Refine ATM Data-Sniffing Software

http://rss.slashdot.org/~r/slashdot/eqWf/~3/DuGjYHM8RnA/Cybercriminals-Refine-ATM-Data-Sniffing-Software

BobB-nw writes "Cybercriminals are improving a malicious software program that can be installed on ATMs running Microsoft's Windows XP operating system that records sensitive card details, according to security vendor Trustwave. The malware has been found so far on ATMs in Eastern European countries, according to a Trustwave report. The malware records the magnetic stripe information on the back of a card as well as the PIN, which would potentially allow criminals to clone the card in order to withdraw cash. The collected card data, which is encrypted using the DES algorithm, can be printed out by the ATM's receipt printer, Trustwave wrote."Read more of this story at Slashdot.

Tags:
security

June 4 2009, 11:00am | Comments »

I posted to delicious.com

Arbor Networks | ATLAS Dashboard: Global

http://atlas.arbor.net/

Tags:
security

March 11 2009, 11:44pm | Comments »

I posted to delicious.com

MetaScanner

http://kalgecin.110mb.com/

Tags:
it
security

February 4 2009, 3:13pm | Comments »

I posted to delicious.com

ITRadio.com.au

http://itradio.com.au/

December 18 2008, 9:21pm | Comments »

I posted to delicious.com

System Advancements at the Monastery » Blog Archive » Zenmap

http://blog.securitymonks.com/2008/12/16/zenmap/

Tags:
it
security
nmap

December 18 2008, 9:18pm | Comments »

I posted to delicious.com

Lenovo's ThinkPad USB Portable Secure hard drive will make you look, feel more important than you are - Engadget

http://www.engadget.com/2008/11/14/lenovos-thinkpad-usb-portable-secure-hard-drive-will-make-you-l/

November 16 2008, 9:18pm | Comments »

I posted to delicious.com

/dev/random » Blog Archive » Asset Management Using Nmap

http://blog.rootshell.be/2008/10/15/asset-management-using-nmap/

Tags:
it
security

October 16 2008, 12:12am | Comments »

I posted to delicious.com

PCI DSS - PCI Security Standards Council

https://www.pcisecuritystandards.org/security_standards/pci_dss.shtml

Update is out

October 2 2008, 11:28pm | Comments »

I posted to delicious.com

Security Configuration Guides

http://www.nsa.gov/snac/

Hardening Tips for the Default Installation of MAC OS X 10.5 "Leopard"

Tags:
it
security
mac

September 30 2008, 9:44pm | Comments »

I posted to delicious.com

SIGVI - Vulnerability Management

http://sigvi.sourceforge.net/what_is.php

Basically, SIGVI is an application to detect vulnerabilities on our network.

September 27 2008, 3:08pm | Comments »

I posted to google.com

Asking The Cisco Systems IPICS and JPS Raytheon ACU-2000 Experts: Questions 31-35 [Voice of VOIPSA]

http://feeds.feedburner.com/~r/Security-Bloggers-Network/~3/404831362/

“This is the most dangerous piece of equipment ever invented. You connect everybody together, everybody can talk. And nobody can hear.” – Master Sgt. Dennis Goodman, Virginia National Guard ACU-1000 Operator Welcome to the 7th installment of “Asking The Cisco Systems IPICS Expert” — Cisco IPICS security questions derived from publicly available information. From the focus and tone of my previous six blog posts I suppose some folks might have the perception that I’m “picking” on Cisco. That is not the case, and don’t worry as there are several other products in the interoperability space that I plan on asking security questions about, notably the JPS Raytheon’s ACU-1000 and ACU-2000 devices that I mentioned in my first post and will expand upon in this and future posts. Before getting into this round of questions, I was thinking that it might be a good idea to take a step back and try to gain a better perspective of the big picture, or at least part of it. Over the past several years a few billion dollars has been placed towards achieving interoperability. However, it is through the recent PSIC grants of 2007 that one billion, derived from the proceeds of FCC spectrum sales, was allocated directly towards individual state grants for interoperability. A few months back I suppose one billion might seem to be a good chunk of money, but after the past few weeks’ news of hundreds of billions of bailouts — “Country Wall Street First” — it strikes me as not too much money at all for such an important objective. In other words, think of it this way; one billion is about what the US is spending every 2 to 3 days in Iraq. Still, for vendors, garnering a share of the PSIC grant money is definitely worth pursuing for a “win.” As an example, Cisco has put forth PSIC brochures and such for states as guidelines for how their particular technology, such as the IPICS, meets states’ needs. Also, some IPICS rollouts, such as Cisco CEO John Chambers’ home state of West Virginia, has more than 600 fire departments and 200 police departments connected. You’ll notice that the title of this post includes JPS Raytheon. About a year ago in October, 2007 Cisco Systems and JPS Raytheon began to collaborate and integrate the JPS ACU-2000 into the Cisco Systems IPICS soultion. Below is an example of where the JPS ACU-2000 fits into the IPICS solution. Cisco Systems IPICS and JPS ACU-2000 Question 31: Over the past few years a number of vulnerabilities have been discovered in Tomcat. A NIST NVD search shows 71. As the IPICS Server utilizes Tomcat, is the IPICS Server affected by these vulnerabilities? Should users be at all concerned? Question 32: Default credentials and poor passwords are a serious problem. They have been so for many years and will continue to provide an attack vector for years to come. Convicted VoIP “hacker” Robert Moore is quoted stating to Informationweek: Moore said what made the hacking job so easy was that 70% of all the companies he scanned were insecure, and 45% to 50% of VoIP providers were insecure. The biggest insecurity? Default passwords. “I’d say 85% of them were misconfigured routers. They had the default passwords on them,” said Moore. “You would not believe the number of routers that had ‘admin’ or ‘Cisco0′ as passwords on them. While resources such as Phenoelit’s DPL and Nessus plugins can facilitate attackers (and legitimate pentesting, auditing, etc.), I believe poor configuration documentation is also to blame. For example, the Cisco IPICS Server supports SNMPv3 in read-only mode “for security enhancement” — however, if one looks at the SNMP portion of the configuration documentation you’ll see the following: Cisco Systems IPICS SNMP Configuration While we can hope that folks configuring the IPICS Server would not take these instructions literally, has any consideration been given to “hardening” the Cisco IPICS documentation? What about IPICS course materials for those seeking IPICS certification? Question 33: The JPS ACU-2000 has a HTTP server for administration and configuration of the SIP Control Module (SCM-2). According to the administrator manual, page 2-104, a screenshot of the admin.cgi page appears to allow two actions to take place without requiring authentication: 1. Reboot of the SCM-2 and 2. Upload of new firmware to the SCM-2. Is this in fact the case? Please see screenshot below. JPS ACU-2000 HTTP interface Question 34: Concerning the JPS ACU-2000, are there any plans to improve the security of the SCM-2 Administration HTTP server by adding encryption like SSL/TLS? Question 35: According the JPS ACU-2000 data sheet, the SIP interface supports the following RFCs 3261, 2976, 3515, 2327, 3264, 1889. However, there seems to be no ACU-2000 support for encrypted SIP, such as SRTP. Is this indeed the case? If so, are there any plans to add more secure protocols for the ACU-2000 VoIP capabilities? Also, are there any JPS and Cisco “best practices” or “security recommendations” to mitigate the risks of unencrypted VoIP traffic in the Cisco IPICS and JPS ACU-2000 solutions? As with my previous questions, I thank you for your time and look forward to your answers. Shawn Merdinger Security Researcher