The knowledge and use of the command line is a powerful tool that can aid in the creation, modification and automation of routine tasks that a security auditor or any computer user may come up against. The flexibility, simplicity, and leetness of the shell oneliner can replace thousand-line perl code which otherwise would be thrown away after the task is complete. We have decided to provide share some of our favorite oneliners that we have found useful, either culled from … →
Being auditors I thought it was worth noting Dave Shackleford’s insightful blog post 10 Things Your Auditor Isn’t Telling You. If you have had any experience with auditing or retaining security auditors you should be able to relate to his points.
AKA: Are you building a house of cards? The gear myth is the mythical view that investing in more technology will inevitably make an enterprise network more secure. While there is a tremendous amount of new gear available to help make networks more secure, our perspective is that more gear, in fact, may not only fail to achieve your security goals, but it may even add risk. First let me visually explain the gear myth, then I’ll discuss why layering … →
If you ask the 50 banks that recently had customer data exposed when their accounting firm lost a number of their audit laptops to theft, the answer is no. Incredibly, the accounting firm’s lost laptops apparently did not utilize data encryption even though they contained sensitive customer information. This left the banks in the un-welcomed position of having to notify customers of a data breach. Anecdotally, our experience doing security audits across many industries indicates that much (maybe even most) … →
DoS, or Denial of Service attacks, are nothing new. The main idea behind a DoS attack is to exhaust a devices resources (be it HTTP, some database backend, or any other form of ‘service’) until it can’t respond to legitimate requests anymore. Typically, this is done from an application or link-saturation aspect, although it can be much more than that. Taking a sledgehammer to the A/C unit that serves a data center is pretty messy – but technically it is … →
Here is an interesting article on tracking down the source of spam: It is very normal that more than 1/3rd of the domain names we see each day in spam messages come from China. When one also considers the many “.com” and “.ru” domain names which are also hosted in China, the problem is much worse. More than half of all spam either uses domain names registered in China, is sent from computers in China, or uses computer in China … →
I’ve been thinking about honeytokens a lot lately. While I’ve always been fascinated by honeypots, honeytokens are a little different spin on the same idea. A honeypot usually functions as a machine or device just begging to get hacked. It usually emulates a machine that is missing a few patches and is very poorly configured. It can even be packed with services and data to make it look like a goldmine of sensitive information. The only catch is: none of … →
If you are anything like us, you can spend hours tracking down Firefox add-ons. Recently, Mozilla announced the release of ‘Collections‘, which allows you to create and store all of your favorite add-ons and customizations in one central place. If you need your add-ons installed in a new browser – just visit your Mozilla Collections account and one click will re-install all your plugins. In true Redspin spirit, I’ve made a Collections account chock full of add-ons that we use … →
I’m a huge fan of the Nessus vulnerability scanner. It’s got plug-ins for anything you could ask for, runs great in a Linux environment, and outputs a ton of information (thanks to thousands and thousands of checks). While all that information is a good thing, sometimes you are just looking for specific issues or findings across a network. A quick way I like to strip out interesting information is grepping through the output files for certain Nessus ID’s. Here is … →
It’s a very interesting time in the security community. While things in the security space usually move at a very rapid pace, the happenings as of late have been downright frantic. Just recently we have witnessed the birth of MS08-067 and the resulting Conficker worm that’s infected millions of computers to create the largest botnet ever. We have seen customer data loss on an epic scale with the U.S. Department of Veterans Affairs, T.J. Maxx, and Heartland Payment Systems, along … →
