I'm Arik, welcome to my weblog

Calendar

May 2008
S M T W T F S
« Feb    
 123
45678910
11121314151617
18192021222324
25262728293031

January 20th, 2006

Guru no more

Filed under: Security, Computer Security, Personal — arikb @ 11:36 pm

When I was a beginner in this field, young and fresh, I was full of conviction. Security was easy! There’s the security problem - there’s the security practice. Do this, avoid that. Very simple, mechanical even. When I talked about security, it was very easy to walk the path of the righteous; to say - with conviction - that there is a right way and a wrong way. Very easy, fun and cool to argue my point and win the argument, because I know what to do. (more…)

• • •

October 11th, 2005

Skype’s encryption

Filed under: Security, Computer Security, Technology — arikb @ 6:58 pm

If you haven’t heard about Skype, go check it out. Skype is a PC< -->PC and PC< -->POTS VoIP application.

In their web site, they claim that all their calls are encrypted (more…)

• • •

September 12th, 2005

Secure by default

Filed under: Computer Security, Travel — arikb @ 10:01 pm

It’s not often that I buy stuff off the cuff. My buying habits are relatively conservative, and I usually do a lot of research on equipment before I buy it. This Friday was an exception to the rule - when I saw the WRT54GC in Fry’s for $40, I just couldn’t miss out. (more…)

• • •

June 6th, 2005

How This Trojan Horse Works

Filed under: Computer Security, Privacy — arikb @ 3:12 pm

Some more information about the trojan in this link:

How This Trojan Horse Works in this Case – 4Law Exclusive Presentation

Some very detailed logs of its activity.

– Arik

• • •

June 2nd, 2005

Trojan horse - more information

Filed under: Computer Security, Privacy — arikb @ 1:39 am

I’ve followed up on some info regarding the specific trojan used, and it seems like it’s the Hotword.B trojan.

The symantec analysis (and a similar one on Aladdin’s site) show that the protocol used to get a configuration file was FTP. No mention of the protocol used to actually get the data out, but it may as well be FTP.

This surprises me - in many organizations in Israel that I’ve been in, FTP is disallowed at the perimiter. I guess those attacked didn’t bother to disallow it, or - more properly - allow only a limited set of protocols. An average organization with a private network, a properly configured HTTP proxy (i.e. only HTTP traffic) and no direct routing to the Internet would have been safe from this particular attack.

And on a different note, the Aladdin link above was in an unsolicited message I got from Aladdin. I might have given them my email address at some time in the past, but I did not intend it to be used to send me UCE. A lot of Israeli security companies are trying to jump on the bandwagon and make money off the trojan discovery.

My previous post on this topic is here.

• • •
Next Page »
This work is licensed under a Creative Commons License Powered by: WordPress • Template based on work by: Priss Creative Commons License