The "Eco Verband" is a colaboration of ISPs in Germany, working on security, privacy and network-abuse related issues.
Gunther Nitzsche and Dietmar Braun have presented the Anti-Abuse infrastructure of NetCologne (a German, local ISP located in Cologne) and also provided some information on how Nepenthes, NepenthesFE and the so called gdsd (generic do something daemon) are being used within this infrastructure.
If you want to know how to go productive with your honeypot, you might want to take a look at the documentation: http://www.eco.de/dokumente/090204_Braun_Nitzsche_NetCologne.pdf.
Nice work, Gunther & Dietmar! :)
Cheers,
Emre
A couple of day ago I have ordered a security token, namely the USB SecuriKey product for Mac (http://www.securikey.com/).
As my original plan to use my old Aladdin eToken Pro for FileVault turned out to be impossible (see http://www.emre.de/wiki/index.php/Etoken) the SecuriKey seemed like a good alternative.
My first impressions so far:
- The product does what it is supposed to do, namely enabling token login and FileVault encryption with token support
- Installation and usage is pretty easy
Some things are different from what I had expected:
- The token is not a Smartcard in the common sense. You can not save certificates on it or see it´s content via Keychain app
- As far as I understand, the USB device simply provides some mathematical component, that generates a key from the combination of username, password, token serial number and some token-specific, secret calculation (security by obscurity?)
The Wiki I had used so far on this homepage was "LiquidWiki". It´s a module that is integrated with Drupal so I thought it would be a good idea to pick that particular software.
After using it for a while I noticed that it´s quite limited in terms of syntax. Further more LiquidWiki is not really maintained anymore so I moved my info to a brand new MediaWiki installation.
It can be accesed at http://www.emre.de/wiki or via link from the navigation box.
All content of the old Wiki has been migrated. Further more the results from my submission to the Malwarechallenge 2008 have been converted and put online in MediaWiki syntax at http://www.emre.de/wiki/index.php/MWC2008.
Cheers,
Emre
Being a paranoid person, I purchased an Aladdin eToken Pro 64 some time ago to add multifactor authentication to my Windows system. At this time the Aladdin token was widely supported by crypto related software (for Linux too btw) and it was the most prominent one when it came to full disk encryption with pre boot authentication (PGP Whole Disk Encryption and BestCrypt just to name two products).
After switching to a Mac I wanted to use this particular token, of course.
The bottom line of what I have seen so far: support for multifactor authentication with Aladdin eToken and support for full disk encryption with PBA is a tough issue on Mac.
The Malwarechallenge 2008 (http://www.malwarechallenge.info) was planned by Greg Freezel and Tyler Hudak as part of the Ohio Information Security Summit (http://www.informationsecuritysummit.org/).
I submitted an analysis to the challenge and made it to the top-three. Yeah! :-)
Unfortunately I was not eligible to receive a prize, due to shipping costs to outside the US. Sad but true.
Thanks to Greg and Tyler for working through the 29 submissions and organizing the challenge and kudos to all other participants!
The submission PDF can be viewed here: mwc2008-emre-bastuz.pdf.
The software capture-hpc (https://projects.honeynet.org/capture-hpc) is a client-side honeypot, heavily based on the functionality of VMWare.
Getting everything compiled and set up was not an easy task. I documented all necessary steps in a tutorial in my Wiki: http://www.emre.de/wiki/index.php/Capture-HPC.
Comments and bug reports are very welcome! :)
After quite some time NepenthesFE has been released. Please see my Wiki for details on the software.
Having been around web programming and security related issues for some time I was aware of SQL injection attacks. However I did not now about “E-Mail injection” for abusing vulnerable scripts to send spam.
After reading this article at http://www.securephpwiki.com I found it suprisingly easy and fun to abuse vulnerable PHP scripts.
You believe you are safe ´cause you hard coded the recipient in your ‘feedback.php’ script? You are wrong! :-)
Trying to install a piece of software I had to extract a certain file from a Microsoft installer file (”.msi”). First I thought this would be as easy as right-clicking on the file and selecting “Winzip->Extract” … *duh*
The easiest method to extract files was found here and suggests using the command line tool msiexec.
