Saturday, June 28, 2008

Hear Your Bog: Really Cool !

Hi Folks, so far you've just read my blog. Right now, you can hear it and doing something else !
It's easy and fast just click on the following icon:

A new pop-up window comes out and a robotic voice will read the clicked post. I just wanna say thank you VozMe !

DecaffeinatID: small and fast IDS.

HI folks, I discovered this tool during a Windows PC configuration for a man. He wanted use his own PC in coffe bars and in a public places using WiFi technologies. He has worried about security because he known something about wireless' (in)security. So surfing on web I discovered this extremely easy, fast and lite IDS (or maybe it's better to say: "LOGS watcher" ) called DecaffeinatID.
It has 3 main capabilities :

1) Arp Watcher. It looks inside the windows ARP table and alerts you when the mac address of your gateway change.

2) Security Log's Watcher. If someone is attempting to your host security, fighting whit the host's security policies, the Security Log will change and DecaffeiatID sends an alert to you.

3) Firewall Log's Watcher. Agin, if something strange happen, where strange means against your firewall rules, it's able to look into firewall logs showing up what's going on.

I'm glad to have founded that software, I know it's not complete and powerful such snort (or similar) but it's really fast to use, pretty much intuitive; to configure-it look here, and light for the system resources.

Monday, June 23, 2008

What is A BLOG ?

Hi Folks, I know this is not a security stuff, but it's so funny !
Ok, lemme say the question is: " how to explain what is a blog to your grandma ? ". How you gonna explain to her in a conventional way, term that can easily make her understand? Common Craft has came out a video that help you to explain what is a blog to your grandpa ..

Tuesday, June 17, 2008

Analyze Logs.

Everybody knows that after an incident the most useful work is to analyze the logs. This works is pretty hard and extremely long especially if you wanna read directly the generated logs from the various applications, like for example Apache, MySQL, SySLog, and so forth. So it's useful having an interpreter tool able to generate more human readable reports from applications logs. You might find lots of these tools around the net, some of these have a nice graphical interface like "Apache Log Analyzer" for OSX

Others have just a horrible text interface but can analyze different kind of logs from many applications. Today I wanna point out LIRE, one of my favorite log Analyzer.This tool permits the creation of several reporting formats, including html, pdf, xml, .. ... .. ect. ect.. It also permits to analyze many log file formats, which include MySQL, Iptables, BIND, Apache, Qmail, Postfix, Syslog and more. It has been deveploped in Perl and I recommend you to install all the dependence modules with CPAN (type "perl -M CPAN -e shell" on the command line as root).

I just wanna remember that every log found inside the compromised machine cannot be asserted as safe, because the attacker may change each entry of the log file. For this reason I suggest to implement a remote log system as SysLog. It's native (on Linux System) easy to implement and really fast. Set up on the machine IP1 syslog (probably you will find it under /etc/init.d/syslog start or just syslog -r). Then edit the /etc/syslog.conf on the monitored machine IP2 as follow:

auth.*; authpriv.* @ip1

Last but not least remember the machine which logs must be able to receive message from the LAN, so if you've set up some iptables, look out.

SQL injection will be more and more easy ?

Yes folks, I think the title of this post is right.
IBM(R) has published his new "Database Connectivity for Javascript" which allows Web clients to have directly access to server side data base. Here it is from IBM(R):

What is Database Connectivity for JavaScript?
IBM® Database Connectivity for JavaScript™ is middleware that enables Web clients to directly access server-side relational data without compromising enterprise security.
On the client, IBM Database Connectivity for JavaScript consists of a JavaScript API and library that can be used by Web applications without special browser plug-ins. On the server, the IBM Database Connectivity for JavaScript gateway, written in PHP, is an adaptor layer that mediates between IBM Database Connectivity for JavaScript and relational databases and provides functions such as operation forwarding and security. Web 2.0 applications can thus use IBM Database Connectivity for JavaScript to access relational data as a first-class construct instead of through ad hoc protocols. [..]

Well, actually I'm wondering: “Directly access” without compromising “enterprise security” ?? Isn't there something strange ?? Control layer on my Firebug, hemmm I wanna say .. on my bowser ? Do you really trust that ? :)

Thursday, June 12, 2008

Intrusion Prevention System: FAKE Television

Do you need a physical IPS ? Would you like to sleep stressless ? Maybe this is a good tool for you .. .. .. .. directly from FakeTV a true Television (light) simulation.

Or maybe not ...... Actually I think: Why not just leave a real television on? :)

Is Data Loss Prevention Really Possible ?

Hi folks,
today I'd like to suggest this interesting short article.
Could be possible to prevent what you don't know ? That's amazing !!