Security Watch | Matt Hines » October 2006

October 29, 2006 | Comments: (0)

Do you know about razor shrinkage?

TAGS: Security

I was just reading this article about how the number of blades on men's razors seem to bee following the same track as Moore's law.

If you don't believe it, just go check out the Gillette web site discussing their new razor with 5 blades.

Of course reading about razors reminded me of a statistic that I recently heard which was that up to 50% of Mach 3 razor replacement blades are stolen in the supply chain. Euphemistically called 'shrinkage', theft of blades in the supply chain is a serious matter and increases end user cost, not to mention cutting into the profits of the manufacturer.

Now, I've always wondered why razor replacement blades cost so much. This amount of shrinkage would explain it. Seems that Gillette razors and George Costanza have something in common (of course I can't say the word shrinkage and not think Seinfeld).

Anyway, I presume that this was why WalMart decided that Razors were going to be the first product that was RFID tagged in the store. Too bad they didn't tell shoppers that.

I was going to post a shrinkage report here, but I just can't stop smirking long enough to create a link. Suffice to say it was nowhere near as amusing as the TV episode.

The point is that if we tag things then we can track them and reduce shrinkage in the supply chain. But we have to make sure that we have to balance lowering cost to consumers, increasing profit for businesses and making sure that privacy isn't compromised along the way.

Posted by Victor R. Garza on October 29, 2006 06:11 PM

October 28, 2006 | Comments: (0)

You know it's bad when Halloween doesn't scare you

TAGS: Security

It's been a tradition of mine for some time to grab a fairly scary movie on Halloween and spend the night split between watching said fright flick and answering the call of neighborhood kids looking for a sugar fix.

You know, watching something so scary that rational thought is overridden for a brief moment. I can't pick out a movie that would do it for you, since everyone's different, but you know what I mean. I'll be you can think of a specific movie right now that would give you the heebie jeebies under the right circumstances.

The really frightening thing that I realized today is the fact that sitting in the dark watching a horror movie is not as scary as sitting down at a PC that I don't own or maintain.

That's really saying something.

And I don't think it's just my paranoia talking.

I sat down at a generic PC today, checked to make sure that the firewall was on, running and up-to-date, ran through a check of local anti-virus status, ran a quick anti-spyware scan via my USB drive, and still couldn't bring myself to log onto any system that I would normally be connected to remotely from my own laptop.

"Wouldn't be prudent at this juncture"

Of course, there are several solutions for this problem. I'm actually looking at one from Realm Systems that I've been putting through its paces and should be out as a review in the next few weeks. It's solid in terms of security for corporate access from off-site machines, but a bit pricey. Symantec and CheckPoint, not to mention GreenBorder, also provide solutions for secure remote access from untrusted hosts.

What this all boils down to is that I guess I'm more concerned about getting my credentials stolen than finding a razor blade in a candy apple.

Okay, maybe both to me are equally bad.

So, my question to you is: What do you use to reduce the fright factor of remote workers accessing your network? Is VPN software your primary defense? Or do you just close your eyes and take a big bite from that candy apple?

Remote worker survey

What started this whole new paranoid track going on in my head was that I just saw Cisco's new remote worker survey. Cisco surveyed a thousand international remote workers and gathered their responses on their remote use habits. I'll post it here next week so that you'll all get to join me in a good Halloween fright.

Posted by Victor R. Garza on October 28, 2006 03:29 PM

October 27, 2006 | Comments: (0)

Happy 30th, Public Key Crypto!!

TAGS: Security

Is this a low-key (crypto key?) birthday or what?

I let my cwna class go a tad early last night so I could get over to the very cool Computer History Museum in Mountain View, CA to join in on the birthday celebration.

If you've never a chance to visit the Computer History Museum, his tech venue is kinda south of the heart of Silicon Valley and was a very apropos locale for the festivities.

While I missed the networking and refreshments even after (only slightly) speeding down 101, I got to the CHM just in time to see the start of the panel presentation.

MC'd by John Markoff, senior writer of the New York Times, the panel was definitely a who's who of cryptography research and invention, as were many members of the crowd that showed up to share in the event.

Starting from the left on the panel was:

Whitfield Diffie, PhD, Cryptographer, Chief Security Officer, Sun Microsystems

Martin Hellman, PhD, Cryptographer, Professor Emeritus of Electrical Engineering, Stanford

Brian Snow, NSA Technical Director, Information Assurance Directorate (Retired in 2006)

Jim Bidzos, Former CEO of RSA and Founder of VeriSign

Ray Ozzie, Microsoft Corp’s Chief Software Architect

Dan Boneh, PhD, Cryptographer, and Stanford Professor of Computer Science

And the panel was moderated by Steven Levy, author and senior editor of Newsweek.

I didn't know what to expect from the event, but what transpired was a nice overview of the past, present and future of cryptography and how crypto supports Internet commerce and the many other ways we use (and need) it today.

The panel discussion was low key, but interesting, informative and, surprisingly, quite funny at many points in the conversation.

Take a look at the pictures from the event here and take a listen to the audio here. I'm told that the video will be available soon and I'll post it here as well.

If you're a newcomer to crypto (hint to my past and present students) or an old-timer to the space, I think you'll like listening to this insightful conversation and bundle of stories about the growing field of encryption.

Update: Photos, Video, a Podcast and a Slide PDF are all posted and available now at www.30yearsofPKC.com from the 30 Years of Public Key Cryptography (PKC) event.

Image from http://www.dockwalker.com/article/146/birthday-hat

Posted by Victor R. Garza on October 27, 2006 12:50 PM

October 26, 2006 | Comments: (0)

Cisco makeover & being there

TAGS: Security

Just so you know, I could care less that Cisco recently changed its logo.

There, I said it.

I've been over at the Cisco campus a few times over the past several months and heard the chatter about the logo change, and I've seen the new one. Some Cisco employees don't like the new logo, some do, and some just don't care.

What do I think about the new design?

Eh.

Yeah, it looks a little softer to me, but I could care less.

What I find interesting is that Cisco felt that they had to spend a good deal of money to generate consumer brand awareness when, I think, they still hold enterprise network infrastructure domiance.

If dominance is too strong a word, then lets just say that they're still the 775 pound gorilla in the room.

Jon Oltsik sums up my feeling nicely in his blog entry regarding the issue.

Maybe they're doing the right thing by having a 'softer' logo. All the consumers I asked in my undeniably unscientific poll said, "Cisco did what?" or "Why did they do that?"

I don't know that I have a good answer for that one.

TelePresence, it's just like Starbucks!

I've recently seen a number of Cisco's new 'telepresence' commercials. These new telepresence systems allow people to be around the globe but feel that they're in the same room, in the same meeting. What's interesting is that this new solution isn't just adding some cameras and three cool new semi-concave displays. Nope, it means paintng the rooms exactly the same color, changing room dimensions and dealing with acoustic changes to the rooms so that the experience is like you're really there. A seamless visual and audio experience.

While I haven't seen of of these rooms in person, I can say that people who have say it's just like having everyone there. And it's kinda freaky.

What does this have to do with security? Well, if can meet in a room like this and not spend my hours on a plane getting to a meeting, getting acclimated to the local time, having the meeting and then spend more hours getting back then I'm all for it.

The bottom line ends up that if I'm more awake when I attend a telepresence meeting rather than being half asleep after flying halfway around the world (and can more easily deal with any potential problems that may arise) that's a good thing. And trust me, you want me awake if I'm dealing with your network or security infrastructure.

Will this technology take over for in person meetings? Probably not in the near term, but it's an interesting milestone on the the way to being there, virutually.

Of course, this means that all of those bonding experience with co-workers halfway around the globe are out too. But one could always call a co-worker from a Starbucks and have them answer in the same establishment, since a Starbucks looks almost exactly the same no matter where you may be in the world...

It's telepresence on the cheap.

Posted by Victor R. Garza on October 26, 2006 02:53 PM

October 21, 2006 | Comments: (0)

Those in front use Firefox, or is it IE7?

TAGS: Security

I was doing some testing with a rootkit infected machine this week and found that once IE6 is damaged by certain rootkits there's just no getting it back.

Okay, so there's really no new news there.

The problem was that once this rootkit had nested on the machine under test every time that IE6 started up it would crash pretty much immediately with a nice Windows message telling me that a Windows error had occurred and would I like to send this information to Microsoft. Yeah, like that would help me, right there, right then. Although I did fantasize that I would get an immediate call on my cell phone from Microsoft, telling me in an automated voice that my problem had been analyzed and a fix was on the way. Then the voice would go on to say, "You will receive a fix for your problem in 100,646 hours and 53 minutes" at which point I hang up the phone and bang my head against the desk.

So, once back to reality and having squashed the infection with several tools, I went ahead and tried to reload IE6 (since it was still crashing even after the rootkit had been removed). It seems you can't do that. After downloading a fresh copy of IE6 from Microsoft and trying to install it I would get the message that it detected a newer version of IE6 installed on the machine and poop out. And of course I couldn't completely uninstall IE6 and do a fresh install because of, well, it's just the way Windows XP is designed (okay you can remove IE6 completely, but I wasn't going to spend literally another 100,000 hours doing that).

So my choices were:

1) Reload the OS. No, not in the mood.
2) Use Firefox, or my personal favorite browser, Opera. Sounds like a good solution.
3) But wait, it was Wednesday and the production version IE7 just came out. Okay, let's try that.

First off, take a look at Brian Kreb's blog on some of the rumors flying around about supposed problems with IE7.

And pay attention to the part about turning off other anti-virus and anti-spyware products before installing IE7.

Okay, I download IE7, did the install and, well, done.

It works and isn't having any problems.

Humm, whadda ya know, something that fixes things right off the bat and is actually more secure than the previous version of IE.

Okay, I don't like the IE7 installation process; When Windows boots is gives that Battlestar Galactica, Cylon Centurion like, stream of colors across the screen. Well, when IE7 is installing it does the same thing. But for all I know the process could be hung and never return. Give me the more informative Windows Update status where it tells me line by line what's being installed and how much more there is to go. Stop being cute and give me a current live status.

And now, of course, Microsoft validates your copy of Windows during the IE7 installation.

Well, it solved my problem. At least for now.

I also had to do an Office Professional repair to fix other issues on this machine. But that's another story...

Posted by Victor R. Garza on October 21, 2006 12:38 PM

October 17, 2006 | Comments: (0)

100 out of 300 million in MySpace

TAGS: Security

It's bound to happen, you've got 100 million young subscribers, so it's a place that attracts those that prey on the young. Unfortunately, this has proven to be the case, and several hundred predators have been found on MySpace by the part time sleuth work of ex-hacker Kevin Poulsen.

I'm surprised that there aren't more predators on MySpace, or that more weren't found. Of course this was just one guy do investigative work part time. And as Johnny Long as pointed out in his "Death of a 1000 Cuts" presentations, and as many of us know, detective work is hard.

I can't believe that we've hit 300 million people in the US, and a third of those are on MySpace? If those numbers are correct then that would mean that I know a lot of closet MySpace users, or my circle of friends, acquaintances, business colleagues and partners just aren't telling me something.

So why is knowing about MySpace important? Well, if you don't already employ a MySpace user you soon will. As samy and his worm pointed out, MySpace can be gamed. And it just a matter of time for MySpace to be the launching pad for another virus and worm attack on the corporate network.

So, are you blocking MySpace ingress to your company, or would that mess with your MySpace account?

Posted by Victor R. Garza on October 17, 2006 01:09 PM

October 15, 2006 | Comments: (0)

Where in the world is Garza?

TAGS: Security

Well, as I'm sure most of you are, I've been busy.

Really busy.

Especially busy these past few weeks.

But that's no excuse for not posting regularly, so I'm going to try and make it up to you. I'm not only going to move forward with more regular postings, I'm also going to post all of those half done / half baked posts that I started on over the past few weeks but never finished. And here you thought I probably had a contest or something catchy to bring you back in the ZeroDay fold since I haven't written much lately. Well, maybe. But for details on that you'll have to start diligently reading my posts again.

Don't worry, I'll finish those old thoughts before I post them here so you can get all my classic sarcasm in its full glory. I'll also be posting those old entries on the dates that I started them. Will that cause you to miss an episode of my snarky ruminations? Well, if you're using an RSS reader you'll get those old entries just pop up as entries you haven't read yet. To make it even easier, I'll put links to those newly written but backdated entries on all of my new newer entries so you can just click on a link to something you may have missed.

And I'll make old self references apparent in my new entries.

Why am I going through all of this trouble? I don't know. Probably because sometimes I like to make things difficult for myself. Or possibly because I can stand to see that white space where there should be posts.

Oh yeah, podcasts. My podcasts have also gotten woefully behind. But not to worry, all that content is still on my hard drives and I'll start posting it as well. You won't believe how many conversations with people I've had and recorded for posterity. And with all my recordings I sometimes feel like Gene Hackman in 'The Conversation'. So you'll be getting lots of fresh content you haven't seen or heard as we move forward.

When will this craziness end? I don't really know. I'm hoping to get all caught up by the holidays, but only time will tell.

Posted by Victor R. Garza on October 15, 2006 12:58 PM

October 04, 2006 | Comments: (0)

Jump Drive Anti-Spyware tool

TAGS: Security

I've gone to all sorts of places where I would have really liked to have been able to check my email or grab a file remotely but I chose not to for risk of having an infected machine grab my information and send it out to those who'll use it maliciously.

Well, ParetoLogic may have just the answer to that problem. They sent me their USB U3 enabled Jump Drive recently and I must say that it works pretty well, and I'm fairly impressed.

What I really like about the solution is the way it works.

If you're not familiar with U3 technology the short of it is that apps will run directly from the USB drive as if it were a CD. For a more detailed explanation, check here.

While we've been able to run apps and even OS's off USB drives for some time, U3 makes it a no-brainer to download software and run it off the portable drive.

That fact, coupled with portable anti-spyware product XOFTspy from ParetoLogic make for a pretty cool solution that's a quick and transportable way to check PC's or kiosks for malicious code before use.

Recently I've been using it to check suspect machines (okay, if I don't own it, all machines are suspect to me), by plugging in the drive, clicking on XOFTspy from the menu and letting it run. It's pretty quick and seems to do a pretty thorough job of detection and eradication. And before XOFTspy runs on a potentially infected system it checks the Jump Drive first to protect its data as well.

While XOFTspy isn't a full anti-virus solution, it will detect keyloggers, spyware, trojans and adware. Once a machine is checked, XOFTspy can be left on the machine for future scans. If the software is left on a specific PC it will allow the user to scan the machine for free but not remove anything found unless the software is purchased.

It seems to have worked pretty well in the short time I've used it. While it's not a true enterprise solution, it does allow personnel to carry around a quick scanner on a U3 enable drive that adds to an arsenal of tools, and for $15 bucks it's at a good price to boot.

Posted by Victor R. Garza on October 4, 2006 02:45 PM