News aggregator

We’re pleased to introduce our first beta release built on the new Snort 3.0 architecture. The Snort 3.0 architecture consists of two primary components: a software platform called the Snort Security Platform (SnortSP) 3.0, which is shipping in beta form in this release, and traffic analysis engine modules that plug into SnortSP. This beta test release contains one engine module which contains the Snort 2.8.2 detection engine implemented as a SnortSP engine module. SnortSP is an open-source platform for running packet-based network security applications. It provides many of the common functions required by programs that deal with packet processing such as configuration loading, event generation and traffic logging, data acquisition, protocol decoding and validation, flow management, and more.

Ratproxy is a semi-automated, largely passive web application security audit tool. It is meant to complement active crawlers and manual proxies more commonly used for this task, and is optimized specifically for an accurate and sensitive detection, and automatic annotation, of potential problems and security-relevant design patterns based on the observation of existing, user-initiated traffic in complex web 2.0 environments.

PAW / PAWS is a wardialing software in python. It is designed to scan for ISDN (PAWS only) and "modern" analog modems (running at 9.6kbit/s or higher). Wardialing tools are - despite their martialic naming - used to find nonauthorized modems so one can disable those and as result make access to the internal network harder.

More than 60 per cent of IT professionals believe outsourcing code increases the likelihood of hacking. In fact, 55 per cent believe it is far safer to write programs internally, according to a survey from Fortify Software.

Which is fine - but you can only write code internally if you haven't already outsourced most of your IT department. And with increasing amounts of grunt work - such as development and testing - being outsourced, IT professionals can only do so much internal work.

In fact, the survey suggests as much as a quarter of companies outsource application development, but do not specify security processes or technologies to ensure the security of outsourced applications.

So, the firms are probably asking for trouble - especially as the survey also suggests as much as 81 per cent of companies believe their systems are vulnerable to hacking.

The use of covert application-layer tunnels to bypass security gateways has become quite popular in recent years. By encapsulating blocked or controlled protocols such as peertopeer, chat and e-mail into others allowed by the security policies, such as HTTP, SSH or even DNS, both legitimate and malicious users can effectively neutralize many security
restrictions enforced at the network edge.

Traditional firewalling techniques, based on Application Layer Gateways and even pattern-matching mechanisms are becoming practically useless as tunneling tools grow more sophisticated.

In this paper we propose an effective solution to this problem based on a statistical traffic classification technique. Our mechanism relies on the creation of a statistical fingerprint of legitimate usage of a given protocol, such as regular remote interactive logins or secure copying activities. Such fingerprint can then be used to detect with high accuracy non-legitimate sessions, i.e., sessions that tunnel other protocols. Results from experiments conducted on a live network suggest that the technique can be very effective, even when the application layer protocol used as a tunnel is encrypted, such as in the case of SSH.

When it comes to the U.S. government’s computer security, we in the tech press have a habit of reporting only the bad news—for instance, last year’s hacks into Oak Ridge and Los Alamos National Labs, a break-in to an e-mail server used by Defense Secretary Robert Gates ... the list goes on and on. Frankly that’s because the good news is usually a bunch of nonevents: “Hackers deterred by diligent software patching at the Army Corps of Engineers.” Not too exciting.

So, in the world of IT security, it must seem that the villains outnumber the heroes—but there are some good-guy celebrities in the world of cyber security. In my years of reporting on the subject, I’ve often heard the National Security Agency’s red team referred to with a sense of breathless awe by security pros. These guys are purported to be just about the stealthiest, most skilled firewall-crackers in the game. Recently, I called up the secretive government agency and asked if it could offer up a top red teamer for an interview, and, surprisingly, the answer came back, “Yes.”

What are red teams, you ask? They’re sort of like the special forces units of the security industry—highly skilled teams that clients pay to break into the clients’ own networks. These guys find the security flaws so they can be patched before someone with more nefarious plans sneaks in. The NSA has made plenty of news in the past few years for warrantless wiretapping and massive data-mining enterprises of questionable legality, but one of the agency’s primary functions is the protection of the military’s secure computer networks, and that’s where the red team comes in.

In exchange for the interview, I agreed not to publish my source’s name. When I asked what I should call him, the best option I was offered was: “An official within the National Security Agency’s Vulnerability Analysis and Operations Group.” So I’m just going to call him OWNSAVAOG for short. And I’ll try not to reveal any identifying details about the man whom I interviewed, except to say that his disciplined, military demeanor shares little in common with the popular conception of the flippant geek-for-hire familiar to all too many movie fans (Dr. McKittrick in WarGames) and code geeks (n00b script-kiddie h4x0r in leetspeak).

So what exactly does the NSA’s red team actually do? They provide “adversarial network services to the rest of the DOD,” says OWNSAVAOG. That means that “customers” from the many branches of the Pentagon invite OWNSAVAOG and his crew to act like our country’s shadowy enemies (from the living-in-his-mother’s-basement code tinkerer to a “well-funded hacker who has time and money to invest in the effort”), attempting to slip in unannounced and gain unauthorized access.

As CIO you hold one of the most important executive positions in your company. And, to lead successfully, you must earn the respect of both the business and your information technology organization. But earning the respect of application development professionals is no easy task: The CIO position has been a revolving door as of late and many application development professionals have become cynical.