Friday, January 31, 2003

Windows Rootkit ierk8243.sys

I just heard about a thread on NTBugTraq regarding the presence of a kernel level driver called ierk8243.sys. This might be evidence of a trojan related to the MS-SQL "Slammer" worm. Check the thread for more info. I can't find anything else publicly available, yet.

Review of Windows XP Professional Security Posted

Amazon.com just posted my five-star review of Windows XP Professional Security. From the review:


Good administration-oriented security books teach more than proper system configuration. They illuminate the inner workings of the operating system and explain why certain strategies work best. WXPPS doesn't just list OS settings; it explains what they mean and how they have consequences.

Monday, January 27, 2003

Port 1434 UDP Traffic

I just finished listening to the SANS webcast on the recent 1434 udp traffic. It's worth a background listen and lasts one hour.

Saturday, January 25, 2003

DALnet DDoS Attacks

slashdot alerted me to an article about DDoS attacks against DALnet. Read more here. Learn more about IRC in general at netsplit.de. A gallery of bots in action makes for good reading.

SQL Slammer

Looks like the Internet is weathering a new worm. Check out Internet Health Report to see that UUNet appears worse affected at the moment. Details on the vulnerability are available from CERT/CC. eEye has a good write-up and a disassembly. Cisco offers defensive measures. You can find reachability and packet loss graphs at Matrix.net.

Review of Hacker's Challenge 2 Posted

Amazon.com fixed their reviews page. Now my four-star review of Hacker's Challenge 2 appears. From the review:


I've given up on seeing Mike Schiffman correctly abbreviate the Air Force Information Warfare Center as "AFIWC" in his biography. His use of "AFWIC" must refer to the UN's AFrican Women In Crisis program and not the talk he gave to the AFIWC in Apr 99!

Friday, January 24, 2003

DNS Traffic Analysis Results

From this article:


Scientists at the San Diego Supercomputer Center (SDSC) at UCSD analyzing traffic to one of the 13 Domain Name System (DNS) “root” servers at the heart of the Internet found that the server spends the majority of its time dealing with unnecessary queries.


The paper explains what is happening and offers recommendations. Observations made at one server for one day don't conform to rigorous statistical norms, but the findings are interesting nevertheless. slashdot is discussing the findings.

Tuesday, January 21, 2003

Amazon.com Review Updates

I just finished reading Windows XP Professional Security. It was excellent and I added it to my Digital Security System Administration Listmania List. Hopefully Amazon.com will publish the review soon.


While my review of Hacker's Challenge 2 appears on the book's page, it's not listed on my reviews yet. I guess Amazon.com is still having database issues.

Monday, January 20, 2003

FreeBSD 5.0 Released

FreeBSD 5.0 RELEASE was announced yesterday. Use the mirrors to retrieve what you need. The guys at Slashdot repeated last June's debacle with FreeBSD 4.6 RELEASE by jumping the gun on 5.0 RELEASE's announcement and linking directly to an FTP server. They should have waited for the announcement and then linked to it or the mirror database.

Saturday, January 18, 2003

Response from Amazon.com

Amazon.com responded to my email with the following:


Dear Richard,


Thank you for writing to Amazon.com.


At this time we have encountered some technical issues with customer reviews on the Amazon.com website. These issues have impacted the majority of our customers who submit reviews to the website and have resulted in the inability of customers to properly view their reviews in their About You Areas, the disappearance of previously posted reviews, and the delay in the posting of their most recent review submissions.


Our technical support staff is aware of each of these problems and are researching the cause of each of the issues. Please be aware that they have implemented changes to our database to resolve these issues. These changes will be affecting the website over the course of the next few business days. We appreciate your patience during
this time period.


Thank you for your interest in Amazon.com.

Thursday, January 16, 2003

Email to Amazon.com

I just sent the following email to community-help@amazon.com:


Hello,


Amazon.com is a great site and I'm amazed you can manage as much information as you do!


I noticed Amazon.com appears to be having trouble with some of its book information. While I no longer see that books not yet published will arrive on "December 31, 1969," the review data seems out of sync. For example, when visiting this link to look at my reviews, the last one I see is for the book "BGP" by Iljitsch Van Beijnum, reviewed on 5 Jan 03:


BGP


However, a review I wrote on 8 Jan 03 for the book "Implementing Intrusion Detection Systems : A Hands-On Guide for Securing the Network" by Tim Crothers appears only at this link:


Implementing IDS


Also, I submitted a review for this book on 11 Jan, but haven't seen the review posted yet:


HC2


Is Amazon.com still experiencing some trouble with its reviews?


Thank you,


Richard Bejtlich

Wednesday, January 15, 2003

Amazon.com Problem

It looks like certain Amazon.com links are working again, although the publication dates of December 31, 1969 still appear.

Tuesday, January 14, 2003

Response from Amazon.com

I emailed community-support@amazon.com asking why their "reviewer" links are broken. Here is their response:


Hello Richard,


Thank you for writing to Amazon.com to bring this to our attention.


Our technical support staff is aware of the problem that has affected the proper displaying of customer reviews within each customer's About You area. It does appear that this problem is currently affecting almost all of our reviewers. As our technical support staff has not completed diagnosing the cause of this problem they have been unable to provide an estimate as to when the problem will be rectified. We appreciate your patience while they work to find a solution.


Thank you for your interest in Amazon.com.


I also noticed books with a publication date in the future are listed as "Availability: This title will be released on December 31, 1969. You may order it now and we will ship it to you when it arrives"!

Sunday, January 12, 2003

New TaoSecurity.com and Listmania Lists

I finally updated the look of TaoSecurity. I hope everyone likes the new design.


I also updated my Listmania Lists, aka "Recommended Reading," at Amazon.com. I broke the lists down into five "Digital Security" categories:


While I've read most of the Weapons and Tactics and Communications books, I am only now starting the books from the other lists. Email me if you might recommend a better book, especially one on Windows system administration.

Saturday, January 11, 2003

SecurityFocus Removes Exploits from Database

Have you noticed that SecurityFocus has removed exploit code from its vulnerability database? Anyone knowing why, please email me at richard at taosecurity dot com.

Story on DNS Root Servers

Rik Farrow wrote another excellent "Network Defense" article titled DNS Root Servers: Protecting the Internet. Rik elaborates on the criticality of the generic top level domain (gTLD) servers:


"The eight U.S. gTLDs are all currently operated by Network Solutions and run on IBM AIX servers using the same software. As with root servers, there are also international gTLDs, located in Hong Kong, Tokyo, Stockholm, and the U.K. The gTLDs get many more requests than the root servers and are in fact more critical to DNS operation. The root servers simply point to the gTLDs and ccTLDs. These servers, in turn, return the addresses of the authoritative name servers for most domains."

Amazon.com Error

Since yesterday, links to reviewer pages at Amazon.com have been resulting in errors. This has been happening to other Amazon.com reviewers as well.

Friday, January 10, 2003

Review of Implementing Intrusion Detection Systems Posted

Amazon.com just posted my four star review of Implementing Intrusion Detection Systems: A Hands-On Guide for Securing the Network (Wiley, Dec 2002) by Tim Crothers. When was the last time you saw a new book on detecting intrusions at your local book store? Aside from revisions of "Network Intrusion Detection" by Northcutt and Novak, the last thought-provoking book was Paul Proctor's "Practical Intrusion Detection Handbook," published in August 2000. In 2003, IDS fans, the drought has ended...

Wednesday, January 08, 2003

First Post and Review of BGP Posted

Welcome to my blog! The main new content will be news of book reviews that I've had published at Amazon.com. In 2002 I read and reviewed 24 books on computer security topics. Most recently, these included The Art of Deception: Controlling the Human Element of Security by Kevin Mitnick and The Hacker Diaries: Confessions of Teenage Hackers by Dan Verton.

My first published review of 2003 is a four star review of BGP (O'Reilly, Sep 2002) by Iljitsch Van Beijnum.

You can see my book reading (and reviewing) schedule by visiting www.bejtlich.net/reading.html. I will no longer try to review every security book which hits the shelves! That was a pipe dream, even when I started reading these sorts of books in 1998. The books I add to my schedule either address a topic about which I need to know more, or offer original content by an interesting author.

Thank you for visiting!

Richard Bejtlich
TaoSecurity