SoCalITProAssociation Newsletter
Volume 2 Number 9
Southern California Information Technology Professional Association September 1, 2004
Welcome Members, Visitors and Friends!
Inside this Issue:
Shields Up! Windows XP Service Pack 2 Will protect your system at any cost...
Rbot-GR virus spies on you...really!
A FREE Workshop sponsored by HP and agile 360
Meeting Announcement: September 9, 2004
Previous Meeting...
Opinions and Commentary Department: Dean Sowers reports on DEFCON
Final Notes…
Email the Editor
And Now, The News...
Shields Up! Windows XP Service Pack 2 Will protect your system at any cost...
Barry Goffe, a Group Product Manager for Windows XP Service Pack 2 provided a discussion of the features and benefits of the latest service pack at the August SCITPA meeting. SP2 is supposed to protect the system against attacks from the network, email attachments, web browser attacks, and attacks on the system memory. The primary feature is that SP2 installs with a "Shields Up" attitude of the Firewall--all ports are immediately closed by default. Any application that must communicate with any other system outside the system unit is immediately broken. The fix is to add the application to an Exception List. Oh boy, this is gonna drive administrators nuts, and the average consumer will become so befuddled, that she/he will need expert help to configure their home systems. The problem of the Windows Firewall is so complex, that many companies have opted not to install SP2, or at least to wait until their engineers have studied the situation on their test benches, and arrived at methods to resolve dcom issues on the fly.
The Firewall issue is the talk of the town, with several emails from ZDNet focusing on it. One of my clients expressed concern about indentifying which applications would be affected, and how to configure the firewall. I jokingly suggested to him that Microsoft would probably put together a hundred-page manual on it. Then I read an article by Jo Best (http://zdnet.com.com/2100-1104-5323378.html), stating that you can get such a guide from Microsoft's Download Center (http://www.microsoft.com/downloads), which happens to be more than a hundred pages long. Best even says, "In the guide, Microsoft warns: "increasing security in the network environment can result in legitimate applications or features not operating as expected...Applications that were not designed to meet these higher security requirements may experience some compatibility issues." In other words, homegrown apps that talk with other systems will likely run afoul of SP2's firewall.
Microsoft has already published a list in the Knowledge Base (available at http://support.microsoft.com) of fifty applications and games that will conflict with SP2 in some way. Apps that access remote desktops or server systems, email apps, anti-virus apps, multimedia tools, automatic update programs, and so on. For further information, visit http://www.microsoft.com/technet/winxpsp2.
Top
Rbot-GR virus spies on you...in real time!
According to an article by Jo Best of Silicon.com referenced in an email from ZDNet (http://zdnet.com.com/2100-1105-5320592.html) Rbot-GR implants a trojan, permits viewing files and passwords, launches Denial of Service attacks, but also hijacks your microphone and webcam signals, enabling the originator to watch you directly, without your knowing it. So if you're not using your camera and mike, unplug them!
Top
A FREE Workshop sponsored by HP and agile 360
HP and Agile360, a technology consulting and engineering firm committed to providing innovative technology, want to show you how internal IT departments are dealing with the outsourcing challenge. Imagine you’re facing contract renewal and the competition has the ear of executive management, telling them they can do a better job, save more money and provide better, faster service than you. For more information, visit http://www.agile360.com/emailer/default.htm.
Top
Meeting Announcement: Thursday, September 9, 2004
Article by Dick Porter
Topics
Intrusion Detection by Trlokom
End points have become the main source of vulnerability in enterprise networks. Due to the lack of end point security, successful intrusions into enterprise networks
are increasing. http://www.Trlokom.com
Advanced Email Defense by MX Logic
“Spammer Tactics and How to Protect your Company from unwanted emails”. http://www.mxlogic.com
MCT Corner: There will be no MCT corner at this meeting.
Door prizes and software.
As always please RSVP on the http://www.SoCalITPro.org website. The link is on the lower left hand side of the home page.
Top
At the Previous Meeting...
Article by Dick Porter
August's presentation was brought to us by Barracuda Networks, www.barracudanetworks.com. The topic was SPAM Protection. With an additional presentation from Culminis and Microsoft which presented Barry Goffe, a Group Product Manager responsible for Windows XP Service Pack 2 on features and benefits of SP2.
Top
Opinions and Commentary Department: Dean Sowers reports on DEFCON
Fellow SCITPA member, Dean Sowers, gives us his thoughts on this year's DEFCON:
Ahhh DEFCON.
Where blue or purple hair is not given a second glance.
Where you can meet people who carry badges, guns and handcuffs.
Where you can enter the lockpicking contest. (Better bring your own picks, though.)
And you can learn about the security risks that are present in the software of today. Where did you want to go? To the root directory of someone else's computer? Done! Did you want to store information in someone else's DNS cache? OK. It can be done. I saw a live demonstration. Want to know the OSI model for automobiles? No problem.
My personal favorite was Bubonic Buffer Overflow; it covered exploit frameworks which were effective as well as lightening fast. Another interesting seminar was Frustrating OS Fingerprinting with Morph, which provides the hacker with false information as to which OS you are running. The headers of the packets are changed to show they are coming from a Windows machine instead of a Linux box. Both active and passive fingerprinting can be defeated with Morph.
There was also information on identification evasion. Privacy is disappearing. RFID tags are one example of the ability to track your movements. Credit card companies force you to activate your card from your home number (a physically tethered line) rather than a cellphone. Every business has the right to surveilance on its property. Watch for cameras in buildings or parking lots. It was recommended to avoid: complementing all information on coupons, warranties, special offers, and the use of credit cards. Why does the library need your driver license AND your social security number? EFF.org is a good resource for electronic privacy.
The goal of rootkits is to hide processes, files, and network connections. Rootkits are available for both Windows and Linux. Rootkits now filter data and hook to the system call table of the operating system, and to the interrupt descriptor table. It is possible to filter all exported kernel functions. A rootkit runs code instead of the code that was originally intended to execute in a DLL. There are tools to detect rootkits. Just ensure you don't download a trojan when you are searching for rootkit detectors.
I now know to dump the cache in the DNS server frequently, and am searching for utilities to monitor what IP addresses access various windows components in memory.
And I didn't see it ALL! Oh, don't fall asleep drunk at DEFCON. I saw some guy drunk as a skunk in the hotel lobby. Seems his friends thought it would be funny to write on him, in Sharpie. That's going to leave a mark...
The DEFCON dance was also interesting. Costumes or formal wear were encouraged. Need I say more?
In the segment "Spot the Fed" two NCIS agents were identified. I immediately thought of Mulder and Scully.
Some pictures from DEFCON are posted! There was a lot of DEFCON I did not see. Be advised, pictures may be rated "R" or worse. View at your own risk. The link is http://www.defconpics.org Some people have a VERY strange sense of humor. Also, expect that the sites you visit MAY try to hack you later...
For those who have the opportunity to write off trips, the Black Hat seminars, which were in the days proceeding DEFCON, are around $1100. This includes a free pass to DEFCON and a cool looking bag. And everyone knows you paid $1100. DEFCON by itself is $80 and was three days long. In my opinion, it was well worth the $80.
Want to visit the site? http://www.defcon.org
QED Dean Sowers
Top
Reader Feedback
'Aaa Mahn, wha'chu got to say?
--Editor
Top
Final Notes…
> Nogginfest 2004 Our December meeting is usually an open house where members can meet with vendors of interest to us. As of this writing, we have very few vendors for this year's event, and we would appreciate your input as to corporations or products you would like to see at Nogginfest. Please
> If you any ideas for an article that you might like to write for this Newsletter, or about any third-party software that you would like to share with our members, please submit your article to the Editor, contact information below. Please use the Rich Text Format (.rtf file) for your article, and in the subject line of your email, put the word, Newsletter, so I don't accidently delete your email. (I tend to delete emails from people I don't know unless the subject line clearly indicates something important.)
See you at the meeting on Thursday, September 9, 2004, enjoy!
Robert Holtzman,
Editor
rholtzman@socalitpro.org
Top
SoCal IT Pro/OCNTUG Newsletter
Volume 2 No. 9 09/01/2004
EOF