Archive for April 2006

 
 

How much for that exploit.. ?

For a engineer like me, numbers are like play-doh. But as a security enthusiast, I’m not spoiled with figures on the costs of attacks, exploits and similar. But here are some of the official cases that I’ve come across..

During December, a zero day exploit for the WMF-vulnerability was sold by russian hackers for roughly $4000 a piece

Also in December, a zero day exploit for an undisclosed vulnerability in Microsoft Excel was put for auction at Ebay - the bid reached $59, and had the time to attract 19 offers until it was removed by administrators.

Details of a single credit card is worth roughly $1 (0.83 euros) and details of a a card with a three digit pin for $5. Additional personal information such as social security numbers and similar might add another $100. Accounts with high balance might go as far as $100. I’ve also read somewhere that a single screendump from a banks teller’s terminal, showing account holder information and related facts, is worth about $400

iDefense, a lim of Verisign who performs vulnerability-based services, offers $10000 for un-disclosed vulnerabilities in Microsoft Windows.

Mozilla offers a $500 bug bounty for undisclosed critical flaws.

Microsoft offered $250000 for information leading to the arrest of the Sasser-author.

For $15 you could buy a virus creation kit, from Russia.

April 20th, 2006 | economy, Security | 0 Comments

Rolling your own pre-processor for Snort

BleedingSnort invoked a funky sound from the RSS feed-reader today when they announced the availability of a new anomaly-based preprocessor for Snort, called PortscanAI. The preprocessor uses a neaural network-based aproach to find portscans and should, according to the author, be successfull in detecting slow and carefully performed port scans.

Although that is nice news, I like the documentation provided by the project to be even cooler. One document presents, in a very brief and concise way, how a preprocessor is constructed and introduced in the Snort source. The “hello world” implementation does a great way of highlighting the basic steps, which I hope to go through some day. Another document carefully describes the internals of Snort, with the helps of loads of pictures and diagrams. Not eye candy, but sure as hell tells a couple of thousand words :)

I hope to benefit from these documents once I get my Master thesis going.

April 11th, 2006 | Intrusion Detection, Snort, Security | 57 Comment

Protected: Personal

This post is password protected. To view it please enter your password below:


April 10th, 2006 | Security | Enter your password to view comments

Art


April 6th, 2006 | Security | 0 Comments

Music


April 3rd, 2006 | Security | 0 Comments

Publications

Bachelor of Science Thesis

Storing Sensitive Data on a Mobile Device - An analysis of risks, vulnerabilities and their mitigation

In this thesis, we analyse the risk of storing sensitive data on a handheld device. The
report   aims   to   give   knowledge,   insight   and   understanding   of   these   devices
vulnerabilities,   their   extent   and   magnitude,   possible   consequences   and   mitigating
efforts.   The   results   are   due  to   discussions  of   the  value   of  stored  information,  the
threats   towards   a   given   party   and   these   device’s   vulnerabilities.   The,   for   the
discussion relevant, vulnerabilities are further identified with a storage model. 

Download as PDF

Säkerhet & Sekretess

All articles featured in Säkerhet & Sekretess can be bought at the magazines shoppingcart.
Articles below can be found by choosing my name in the dropdown-menu labeled “författare” (author).

The future - 9 upcoming security trends
Printed title : Det händer imorgon - 9 trender i kristallkulan
Säkerhet & Sekretess - number 4, 2006

Snort - A leightweight intrusion detection system?
Printed title : Snort - lättviktaren bland tungviktarna
Säkerhet & Sekretess - number 2, 2006

From vulnerability to exploit
Printed title : Från lucka till exploit
Säkerhet & Sekretess - number 9, 2005

The swedish police and digital forensics
Printed title : En bit digital brottslighet
Säkerhet & Sekretess - number 8, 2005

Cryptography - A false sense of security?
Printed title : Därför är kryptering inte att lita på
Säkerhet & Sekretess - number 7, 2005

Anomaly-based Intrusion Detection
Printed title : Avvikande beteende triggar nygammal IDS
Säkerhet & Sekretess - number 4, 2005

Vulnerability scanning with Nessus
Printed title : Så nosar Nessus upp dina sårbarheter
Säkerhet & Sekretess - number 2, 2005

April 3rd, 2006 | Security | 0 Comments

From here and forever?

This is my first “real” post to the site using Wordpress. The previous one covered the details on how I converted posts and comments from Sphpblogs file-based aproach, to Mysql used by Wordpress.

It will take some time for me to add the material from the last site here, but I will hopefully have it done this week. If you are looking for something that you can not find, don’t hesitate to contact me, and we’ll solve that.

There will probably be a somewhat different aproach on the site. I will try to have lengthy posts posted like this, and smaller “thoughts” posted as “asides” (look below). We’ll see if that works out though..

Meantime, take care ..

update By the way, the URL to the RSS-feed has changed..

April 2nd, 2006 | System Administration | 1 Comment

Migrating to Wordpress from Sphpblog

Today I finally managed to migrate this site to wordpress. Here’s a rough description of how I did it.

First off, I installed wordpress according to the official documentation. I then modified the original sphpblog2wp script so that it managed to convert the brackets “[]” used by sphpblog to ordinary html. I also added support for sending arguments to the script so that converting my roughly 50 posts wouldn’t be a horrific task. Have in mind that the modified script is very rough (!), but it worked for me.

Here is an example where I convert all posts (and comments) of march 2005,

onesome# php sphpblog2wp-v2.php /usr/local/www/data/content/05/03/
Connecting to MySQL...
Starting run for /usr/local/www/data/content/05/03/...
Resource id #7Post: /content/05/03//entry050317-234712.txt, inserted as ID 125
Resource id #9Post: /content/05/03//entry050317-234829.txt, inserted as ID 126
Resource id #11Post: /content/05/03//entry050317-235559.txt, inserted as ID 127
Resource id #13Post: /content/05/03//entry050317-233547.txt, inserted as ID 128
Resource id #15Post: /content/05/03//entry050101-233547.txt, inserted as ID 129
Resource id #17Post: /content/05/03//entry050323-233501.txt, inserted as ID 130
Resource id #19Post: /content/05/03//entry050328-131750.txt, inserted as ID 131
Resource id #21Post: /content/05/03//entry050330-002739.txt, inserted as ID 132
Resource id #23Post: /content/05/03//entry050322-094353.txt, inserted as ID 133
-- Comment: /content/05/03//entry050322-094353/comments/comment050322-125059.txt, inserted as ID 31
-- Comment: /content/05/03//entry050322-094353/comments/comment050322-132056.txt, inserted as ID 32
Resource id #30Post: /content/05/03//entry050317-233812.txt, inserted as ID 134
Resource id #32Post: /content/05/03//entry050317-234018.txt, inserted as ID 135
Resource id #34Post: /content/05/03//entry050317-234116.txt, inserted as ID 136
Resource id #36Post: /content/05/03//entry050317-234459.txt, inserted as ID 137

I am now running a modifed version of a theme called squible.

April 2nd, 2006 | System Administration, FreeBSD | 0 Comments