MSI is pleased to announce the general availability of HoneyPoint Security Server version 1.50.

The new release, an update of the HoneyPoints themselves, adds the much requested capability to ignore specific hosts such as network scanners and other known sources of network traffic that in the past would trigger unneeded events.

“Customers were so excited about the ignore capability that we have been demonstrating for them in the coming 2.00 product release, that we decided to back port that capability to the 1.XX series of HoneyPoints. This is a large advance for further reducing false positives and maintaining our industry-leading position as the simplest, more powerful way to secure network deployments.” said Brent Huston, CEO and Security Evangelist of MicroSolved. “Clearly, with the coming 2.00 release, we will further establish our emergence as a dominant security technology and easily demonstrate what customers have been telling us – that this is simply a better way to do organizational intrusion detection and security.”

For details on obtaining the 1.50 upgrades and/or to discuss the coming 2.00 release, please contact your account executive.

The CUISPA meeting for Credit Union security team members is looking to be very big event this year. The annual meeting, held in Austin, is expanding both in terms of attendees and in the overall content.

Last year was a fanstastic event, and MSI looks forward to seeing everyone at the meeting again this year. With the many challenges CUs face this year surrounding changes to the regulations, application security requirements and normal stress of the threats they deal with every day, CUISPA is an excellent chance for security teams to get some input from their peers and to learn about strategies and techniques that others are using to achieve success.

Check out our booth this year at the show, and stop by and chat with Connie. She is eager to help and to discuss our service offerings, HoneyPoint and just how easy we can make compliance with NCUA regulations. We hope to see you there!

In reference to the previous post, our partner Syhunt has added MX injection testing capabilities to their Sandcat product. Of course, this is in addition to the thousands of other tests already being performed by the tool.

Sandcat is an excellent tool for performing checks of web servers, web applications and such for potential and known vulnerabilities.

MSI is proud to represent Syhunt in the United States, and we use Sandcat as a powerful addition to our toolkit. If you would like more information about Sandcat or MX Injection, please call your MSI account executive and schedule a time for a technical briefing with an engineer.

MX and other injection vulnerabilities are an emerging risk, and more information will be coming over the next several weeks and months as various tools, techniques and products in the security community begin to evaluate product lines and software applications common to most organizations. Stay tuned for more on this family of issues as it becomes available.

Over the last several months security researchers have been identifying more and more scenarios for performing injection style attacks against various applications.

What is interesting about this is that many of the new injection issues have little to do with SQL. In fact, protocols like LDAP and SSI along with various forms of command injections, code injections and response spoofing have proven to be targets for this family of input attacks.

In a recent article about a new version, called MX Injections, techniques for attacking and compromising various web-based mail applications are disclosed. Using these types of exploits could prove a serious danger to organizations – exposing their internal communications and data stores to attackers, or even allowing compromise of underlying systems (depending on what the data stores contain.)

Given the focus of attackers on new application layer techniques such as these, every organization should quickly identify their existing exposed applications and ensure that those systems have been appropriately tested for various injection issues. Additionally, since these techniques are continually evolving, a system of ongoing application testing is likely to be the most effective tool for protecting against these emerging threats.

Continuously, there are client questions about best practices on a myriad of different ideas, technologies and strategies. Put four or five information security teams together and some of the basics shake out but the higher-level best practices remain “under discussion”.

We need a better way to make this happen. We need a wikipedia-like, open source discussion mechanism for best practices that can bring people together, establish baselines and encourage discussion of the sticking points. I would have MSI attempt this, but as a vendor, it should be viewed as a conflict of interest. That said though, someone needs to support an interactive way to make this discussion feasible, free, open and accessible. SANS, OWASP, CISecurity and others are all good starts and highly powerful as organizations, but we need some open group to establish an open forum that creates, revises and reaches consensus on best practices for everything from system settings to physical access processes.

Perhaps this exists already and I just can’t seem to find it. But, neither can the other folks that ask for this type of information. If it is out there, we as infosec professionals need to do a better job of making it known.

If you have an organization willing to undertake such a project, or are willing to lead a group to undertake such a task – drop us a line. We would love to contribute.

As we Americans depart for the Thanksgiving holiday, we often engage in a large amount of travel around the country. This year, I would like to have all of our readers pay special attention to the safety measures being used to protect you as you travel about.

On the roads, check out the numbers of police, their laser/radar guns and the automated systems they have been placing around the country for the last year or more. Do these deployments and tools really make you safer, or do they just make you feel safer?

At the airport, you will be asked to remove your shoes, place your laptop in a bin and put everything liquid into a clear plastic bag. Do any of these processes actually make you safer? Does having someone look at a clear liquid in a baggie make it more or less safe, or is this security theater?

Even trains, busses and other forms of public transportation have begun to deploy similiar techniques and new technologies. What is the value of these mechanisms?

So, as you travel this year, please pay attention, ask questions and compare the implementations to the risks. Some of the steps out there certainly make sense and protect us. My opinion is, many others are simply a waste of time, money and resources – since they truly provide little more than a feeling of safety or security through theater.

You decide. Maybe together, enough of us can help those in charge of such things make better choices about solutions. Maybe we can get them to focus on real risks, real threats and effective mitigations…

Either way, have a safe and happy holiday!

Tomorrow, Tuesday 11/07/06, is election day in the US, so don’t forget to vote. The polls are open in most states before and after work, so take a few minutes and let your voice count.

PS – In some states, Ohio included, make sure you remember to bring your ID in order to vote. Check with your local election officials for requirements.

What can you say? It doesn’t get more serious than when the CEO is the source of the threat to the organization’s assets.

In this story, CEO of MSP … Arrested a CEO is being charged with identity theft on a large scale. In this era of corporate governance and high penalties for abuse of one’s position, this will be one case to watch.

The story is via VAR Business and is pretty interesting. It is an excellent example of how identity theft from insiders has become “all the rage” in attacker circles.

Follow this one as it goes into trial. It promises to lay some groundwork for further prosecution of insider thieves to come.

I have talked to many organizations in the last few months that are all wrapped up in deploying new security technologies and making elaborate plans for securing their organization. The problem is many of these same organizations have yet to get the basics right.

It does little good for you to invest in new IPS technologies, encryption widgets, automatic defensive packet switches, uber biometric scanners and other gadgets if your employees simply give out their passwords when asked, continue to click on email attachments that are suspicious and throw away scraps of paper with the keys to the kingdom on them. As in Neil’s earlier post, some users just continue to be the weakest link.

How can IPS help you if you can’t keep your systems patched? Maybe it could be used to stop some attacks, but without omnipresent visibility, it won’t truly defend you, just give you a false sense of security. That’s the problem with relying on technology and gadgets to secure your organization, without the other components of policy/processes that are strong and awareness that is effective, you might as well throw your money out the window instead of buying some new whiz-bang piece of hardware or software that the vendors say will solve your problems.

The basics of infosec haven’t really changed. You still need a set of policies and processes that explain how the organization operates, how you will secure and handle data and how your users are to act. They need awareness training on these processes and policies so that they know how to act, how to handle data and what you expect them to do when something bad happens. THEN, you need technology to enforce the rules, audit for “bad stuff” and protect you against users who make poor choices. That truly is the role of effective security tools.

So, before you invest in the next overreaching security vendor “silver bullet”, take a moment and ask whether or not those same dollars could be better used in helping your organization do the basics better. If the answer is yes, then quietly excuse yourself from the presentation, go back to your office and implement a plan to assist with the root of the problem. Otherwise, buy away, keep looking for point solutions and keep wondering why your users are still throwing passwords in the dumpster…

As we blogged about earlier in the week, core processing systems continue to be a focus for security teams. This week has seen additional new issues in HP-UX, Oracle problems and issues in various other related applications. Please take a moment and look through your patch levels and ensure your core systems are up to snuff.

In other news, PHP vulnerabilities are continuing to soar. Attackers are very focused on PHP problems, new vulnerabilities and exploiting vulnerable systems. PHP-based systems should be reviewed on an ongoing basis with bleeding edge updated tools to help guard against problems. Security issues with PHP have been identified in thousands of PHP applications, PHP language use and even some of the tenets of the language itself. While groups are working to educate users of PHP and harden the underlying code around the language, PHP is likely a risky undertaking for most businesses to be considering today. It is surely powerful, efficient and easy to use, but many organizations have outlawed it, claiming it is simply too insecure for “prime time” web applications.

As an aside, BT Group has announced an acquisition of Counterpane. Congrats go out to Bruce and team for their hard work. BT has gotten a strong visionary out of the deal, and with the likes of Marcus Ranum and other talented folks on staff, look for some great things from them in the future.