Looking at a couple of tools I found on the web CGIProxy and PHProxy it seems to me that content based blocking by companies becomes a bit pointless, as you can put one of these scripts on a home PC on a DSL/cable modem connection and bypass anything which blocks based on URL, unless you use a "everything not explicitly allowed is denied" setup, which is kind of a hard sell in most companies.
Additionally, if you access these over a SSL connection, any proxies or content checkers won't see anything apart from the original URL so content scanning wouldn't work either...
Just goes to show, open one port on a firewall and be prepared for the fact that almost any content can come through....
Over at cryptome.org there's a page - British Military Intelligence Website Hijacked
Looks like the MOD forgot or didn't want to renew the DNS for intelligencecorps.co.uk!
As a result someone in the US (cryptome say that it's a former british agent, not sure where that info. comes from) has registered the domain, and will be getting e-mails sent by people using the Intelligence Corps part of the mod site... (as well as any other mail that may be sent to that domain!!)
DNS management.. It's important!
SecurityFocus HOME Infocus: How ITIL Can Improve Information Security
Internesting article on ITIL and InfoSec.
Martin McKeay's Network Security Blog: KYE Trend Analysis
An interesting entry over at Martin McKeay's blog covering the info. from the Honeynet Project about trends seen in compromise of systems on the Internet from their research..
Looks like Linux systems are getting harder to compromise out of the box, while the time to compromise windows systems goes down..
Hopefully the windows time will go up as more machines ship with SP2 on by default (thus giving the user enough time to get the patches, before they're compromised)
Interesting article at SecurityFocus SecurityFocus on new tools which are available, which can crack WEP keys much more quickly than you'd expect based on their key length...
Time to start using WPA!
Not really security related at all, but I thought I'd post about a really cool media player I've been using recently on Linux... Amarok has many cool features, but the ones I like best are..
- Catalogues all your songs reading all the tags and sorting by artist
- Cover manager, automatically grabs the covers for the CD's from amazon
- Nice statistics down the left side with things like "other albums by this artist" and "most popular song"
- looks really nice...
HNS - Sarbanes-Oxley: An Opportunity for Security Professionals
This is a quite interesting article presenting Sarbanes-Oxley as an opportunity for Information Security teams to prove their worth to businesses.
BBC NEWS | Business | 'Chip and pin' security warning
Interesting article over at the BBC where Ross Anderson (author of the excellent "Security Engineering") is questioning the security of the new (in the UK) Chip and PIN rollout.
He makes an interesting point, which is that if crooks can create fake readers they can set up business and use them to gather credit card details...
Now I'd like to think that this shouldn't be possible (or at least easy), I'd have expected something like a mutual authentication between card and reader or something like that to mitigate this kind of attack, however the quote on the story from the representitive of the Chip and PIN companies doesn't make me feel too comfortable
"We don't think they can use fake machines because the machines themselves are engineered to read the chip so they must be reading the chip very carefully. That makes the transaction itself extremely secure."
Now that kind of implies to me that they're relying on the difficulty of creating a reader to protect the card details, I really hope there's more to it than that, because we've been shown that that kind of protection doesn't last...
Massive IE phishing exploit discovered - ZDNet UK News
Well if anyone needed another reason to avoid using Internet Explorer, I think that this vulnerability provides it.
If you have a look at the demonstration at secunia you get a very scary (if you're responsible for the security of an e-commerce site) demonstration.
As far as I can remember, this is the first vulnerability I've seen where the SSL padlock is useless as an indicator of what site you're on, with the closest phishers have got in the past being graphical representations of the toolbar which were far from flawless.
The reason this is scary, is that if you look at the advice given by many banks and e-commerce sites, checking the SSL certificate via the padlock plays a major part in confirming you're on the right site, so now if a customer gets caught by this there's almost nothing they can do to tell they're on a fake site...
nasty....