web-archive-net.com » NET » S » SHORTINFOSEC.NET

Total: 84

Choose link from "Titles, links and description words view":

Or switch to "Titles and links view".
  • Information Security Short Takes: SQL Server Bulk Import - BCP HOW TO
    fraud 7 GPS 1 How To 29 Incident Management 7 information security 194 information strategy 78 Instant Messaging 2 malware 1 microsoft 9 Network security 22 penetration testing 38 Physical security 4 privacy 21 SLA 6 software development 14 Solution building 34 steganography 2 Templates 2 training and certification 4 trojan 1 windows 6 Site Meter BlogCommunities SQL Server Bulk Import BCP HOW TO A lot of people using the free MS SQL Server 2005 Express hit a brick wall when they try to import data into the created database Here is a tutorial with video demo included on how to use the command line BCP tool to import data into MS SQL Server 2005 Express During an analysis i conducted in the past days I also found out the hard way that MS SQL Server 2005 Express does not have a GUI based Data Transformation Services The only thing it does have is a BCP command line tool So here is a step by step tutorial how to use the BCP tool and not give up on an otherwise good and free product The data I am importing data collected by tcpdump I stored the data into a CSV file data csv a text file with a comma delimiter Here is a sample row 16 10 176 1 105 NULL 10 176 1 254 NULL NULL 64 17 12 2007 19 20 52 520 PING Req NULL Creating the database Log in with the command line sql tool sqlcmd and use the following set of commands to create the database and table for storing of imported data sqlcmd S ATLAS SQLEXPRESS create database data analysis go use data analysis go create table data import No packet int NULL Src Logical varchar 255 Src Port varchar 255 Dest Logical varchar

    Original URL path: http://www.shortinfosec.net/2008/05/sql-server-bulk-import-bcp-how-to.html (2016-04-28)
    Open archived version from archive


  • Information Security Short Takes: IP Spoofing Attack in the real world
    audit 1 biometrics 1 Blog carnival 8 business continuity 9 competition 2 Computer security 42 Databases 3 disaster recovery 2 encryption 13 forensics 11 fraud 7 GPS 1 How To 29 Incident Management 7 information security 194 information strategy 78 Instant Messaging 2 malware 1 microsoft 9 Network security 22 penetration testing 38 Physical security 4 privacy 21 SLA 6 software development 14 Solution building 34 steganography 2 Templates 2 training and certification 4 trojan 1 windows 6 Site Meter BlogCommunities IP Spoofing Attack in the real world The guest post on IP Spoofing was well visited and caused a lot of interest One may expect that a lot of visitors actually thought that IP spoofing is a great way to cause a bit of commotion and try out as hackers The reality of the internet is actually quite different First of all IP spoofing has been around for decades and has been the cause of a lot of quite nasty attacks to high profile targets Most serious ISP s do not want to be related to IP spoofing attacks and are implementing measures to contain IP Spoofing attacks originating from their networks The containment measures are implemented on their firewalls and routers The basic logic of this protection is this A Firewall is aware of the networks to which it connects so it can control source addresses For example a demo firewall has 5 interfaces A connecting to network 10 1 1 x B connecting to network 10 2 1 x C connecting to network 10 3 1 x D connecting to network 10 4 1 x outside connecting to the rest of the world internet It is expected that any traffic coming on interface A will have a source address of 10 1 1 x If it doesn t it s most probably an IP spoofing attack and will be dropped The only interface that cannot apply such logic is the outside interface since it connects the firewall to the rest of the internet But the outside interface can have another protection which protects against loop IP Spoofing attacks That means that the outside interface cannot see incoming packets with source addresses from a network that is on any of the inside interfaces Routers have a bit more complex mechanism since a router can have traffic from multiple networks arriving on any of it s interfaces They use uRPF unicast Reverse Path Forwarding which analyzes whether the packet s source address comes from a network that is known in the routing domain of the router So in reality most IP spoofing attempts will be destroyed on the ISP s network But these protection measures are not perfect and there are networks which are still not controlling IP spoofing An aspiring hacker can do significant damage at networks such as University networks apart from the large universities with dedicated IT staff the netadmins of most universities are the teaching assistants of computer science And they don t really make

    Original URL path: http://www.shortinfosec.net/2010/01/ip-spoofing-attack-in-real-world.html (2016-04-28)
    Open archived version from archive

  • Information Security Short Takes: Summary of IP Spoofing
    of the IT Disaster Recovery Test Internet Security Categories antivirus 2 audit 1 biometrics 1 Blog carnival 8 business continuity 9 competition 2 Computer security 42 Databases 3 disaster recovery 2 encryption 13 forensics 11 fraud 7 GPS 1 How To 29 Incident Management 7 information security 194 information strategy 78 Instant Messaging 2 malware 1 microsoft 9 Network security 22 penetration testing 38 Physical security 4 privacy 21 SLA 6 software development 14 Solution building 34 steganography 2 Templates 2 training and certification 4 trojan 1 windows 6 Site Meter BlogCommunities Summary of IP Spoofing If you are using any sort of IP based filtering within your application then you need to evaluate how IP spoofing attacks affect your security controls In order to make a fair evaluation you will need a basic understanding of IP spoofing attacks Let s look at two different scenarios Scenario 1 Attacker wants to spoof an arbitrary IP address and the attacker is not on the same subnet broadcast domain as the targeted IP address Example attacker is 1 2 3 4 and wishing to spoof 4 5 6 7 Scenario 2 Attacker wants to spoof an IP address of someone on his own subnet broadcast domain Example attacker is 192 168 1 55 and wishing to spoof 192 168 1 58 assuming subnet of 255 255 255 0 Scenario 1 The attacker can create forged TCP packets and modifies the source IP address to be any value One tool that can do this is HPING2 What can you do Send an initial TCP packet with any source IP address Send a series of UDP packets with any source IP address Send a series of unrelated TCP packets from the same or varying IP addresses What can t you do Receive any responses to your forged messages The responses if sent would go to the forged IP address Send a string of related TCP packets e g reconstruct an actual TCP exchange This is because you can t complete the handshake or guess the necessary information to continue the TCP connection Scenario 2 The attacker can perform a variety of attacks to forge or take over the IP address on the same subnet Attack Options Simplest Statically define your IP address to the target IP address Switch your MAC address to the MAC address of the current NIC for the target IP address and attempt to assume control of IP Execute man in the middle attack via arp spoofing see tool Cain Abel and then gain control of user s unencrypted transmissions You could likely modify or redirect traffic to accomplish your original spoofing goal What can you do Assume control of the IP address Note This means you can send receive valid data using the targeted IP address as your own It does not grant you access to existing sessions that the user had with any websites because you don t have the user s session cookies What can t you do

    Original URL path: http://www.shortinfosec.net/2009/12/summary-of-ip-spoofing.html (2016-04-28)
    Open archived version from archive

  • Information Security Short Takes: Fighting Enterprise Software Vendor Lock-In
    11 fraud 7 GPS 1 How To 29 Incident Management 7 information security 194 information strategy 78 Instant Messaging 2 malware 1 microsoft 9 Network security 22 penetration testing 38 Physical security 4 privacy 21 SLA 6 software development 14 Solution building 34 steganography 2 Templates 2 training and certification 4 trojan 1 windows 6 Site Meter BlogCommunities Fighting Enterprise Software Vendor Lock In Large enterprises rely on software products And as everything else in large enterprises the software products are large complex cumbersome and nearly unchangeable This last attribute is better known as vendor lock in Software vendors love vendor lock in Here is a definition borrowed from Wikipedia Vendor lock in also known as proprietary lock in or customer lock in makes a customer dependent on a vendor for products and services unable to use another vendor without substantial switching costs The problem Vendor lock in exists in most large enterprise industries like Telco Healthcare Finance Energy Such industries rely heavily on certain computer systems or software products usually dubbed Core Systems Because most of the business transactions logic and information are stored and processed by these Core Systems the transition to a different Core System vendor is extremely costly and time consuming So most large enterprise companies simply continue to operate with the same Core System vendor while they suffer delays in patch or version delivery poor quality product versions inadequate compliance from the Core System to their local law and regulation ever increasing maintenance costs On the other hand switching to another Core System vendor will result in probably the same end effect with the added costs of the switchover The solution So is there a way to improve your position Indeed there is but with a radical move there is only one thing that any

    Original URL path: http://www.shortinfosec.net/2010/01/fighting-enterprise-software-vendor.html (2016-04-28)
    Open archived version from archive

  • Information Security Short Takes: Software vendor relationship - can you make it better?
    when servicing desktop equpment Fuzzing with OWASP s JBroFuzz Mitigating Risks of the IT Disaster Recovery Test Internet Security Categories antivirus 2 audit 1 biometrics 1 Blog carnival 8 business continuity 9 competition 2 Computer security 42 Databases 3 disaster recovery 2 encryption 13 forensics 11 fraud 7 GPS 1 How To 29 Incident Management 7 information security 194 information strategy 78 Instant Messaging 2 malware 1 microsoft 9 Network security 22 penetration testing 38 Physical security 4 privacy 21 SLA 6 software development 14 Solution building 34 steganography 2 Templates 2 training and certification 4 trojan 1 windows 6 Site Meter BlogCommunities Software vendor relationship can you make it better Your company bought a corporate software solution Your teams tweaked modified and tested to get it up to your requirements Now you just continue to use it for the next 20 30 years without problems Right Well not quite The marriage between a corporation and a software vendor has a tendency of turning ugly as time passes and here is why Software Vendor Greed You are tied up into maintenance and upgrade contract with a yearly fee And lately the largest software vendors are increasing these fees as new sales are dropping The latest example are SAP and Oracle and they are actually blaming it on Inflation Here is a great article on this tendency http blogs zdnet com BTL p 9717 Customer treatment After a corporation has migrated it s core data into the new software and sufficient delta time has passed to make the reverse migration into the old system impossible usually 3 6 months the software vendor relaxes He know that the customer is his for the foreseeable future since migration back or to another system is way too costly in time money and human effort So the software vendors becomes less responsive focuses on new deals and in extreme cases even becomes outright arrogant Software Quality Failures What initially seemed like a minor issue can grow into a big ugly monster of a bug as the dataset grows or as errors creep into the system And the software vendor may choose not to address the core problem simply because it is too costly or not really possible to be fixed without a full overhaul So what usually happens is that your company ends up throwing ever more powerful hardware at the problem in the hope that raw speed will help alleviate the issues So is there a way to kick the software vendor where it hurts and make them work as good as the first time they sold a solution There is no silver bullet solution but the following suggestions can help a lot Put a big stick in the purchase contract Include software issues resolution time and change request reply times bound with severe penalties in the original purchase contract This way all you need is to enforce this SLA every time the software vendor slips Pretty soon the software vendor will have to

    Original URL path: http://www.shortinfosec.net/2008/08/softvare-vendor-relationship-can-you.html (2016-04-28)
    Open archived version from archive

  • Information Security Short Takes: Paying for Software Support - When to do it?
    Recovery Center Location Avoiding security complications when servicing desktop equpment Fuzzing with OWASP s JBroFuzz Mitigating Risks of the IT Disaster Recovery Test Internet Security Categories antivirus 2 audit 1 biometrics 1 Blog carnival 8 business continuity 9 competition 2 Computer security 42 Databases 3 disaster recovery 2 encryption 13 forensics 11 fraud 7 GPS 1 How To 29 Incident Management 7 information security 194 information strategy 78 Instant Messaging 2 malware 1 microsoft 9 Network security 22 penetration testing 38 Physical security 4 privacy 21 SLA 6 software development 14 Solution building 34 steganography 2 Templates 2 training and certification 4 trojan 1 windows 6 Site Meter BlogCommunities Paying for Software Support When to do it For a long while the MySQL Database Server is the choice of start up developers Since it can be used under the GPL model it seems free to use it But is there a point where one would pay for MySQL Here is an analysis of the conditions under which it would be wise to invest in software support through the example of MySQL The popularity of MySql is mainly due to it s seamless use with web applications which is closely tied to the popularity of PHP which is often combined with MySQL Also it is quite often deemed a cheap solution since it can be freely downloaded and installed since it can be used under the GNU General Public License GPL license So do you need to pay anything with MySQL While the first answer is no since you can use it under the GPL license any serious user will soon have a wealth of information stored in a MySQL Database Here is an analysis based purely on costs of licenses vs value of information A common misconception based on simple

    Original URL path: http://www.shortinfosec.net/2009/01/paying-for-mysql-when-to-do-it.html (2016-04-28)
    Open archived version from archive

  • Information Security Short Takes: HP Racist Webcam - Facial Recognition Far From Perfect
    2012 8 July 1 June 1 March 1 February 1 January 4 2011 16 December 1 September 1 August 2 July 1 June 6 May 3 March 1 January 1 2010 47 December 2 November 7 October 8 September 6 June 1 May 1 April 2 March 13 February 1 January 6 2009 70 December 13 November 17 October 4 July 1 June 2 April 6 March 8 February 9 January 10 2008 130 December 5 November 4 October 3 September 2 August 20 July 27 June 25 May 15 April 18 March 1 February 4 January 6 Alexa Rank Follow me on Twitter Recent Posts Maintaining quality in outsourcing telco services Engaging a team for a security analysis Hacking Virtual Machines Part 1 Sniffing Mac Antivirus Staying careful and safer Steganography Passing through the defenses Choosing a Disaster Recovery Center Location Avoiding security complications when servicing desktop equpment Fuzzing with OWASP s JBroFuzz Mitigating Risks of the IT Disaster Recovery Test Internet Security Categories antivirus 2 audit 1 biometrics 1 Blog carnival 8 business continuity 9 competition 2 Computer security 42 Databases 3 disaster recovery 2 encryption 13 forensics 11 fraud 7 GPS 1 How To 29 Incident Management 7 information security 194 information strategy 78 Instant Messaging 2 malware 1 microsoft 9 Network security 22 penetration testing 38 Physical security 4 privacy 21 SLA 6 software development 14 Solution building 34 steganography 2 Templates 2 training and certification 4 trojan 1 windows 6 Site Meter BlogCommunities HP Racist Webcam Facial Recognition Far From Perfect On the 10th of December a tongue in cheek demo of a failure of a HP webcam was published on YouTube The video shows the failure of a software which is designed to recognize the speakers face and react so it is always centered

    Original URL path: http://www.shortinfosec.net/2009/12/hp-racist-webcam-facial-recognition-far.html (2016-04-28)
    Open archived version from archive

  • Information Security Short Takes: Hacking Rapidshare Premium Access at Your Own Risk
    Engaging a team for a security analysis Hacking Virtual Machines Part 1 Sniffing Mac Antivirus Staying careful and safer Steganography Passing through the defenses Choosing a Disaster Recovery Center Location Avoiding security complications when servicing desktop equpment Fuzzing with OWASP s JBroFuzz Mitigating Risks of the IT Disaster Recovery Test Internet Security Categories antivirus 2 audit 1 biometrics 1 Blog carnival 8 business continuity 9 competition 2 Computer security 42 Databases 3 disaster recovery 2 encryption 13 forensics 11 fraud 7 GPS 1 How To 29 Incident Management 7 information security 194 information strategy 78 Instant Messaging 2 malware 1 microsoft 9 Network security 22 penetration testing 38 Physical security 4 privacy 21 SLA 6 software development 14 Solution building 34 steganography 2 Templates 2 training and certification 4 trojan 1 windows 6 Site Meter BlogCommunities Hacking Rapidshare Premium Access at Your Own Risk A lot of people on the internet have become frustrated by the rapidshare free limitations and wished that they have a premium account Well you actually can have such an account but it may come at an unexpected cost Just use a rapidshare premium link generator service One of those services is Rapid Premium To log in just use the public public credential and go to the download section In the text box paste the URL of the public access rapidshare link to the file you wish to download Rapid Premium will use the stolen credentials and create an URL for you that will use a borrowed Rapidshare Premium account As a simple test I logged on to the service from an isolated virtual machine and downloaded a small text file The test was performed with a our own file to limit possible malicious code from rapidshare The file got downloaded faster and the MD5 hash

    Original URL path: http://www.shortinfosec.net/2009/12/hacking-rapidshare-premium-access-at.html (2016-04-28)
    Open archived version from archive