Do you think your PC has a virus?

The Microsoft Safety Scanner is a free downloadable security tool that provides on-demand scanning and helps remove viruses, spyware, and other malicious software. It works with your existing antivirus software.

Microsoft Safety Scanner – Remove Spyware, Malware, Viruses Free

No related posts.

Related posts brought to you by Yet Another Related Posts Plugin.

Here is a good resource describing the problem and how to harden a variety of web servers, “WebApp Sec: RE: SSL Ciphers”. Since I was primarily interested in IIS I used “How to Restrict the Use of Certain Cryptographic Algorithms and Protocols in Schannel.dll” and created a registry file to apply the changes. Here is the registry file I used. It works with all of the browsers I test with. Both Foundstone SSL Digger and our PCI scan folks like the results.

REGEDIT4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\DES 56/56]
"Enabled"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\NULL]
"Enabled"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC2 128/128]
"Enabled"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC2 40/128]
"Enabled"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC2 56/128]
"Enabled"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 40/128]
"Enabled"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 56/128]
"Enabled"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\PCT 1.0]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\PCT 1.0\Client]
"Enabled"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\PCT 1.0\Server]
"Enabled"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Client]
"Enabled"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server]
"Enabled"=dword:00000000

No related posts.

Related posts brought to you by Yet Another Related Posts Plugin.

• Build a Generic Histogram Generator for SQL Server

  Histograms help people analyze large amounts of data, whether you display them as tables or as charts. This article shows you how to do both.

  … 1 day ago

• JkDefragGUI – Freeware made by Emiel Wieldraaijer

  … saved by 488 other people … 1 day ago

• VirusTotal – Free Online Virus and Malware Scan

  … saved by 1677 other people … 1 day ago

• Meet ratproxy, our passive web security assessment tool

  … saved by 1 other person … 4 days ago

• The Microsoft Source Code Analyzer for SQL Injection tool is available to find SQL injection vulnerabilities in ASP code

  … saved by 50 other people … 5 days ago

• PCI Requirement 6.6 has merchants gearing up

  … 5 days ago

1. The Histogram Generator for SQL Server looks interesting but I think I will work on making pivot tables easier to use first.
2. I tried JkDefrag last week. I like the look and feel of the Auslogics defrag tool. JkDefragGUI makes JkDefrag a little easier to use and adds a few features. Both tools are nice upgrades to the standard defrag tool.
3. VirusTotal is a nice way to generate hashes for downloadable files.
4. I need to check Ratproxy out. Ultimately I would like to compare this to WebScarab. I need to read this Google document again and play with to figure out why Google re-invented the wheel.
5. Microsoft’s contribution to fight against SQL Injection would have been more appreciated if it worked for me. It did not generate a report for me. The program was more than willing to tell me that I did not have it configured properly. When I finally had it configured properly, the result is no report?!
6. PCI 6.6 is a mess. I am suspicious that the firewall option will ever be a cost effective solution for retail web servers. My first run at automated code analysis was inconclusive. I believe that low cost automated and manual code analysis are probably the best cost to benefit options.

wehuberconsultingllc’s favorites on del.icio.us

No related posts.

Related posts brought to you by Yet Another Related Posts Plugin.

• NMAP – It kind of worked for me when I accessed it via the web server. It locked up the pfSense web server a couple of times. It worked fine for me via the command line and the Command page.
• NTOP – I had not heard of this package before but I was impressed. It had lots of information about my network. Some of the information was actually useful. I am keeping tabs on my son’s Internet usage. With all of this info I kept expecting the computer utilization of pfSense to go through the roof. It did not. Whew!
• SNORT - I did not get this package to work. It installs but the service does not start and it had problems downloading rules. I am guessing the rules issue might be related to the fact that the package was version 2.7 and the current rules are 2.8. I saw in a forum where several people were having problems running the package on pfSense. I manually uploaded a rule to see if I could start the package. It still did not start. Since I did not see any log messages, I decided it was not worth proceeding. It is hard to debug problems when you have logging turned off.
• EXEC.php - This goes under the name of Command. It gives you the equivalent of a command prompt and it is for those of us who do not want to crank up SSH for every little thing. It is not a “package” and its disclaimer says it is not supported. However, it worked better for me than the supported packages. Go figure! I used it to verify that NMAP was working. It was a helpful tool to work with SNORT, too.
• Internet Explorer - You need a SVG viewer plugin to view the traffic graph. I used Adobe’s version. The drop down navigation menu is quirky with IE. It opens and closes before you select an item. In IE the navigation menu is blocked by the traffic graph. I might try and fix this.

No related posts.

Related posts brought to you by Yet Another Related Posts Plugin.

They are unique to the WordPress install, to the WordPress user, to the action, to the object of the action, and to the time of the action (24 hour window). That means that if any of these things changes, the nonce is invalid.

I guess that if we work through the logic, the only thing I can see that has changed is that the user has logged in again. I must conclude that it is identifying the user by something other than the username. Hmm… This is a puzzle.

No related posts.

Related posts brought to you by Yet Another Related Posts Plugin.

No related posts.

Related posts brought to you by Yet Another Related Posts Plugin.

Description:

The target computer responded to an ICMP timestamp request. By accurately determining the target’s clock state, an attacker can more effectively attack certain time-based pseudorandom number generators (PRNGs) and the authentication systems that rely on them.

Platforms Affected:

• Apple, Mac OS
• Cisco, IOS
• Data General, DG/UX
• HP, HP-UX
• HP, Tru64 UNIX
• IBM, AIX
• IBM, OS/2
• Linux, Linux
• Microsoft, Windows 98 Second Edition
• Microsoft, Windows 2000
• Microsoft, Windows 2003
• Microsoft, Windows 95
• Microsoft, Windows 98
• Microsoft, Windows Me
• Microsoft, Windows NT
• Microsoft, Windows XP
• Novell, Novell NetWare
• SCO, SCO Unix
• SGI, IRIX
• Sun, Solaris
• Wind River, BSD

Remedy:

Configure your firewall or filtering router to block outgoing ICMP packets. Block ICMP packets of type 13 or 14 and/or code 0.

ISS X-Force Database: icmp-timestamp(322): ICMP timestamp requests

No related posts.

Related posts brought to you by Yet Another Related Posts Plugin.

For the last couple of days I have been monitoring its log. So far I have not found any false positives. It looks like it is blocking some comment spam. Most of my comment spam is caught by Akismet.

I am kind of fascinated with this plugin.  If the developers are looking for ideas, it would be nice if:

1. It would tell me if there is a new filter available. I am not sure how often the filter is updated but with a little modification the plugin could update the file directly. WordPress would like updated plugins to be updated on their web site. An updated the revision number for the plugin would appear in the plugin panel. In a perfect world the use could then update the plugin automatically.
2. The search stats button overlaid the standard report onto the admin page for the plugin. It is not very useful in this format.
3. It would be nice if the report said why the bad request was blocked. I have several blocked requests showing something called “__utmz” in the tag field.
4. It would be nice to download the report as a csv file.
5. It would be nice to have a summary report by type of blocked request.

No related posts.

Related posts brought to you by Yet Another Related Posts Plugin.

Cyberinsecure recently posted details of an automated WordPress hacking tool that is doing the rounds. This malicious worm or program appears to create the directory, "wp-content/1/" as well as spam comments:

The blogs are most likely attacked by some kind of automated tool since the amounts of spam are too big to work manually on all those spam pages creation. It seems there are also spam comments in posts as well. Spam comments are pointing to internal infected blog pages in folder “1″ to get them spidered and to get people to visit them.

Smackdown also has a nice blog entry about this issue.

Automated WordPress Hacking Tool Cached by Google
DK
Wed, 26 Mar 2008 23:52:40 GMT

No related posts.

Related posts brought to you by Yet Another Related Posts Plugin.

Let me digress for a bit and describe my local network and the VPN connections I have set up. When I am out of the office and accessing my server via the Internet, I use a VPN connection that uses the DNS name in its configuration. The DNS name points to the static IP address of my hardware firewall. The hardware firewall forwards the VPN traffic to my SBS server where the software firewall, ISA, completes the VPN connection. When I am at my office my laptop connects to the same network that connects the SBS server to the firewall and the VPN connection I use to access the server remotely does not work. To get around this minor problem I use a different VPN connection with the local IP address of the server in the configuration. This connection goes directly to the server and does not go through the firewall. Yesterday I figured why the L2TP connection was not working.

The ports they say you need to open up on your hardware firewall to allow L2TP access from the Internet are 500, 1701, and 4500. When I look at the ISA log I can see the laptop using ports 500 and 1701. When I looked at the Comodo activity log I found that it blocked an outbound access to protocol 50. This sounded vaguely familiar. It was hard to find but Microsoft talks about protocol 50 and 51 in this article, Interoperation with Other Services. Why was Comodo blocking outbound access? I was befuddled but I decided to go ahead and add a IP IN/OUT allow for protocol 50 rule to my local server IP. My L2TP VPN is now working. It is interesting that you will not find protocol 50 showing up in the ISA log but according to the Comodo log it is talking to the server with this protocol.

No related posts.

Related posts brought to you by Yet Another Related Posts Plugin.