secauditor speaks: hmmmm…Security - Imagine That

Adam Boileau (Metlstorm) has released a script (winlockpwn) written in Python, which allows a device running Linux to be connected to the FireWire port of a target workstation running Windows XP to get full read/write memory access and bypass Windows authentication. He demonstrated the tool in 2006, but didn’t release it until a few days ago. And this type of attack is also apparently effective against other OSes such Linux and OS X. And if the device doesn’t have a FireWire port, you’re not necessarily out of luck. If it has a slot for a PCMCIA card, a PCMCIA FireWire card will do the trick. And if you don’t have Linux on your laptop, just run your favorite Linux Live CD distro and grab the winlockpwn code and go.

Read the rest of this entry »

Dr. Eric Cole the author of Security 401: SANS Security Essentials, is providing an extracted 30 minute module on Vulnerability Assessment from Security 401. Dr. Cole believes that this will help you to improve the security of your organization. SANS is making this segment available through SANS OnDemand at no cost. Give it a try at
http://www.sans.org/info/25398

As a SANS student and participant in one of Dr. Cole’s classes I am sure that it will be worth while.  Besides you can’t beat free.

Ok maybe I need to rethink associating all Online Password Storage groups in the same realm as Dogbert. Think think think think…hmmmm….NOPE!

A nice aspect of the blog that I put out for me is the backend shows me where a referral comes from and recently one came from http://www.notsorelevant.com/2008-01-30/is-giving-away-passwords-cool-again/ while the information with in the article was interesting especially the new German application Allyve I thought the author missed the mark comparing this product to OpenID or OAuth. Allyve works more along the lines of any of the top 3 hits that Google brings back when searching for Online Password Storage. Agatra – Comodo – Handypassword

Read the rest of this entry »

I was talking with a coworker the other day about password cracking and I wanted to write up another post regarding that conversation and Michael Coates comments on a previous article that I wrote.

http://secauditor.wordpress.com/2008/02/21/what-is-more-important-password-expiration-complexity-or-something-else/

There are two main areas that must be looked at anytime an organization enters into password cracking. First is the transportation and storage of the password database and the non-repudiation aspect of users once password cracking is entered into. For this article I want to look at the later. Let’s look at a scenario to start with.

Read the rest of this entry »

This week CoreLabs came out with notification of a vulnerability found with in VMWare’s software. This vulnerability allows an attacker to break out of the Guest Operating System. This vulnerability was found in VMware’s shared folders mechanism. It grants users of a Guest system read and write access to any portion of the Host’s file system including the system folder and other security-sensitive files. The exploitation of this vulnerability allows attackers to break out of a Guest system to compromise the underlying Host system that controls it. To understand what is bad about this you have to see that the Guest system has been considered an isolated system.

Many security experts have utilized a virtual environment for testing malware, security exploits and vulnerabilities for years. I to am one of these. The one issue that I see that is creating a problem in these environments that has never really been an issue revolves around shared folders.

Read the rest of this entry »