Updating the ole Wifi Pineapple today. Heading out to a wireless pentest next week. Haven’t done one in a while hopefully i can remember how it works 😉
Lately I’ve been spending most of my time at working doing various sorts of documentation like policies and procedures. Lots of policies and procedures. Today I decided to take a break from that and catchup on a few other things.
I discovered that there is a Visio 2007 Connector for the Microsoft Baseline Security Analyzer. Since we already keep things documented with Visio this caught my attention. It is really nice, I had to make a couple of adjustments to the maps and boom it was working. I don’t say it much but thanks Microsoft. Now I can quickly check any windows based machine from the map with a click. And it already helped me solve one issue.
Since I’ve joined the secret life of IT in banking, I don’t write much about specifics and tech as much as I once did. Believe me I do keep up with things and get to work on lots of very interesting projects.
I’m currently looking at the TriGeo SIM it’s one great logging device from what I’ve read. I’m wondering if anyone has any experience in setting up this device with FDIC / FFIEC / GLBA / insert bank acronym here log monitoring in mind. If you do leave I message I would love to contact you about this and how it’s working for you. I’m also going to post this over at Banktastic.
Sysinternals – RootkitRevealer “RootkitRevealer is an advanced root kit detection utility. It runs on Windows NT
4 and higher and its output lists Registry and file system API discrepancies that
may indicate the presence of a user-mode or kernel-mode rootkit.”
This is the first time I’ve seen this. I’ve know about simular things for linux, but now I have something to use on the few Windows Servers.
Phrack 60 is out, seems like just a year since 59 was out 🙂
“Bluetooth-enabled phones and PDAs with inadequate security could become the target of the next wave of security exploits, allowing phreakers to filch confidential information or even make calls using someone else’s identity. ” [more via The Register]
The first thing i did with my bluetooth devices was to lock them down. But i guess that not everyone knows about that.
The Register picked up on these 2 important paragraphs from the SP3 License:
“By using these features, you explicitly authorize Microsoft or its designated agent to access and utilize the necessary information for updating purposes. Microsoft may use this information solely to improve our products or to provide customized services or technologies to you. Microsoft may disclose this information to others, but not in a form that personally identifies you.
“* The OS Product or OS Components contain components that enable and facilitate the use of certain Internet-based services. You acknowledge and agree that Microsoft may automatically check the version of the OS Product and/or its components that you are utilizing and may provide upgrades or fixes to the OS Product that will be automatically downloaded to your computer.”
Now do you really want to install it? I did on one of my tests machines, but it will be reimaged tomorrow anyway. I’m guess that many of you want. Just another reason to hate MS.
Personal firewalls: Not so safe? The rush to get personal firewall applications to market has resulted in products that are easily compromised and often chock-full of security holes.
The era of cyberwar has arrived The Internet offers some incredible benefits. Not
only is it fast becoming the backbone of a newly emerging global economy (for better or worse), but perhaps more important, it now offers people the opportunity to communicate with others around the world almost as if they were neighbors. Unfortunately, however, it hasn’t taken long for the idea, and practice, of war to also come to the Internet. This perhaps isn’t ironic. The Internet, after all, was designed by the U.S. military for war, as a way to maintain communication networks even in the case of a massive attack. The distributed nature of the Internet makes this possible.