Posted by Ian S. Nelson
Thu, 30 Oct 2008 20:11:00 GMT
We've been slacking and not blogging and when we have been blogging we've been dropping the technical ball a bit. We're trying to be better.
A big event happened in July and it went largely unnoticed, or so it seems, so I'll announce it here. Info-zip, one of the most popular programs around, has released version 3.0! There are actually a lot of good and timely new features in the 3.0 release of the PKZip clone.
- large-file support (i.e., > 2GB)
- support for more than 65536 files per archive
- multi-part archive support
- bzip2 compression support
- Unicode (UTF-8) filename and (partial) comment support
- difference mode (for incremental backups)
- filesystem-synch mode
- among others.
Bzip2 compression is interesting, it modernizes zip a bit but the things that are really important is the large-file support and support for more than 65536 files per archive, those limitations have become almost regular problems for some of us lately.
Tags 3.0, compression, news, non, upgrade, zip | no comments
Posted by Tate Hansen
Sat, 11 Oct 2008 21:33:00 GMT
A SecTor keynote presenter put forward something close to that line in a PowerPoint slide.
Don't buy technology to detect
I didn’t get all the details down given I was trying to zero in on his line of thinking once I read such a startling suggestion.
He did provide his reasoning (which was derived from surveying business consumers of security solutions). The gist of it was that companies were deploying detection technologies (aka SIEM/log management products) and were unable, technically or resource wise, to handle the added compulsorily work load spiked by the enhanced visibility.
Paraphrasing, he further suggested that companies should purchase products that do something, not ones that only do detection. He cited examples of business consumers whom lack knowledgeable staff to understand the alerts detection systems produce and ones unable to tackle the volume of alerts. I think we all can get that.
But is this really a practical suggestion? Prevention (i.e. tools that do something) is great, but detection is King! The conjecture to skip detection tools in favor or tools that do something is weak, especially if the data you are protecting has value.
How about the World Bank as a good example? It reads like they made prevention King and detection something much less.
Tags ClearNet, ClearNet Security, log, logs, sector, security, sem, siem, Tate Hansen | 1 comment
Posted by Tate Hansen
Tue, 07 Oct 2008 19:41:00 GMT
I finished a 1-day whirlwind Powersploiting class taught by HD Moore. As a metasploit auxiliary author neophyte I hadn’t seen before how easy it is to write ruby snippets to customize and extend metasploit for one’s own purposes.
For example, using the scanner template below, you can write a custom TCP scanner in minutes. This often may be the quickest way to check one off items or in-house services which require more than a SYN-ACK to get the information you want.
Metasploit scanner features:
- access to all exploit classes and methods
- support for proxies, SSL, reporting
- built-in threading and range scanning
To run your new scanner, do:
Existing metasploit scanners: http://metasploit.com/dev/trac/browser/framework3/trunk/modules/auxiliary/scanner
Tags ClearNet, ClearNet Security, metasploit, scanner, security, Tate Hansen | no comments
