So cloud computing is one of the current buzzes going around. So the idea is that you move your content and have services delivered over the Intertubes. There are the obvious benefits for an organisation, scaleable on demand services, possible reductions in cost, and someone else takes care of all the headaches.

Lots of companies have been doing this for a while, such as the likes of Message Labs and their offering of mail filtering in the cloud, and it is a good efficient service. Now more and more people are jumping on the band wagon, offering storage and various other services. So this is all great right……..?

Well, maybe its just me, and maybe I am miss informed, but it gets me a little worried. So lets take our valuable, business critical information, and hand it over to another organisation offering services over the Internet. So I now have a few quid in my back pocket, and I am a happy chapppy.

Then something goes wrong, some crucial data goes missing, the link goes down, the nightmare could take many forms. Not a problem, you have backups, you have logs to review, your know appopriate access controls are in place. Well turns out, perhaps your business didnt carry out enough verification.

I think alot of companies offering these in the cloud services, may not have the robust controls we know and expect in the enterprise, and when you come to carry out your post incident investigation, you may find your investigation is seriously imparred.

This comes down to not really knowing where your data is stored, who is having access, whats backed-up and when, the list goes on. I guess I am just paranoid, and some may argue there isnt much difference this and standard outsourcing. The important thing is to ensure InfoSec is given due consideration, plan ahead as to how you would handle an event / incident, what resources you will need. Also consider where the data will be stored, where ownership sits, legal implications, compliance and regulatory issues as well has how outages will be handled.

I am sure this all seems obvious to us as InfoSec professionals, however we know that organisations fail to take care of security basics like OS and applications patching.

Over recent months Adobe have had several issues with Reader vulnerabilities, and have caused organisations no end of issues testing and deploying the updates.

Now Adobe have decided they need to take a similar approach to Microsoft and release routine updates, and they plan to do this on the 2nd Tuesday of each quarter, starting this summer.

The Adobe Reader issue sparked “a lot of conversation internally at Adobe from executives to testers and developers” and ultimately led to the permanent changes to Adobe’s software security approach, Arkin said. “Everything from our security team’s communications during an incident to our security update process to the code itself has been carefully reviewed,”

Read the Adobe and Microsoft Blogs to read more from the source.

Personally I think this is a good thing, I know we all laugh and joke about patch Tuesday, but at least its a reasonable approach to security patching, and its working, so I think Adobe have alot to gain from working with MS on this. I also think in some way it can make our job a little easier, as we can plan for the releases, or at least expect them.

Many people including myself prefer to run an OS from a USB storage device and not a CD, one of these reason is notebooks.

I currently run BT3 of a USB stick, but BT4 final is only around the corner, and the Remote Exploit guys have released a video of how to get it up and running on USB.

Visit Remote Exploits Website for more info.

Thanks to my good InfoSec buddy Andrew Waite of InfoSanity, he prompted me to have a play with Nepenthes (Honeypot?).
So I setup a Debian VM and popped into a DMZ and went about installing Nepenthes.

Debian took about 20 mins to install (I took the minimal download updates as it installs option), then I went with the precompiled / built option.
Again this was straight forward and was up and running in no time. Had some issues getting Nepenthes running after a reboot and finding the appropriate config files (Andrew to the rescue again).

Anyway once up and running, 9 mins passed (I thought it would be less) I am already getting activity. I got hit with W32.spybot.worm and W32.virut.h. I searched the hashes on Virus Total, so they were nothing new, but you will see Andrew has found some interesting results, but hes had it running a fair while. You can see whats going on by reviewing the log files, and looking at the binaries (viruses) that have been intercepted

Great to have a mess around and see how these things work, and just prove it doesnt take long after connecting to the Internet to get owned 🙂
I think there is also value to deploying a honeypot within your corporate environment as another layer of detection to identify internal Malware floating about.

For those who are Linux adverse there are some Windows Honeypots like HoneyBOT, I have not tried these myself, but it might be worth a look.

What is Nepenthes?

I am aiming to attend BruCON this year, so hopefully see some of you guys around, heres what its all about:

BruCON aims to become the best and most fun hacking (*) and security event in Belgium and W. Europe offering a high quality line up of speakers, opportunities of networking with peers, hacking challenges and workshops. Organized in Brussels, BruCON is an open-minded gathering of people discussing computer security, privacy, information technology and its cultural/technical implications on society. The conference creates bridges between the various actors active in computer security world, included but not limited to hackers(*), security professionals, security communities, non-profit organizations, CERTs, students, law enforcement agencies, etc…

Topics of interest include, but are not limited to :

– Electronic/Digital Privacy
– Wireless Network and Security
– Attacks on Information Systems and/or Digital Information Storage
– Web Application and Web Services Security
– Lockpicking & physical security
– Honeypots/Honeynets
– Spyware, Phishing and Botnets (Distributed attacks)
– Hardware hacking, embedded systems and other electronic devices
– Mobile devices exploitation, Symbian, P2K and bluetooth technologies
– Electronic Voting
– Free Software and Security
– Standards for Information Security
– Legal and Social Aspect of Information Security
– Software Engineering and Security
– Security in Information Retrieval
– Network security
– Security aspects in SCADA, industrial environments and “obscure” networks
– Forensics and Anti-Forensics
– Mobile communications security and vulnerabilities
– Information warfare and industrial espionage.

For more info:
http://www.brucon.org/