background preloader

Security

Facebook Twitter

UEFI and the TPM: Building a foundation for platform trust. Table of Contents Traditional boot processes cannot stop sophisticated attacks instantiated before operating system load. Consequently, we need a method to ensure that when the operating system (OS) loads and the user logs in, the system is “clean” and trusted. The Unified Extensible Firmware Interface (UEFI) and the Trusted Platform Module (TPM) specification provide the components and processes necessary to achieve this objective. In the following pages, we take a close look at both the TPM and the UEFI. We then step through a trusted boot process showing how they help ensure safe user authentication and sensitive information processing.

First, however, we need to define trusted computing. Trusted Computing… A trusted platform (e.g. desktop PC, server, laptop, etc.) possesses high assurance of operating as expected. For our purposes, a platform consists of two software attack surfaces: firmware/drivers/boot loader and OS/applications. Figure 1: Software Attack Surface Manipulating input. iPhone Espionage. Dangerous Texts: Preventing SMS Cracking. The very first SMS (Short Messaging Service) message was sent on December 3rd, 1992. As cellular phone technology exploded since then, now your average person sends and receives many SMS text messages each year. In a world where the overwhelming majority of adults (and some children) carry a smartphone or a ‘feature phone’, texting is an easy way for me to keep in touch with people, in my work and in my personal life.

I’m far from alone. If you have a medium or large office-based workplace, chances are that your employees use SMS in their work- quite often on corporately owned smartphones. The technology is really convenient, and sending texts takes less work than sending e-mails. But if your company uses SMS texting, it’s vital that your IT department is aware of the possible dangers of that medium. It’s possible to make your texting more secure, especially when you understand the features of that technology.

SMS messages are limited to 1120 bits in length. Want to learn more?? Goodbye DIACAP, Hello DIARMF. When C&A becomes A&A, will you be ready? Every few months, an elite group of DoD security experts, IT managers, and senior leadership gather to chart the future course for how Information Assurance will be conducted within the Defense Department. Very soon, this group will introduce sweeping changes to the Certification and Accreditation process, to the extent that personnel roles, job titles, and even the moniker C&A itself will change, evolving into new nomenclature and a new era for the Information Assurance community of practice within the DoD.

After implementation, the use of DIACAP Certification and Accreditation processes will cease and DIARMF Assessment and Authorization will become the ‘new normal’ for information technology professionals and risk managers throughout the Defense Department. Defense Information Assurance Risk Management Framework (DIARMF) The six major steps of Risk Management Framework aligned with the five phases of a System Development Lifecycle (SDLC) -=Len. Writing Self-modifying Code Part 1: C Hello world with RWX and in-line assembly |  InfoSec Institute – IT Training and Information Security Resources. To follow along with this tutorial, download all source files here In the first part of this tutorial, we’ll be making a basic C scaffold and getting read, write, and execute permissions for the memory section. This way we’ll be able to have some self-modifying code in the following tutorials (part 2 is located here). We’ll begin with a hello.c, hellodll.c, hellodll.h, and makefile. Readers should be able to use an Ubuntu virtual machine and simply: apt-get install build-essential mingw32 in order to follow along.

The hello.c file is a simple dll loader. Let’s take a look at the source files: If we take a look at the source files, hello.c does little more than call LoadLibrary and call the first exported function in the Dll. If the goal is going to be to write self modifying code we’re going to need to get read, write, and execute permissions. Int vpretval = VirtualProtect( baseaddress, memlen, newprotect, &oldprotect); But how are we going to get the size of the code? Asm( “nop;” “nop;” );

9 Easy WordPress Security Tips: Hardening WordPress. WordPress is the most popular Content Management System (CMS) on the World Wide Web. I’m one of the two web developers for Liberbyte.com, a tech blog with a focus on end user education and open source. I’ve done enough raw coding with HTML, CSS and JavaScript in the past 15 years to really appreciate how WordPress makes maintaining our blog easier. Once the look and design of the UI is in place, adding new posts is even quicker within WordPress than it would be using a web development suite such as Aptana.

Better yet, all of my work can be done inside my web browser, which uses a lot less memory than an IDE. Like many popular applications, WordPress even has many thousands of plug-ins and widgets created by WordPress’ vast developer community. Because WordPress is open source and licensed under GPL, each release gets better and better, and thousands of developers are making useful programs for it.

Step 1: Audit Overall Work Station Security Step 2: Keep WordPress Updated An .htaccess file. Incorporating Custom Shellcode Into The Metasploit Framework |  InfoSec Institute – IT Training and Information Security Resources. Writing shellcode can be a somewhat time consuming task. Once considered a dark art, shellcoding has become a part of the vocabulary of modern IT personnel.

With IT Security becoming more and more important within organizations today, it’s becoming practical for many people to not only know what shellcode is, but to also understand what it does, how it does it, and how to craft your own. Modern tools, such as the Metasploit Framework, have reduced the work necessary to write shellcode and to leverage it to exploit vulnerabilities. This is achieved through code reuse in the form of Metasploit modules and payloads, a powerful set of provided tools, and the ability to extend the console itself. This article will explore how to utilize and incorporate your own shellcode for use with the Metasploit Framework. We will focus more on the end-to-end process than on any individual piece. I will add tidbits that I have found to be useful or particularly relevant. Target audience: What You Will Need: Rootkit Detection with Tuluka Kernel Inspector. Introduction A rootkit is a piece of software that is written by someone, who at the very least, wants to spy on specific system calls made by an application, for some purpose.

It’ll usually hide itself from normal directory and process listings made either by native OS tools, or third party software which functions in the same way. It does this so that the user does not detect its presence and take steps to try and remove it. A rootkit could infect a user’s system in any number of ways from clicking on an Email attachment to visiting a malicious web page to running executables from untrusted sources. This being the case, security vendors and helpful open source developers have created software which will try their hardest to detect the presence of a hidden rootkit and hence help users keep their systems clean. Note though that the scope of the article is limited to rootkits in a Windows environment only. Basics – You can’t see me :) A little theory before we move on.. IDT Hooks Nope.