2009
Open Patch Management Survey
Rich Mogull (who’s stuff I really quite dig) has launched an ‘Open Patch Management Survey’ via the SecurityMetrics blog. Its an interesting idea, and they plan to release both their analysis *and* the raw data, which might be really insightful for our VMS stuff. Corporations can take the SurveyMonkey survey at http://www.surveymonkey.com/s.aspx?sm=SjehgbiAl3mR_2b1gauMibQw_3d_3d, and there’s some nice material already available at http://securosis.com/projectquant. Here’s the rest of Rich’s message (pls forgive the cross-post): Our goal…
How Good Companies Fail..
In early 2002 i recall reading and falling in love with Jim Collins book: “From good to Great“. I recall being so excited by some passages that i typed out whole paragraphs and sent them around to the rest of the office.. For my last birthday Deels got me Collins other book “Built to Last: Successful Habits of Visionary Companies“. It seems as if he has done it again, with…
Apple gets some clue points?
At [DeepSec] last year i had the pleasure of hearing Ivan Krsti? speak. While some of his arguments had (small) holes in them (which the audience were quick to pounce on), he raised the ugly fact that people like me like to ignore.. That some of us spend a lot more time thinking of elaborate ways to break stuff than we do designing less breakable stuff.. I think for most…
Episode 9 of the ITSecurity Pubcast..
Yvette Du Toit (E&Y – UK/ZA) featured on the latest ITSecurity Pubcast and spoke about her role in CREST. SensePost were invited along, and i showed that while i have a face for radio, i do not have the voice for it.. Ahh.. some day ill find my niche.. Till then, you can listen to the pubcast [here] and SensePosters can grab the mp3 [here]
Zappos number 1 priority
[Zappos.com] is one of those companies people love to write about. They make headlines for their use of new media and their CEO (Tony Hsieh) is as .com legendary as one gets.. (he sold LinkExchange in 1998 for $265 million and under him zappos went from $1.6 million in sales (2000) to $840 million in sales (2007)). He recently gave a talk at the [Web 2.0 conference]. He talks about…
Chris Eng 1 – 0 Verizon DBIR Cover
Chris Eng over [at the Veracode blog] documents how he approached, and decoded the info behind the [2009 Verizon Data Breach Investigations Report ] Its an interesting read, and although in the end it turned out to be just a [Vigenère cipher] and fell to (effectively) a [known plaintext attack], its def. worth the few minutes it will take to read..
Virtualization as an answer to backward compatability?
Part of the problem Microsoft bumped into with Vista, was hordes of people who had grown too attached to XP.. It seems they learnt their lesson (and found a cheap way to maintain backward compatability without having to keep legacy code forever). [XP with SP3 as a virtual-pc virtual machine within Windows 7] We thought we had problems classifying client side bugs that required user intervention (remote? local?), what happens…
BiDiBLAH Case Study (Part 2)
With our recent release of BiDiBLAH 2.0, we’ve decided to revisit some real world scenarios, and ways BiDiBLAH can deal with it… Herewith, part 2. All the scenarios can be downloaded from the BiDiBLAH home page. Scenario: We have a class B network internally. Many of the users run FTP servers on their machines. We do not allow this – but how do I identify these machines? Solution: Using BiDiBLAH,…
SPUD reminder(s)
After some queries regarding SPUD, I thought it would be a good idea to blog this reminder: * Spud can only be run as an administrative user. * Spud cannot be run by directly accessing the .exe. You should run SPUD from the shortcut provided. The reason being: SPUD cannot start from the \bin directory, but only from the \bin parent directory. (default: Program Files\SensePost SPUD). I.e, run “bin\SPUD.exe” from…
The power of data
We recently introduced some neat blizzards onto a PoC Broadview client. On tha back of Conficker, our Broadview Dashboard sports a couple of instantly available blizzards that show: 1. How many machines, on all scans for the last 10 days, have patch MS08-067 missing 2. How many machines do not have SMS Agents, EPO Agents or Any AV installed 3. And without too much hassle one can quickly see where machines…