woensdag 15 april 2009

BlackHat Europe drinks anyone?

Who's there? I know I am, I know Craig Balding is and Roelof Temmingh & Chris Bohme are, but will you?

This action packed and kick ass conference will show you where the community is at and what to expect in the [not so] near future. A -must- for IT [security] people who take their jobs serious.

Not just the presentations but the informal meeting opportunities in & out side bars and rooms make BlackHat Europe so special. It's much smaller and more intimate then Los Vegas etc. This is one important reason speakers like it here so much. Not to mention the opportunity to explore this magical city with is struck by a wave of the best weather in a loooong time.

dinsdag 14 april 2009

Kidney, anyone?

One of my best friends is due to get a 'new' kidney, today. Just like hosting a new service. New is relative here since the market for new grown kidneys is not that big so he gets one second hand, from his wife. Like using that compiled distributed application. While they spend time unconscious under the capable hands of one team of doctors, their 3 year old spends time at our house. Like having freelancers watching over your databases.

There is a lot of risk involved in the whole kidney transplantation deal. He will get a 'strange' organ implanted and his immune system will fight it to its or their death. Like your antiviral software battling a smartly written Trojan. To prevent this from succeeding he will be taking medication to reduce the effectiveness of his immune system, which in itself opens him up to a whole range of new dangers. Like placing a very large do not scan mask. See it as DMZ's or even extranet connectivity.

But before he gets anything, she will have to give. Like opening up your tightly secured local network. She's a healthy woman in the flowering ages and has absolutely 0 health issues. Like your internal NetWare file server. She's taking a statistically small risk, kidneys get removed and people operated by the 1.000 everyday. Like hosting your own domain. Still, statistics mean little in individual cases since either you live or you die, a rather back and white situation. Like the compromise of your network with a 0 day.

The risk person in us [we do sort of the same kinda work] made us prepare for the worst. Like a BCP for an earthquake in a country like Holland. They have officially made me guardian of the little them. I have full control over all their assets. Like having the root passwords. Just in case. You never know. The scenario of him kicking the bucket, they both not waking up and whatever other terrible scenarios have been discussed, face to face and measures have been taken to assure live will be as good as possible for friend 2.0.

What can and needs to be arranged officially has been done. A will has been made, signed and sealed. List with invites & a formal chain of command have been made. Famous last words have been written. Religious & family matters been taken into account. Everything has been encrypted and securely distributed. The key hidden in Google's cache.

We also have friends over from a country where we lived for a couple of years.

Black Hat Europe will start for me tomorrow and my youngest daughter will go on her first real school holiday trip.

Later today the operation's team leader will call me to inform me of the preliminary results and I have been assigned the task to inform the selected family members, friends & colleagues.

Unless something goes dramatically wrong: then the phone will ring earlier.

Business as usual, nothing to see here, please move on.

vrijdag 10 april 2009

Safe browsing at google.com?

Google hosts a great club of smart people who do all sorts of groovy things. One of them is the "Safe BrowsingDiagnostic". You can check sites yourself to [use this]

What happened when Google visited this site?

Of the 2709 pages we tested on the site over the past 90 days, 1 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2009-04-10, and the last time suspicious content was found on this site was on 2009-04-10.

Malicious software includes 1 scripting exploit(s), 1 trojan(s). Successful infection resulted in an average of 8 new process(es) on the target machine.

Malicious software is hosted on 3 domain(s), including v3i9.cn/, nvi3.cn/, said7.com/.

2 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including, said7.com/.

This site was hosted on 4 network(s) including AS15169 (GOOGLE), AS26230 (TOTTAWA), AS6130 (ADN).

browsing google.com is not a safe idea anymore!

donderdag 9 april 2009

ING Internet payment site down again

ING is not doing too well, not to say bad. Lots of hocus pocus with your [and mine] money of the past couple of years have led to the current drama unfolding. This whole 'financial turmoil' might look far away from decent people's beds but it is not.

Since 2 hours the internet site for money transfers is not working, and greets you with "Welcome Null" what a great way to show your customer something 'technical' is wrong!

When I spoke to the helldesk for normal customers the lady told me there was a power issue in Amsterdam caused by the NUON. My [former] colleages told me the power issue is in Rotterdam and the IBM mainframes & access switches went of the radar about 2 hours ago.

The largest local newspaper quoted an ING spokesperson saying "We do not know what the issue is at the moment"

All of this is not so bad if the issue happened 'any other normal day' but ING's luck or mismanagement make things look extra scary since they released a press note stating they are dropping 10 of the 12 [!!!] business units not directly related to banking.

Killing the super successful no nonsense Postbank right in the middle of the financial crisis was a bad stroke of luck, but as so often, when things start going wrong, they go very wrong. I hope for you you have taken measures that the actions of the management of this bank will not affect you and your loved ones too bad, because more news is in the making...

And of course things that 'go wrong' can be hilarious too. Here rally champion sjeik Mohamed Bin Sulayem in the ING sponsored F1:

woensdag 1 april 2009

Nmap to find Conficker infected hosts

Get latest nmap (4.85BETA6 at the moment of writing) from:



sudo nmap -sC --script=smb-check-vulns --script-args=safe=1 -p445 \
-d -PN -n -T4 --min-hostgroup 256 --min-parallelism 64 \
-oA conficker_scan

It is important to note that scanning for Conficker has the small chance of crashing an unpatched host. Patched and infected hosts won't be crashed though. Note that if Conficker scans unpatched hosts they are even more likely to crash than with this check so the benefits probably outweigh the drawbacks.

Find the source here.