Day 22 - Wiping Disks and Media
The last couple days we talked about getting rid of rootkits, spyware, bots and such. One common suggestion was to "wipe and rebuild". There are other reasons to wipe disks: Are you donating an old computer to charity? Better get rid of that data first! What are your procedures and tricks to quickly and securely erase data. With > 1TB disks on the horizon, the time it takes to erase a disk with "Boot and Nuke" is getting longer and longer.
In particular:
- multiple overwrites? myth or necessity
- physical destruction? shredding? demagnetizing? sledge hammer?
- drive firmware: how do you validate it after a compromise?
- USB disks, SIM cards and other "exotic" media.
- what distance do you keep to the disk on the range to avoid lead backsplatter? ;-)
-----
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Day 23 - Turning off Unused Services
If it's not installed, it can't be exploited. It's as simple as that.
Does IIS really need to be running on that server?
Are you using SNMP to monitor that server?
Is File and Print Sharing (or Samba) necessary for that server to perform it's role?
Unused services are a sometimes overlooked avenue of exposure that all too often provides a surface to attack.
But how do you know what is "needed"?
Have you done the research for a file and print server? A web only server? A mail server?
Do you use a published checklist?
Let us know how -you- know what services you do and don't need.
- Chris Carboni
Opera 9.6.1 Released
One of our readers, David, wrote in to let us know that Opera has released version 9.6.1 for Windows which is a recommended security upgrade. Some of the Opera rated "extemely and highly severe" issues fixed include revealing browser history and news feeds as well as a Fast Forward cross-site scripting vulnerability. You can view the changelog here: http://www.opera.com/docs/changelogs/windows/961/
Mari Nichols iMarSolutions
Podcast Episode Eleven Posted
Hey everyone, sorry it has taken so long to get around to recording another podcast episode. Travel schedules have been very crazy between us lately. Anyway, enough excuses, here is episode eleven. Thanks for all the emails asking me where it is! :) It helps to remind me....
-- Joel Esler http://www.joelesler.net
F-Secure and Trend Micro Release Critical Patches
US-CERT has released information on two critical patches for F-Secure and Trend Micro security software. As one of our readers, Roseman put it, time to keep your "keep-you-safe" software safe!
Today, Trend Micro released patches affecting Office Scan versions 7.3 and 8.0. The patches address a stack-based buffer overflow via HTTP request to server CGI modules. You can get further information about the respective patches here:
http://www.trendmicro.com/ftp/documentation/readme/OSCE_7.3_CriticalPatch_B1374_readme.txt
http://www.trendmicro.com/ftp/documentation/readme/OSCE_8.0_sp1p1_CriticalPatch_B3110_readme.txt
Yesterday, F-Secure released Security Bulletin FSC-2008-3 which addresses a RPM parsing vulnerability in which specially-made compressed file archives cancause an integer overflow. This would apply if your program scans compressed files. Read more about it here.
Mari Nichols iMarSolutions
Comments