Thursday, January 28, 2010

Choosing a Security LiveCD in 2010

A few years ago security oriented live CDs were a dime a dozen, and it was simple to find one that fit your preferred usage models. A few years later, the rolls of the dead, discontinued, or just plain no longer updated include Auditor, Whax, Fire, Knoppix-STD, Local Area Security Linux, and many others.

Along the way, Helix, which a large number of people used went commercial, although at a quite reasonable price.

Now, if you want a good security distribution, your choices are a lot narrower. My default is BackTrack, which is used widely by groups including SANS.

More specialized tools like Ophcrack (a Windows password cracker) remain available, and can help fill out a security toolkit, but the days of huge numbers of distros appears to be over. Most of those that remain can be found linked by securitydistro.com.

Wednesday, January 27, 2010

Browser Fingerprinting Research: the EFF's Panopticlick

The EFF has introduced Panopticlick, a browser profiling tool that will tell you how unique your browser's fingerprint is. This gives you a good idea of how easily your browsing habits might be tracked based on how many other browsers look like yours.

Results are simple: you receive a rating, such as "one in 177 browsers have the same fingerprint as yours.", and you receive detail on how many pieces of information you disclose: "we estimate that your browser has a fingerprint that conveys 7.47 bits of identifying information".

This is accompanied by a table which describes your browser:

I'm looking forward to using this in my security training classes when I talk about fingerprinting, as user agent fingerprinting is something that can be more difficult to explain.

Monday, January 11, 2010

Malware Eye Charts Revisited

During last year's Conficker outbreaks, various Conficker "eye charts" were created to allow quick diagnosis of infected systems. UCLA has now made their DNS changer malware eye chart available.


This chart allows a quick check to see what DNS changes may have been made to your system by DNS changing malware. I think the eye chart concept is great for both technical and non-technical users, as it provides an easy way to quickly diagnose problems.

Thursday, January 7, 2010

Beyond Your Credit Report: My Money Blog and Free Identity Checkup Information

MyMoneyBlog is a well written, frequently updated financial blog that caters to personal finance enthusiasts. Their post today includes a lot of excellent information, starting with free credit report checks, then moving through ChexSystems, medical history, and insurance claims on houses and autos, as well as ChoicePoint tenant and employment history reports. All are free, and they'll help individuals understand how they appear in these frequently used data sources. I'm making a point of adding these to what I call my list of recommended identity checkup items.

An IT Vendor Checklist - Minimum Standards for IT Outsourcing

A co-worker keeps the following handy list of items to request from vendors during IT contract negotiations:

• Require that the vendor operate under security model conformant to a standard such as ISO, COBIT, or PCI-DSS
• Require that the vendor disclose breaches that may materially affect the organization
• The vendor must permit the organization to audit and/or assess their operation, with reasonable advance notice or request
• They must escrow data, possibly in addition to code, in case of supplier insolvency
• And finally, they must destroy data upon termination of services

This short list is easy to hand off to project managers and departments looking for quick advice, and while it doesn't cover every situation, it helps make sure that contracts have reasonable language in them. It can also help spur discussions about why vendors might not be desirable partners.