InfoSec Philippines

Information Security, Technology News and Opinions

Posts Tagged ‘nmap’

Much ado about Conficker

Posted by Jaime Raphael Licauco, CISSP, GSEC on March 31, 2009

There’s been much hullabaloo about the Conficker worm lately, especially since it’s supposed to phone home to around 500 servers (from a possible 50,000) this coming April 1st. So much so that even the New York Institute of Photography has sent an e-mail warning and telling photographers to back up their files just in case. Microsoft started a group called Conficker Cabal around mid last month that has unfortunately only had partial success, since on March 5th, around a fifth of infected machines updated themselves from variant B to variant C.

I doubt that typical users will get affected by it that much… BUT if you’re an Admin that wasn’t able to patch soon, then you may be in for a long day.

Researchers from the Honeynet Project have released a proof of concept (PoC) to detect the worm by using network scanners. The PoC code can be found at the Computer Science site of the University of Bonn.

Nmap has released 4.85 Beta 5 which contains the Conficker detection logic, and so have Qualys and nCircle.

You can also check out Dan Kaminsky’s personal blog for more info. By the way, his blog has a cool little tool that may detect if your DNS is vulnerable to what he discovered last year (check out this illustrated guide to the vulnerability).

Other Conficker News:
(Computerworld) Researchers exploit Conficker flaw to find infected PCs
(Security Focus) Researchers find way to detect Conficker
(The H Security) German researchers develop network scan for Conficker worm
(SC Magazine UK) Malware expert believes that Conficker author will create a new variant
(SC Magazine US) Conficker detection tool released as D-Day nears

Seminars and Conventions
ISACA Manila will be holding their annual conference with the theme, “IT Governance: Solving the Puzzle” this coming April 14 and 15 at the Renaissance Hotel, Makati City. The conference will have a plenary session on IT Governance topics such as IT Management, IT Security, IT Auditing and IT Risk Management. For more info, check out the ISACA Manila Conference Website, call the Secretariat at (+632) 894-2533, (+63919) 288-4410, or email them at secretariat@isaca-manila.org.

Advertisement

Posted in News, Philippines, seminars | Tagged: , , , , , , , , , , , , , | Leave a Comment »

Using Nmap to detect rogue Wireless Access Points

Posted by Jaime Raphael Licauco, CISSP, GSEC on November 6, 2008

Pauldotcom interviewed Gordon “Fyodor” Lyon (the Nmap dude) back in Sept 24. Check out the transcript of the interview here.

Direct audio download of the show can be found here.

If you use Nmap, Paul Asadoorian, GCIA, GCIH (who started the website), also released a script for the new version of Nmap (4.76) here.

Other wireless tools you can use can be found in the Top 5 Wireless Tools page of the insecure.org site. The likes of Kismet, NetStumbler, Aircrack-ng, Airsnort and KisMac are all there.

I am both amazed and appalled by the current state of wireless security in the Manila area. Although its probably better than when Van Hauser checked it out back in 2004, users still aren’t aware of how dangerous it is to pass off confidential or private information using wireless access points. Back in June 2008, Inquirer posted this on the FBI warning wi-fi users.

Recent articles regarding cracking of Wireless Access Points using Nvidia cards can be found in SCmagazineUK and Heise Security.

A dated (May 2007) blog on WPA cracking might be interesting to you, an even older video (2005) with a really annoying soundtrack can also be found online. You may also want to check this out.

On the lighter side, I found two articles on hacking for smartbro. Here and here. One of which should be reserved for April fools, the other for more adventurous people.

Speaking on wireless security and its problems, here’s a 36 minute video from the IT Briefing Center on
The Evolution of the Wireless Enterprise: Networking in a World Without Wires sponsored by Motorola. It talks about the cost savings of going wireless, additional benefits of going wireless and there’s a case study they cite on using wireless for the healthcare industry.

On a totally different topic, and since I can’t get enough of web app security (aside from security metrics), here’s a 25 minute podcast by Gartner, sponsored by IBM entitled, “Stay Ahead of the Hackers: Strategies to Protect your Web Applications – and Your Organization“.

Gartner also has a 27 minute video on “Using Secure Remote Management to Drive the Convergence of IT Operations and Security Compliance” also from the IT Briefing Center.

Posted in Philippines, Wireless | Tagged: , , , , , , , , , , , , | 2 Comments »