It’s that time of the month again, it’s release day for the Microsoft patch cycle. This month there were 11 new updates. Six of those eleven carry ratings of “critical”. The updates patch several things, and finally include an update for IE that corrects six vulnerabilities. Some of the other critical updates fix vulernabilities in Microsoft Office. As usual, test these updates and roll them out as soon as possible.
Now your organization can have a 24/7 guard dog to monitor key DNS resolutions and protect against the effects of DNS cache poisoning, DNS tampering and other resolution attacks. Our tool is an easy to use, yet quite flexible and powerful solution to monitoring for attacks that have modified your (or your upstream ISPs’) resolutions for sites such as search engines, software updates, key business partners, etc.
DNS Doberman is configured with a set of trusted host names and IP address combinations (yes, you can have more than one IP per host…) which are then checked on a timed basis. If any of your monitored hosts returns an IP that the DNS Doberman doesn’t trust – then it alerts you and your security team. It supports a variety of alerting methods to support every environment from home users to enterprises.
You can learn more about the tool and download the FREE version from the link below. The FREE version is completely useable and if it suits your needs, you are welcome to continue to use it indefinitely. The FREE version is restricted to 5 hosts and only checks each host once per hour. Registered users ($99.95) will receive support, minor version upgrades and the ability to check an unlimited number of hosts every 15 minutes!
To learn more or get your copy today, please visit the MSI main web site, here.
Another company gets a laptop stolen with customer data on it. Fortunately this time it appears that all of the sensitive data was encrypted. They’re not sure of the number of customers but affected, but said it was “a very small number”. This is just another incident in a long list of stolen and lost customer information. This time they were prepared, and it’s probably going to save people some grief. If one of your company’s laptops get stolen, will you be just as prepared?
Several vulnerabilities have been identified and subsequently patched in the newest version of Ruby. If you are a Ruby developer, make sure you download this as it contains an important update. A fix for the DNS logic within the resolv.rb script. The update implements randomized source ports, in order to help protect from spoofing attacks. Upgrade to 1.8.6-p286, or 1.8.7-p71, to mitigate this and other issues identified.
Researchers at this years DEFCON event have demonstrated an attack that causes access points to turn against legitimate users. The attack works by utilizing the built in DDoS protection mechanisms and turning it against the users. By sending a specially crafted packet to the AP, an attacker could cause the AP to assume that the legitimate clients are the ones performing the DoS attack, and cause them to be locked out. Eight examples were demonstrated at DEFCON 16.
There’s a couple malware emails making the rounds right now. One claims to be from the UPS, and the other said to come from CNN.com. The UPS email claims that they tried to deliver a package but the recipient address was wrong. The email contains an attachment invoice which it explains you need to print out and take it to their office. The CNN email contains a subject of “CNN.com Daily Top 10” and includes links that attempt to entice a user to click on them. If you follow the link, you’re redirected to a site and prompted to install an updated flash player. In both cases, of course, the executables are not what they say they are. Usually these emails are fairly easy to pick out due to grammatical and spelling errors. It’s also a good idea to not open any unexpected attachments, even if you believe they’re from a reputable source.
We have been having quite a struggle finding infosec VARs to resell our HoneyPoint products. The problem seems to be that HoneyPoint and the idea of a Next Generation Distributed Honeypot product are such a radical concept to most organizations that they require evangelism and education for the customers to understand the value of the product and why it is a better solution that they are using now. It usually takes a while for them to understand that they can free themselves from false positives and the overhead of many of the detective tools they are using today if they simply embrace the idea of thinking differently about the problem.
VARs today seem to be focused solely on the products that are demand driven. They want to sell the Cisco products, the copies of anti-virus and the stuff that clients are already used to asking for. The days of VARs looking for ways to shake up the markets, establish value with fresh approaches and build their businesses by leveraging rapport with their customers by solving their deeper problems seem to be all but gone. Sure, you can find VARs to resell your widget or appliance if you have a model that requires little work, even if it has a small margin. But, it seems like finding evangelical VARs is nearly impossible in today’s market. If they are out there, we don’t seem to be able to find them.
I really feel like that is a bad thing for the market and for the clients. In the early days of MSI and the security industry, there was a lot to be gained by being a VAR that was able to bring bleeding edge solutions to customers. I can remember working with clients to help them understand new protective technologies like the Sidewinder firewall from Secure Computing, Real Secure from ISS and spending a lot of time traveling, talking to clients and listening to them explain the things that hurt them – then digging into the net and our brains for REAL, DEEP solutions that addressed the root problems that they were experiencing. For me, at least, that was the exciting thing about being a VAR – finding that next breakthrough that could really empower some of my clients in a way that they may not even have known that they needed until we showed them that a better way was available. That was exciting, fun and really gained us the trust of organizations who have been clients for nearly two decades now.
If there are any VARs out there that you think fit this model, I would like to hear about them. I would love to find a few folks who are willing to help evangelize what is clearly a better solution to the insider threat and to securing virtual environments. I would like to work with someone who shares that energy, passion and willingness to help solve deeper problems than traditional “network gear” resellers will ever be able to uncover. If you’re out there, give me a call – I think we have something to talk about…