May 22 2009   6:03PM GMT

Strong passwords? Try this test

Posted by: Troy Tate
Password, Security, authentication, strong password, password strength, complex password, information security, tool

Passwords are the bane of security but currently and historically the primary authentication method for users. Check out this article by Roger Grimes and see how your password policy stacks up using the Excel spreadsheet tool he provides for download. You can use the to convince management how weak your password policy really is.

Test the strength of your password policy

Roger Grimes presents a useful tool for figuring out how susceptible your network might be to a password-cracking attack

Thanks for reading & let’s continue to be good network citizens.

Feb 11 2009   8:08PM GMT

Tracking down that user/computer that locks AD accounts

Posted by: Troy Tate
Data security, administration, analysis, antivirus, anti-virus, diagnostics, howto, information security, malicious activity, malware, Microsoft, Microsoft Windows, Active Directory, AD, network security, Password, policy enforcement, reporting, risk, risks, scanning, search, Security, security notification, tools, troubleshooting, Windows, password management, account management

With an environment spanning 18+ sites and more than 3000 computers around the globe, you could understand how challenging it would be to track down what device/user might be locking user accounts. There are tools out there that you can pay for that can help do this. However, Microsoft has some free tools that with a little testing and use will permit you to quickly track down where the account is being locked and address the situation.

We had a situation recently where malicious software got onto a couple of machines and attempted to use the Administrator account to login. We have account lockout on our Windows 2003 AD domain, so after the appropriate number of invalid tries the Administrator account was locked out in the domain. This is because the machines were members of the domain and the malware did not distinguish the local administrator account from the domain administrator when attempting to elevate authority. Note that we use least user authority in our environment so the malware was not able to spread beyond these two machines. We suspect the machines became infected due to out of date antivirus signatures.

Unfortunately, the antivirus we use did not alert us to the situation. The way we were alerted was by our Microsoft Systems Center Operations Manager (SCOM) implementation. It notified the SCOM admin that the domain Administrator account was locked. The operations team was then tasked with tracking down what or who was locking this account. This is where the Microsoft Account Lockout and Management Tools came in use and helped isolate the cause. Continued »

Jan 21 2009   4:36PM GMT

Security news - Videos from Hack In The Box 2008 Malaysia available for download

Posted by: Troy Tate
hacking, education, training, Security, hardware, software, Password, Windows, Microsoft, Apple, OSX, vulnerabilities

The videos from HITBSecConf2008 - Malaysia are now available for download!

Day 1

=====

http://thepiratebay.org/torrent/4654588/HITBSecConf2008_-_Malaysia_Videos___Day_1

Keynote Address 1: The Art of Click-Jacking - Jeremiah Grossman Keynote Address 2: Cyberwar is Bullshit - Marcus Ranum

Presentations:

- Delivering Identity Management 2.0 by Leveraging OPSS

- Bluepilling the Xen Hypervisor

- Pass the Hash Toolkit for Windows

- Internet Explorer 8 - Trustworthy Engineering and Browsing

- Full Process Reconsitution from Memory

- Hacking Internet Kiosks

- Analysis and Visualization of Common Packers

- A Fox in the Hen House - UPnP IGD

- MoocherHunting

- Browser Exploits: A New Model for Browser Security

- Time for a Free Hardware Foundation?

- Mac OS Xploitation

- Hacking a Bird in The Sky 2.0

- How the Leopard Hides His Spots - OS X Anti-Forensics Techniques

Day 2

=====

http://thepiratebay.org/torrent/4654974/HITBSecConf2008_-_Malaysia_Videos___Day_2

Keynote Address 3: Dissolving an Industry as a Hobby - THE PIRATE BAY

Presentations:

- Pushing the Camel Through the Eye of a Needle

- An Effective Methodology to Enable Security Evaluation at RTL Level

- Remote Code Execution Through Intel CPU Bugs

- Next Generation Reverse Shell

- Build Your Own Password Cracker with a Disassembler and VM Magic

- Decompilers and Beyond

- Cracking into Embedded Devices and Beyond!

- Client-side Security

- Top 10 Web 2.0 Attacks

===

On a related note, the registration for HITBSecConf2009 - Dubai (20th - 23rd April) is now open!

http://conference.hitb.org/hitbsecconf2009dubai/

The Call for Papers (CFP) for HITBSecConf2009 - Malaysia (October 5th -

8th) will open in March 2009.