Security Stallions Blog "Musings of all things infosec…"

Daily Digs – 08.19.2009

Good Wednesday-evening everyone!  We're over the hump on on our way to the weekend so let's get right to the digs...

First up is a little bit of interesting research from our friends over in Redmond on de-anonymizing the Internet.  The paper is all about a newly dubbed system called HostTracker.  The basis of this particular system is to "...track bindings between hosts and IP addresses by leveraging application-level data with unreliable IDs."  But, before I muddle the topic anymore head on over to check out the PDF.
[De-Anonymizing the Internet Using Unreliable IDs]

Everyone's heard of the IronKey but today there was some buzz around some new functionality and that's with specific regard to malware protection on the new product.  The new functionality is by a company called Tresys and called FiST (File Sanitization Tool).
[Malware Protection on USBs from IronKey]

The SANS network forensics puzzle is still on like Donkey Kong!  Submissions need to be in by September 10th, so get a move on.
[Network Forensics Puzzle Contest]

Network World today is telling us that managed security services are all the rage.  Yeah, just like blink-tastic security boxes.  And firewalls.  The real question is what managed security services don't suck?  Hit the link for some statistics you, could very well have, lived without.
[Managed Security Services All the Rage]

Well thankfully you don't need to give up your SSN to get a room from Radisson or you might be in more hurt than you already are.  News out today that Radisson is disclosing a breach and to "review your account statements and credit report".  Thanks Captain Obvious!
[Radisson Hotels Suffer Data Breach]

Gunnar Peterson, representing the 6-1-2, has a fabulous story of - firewalls!  OK, not really, but read the article, it's been the most entertaining thing so far for me today.
[There Are No Firewalls]

Symantec identify your site as "dirty"?  They've got the worst-of for the summer of 2009 up and CNET has an article all about it.
[Dirtiest Websites of Summer]

There seems to be an inadvertent feature in version 3.0 of iPhone and iPod Touch software - the fact that deleted emails can be recovered!  Although reports say it's been fixed in 3.1 beta be wary of anything you think you may have deleted.
[iPhone Bug Keeps Deleted E-mails on Tap]

Rich and Co. over at Securosis have some new details up about the root cause of the Heartland breach.  Although the recommendations are high level it's obvious there are many who are struggling to even implement the bare minimum.
[New Details, and Lessons, on Heartland Breach]

Indictments indictments everywhere!  8 more were charged today for obtaining $22 million dollars worth of wireless devices from AT&T and T-Mobile without payment.  Ummm, say what?  Quite the little scam to abuse the dealer network systems.
[8 Indicted in $22m Fraud Against AT&T Wireless, T-Mobile]

Oh yay, a couple of cloud standardization efforts were made public this week.  If I had to shoot from the hip I'd say the OpenGroup initiative will probably be the end winner as it was entirely odd to see mention of "RESTful" in the first sentence of the A6 draft.  Honestly, I think more effort went into a coining descriptor and buzzwords than anything else (and even that doesn't make total sense to me - call me slow).  But anyway, CNET has the run down.
[Two Cloud Standardization Efforts Made Public]

We'll leave you tonight with some information around a very common tool most of us use on a daily basis.  Considering most people run a stock configuration digging through this rundown of 20 (quick) best practices might serve you well.
[Top 20 OpenSSH Server Best Practices]

That'll do it for tonight folks!  Take care and feel free to comment if you find the digs at all useful.
-windexh8er