Archive for the ‘Security’ Category

« Older Entries

TrueCrypt

Saturday, December 12th, 2009

I have been looking for an encryption solution since long time ago. I was looking for a solution to encrypt the hard desk in case my laptop got stolen, or somebody expose my confidential information. I heard about too many solutions from computer companies (IBM ThinkPad, HP etc), but to be honest, I hate the closed source solutions especially in this area.

Today, I was listening to security now podcast, and I heard about an open source solution for hard desk encryption. It’s called TrueCrypt. The idea is you create a container file (volume), set a password, and then mount it to a drive letter. Any file you write to the encrypted volume will be automatically encrypted, and any file you read from the encrypted volume automatically decrypted. This means no decrypted file will be stored on the desk, and no file encrypted file will be loaded to the memory. The good thing in this solution is that not all parts of the  file will be decrypted and loaded to the memory. Only small portion of the file will be decrypted and loaded, and the application associated with this file will start running this file portion, and at the same time will start loading the next portion.

Too many features in this encryption solution, you can find more information in

http://media.grc.com/sn/sn-041.mp3

http://www.truecrypt.org/

Tags: , ,
Posted in Security | 1 Comment »

IE8 disclose user information !

Monday, November 30th, 2009

Be careful when you print an html page into a PDF file. If you are using IE8, you author name, and document full path will be written in the file itself, not the file header or footer. This is a serious problem when in comes to privacy, not in the security. The user information will be completely revealed which might lead to revealing the user name, password, or may be the secret question or answer. Also, it has discovered that MS PowerPoint store the full storage path as well, but this can be disable in the Document Property tab.

Read more …

Tags: , ,
Posted in Security | 4 Comments »

Black Tuesday !

Friday, October 23rd, 2009

Last Tuesday was extremely tough. I call it BLACK TUESDAY :(
I spent my whole day a work trying to fix the problem, and reduce the impact of the disaster.

Let me tell you the story. It was very promise morning. I started the day by reading my email, and checking my calender to see which meeting I need to attend, and which homework I need to do. Every thing went fine till afternoon 3:00pm. All of a sudden, all internet went down, and no browsing in almost all users. It was a country wide problem, and every body started calling to check what was going on. We started our investigation by checking the DNS, and we found that it is not responding. We checked the number of requests coming to the DNS, and we found around 30k to 50k requests on each one (we have 4 DNSs in production), which is not normal. We tried to identify which IP is requesting all these requests, but unfortunately, the FW is showing normal DNS requests from internal customers (each one is requesting 5 DNS requests, which is normal). So, from the symptoms, it is clear that it is an internal DDOS attack. If this is the case, it is very very hard to fix it, since you don’t want to block all your customer !

After we tried almost everything, and we fail over to Jeddah DNSs as workaround, one idea came up by one of my friend. Do we have a stable DNS version ? We checked the version and it was ISC BIND 9.5.1 P1. The surprise was it is a vulnerable version !!

Denial of service: Remote attackers can crash vulnerable systems.

We all shocked by this fact ! we spent hours trying to investigate in the wrong direction, and we never thought about the DNS version, or security issues !! It is really very important to start checking your security before anything else. Once we know this information, we downgraded the DNS to version 9.3.6, and every thing worked just fine.

I really learned a lot from that night. Thanks to my friend Abdullah, he was the hero of the black day ;)

Tags: ,
Posted in Security, Technology | 1 Comment »

Distributed Denial Of Service

Saturday, January 31st, 2009
As usual, I was listening to security now podcast episode #8, and Steve Gibson was talking about the DOS and how it works, and what is the different between DOS and Distributed DOS. I found it very interesting topic and I heard a lot of information I never heard about it.
DOS stands for Denial Of Service, and it is simply a packet traffic that might cause problems for the other end. When a client want to establish a TCP session, the first packet sent from the source (web browser for instance) to the destination (server for instance) is called SYN packet. When the server receive the SYN packet, it allocate number of resources (memory, processor etc) and send back a SYN/ACK packet. If the sender is keep sending this packet (SYN packet), the server will keep allocating resources to the clients till it run out of resources. So DOS does not consume the connection bandwidth ! it attack and consume the server resources.

Conversely, Distributed DOS does consume and attack the conection bandwidth. It simply works by infecting a large number of computers (hundreds to thousands), and tell these computers to attack a single end-user. These computers act as slaves and start sending traffic to this end-user (SYN packet or any other packets). One of the most popular DDOS example is ping packet attack (ICMP packet).

So as a conclusion, DDOS consumes the victim’s connection bandwidth, while DOS attacks the victim’s resources.

Posted in Security | No Comments »

Hong Kong (.hk) is the most risky county TLD

Wednesday, December 17th, 2008

McAfee has published a study in June 2008 about the malicious web site across the world. It shows an interesting information about the country TLDs (for example (.sa) for Saudi Arabia and (.ae) for UAE) and a generic TLDs (for example (.com) and (.info)). McAfee has tested 9.9 million web sites across the world; 4.1 % of the tested web sites rated as red (avoid) and yellow (use caution).

One of the most interesting information is that Hong Kong (.hk) country TLD is the most risky TLD in the world in 2008 ! 19.2 % of these red and yellow sites are belonged to .hk. China (.cn) scores the second risky country TLD with 11.8 %; Slovenia (.si), Norway (.no) and Japan (.jp) are the least-risky country TLD. For the generic TLD, .info is the most risiest one with 11.8!; .com scores the fourth risky generic TLD.

More and more interesting information are available in this amazing study; below is the study in PDF format:
http://us.mcafee.com/en-us/local/docs/Mapping_Mal_Web.pdf?cid=

Many thanks to Security Now podcast for mentioning this information. In addition, thanks to my friend Abdullah Al-Dosari who challenged me to addict listening to this show.

Posted in Security | No Comments »

« Older Entries