Alexander’s Blog

The White House has chosen an industry information security specialist as its cybersecurity chief, an official said Monday, filling a job that has had no permanent director for a year.

Greg Garcia will be nominated later this week as the Department of Homeland Security’s assistant secretary for cybersecurity and telecommunications, said a department official who spoke on condition of anonymity because the announcement had not yet been made. He will replace acting cybersecurity director Donald “Andy” Purdy Jr., who is a two-year contract employee on loan from Carnegie Mellon University in Pittsburgh.

The cybersecurity job was created in July 2005, but department officials have struggled to find candidates willing to take significant pay cuts from industry jobs to fill it. Click here for more information.

David Kierznowski recently released this ASP Auditor tool which allows you to identify ASP.NET servers that are configured incorrectly or are vulnerable. The tool is a beta tool and the current version is 1.0.

Usage: ./asp-audit.pl (opts) [host] [port]

(opts)
-h these usage instructions
-b brute force ASP.NET version using JS Validate directories
-m match against fingerprints
-v verbose messaging

The tool can be downloaded here. Samples of usages are available here.

Apple has released the latest version of iTunes. Among other new features, iTunes version 7 now lets you buy Disney films from the iTunes Store. You can download the movies, watch them on your PC or Mac, and even sync them to your iPod if you want. The price for Disney library titles ranges from $9.99 to $14.99. You can pre-order movies before they are released and iTunes will let you know when it’s time to download them. You can even watch the movie while it is downloading.

You should expect the movie quality to be close to the DVD-quality, 640×480 pixels (depending on aspect ratio), good enough for your computer and iPod.

The new version of iTunes also offers the following additional new features.

Cover Flow
Cover Flow allows you to flip through your digital music and video collections.

iPod Games
These cost $4.99 in the iTunes Store.

Download Manager
This gives you much more control on the way you download movies and music. You can download multiple movies or songs and change the order in which they are downloaded.

MoviPod Summaries
This gives you a summary of everything that’s on your iPod.

You can download the new version for Mac or PC here.

The Strider HoneyMonkey Exploit Detection System, as the research project is code-named, was created to help detect attacks that use Web servers to exploit unpatched browser vulnerabilities and install malware on the PCs of unsuspecting users. Such attacks have become one of the most vexing issues confronting Internet security experts.

A traditional method of inspecting attacks against computers has been to provide a “honeypot” server on the Internet. Such servers are intended to provide information about attackers by presenting themselves as targets.

Manual analyses of exploit sites often provide useful, detailed information about which vulnerabilities are exploited and which malware programs are installed. But such analyses do not provide a big-picture view of the problem.

The Strider HoneyMonkey project takes the static concept of a honeypot in a new direction. A “honeymonkey” is a computer or a virtual PC that actively mimics the actions of a user surfing the Web. A series of “monkey programs”, which drive a browser in a manner similar to that of a human user, run on virtual machines in order to detect exploit sites. The browsers can be configured to run with fully updated software, or without specific updates in order to look for exploit sites that target specific vulnerabilities. In this manner, the attacks more likely to impact customers can be analyzed and detected.

At each Web site identified by Strider HoneyMonkey, however, follow-up work is required to identify what kind of exploit exists and how it operates. And much more work is needed to verify and understand the exploit vector. Click here for more information.

Two Moroccan hackers have been jailed for creating and distributing the Zotob worm that squirmed through Windows 2000 networks in August 2005.

According to law enforcement authorities, the online names of both men were found in messages buried in early versions of Zotob and frequently show up in variants of other bot programs, according anti-virus researchers. For example, machines infected by Zotob.A, the original version of the worm, connected to an IRC server called “diabl0.turkcoders.net” and contained the words “Greetz to good friend Coder.”

The Zotob worm exploited a critical flaw in the Windows PnP (Plug and Play) service, a common component that allows the operating system to detect new hardware on a Windows system.

The worm severely affected operations at several high-profile U.S. businesses, including CNN, The New York Times, SBC Communications and DaimlerChrysler. Read more…