October 21st, 2009
A good friend of mine sent me the following link:
[http://www.codersrevolution.com/index.cfm/2009/10/21/Sequoia-Voting-System-Witch-Hunt-err-Study-Project"]
The learning we can take away from this is if you don’t adequately cleanse then you can expect the data to become available! While its an interesting concept they apparently tried (and not too successfully) to do. The best way to clean a database is to create a new one and just copy in the data you want exposed. Don’t trust the handy dandy DROP/DELTE 
If they wanted to expose/publish the 88 tables, then they should have created a new DB, copied in the tables and released it. Anything less than that you have to be VERY careful! And for the more security conscious it would be created on a recently wiped drive on a recently rebooted computer!
Posted in SQLServer | No Comments »
September 30th, 2009
- [Kickfire Offers Data Warehouse Appliance for the Masses]
- Kickfire supports a MySQL based data-warehouse appliance targeting 500Gb -5Tb range, starting at $32K.
- Will have to start monitoring this one. They appear to use similar concept to Netezza by utilizing SQL in hardware for speed, not exactly the same – but interesting to see the appliance trend.
- [Building the Data Warehouse for bandwidth tracking]
- This is a worthy read if you need to load and handle lots of naturally partitioned data
- For those not willing to read, I’ll pose a question – how would you handle 683,460 tables
Posted in Data Warehousing | No Comments »
September 20th, 2009
It occurred to me after following the most recent UFC MMA (via the web blogs rather than PPV as I’m still too cheap!) that security and MMA have a lot in common. More precisely the fighters in a stable as very similar to security algorithms or process.
Once a fighters weakness has been exposed there is really nothing you can do to unhide that weakness. You could have the best fighter in the world one day, then the weakness is exposed… You are in trouble!
Security is very much the same. You can perform all the scans, probes, fuzzes, code reviews and feel confident (well as confident anyone does in the security world!) that you are pretty well covered. One revelation a day later can completely invalidate your expectations, and you have to completely start over. Sometimes it is a slow build up, other times it is the equivalent of a bomb.
Bottom line is once a weakness has been exposed you need to:
- See if it can be simply covered
- Fighter can learn to defend against take downs (or not get hit in the head )
- Algorithm can be enhanced to extend its life DES==>3DES
- Relegate
- Fighter acts as the ‘gatekeeper’ to the higher competition levels
- Algorithms security clearance has been lowered, it cant be used in the more secure areas. Examples of this are theoretical discoveries that are likely to result in the actual weakness discover some time later.
- Retire
- Fighter retires, becomes a commentator!
- Algorithm depreciated as it is shown to be fundamentally insecure, now studied in university to show the weakness that designers need to be aware of. Think WEP!
If the weakness is known it is natural the opponent will attempt to get a competitive advantage using it. The longer the weakness is known the more adept the opposition will be at exploiting it. This is true for both MMA & security!
Companies running a SDL are the equivalent to the fighters stable. It is their job to recognize the weaknesses and manage the processes and algorithms so any weaknesses are covered or retired before they become a major problem.
Gareth
Posted in CodeProject, Security | No Comments »
September 20th, 2009
8 topics that I’ve been tracking, and now have the time to do the ‘cliff notes’ for:
- [MSSQL - The Query Optimizer and Parameter Sniffing]
- If you dont know about query sniffing, or came across it a couple of years ago and have forgotten. Give this a (re)read.
- The key here is the “Optimize” for a typical parameter, I dont recall this existing in 2000. So if you are stuck with 2000 (you know who you are!), this obviously wont work!
- [Need to protect your C# code? Have a look at nCloak]
- Article covering how nCloak does naming.
- This isnt production ready, but if you have spare time it would be interesting to see how far this project can go.
- This shows the benefit that Mono is bringing to the C# world!
- [Just got onto TFS? Ready to try GIT/Mercurial? Read more about branch strategies in DVCS]
- Seems like only yesterday everyone was moving from VSS to TFS. Now GIT and Mercurial are on the scenes.
- This article covers various strategies for CI or even “Promiscuous Integration”
- Interestingly the DVCS (Distributed Version Control Systems) appear better suited to OSS projects than internal corporate ones.
- [Microsoft SDL Developer Starter Kit]
- The Microsoft SDL Developer Starter Kit provides a compliation of baseline developer security training materials on core Microsoft Security Development Lifecycle (SDL) topics.
- [OSSEC - open source Host-based Intrusion Detection System (HIDS)]
- Its free! 2.2 came out September 8, 2009
- It has a powerful correlation and analysis engine, integrating log analysis, file integrity checking, Windows registry monitoring, centralized policy enforcement, rootkit detection, real-time alerting and active response.
- [Microsoft releases mini-Fuzzer & Binary analyzer]
- Finally , MS have released some simple fuzzers to help developers understand what they are facing from the black hats!
- [IT executive going to China? If you follow the guidance it will be expensive!]
- Paraphrasing this short article wont do it justice. Among the measures it recommends to IT executives regarding the protection of their computer equipment when traveling to that country are (wow is about all I can say!):
-
- Leave your standard IT equipment at home – buy separate gear to use in China
- Weigh the machine before you go and when you get back
- “Clean” thoroughly the equipment (re-image the laptop you used)
- Throw away the mobile phone you used during your stay.
- [A Shortage of Technical Managers]
Posted in General | No Comments »