Day 22 - Wiping Disks and Media

Published: 2008-10-22
Last Updated: 2008-10-31 02:04:14 UTC
by Johannes Ullrich (Version: 1)
3 comment(s)

The last couple days we talked about getting rid of rootkits, spyware, bots and such. One common suggestion was to "wipe and rebuild". There are other reasons to wipe disks: Are you donating an old computer to charity? Better get rid of that data first! What are your procedures and tricks to quickly and securely erase data. With > 1TB disks on the horizon, the time it takes to erase a disk with "Boot and Nuke" is getting longer and longer.

In particular:

  • multiple overwrites? myth or necessity
  • physical destruction? shredding? demagnetizing? sledge hammer?
  • drive firmware: how do you validate it after a compromise?
  • USB disks, SIM cards and other "exotic" media.
  • what distance do you keep to the disk on the range to avoid lead backsplatter? ;-)

 

 

-----
Johannes B. Ullrich, Ph.D.
SANS Technology Institute

Keywords: Awareness2008
3 comment(s)

Day 23 - Turning off Unused Services

Published: 2008-10-22
Last Updated: 2008-10-23 00:03:58 UTC
by Chris Carboni (Version: 1)
0 comment(s)

If it's not installed, it can't be exploited.  It's as simple as that.

Does IIS really need to be running on that server?
Are you using SNMP to monitor that server?
Is File and Print Sharing (or Samba) necessary for that server to perform it's role?

Unused services are a sometimes overlooked avenue of exposure that all too often provides a surface to attack.

But how do you know what is "needed"?

Have you done the research for a file and print server? A web only server?  A mail server?
Do you use a published checklist?

Let us know how -you- know what services you do and don't need.

- Chris Carboni

Keywords: Awareness2008
0 comment(s)

Opera 9.6.1 Released

Published: 2008-10-22
Last Updated: 2008-10-22 20:38:22 UTC
by Mari Nichols (Version: 1)
0 comment(s)

One of our readers, David, wrote in to let us know that Opera has released version 9.6.1 for Windows which is a recommended security upgrade.  Some of the Opera rated "extemely and highly severe" issues fixed include revealing browser history and news feeds as well as a Fast Forward cross-site scripting vulnerability.  You can view the changelog here: http://www.opera.com/docs/changelogs/windows/961/

Mari Nichols     iMarSolutions

Keywords: Opera
0 comment(s)

Podcast Episode Eleven Posted

Published: 2008-10-22
Last Updated: 2008-10-22 17:21:55 UTC
by Joel Esler (Version: 1)
0 comment(s)

Hey everyone, sorry it has taken so long to get around to recording another podcast episode.  Travel schedules have been very crazy between us lately.  Anyway, enough excuses, here is episode eleven.  Thanks for all the emails asking me where it is!  :)  It helps to remind me....


All the podcasts

Just this podcast

Podcast through iTunes

-- Joel Esler http://www.joelesler.net

Keywords: podcast
0 comment(s)

F-Secure and Trend Micro Release Critical Patches

Published: 2008-10-22
Last Updated: 2008-10-22 17:14:58 UTC
by Mari Nichols (Version: 1)
0 comment(s)

US-CERT has released information on two critical patches for F-Secure and Trend Micro security software.  As one of our readers, Roseman put it, time to keep your "keep-you-safe" software safe!  
 
Today, Trend Micro released patches affecting Office Scan versions 7.3 and 8.0.  The patches address a stack-based buffer overflow via HTTP request to server CGI modules. You can get further information about the respective patches here:

http://www.trendmicro.com/ftp/documentation/readme/OSCE_7.3_CriticalPatch_B1374_readme.txt

http://www.trendmicro.com/ftp/documentation/readme/OSCE_8.0_sp1p1_CriticalPatch_B3110_readme.txt
 

Yesterday, F-Secure released Security Bulletin FSC-2008-3 which addresses a RPM parsing vulnerability in which specially-made compressed file archives cancause an integer overflow.  This would apply if your program scans compressed files.  Read more about it here.

Mari Nichols    iMarSolutions

Keywords: FSecure Trend Micro
0 comment(s)

Comments

cwqwqwq

www

Nov 17th 2022
6 months ago

eweew<a href="https://www.seocheckin.com/edu-sites-list/">mashood</a>

EEW

Nov 17th 2022
6 months ago

WQwqwqwq[url=https://www.seocheckin.com/edu-sites-list/]mashood[/url]

qwq

Nov 17th 2022
6 months ago

dwqqqwqwq mashood

mashood

Nov 17th 2022
6 months ago

[https://isc.sans.edu/diary.html](https://isc.sans.edu/diary.html)

isc.sans.edu

Nov 23rd 2022
6 months ago

[https://isc.sans.edu/diary.html | https://isc.sans.edu/diary.html]

isc.sans.edu

Nov 23rd 2022
6 months ago

What's this all about ..?

isc.sans.edu

Dec 3rd 2022
6 months ago

password reveal .

isc.sans.edu

Dec 3rd 2022
6 months ago

<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure:

<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure. The social networks are not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go.

<a hreaf="https://technolytical.com/">the social network</a> is not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go. The social networks only collect the minimum amount of information required for the service that they provide. Your personal information is kept private, and is never shared with other companies without your permission

isc.sans.edu

Dec 26th 2022
5 months ago

https://thehomestore.com.pk/

isc.sans.edu

Dec 26th 2022
5 months ago

Login here to join the discussion.


Diary Archives