The Curious Case of 1392

Wednesday, February 18, 2009 6:30:57 PM (Pacific Standard Time, UTC-08:00)
by Jason Pittman
There are occasions in technology where events or results inspire feelings of mystery. Those, "it must be magic" moments when our existing body of knowledge is incapable of processing the situation. I encountered one such event today, so I thought I would share a bit.
Read more ...
Posted in General Security |     

Find, the Power

Tuesday, February 17, 2009 3:55:14 PM (Pacific Standard Time, UTC-08:00)
by Jason Pittman
I was doing some work on a very large log correlation server recently. By large I mean copious amounts of log files, not necessarily large in size. Essentially, the chief task was that I needed to audit what was being kept as online history. As you, dedicated readers, remember PCI-DSS requires one year of history to be kept online. That can mean quite a bit of data in most cases. Being both technically-adept and lazy, I turned to the "find" command.
Read more ...
Posted in General Security |     

Lions, Tigers, and...IP Addresses

Thursday, February 12, 2009 6:18:48 PM (Pacific Standard Time, UTC-08:00)
by Jason Pittman
IP Addressing schemes that mimic life models of land animal herds.
Read more ...
Posted in General Security |     

Politics will not Save Us

Monday, December 03, 2007 8:29:44 AM (Pacific Standard Time, UTC-08:00)
by Jason Pittman
Politicians are not addressing the real problem with consumer security. Instead of legislating security as an afterthought politicians should be focused on advertising awareness.
Read more ...
Posted in Security Rants |     

A Better Mouse Trap?

Sunday, October 07, 2007 8:16:49 AM (Pacific Daylight Time, UTC-07:00)
by Jason Pittman
If PCI says, “Don’t store these types of information” and so much of the security deals with those information types, then why does the information exist in the first place?
Read more ...
Posted in Security Rants |     

As Grep as it Gets?

Tuesday, October 02, 2007 8:14:30 AM (Pacific Daylight Time, UTC-07:00)
by Jason Pittman
When faced with sizing for some flavor of scope of work, what might be a quick and easy way to get an accurate count? Here’s a quick and dirty way to get some empirical answers from a Windows computer without being intrusive and without using any non-native utilities.
Read more ...
Posted in Penetration Testing |     

Sync Me Up Scotty!

Thursday, August 16, 2007 8:12:02 AM (Pacific Daylight Time, UTC-07:00)
by Jason Pittman
A former work colleague phoned me the other day and asked for some advice regarding NTP. Here's a quick overview of the problem he faced and what I have done in the past to move forward in this type of situation.
Read more ...
Posted in PCI |     

Logging - Meaningful or Meaningless?

Saturday, July 14, 2007 7:45:31 AM (Pacific Daylight Time, UTC-07:00)
by Jason Pittman
Section 10.2 of PCI DSS requires “…implementation of audit trails for all system components”. Sections 10.2.1 through 10.2.7 detail what specific actions need to be covered in the audit trail. Naturally, the first thing that caught my attention here are the System Object requirements, being specifically “creation and deletion of system level objects”. My reaction during both reviewing these specifications and also during implementation of the necessary technical controls has been: how does require logging in this fashion actually help detect an intrusion? Is the PCI DSS approach sound from a business perspective? Is it sound from an applied science perspective?
Read more ...
Posted in PCI |     

Secure Catapult

Saturday, June 23, 2007 7:44:23 AM (Pacific Daylight Time, UTC-07:00)
by Jason Pittman
I think of it as catapulting data...and it is a push technique. In this type of scenario, I hesitate to install any type of server on the Windows computer since a) I know it already exists on the Unix side most likely and b) I do not typically like to increase management overhead and adding any such server to the Windows computer will most likely do so.
Read more ...
Posted in General Security |     

The Security that Fails

Thursday, June 21, 2007 7:30:26 AM (Pacific Daylight Time, UTC-07:00)
by Jason Pittman
The one question I continually come back to in my thinking is, "why does security fail?" Sure, there are a multitude of foes where blame could be (and, in some cases, should be) placed. Some are real, some are fantasy: faulty technology, faulty policies and procedures, faulty awareness. Superior adversaries. But, for me, such arguments are straw man fallacies. Colloquially, they are just trimming branches. Let's hack at the roots, shall we?
Read more ...
Posted in Security Rants |     

Strings for You and Me

Friday, June 15, 2007 7:55:06 AM (Pacific Daylight Time, UTC-07:00)
by Jason Pittman
Ever get to an authentication challenge in a client application and have that feeling of being rooted? I know I have on several occasions. Here is an example of how I might try to bypass the authentication challenge.
Read more ...
Posted in Penetration Testing |     

Phasers to Full

Thursday, May 17, 2007 7:12:13 AM (Pacific Daylight Time, UTC-07:00)
by Jason Pittman
My friend and former colleague called me again. He was grateful to have an active and operational NTP architecture, however he had now encountered a slight issue.
Read more ...
Posted in PCI |