Rodney Campbell's Blog

U.K. police – Let us seize encryption keys
Because British law enforcement officers don't have the authority to seize encryption keys, an increasing number of criminals are able to evade justice, a senior police officer said.

Backlash Against British Encryption Law
The BBC is reporting on some backlash against the British Regulation of Investigatory Powers Act (RIPA) that came into force in 2000, which makes it a criminal act to refuse to decrypt files on a computer.

Trojan Encrypts Stolen Data, Relays it Through ICMP Packets
An unnamed Trojan horse program designed to steal information from infected computers sends the data back to the attackers through Internet Control Messaging Protocol (ICMP) packets; most other malware that sends data back uses HTTP packets or email. The Trojan installs itself as an Internet Explorer (IE) helper object and waits for computer users to enter sensitive data. The Trojan encrypts the purloined information before it is placed in the data section of an ICMP packet; the packet appears legitimate to network administrators and egress filters. 

All-in-one security devices face challenges
The multipurpose security appliances that consolidate firewall/VPN, content filtering, intrusion prevention and more into a single box are winning favor as easy-to-manage devices.

How Cisco secures its own networks
For a year John Stewart has been CSO at Cisco. He's in charge of a team of 60 information security professionals who play a role in IT architecture, policy, audit and incident response to protect an internal user base of about 48,000 employees worldwide.

Hackers beware – You are what you type
In an InfoWorld interview, computer forensics expert Dr. Neal Krawetz reveals how key taps and other clues can identify online bad guys.

Black Hat – No network is safe
If a skilled penetration specialist wants to get into your network, he can and will. Period.

Spike PHP Security Audit Tool
An open source tool to do static analysis of php code for security exploits.

Security Success Depends on Good Management
No matter what technical measures you introduce, people will do and say careless things under insecure conditions.

An 'Ethical Hacker' On Protecting Your Identity
Canada.com is running an article by Terry Cutler, a 'certified Ethical Hacker', who wants to get the word out on protecting their identities from a growing number of risks. The piece covers shopping online, keeping your personal information contained, and avenues of inquiry if your identity is stolen.

How to Crack a Website – XSS, Cookies, Sessions
Informit.com provides an insiders look at a real life XSS attack and how it was used to bypass the authentication scheme of an online web application, leading to "shell" access, an admin account, and more. XSS attacks are often discussed in theory — this walk through illustrates just how dangerous these types of attacks can be in reality.

IRC bot exploits the 5-day old MS-06040 vulnerability
Hopefully everybody followed the advice given less than a week ago. We've just located the first bot exploiting one the remote code execution vulnerabilities patched in last Tuesday's patch set by Microsoft.

PocketPC MMS Code Injection/Execution Vulnerability
Multiple buffer overflows in MMS parsing code, allow denial-of-service and remote code injection/execution via MMS.

SANS Tip of the Day – Use the features of your switches
Chances are that you have very smart switches in your corporate environment, but only use them for a small portion of their capability to do some VLANs.

AutoPatcher for Windows XP/2003/2000 – August 2006 – Full, Lite & Update
AutoPatcher is a comprehensive collection of patches, addons and registry tweaks in an installation package designed for Windows XP/2003/2000 to quickly patch a system with the most current updates and tweaks available, so you can update your system quick and easily and requires no user interaction once you have selected what to install.

Evolved IM Worms To Spread Across All Networks
Kaspersky Lab predicts that malware writers have developed IM worms capable of attacking all major IM networks. The company says that the industry will witness a rise in IM worms which can spread via multiple IM networks, triggering the demise of traditional IM worms, such as Bropia, Kelvia and Prex, which spread via single IM networks, such as MSN.

One in 600 social-networking pages host malware
ScanSafe has released its latest Global Threat Report on Web filtering, spyware and viruses. According to an analysis of more than five billion Web requests in July, ScanSafe found that on average, up to one in 600 profile pages on social-networking sites hosted some form of malware. 

Blackberry Security was a hot topic this year at Black Hat and Defcon. FX of Phenoelit presented Analyzing Complex Systems: The Blackberry Case. Jesse D'Aguanno of Praetorian Global presented his Blackberry Attack Toolkit (COming Soon) – His presentation Blackjacking – 0wning the Enterprise via the Blackberry is to be available soon. News features on the topic include BlackBerry a Juicy Hacker Target and Critical BlackBerry exploit to be released Aug 14

Retina MS06-040 NetApi32 Scanner
eEye Digital Security has created a standalone vulnerability scanner to help identify systems vulnerable to this flaw.

New Kind of Spam 'Un-Training' Filters?
This new spam has confused many people due to its lack of advertising, viruses, or request for personal information. One popular theory is that these innocuous blocks of text, often drawn from popular literature, are being used to "un-train" spam filters to allow more malicious spam through in the future.

Hacker Sophistication Outpacing Forensics
In the never-ending cat-and-mouse game between hackers and those charged with stopping them, it's pretty clear who's winning–and it's not the cat.

Google to continue storing search requests despite AOL gaffe
Although he was alarmed by AOL's haphazard release of its subscribers' online search requests, Google Inc. CEO Eric Schmidt said Wednesday the privacy concerns raised by that breach won't change his company's practice of storing the inquiries made by its users.

Serious BlackBerry Hack Threat Reported
Secure Computing warns that organizations that have installed their BlackBerry server behind their gateway security devices could be subject to a hacking attack when security researcher Jesse D'Aguanno is scheduled to release the code for his BlackBerry hack next week.

Defcon 14 Presentations
Archive of PDF's from Defcon 14.

Workers Ignore the Risks of Web Links and Attachments
A survey into the habits of 142 UK office workers conducted by Finjan has uncovered that although they know the security risk to their employers caused by clicking on web-links or opening attachments from unknown sources, they simply can't help themselves.

Microsoft fixes 23 flaws
Microsoft released a dozen fixes on its scheduled patch day, closing 10 critical security holes and another 13 noncritical flaws in the latest versions of the company's software.

Why Internet Security Continues to Fail
In his public farewell to the Internet security community three years ago this month, famed security researcher Rain Forest Puppy (RFP) opined that the Internet security community was allowing commercialism to trump common sense security thinking – a situation that he believed led to the growing Internet insecurity problem.

Why popular antivirus apps 'do not work'
Antivirus applications from Symantec, McAfee or Trend Micro — the three leading AV vendors in 2005 — are far less likely to detect new viruses and Trojans than the least popular brands.