My Internet Notebook

a journal on software, mobile, marketing

Archive for the ‘Security’ Category

Can A Poem Fend Off Hackers

leave a comment

Apple Computers is reportedly to have embedded a poem in the code of its OS X that warns hackers not to hack the OS X.

There once was a user that whined
his existing OS was so blind
he’d do better to pirate
an OS that ran great
but found his hardware declined.
Please don’t steal Mac OS!
Really, that’s way uncool.
© Apple Computer, Inc.”

Written by Y.

February 16th, 2006 at 6:53 pm

Posted in Security

It is a Jungle Out There

leave a comment

I was browsing my web server log file and noticed a few strange lines. It seems someone is trying to explore possible break-ins through known security holes, e.g. sql injections holes of many php-mysql based discussion forums program.

82.77.150.112 7168 [05/Aug/2005:03:31:41 -0700] “GET /forum/ HTTP/1.1″ 404 0 212
82.77.150.112 7168 [05/Aug/2005:03:31:42 -0700] “GET /phpBB/ HTTP/1.1″ 404 0 212
82.77.150.112 7168 [05/Aug/2005:03:31:43 -0700] “GET / HTTP/1.1″ 404 0 206
82.77.150.112 7168 [05/Aug/2005:03:31:43 -0700] “GET /forums/ HTTP/1.1″ 404 0 213
82.77.150.112 7168 [05/Aug/2005:03:31:44 -0700] “GET /phpbb/ HTTP/1.1″ 404 0 212
82.77.150.112 7168 [05/Aug/2005:03:31:50 -0700] “GET /board/ HTTP/1.1″ 404 0 212
82.77.150.112 7168 [05/Aug/2005:03:31:54 -0700] “GET /boards/ HTTP/1.1″ 404 0 213
82.77.150.112 7168 [05/Aug/2005:03:31:58 -0700] “GET /phpBB2/ HTTP/1.1″ 404 0 213
82.77.150.112 7168 [05/Aug/2005:03:32:01 -0700] “GET /msgboard/ HTTP/1.1″ 404 0 215
82.77.150.112 7168 [05/Aug/2005:03:32:05 -0700] “GET /foros/ HTTP/1.1″ 404 0 212
82.77.150.112 7168 [05/Aug/2005:03:32:09 -0700] “GET /portal/ HTTP/1.1″ 404 0 213
82.77.150.112 7168 [05/Aug/2005:03:32:09 -0700] “GET /discussion/ HTTP/1.1″ 404 0 217
82.77.150.112 7168 [05/Aug/2005:03:32:10 -0700] “GET /nar/ HTTP/1.1″ 404 0 210
82.77.150.112 7168 [05/Aug/2005:03:32:13 -0700] “GET /html/forum/ HTTP/1.1″ 404 0 217
82.77.150.112 7168 [05/Aug/2005:03:32:13 -0700] “GET /html/forums/ HTTP/1.1″ 404 0 218
82.77.150.112 7168 [05/Aug/2005:03:32:14 -0700] “GET /Forum/ HTTP/1.1″ 404 0 212
82.77.150.112 7168 [05/Aug/2005:03:32:18 -0700] “GET /Forums/ HTTP/1.1″ 404 0 213
82.77.150.112 7168 [05/Aug/2005:03:32:24 -0700] “GET /bb/ HTTP/1.1″ 404 0 209
82.77.150.112 7168 [05/Aug/2005:03:32:24 -0700] “GET /ugboard/ HTTP/1.1″ 404 0 214
82.77.150.112 7168 [05/Aug/2005:03:32:28 -0700] “GET /ugboards/ HTTP/1.1″ 404 0 215
82.77.150.112 7168 [05/Aug/2005:03:32:28 -0700] “GET /newboard/ HTTP/1.1″ 404 0 215
82.77.150.112 7168 [05/Aug/2005:03:32:35 -0700] “GET /newboards/ HTTP/1.1″ 404 0 216
82.77.150.112 7168 [05/Aug/2005:03:32:35 -0700] “GET /members/phpBB/ HTTP/1.1″ 404 0 220
82.77.150.112 7168 [05/Aug/2005:03:32:39 -0700] “GET /members/phpBB2/ HTTP/1.1″ 404 0 221
82.77.150.112 7168 [05/Aug/2005:03:32:43 -0700] “GET /members/phpbb/ HTTP/1.1″ 404 0 220
82.77.150.112 7168 [05/Aug/2005:03:32:46 -0700] “GET /portal/forum/ HTTP/1.1″ 404 0 219
82.77.150.112 7168 [05/Aug/2005:03:32:49 -0700] “GET /portal/forums/ HTTP/1.1″ 404 0 220
82.77.150.112 7168 [05/Aug/2005:03:32:55 -0700] “GET /bbs/ HTTP/1.1″ 404 0 210
82.77.150.112 7168 [05/Aug/2005:03:32:58 -0700] “GET /bulletinboard/ HTTP/1.1″ 404 0 220
82.77.150.112 7168 [05/Aug/2005:03:33:02 -0700] “GET /bulletinboards/ HTTP/1.1″ 404 0 221

I think that this is a reminder that no one is really safe on the internet and if you run at website, make sure you keep with security patches.
Btw, the IP address was traced back to Romania.

Written by Y.

August 5th, 2005 at 10:10 am

Posted in Security

Information Security Certificate

leave a comment

Ever wondered how many information security certifications are there, what do you need to gain an edge in the field?

First, to show that you have basic understanding /experience of network security you need to know the inside-out of these security devices: firewalls, antivirus solutions, and intrusion detection devices. A Cisco Certified Network Associate (CCNA) or Cisco Certified Internetwork Expert (CCIE) can help you here.

To venture further into broader security arena, you can probably look at these options. Certified Information Systems Security Professional (CISSP) is a good place to start, and is frequently mentioned in job ads. This certification denotes a recognized mastery of an international standard for information security. The exam measures understanding of 10 main security areas.

Other certifications include: Global Information Assurance Certification (GIAC) (founded by the SANS Institute), CompTIA Security+, TruSecure ICSA Certified Security Associate (TICSA), Security Certified Network Professional (SCNP), Security Certified Network Architect (SCNA), Systems Security Certified Practitioner (SSCP).

Written by Y.

May 15th, 2005 at 11:20 pm

Posted in Security

The Problem Statement is the Problem

leave a comment

Daniel Geer Jr. from Verdasys wrote about measurable security at IEEE Security & Privacy:

The days when security was about adjectives (“More secure!”) are over; the future belongs to those who can measure, and for that reason it is time that our problem statements be things that can be expressed in elegant form and be measured.

Written by Y.

April 19th, 2005 at 9:59 pm

Posted in Security

Testing Web Application Security

leave a comment

Web applications these days are so prevalent that its security testing should be always considered a high priority and planned accordingly instead of just a after-thought.

Michael Mullins has a good article over at Techrepublic.com on “Ask these key questions to test application security”. Besides stating the obvious – “Companies should conduct application testing from both an authorized user’s and an unauthorized user’s perspective. This testing should include all systems that make up the application. The complexity of your testing should depend on whether the organization created the application or contracted a reputable vendor to do the work.” the author provided a good list of key questions to ask of designer and testers alike:

Scripting: Can you perform administrative functions remotely from the Internet? Could someone script an attack that overwhelms the application?
Enumeration: Is it possible to enumerate account information of other users?
Sessions: Have you based tokens on some easily re-created variable, such as sequential or time and date?
Error handling: Does your application reveal any useful information about the products used to create the application?
Field variables: Have you fixed SQL injection and buffer overflows that take advantage of system calls to unauthorized programs?
Code commenting: Have you cleansed HTML source code of all comments and metadata that doesn’t serve an end-user function?
Session time-out: Do sessions expire after a reasonable period of time?
Session cache: Does information expire to prevent someone from replaying a session?
Network parameters: Have you thoroughly documented ports and protocols and filtered them for content and source origination?

The Braidy Tester at Microsoft also offers an extensive list of things to look out for, including security: http://blogs.msdn.com/micahel/articles/175571.aspx. His list also included some major security exploits like SQL Injection.

But none of the two authors mentioned Cross Site Scripting, which is arguably gaining a lot of attentions lately. I will talk more about SQL Injection and Cross Site Scripting later.

Written by Y.

April 12th, 2005 at 11:36 pm

Posted in Security,Testing