Memory Analysis Tools Developments

I've been a user of ResponderPro...and have used the open-source tools as well such as Volatility, Memoryze, etc...but ResponderPro really just has features and capability that make it a great tool. It saves me a lot of time and effort. It is expensive though.

However, recently HBGary released Responder CE, a community version of their paid-for Responder products. That is good news.  I haven't had the time to test it, but it may be just the thing you need to start analyzing memory in an efficient manner without some of the hiccups or issues with other tools.

This post though is actually more about the new release of Mandian Redline. Mandiant released Redline 1.0 and this looks like another great tool to use when analyzing memory.  I did get to play with a bit and it appears to be a solid tool; I will be testing it some more against some memory dumps alongside Responder to put it through it's paces.  Really like the fact I can use FDpro dumps I already have.  So far I've been really impressed.

Screenshot below of a friendly remnant of Zeus....

 

A Declaration of Cyber-War - Vanity Fair

Awesome writeup about the Stuxnet event.  It reads like a story more than like an article....

A Declaration of Cyber-War - Vanity Fair

Last summer, the world’s top software-security experts were panicked by the discovery of a drone-like computer virus, radically different from and far more sophisticated than any they’d seen. The race was on to figure out its payload, its purpose, and who was behind it. As the world now knows, the Stuxnet worm appears to have attacked Iran’s nuclear program. And, as Michael Joseph Gross reports, while its source remains something of a mystery, Stuxnet is the new face of 21st-century warfare: invisible, anonymous, and devastating.

Stuxnet from Israel/US?

According to the New York Times, Stuxnet was tested/developed in Israel. There was cooperation between other nations in it's development as well.

Israel Tests on Worm Called Crucial in Iran Nuclear Delay

If true, not all that surprising. 

National Internet ID?

Get ready...here it comes...

From: Engadget.com

Obama administration moves forward with unique internet ID for all Americans, Commerce Department to head system up

"President Obama has signaled that he will give the United States Commerce Department the authority over a proposed national cybersecurity measure that would involve giving each American a unique online identity."

Quite the debate will ensue. Privacy...Security...

BackTrack 4 R2 available

I am a few days behind...but BackTrack 4 R2 is available.

Changes:

• Kernel 2.6.35.8 – *Much* improved mac80211 stack.
• USB 3.0 support.
• New wireless cards supported.
• All wireless Injection patches applied, maximum support for wireless attacks.
• Even *faster* desktop environment.
• Revamped Fluxbox environment for the KDE challenged.
• Metasploit rebuilt from scratch, MySQL db_drivers working out of the box.
• Updated old packages, added new ones, and removed obsolete ones.
• New BackTrack Wiki with better documentation and support.
• Our most professional, tested and streamlined release ever.

http://www.backtrack-linux.org/backtrack/backtrack-4-r2-download/

Phish using TechNet as the lure?

Nope....it is just a really Phishtastic looking e-mail....

Firesheep author Guilty/Evil? (Skills-Gap dependence)

I've talked to a few security people and regular IT folks about the FireSheep tool, and I've also read a few discussions about it. Some have called him irresponsible, some guilty, etc...

In a narrow minded, but broad categorization we could call Wireshark, TCPdump, or [insert sniffing tool here] authors into "guilty" parties. These tools can do the same thing. To keep the conversation...uh...focused we won't mention tools like Metasploit or even NMap.

I know this makes it more "accessible" to the common wanna-be attacker, but when are we going to stop using the "skills" gap argument? Do other physical security professionals rely on "skills" gap to protect them, or do they address the issues?

I dunno, innocent or guilty, a light has been pointed into a dark corner and now people are taking notice. If a constant drone of security professionals encouraging the companies to fix the issue isn't enough, then the attention from this will (or should).