Mark Baggett - In Depth Defense

http://pauldotcom.com/2009/11/authentication-bypass-in-gina.html

Maybe not, but its pretty cool!

Originally posted on http://pauldotcom.com/2009/08/tcp-frament-evasion-attacks.html By: Mark Baggett I recently read a very good article on tuning Snort's Stream5 preprocessor to avoid "TCP Fragment Overlap" attacks. It's a great article, but the wording confused me. I thought to myself, "TCP Fragments, that must be a mistake. The TCP Header doesn't have a 'more fragments bit', a 'fragment offset' or anything to support fragmentation. How can there be any TCP fragments?"   Typically when we talk about fragmentation attacks we think about Layer 3 attacks. Attackers manipulate the IP packet headers to pull off various insertion and evasion attacks. Examples of layer3 attacks include overlapping fragment attacks and temporal evasion (host reassembly timeout evasion). These attacks are explained pretty well in an article titled "Evading NIDS, revisited" . So what is TCP or Layer 4 "fragmentation"? Really, its ov...

I'm joining the guys at Pauldotcom. They have invited me to post my blog entries on their site. As posts go up on their site I'll provide a link to them here and I'll post some less technical notes here. I'm pretty excited about the opportunity to work with those guys and looking forward to it.

A while back I assisted the FBI in the collection of evidence of a now convicted sexual offender. The guy had a hard drive full of child porn. My customer had suspicions that an employee in a remote office was accessing inappropriate material on their work computer and asked that I investigate it remotely. After finding one photo of a very young girl among a collection of "normal" porn and discussing it with my customer, I immediately dial my contact with the FBI. (Good contacts are ESSENTIAL don't wait until you need them to try and make them.) Although the young girl was clothed in the picture I saw, the lingerie and pose she was in was very disturbing and you just knew you didn't want to see anything else. At that point I froze; anything else that was touched remotely was altering and potentially destroying evidence on the remote drive. Within an hour the FBI was at the office. He used my machine and the access I had gained to briefly verify the contents...

Check out this article.. http://www.cio.com/article/102751/Your_Guide_To_Good_Enough_Compliance?page=5&taxonomyId=1419 What is "Good enough Compliance?" You either ARE complaint or you ARE NOT. Its a switch. The article should be a guide to "Good enough security". Good security is no the same a being compliant. I would much rather have good security then being compliant with any given regulation. But good security often covers many of the security requirements outlined in compliance standards. Two things caught came to mind reading the article. 1) Don't trust Sony Pictures with any personal data or credit card information. 2) How many data breaches are REALLY happening? What does this paragraph suggest? "According to Behnam Dayanim, a privacy attorney with Paul, Hastings, Janofsky & Walker, state security breach notification laws are among the most frequently ignored types of security regulation. About 35 states have passed security brea...

"Just after midnight on Thursday, April 9, unidentified attackers climbed down four manholes serving the Northern California city of Morgan Hill and cut eight fiber cables in what appears to have been an organized attack on the electronic infrastructure of an American city. Its implications, though startling, have gone almost un-reported." http://perens.com/works/articles/MorganHill/