Security Today

Comments, thoughts, and pet peeves about the application (or misapplication) of security today.

Tuesday, January 17, 2006

Interesting vulnerability for Laptops with Microsoft OS

Here is a nice little article concerning a vulnerability for laptops operating with Microsoft operating systems (as if there are all that many laptops not using windows). However the news is not bleak, and for those of you that know me personally, I've been talking about the countermeasures for a long time anyway. But here's the problem...

I don't know why everyone with a wireless enabled laptop doesn't have a firewall or routinely disable the wireless antenna. These two simple countermeasures are useful for other important reasons. First, disabling the antenna will help conserve battery life. Oh, you say you're plugged in so battery life isn't an issue. So what! Why would you have the antenna turned on if you don't need to? It's sort of like leaving a door open to your house - why do it if you really don't need to. And the firewall is like a screen door on the house. It lets you know when people are trying to get in and lets the legitimate "air" through. It's not foolproof but it's a very nice tool. Firewalls now have gotten more user friendly and are pretty lightweight in terms of consuming system resources. Granted with the antenna turned off you really don't need an active firewall, but it's not that big a deal to leave it up.

The author of the article notes that his firewall had to be disabled for the vulnerability to be properly exploited. So keep the firewall up and pay attention to any notifications that the firewall might provide for attempts at accessing your system. So just turn off the antenna if you don't need it and use a firewall. There's one bundled with the Microsoft operating system and there are free applications available on the web. You may not need a "big honkin'" firewall, just one that restricts access effectively.

Rob
/



See the entire post

Monday, January 09, 2006

ELF exists!!!

There have been a series of articles, like this one, along the lines that the ELF (Earth Liberation Front) either does not exist or does not have members. This is an interesting argument that is being propagated for reasons I do not know, but the recent focus on ELF and ALF is the result of two events: the recent arrests of those accused of several arsons in the name of ELF and the FOIA document releases indicating that the FBI monitored such groups as PeTA.

First let's get the minutia out of the way...

The FBI was monitoring groups like PeTA for any number of reasons, but the best one that I can think of are the contributions PeTA made to Rod Coronado's criminal defense of roughly $70,000 so he could fight charges of arson that he eventualy plead guilty to and PeTA's contribution to the Earth Liberation Front which was stated to be for publicity. These funds were likely used just for that but it still creates enough suspicion for a little monitoring. Both of these groups, the ELF and the ALF, are considered to be terrorist organizations because they espouse the destruction of property in furtherance of their cause... And there are many arguments that they make about this being non-violence because humans are not targeted, but that is neither here nor there right now.

The problem here is the concern as to whether a person can be charged, implicated or considered a member of an organization that admittedly does not have "true" members. Anyone can claim to act on the organization's behalf as long as they abide by their rules - which can be easily found of the web. But let's attack this from another direction... There are "prisoner" support networks for both the ALF and the ELF. The North American Animal Liberation Front Support Group provides information about arrested activists and directions for making donations or sending care packages. Now if there is no organization with no members then who are these people that need support?

This point was make clear when one of the recent defendents requested that his information be removed from the support group website. This is presumably to make it harder to convince a jury that he a member of a terrorist organization rather than a lone arsonist with an ax to grind. Fine lines that could mean years difference in a sentence.

In other words, as long as an organization exists, in name or form, that encourages actions that target another they are a threat and should be treated appropriately.

With that said, keep in mind this is not some vast organization of shadowy activist but much more likely very very small handfuls of individuals getting a little worked up. Security programs should stay informed and stay focused rather than taking "knee-jerk" actions that cost unnecessary funds and damage the credibilty of the security team. Work with the local law enforcement, collect your own intel and make some sound judgements - or find someone more capable to assist you.

Rob
/

See the entire post