Tuesday, June 26, 2007

Security start-up Untangle goes open-source

One can add this to the portfolio of security services
clipped from news.zdnet.com
Untangle, a start-up that sells software for network security equipment, is making its core product open-source on Tuesday.


The company already uses a variety of open-source software projects, including the SpamAssassin spam-screening software, the Snort software that detects some network intruders and the ClamAV software that can help block "phishing" attacks that direct users to bogus Web sites. Now Untangle is adding its own framework to the mix, software that handles chores such as network management, software updates, security policy settings and processing of network traffic.

 blog it

Thursday, June 21, 2007

Forensics in Houston (litsupport)

Forensic Data Retrieval in Houston

Posted by: "enordstr" ecnordstrom@gmail.com enordstr

Wed Jun 20, 2007 5:43 pm (PST)

Does anyone have a recommendation of a good electronic discovery /
forensic data retrieval outfit in Houston?

3b.

Re: Forensic Data Retrieval in Houston

Posted by: "Omar Cherry" omartyre@yahoo.com omartyre

Wed Jun 20, 2007 8:39 pm (PST)

SysInformation Inc.
2620 Fountain View Dr, Suite 440
Houston, TX 77057
Phone: 281.914.4199
Fax: 832.242.2588

Great Company!



Omar Tyre Cherry
Technology Project Manager
Keystone Document Discoverey
www.keystonedd.com



enordstr <ecnordstrom@gmail.com> wrote: Does anyone have a recommendation of a good electronic discovery /
forensic data retrieval outfit in Houston?

---------------------------------
Ready for the edge of your seat? Check out tonight's top picks on Yahoo! TV.

[Non-text portions of this message have been removed]

3c.

Re: Forensic Data Retrieval in Houston

Posted by: "Capolupo, Mark" mcapolupo@UHY-US.COM mcapolupo_uhy

Wed Jun 20, 2007 9:27 pm (PST)

UHY Advisors, Houston HQ, please call 646-746-1200

Mark

----- Original Message -----
From: litsupport@yahoogroups.com < litsupport@yahoogroups.com>
To: litsupport@yahoogroups.com < litsupport@yahoogroups.com>
Sent: Wed Jun 20 15:56:07 2007
Subject: [litsupport] Forensic Data Retrieval in Houston

Does anyone have a recommendation of a good electronic discovery /
forensic data retrieval outfit in Houston?

Confidentiality and Circular 230 Notices

IMPORTANT: If this communication contains statements concerning taxation, those statements are provided for information purposes only, are not intended to constitute tax advice which may be relied upon to avoid penalties under any federal, state, local or other tax statutes or regulations, and do not resolve any tax issues in your favor. Upon request, we can provide you with express written tax advice after necessary factual development and subject to such conditions and qualifications as we may deem appropriate in the circumstances.

This electronic mail message and any attached files contain information intended for the exclusive use of the party or parties to whom it is addressed and may contain information that is proprietary, privileged, confidential and/or exempt from disclosure under applicable law. If you are not an intended recipient, you are hereby notified that any viewing, copying, disclosure or distribution of this information may be subject to legal restriction or sanction. Please notify the sender, by electronic mail or telephone, of any unintended recipients and delete the original message without making any copies.

[Non-text portions of this message have been removed]

3d.

Re: Forensic Data Retrieval in Houston

Posted by: "Dave Townsend" dave.townsend@aptaracorp.com eforinc

Wed Jun 20, 2007 9:27 pm (PST)

We can help you out in Houston. How many custodians and what is the
timeframe?

Regards,

Dave Townsend
Director, Computer Forensics & ESI Collections
Aptara Litigation Services


________________________________

From: litsupport@yahoogroups.com [mailto: litsupport@yahoogroups.com] On
Behalf Of enordstr
Sent: Wednesday, June 20, 2007 4:56 PM
To: litsupport@yahoogroups.com
Subject: [litsupport] Forensic Data Retrieval in Houston

Does anyone have a recommendation of a good electronic discovery /
forensic data retrieval outfit in Houston?

[Non-text portions of this message have been removed]

3e.

Re: Forensic Data Retrieval in Houston

Posted by: "Robert Fitzgerald" rfitzgerald@universalmobilit.com universal_rob

Wed Jun 20, 2007 9:28 pm (PST)

Dan Dykes - 281-850-7748 We have used him and been extremely happy.

_____

From: litsupport@yahoogroups.com [mailto: litsupport@yahoogroups.com] On
Behalf Of enordstr
Sent: Wednesday, June 20, 2007 5:56 PM
To: litsupport@yahoogroups.com
Subject: [litsupport] Forensic Data Retrieval in Houston

Does anyone have a recommendation of a good electronic discovery /
forensic data retrieval outfit in Houston?

[Non-text portions of this message have been removed]

3f.

Re: Forensic Data Retrieval in Houston

Posted by: "Charlene Agnew" cagnew@airmail.net charleneagnew

Wed Jun 20, 2007 9:28 pm (PST)

Call Dan Dykes at:

Houston Computer Forensics

(713) 660-8303

I've known him for years and have watched him work. He's excellent.

Charlene

__________________________________________________________

Charlene Agnew

CT Summation Certified Trainer

American Society of Trial Consultants, Member

Trial Director Certified Trainer and Trial Consultant

Sanction Trial Consultant

Advanced Litigation Solutions, Inc.

Houston, Texas

(281) 485-4025

cagnew@airmail.net

_____

From: litsupport@yahoogroups.com [mailto: litsupport@yahoogroups.com] On
Behalf Of enordstr
Sent: Wednesday, June 20, 2007 4:56 PM
To: litsupport@yahoogroups.com
Subject: [litsupport] Forensic Data Retrieval in Houston

Does anyone have a recommendation of a good electronic discovery /
forensic data retrieval outfit in Houston?

[Non-text portions of this message have been removed]

Wednesday, June 20, 2007

Fake NetBIOS Tool - Simulate Windows Hosts

clipped from www.darknet.org.uk

Some cool free tools made by folks from the French Honeynet Project.

FakeNetBIOS is a family of tools designed to simulate Windows hosts on a LAN. The individual tools are:

  • FakeNetbiosDGM (NetBIOS Datagram)
  • FakeNetbiosNS (NetBIOS Name Service)
  • Each tool can be used as a standalone tool or as a honeyd responder or subsystem.

    FakeNetbiosDGM sends NetBIOS Datagram service packets on port UDP 138 to simulate Windows hosts bradcasts. It sends periodically NetBIOS announces over the network to simulate Windows computers. It fools the Computer Browser services running over the LAN and so on.

    FakeNetbiosNS is a NetBIOS Name Service daemon, listening on port UDP 137. It responds to NetBIOS Name requests like real Windows computers: for example ‘ping -a’, ‘nbtstat -A’ and ‘nbtstat -a’, etc.

    You can download the tools here:

    FakeNetBIOS-0.91.zip

    There are a few others things here:

    http://honeynet.rstack.org/tools.php

    blog it

    Wednesday, June 13, 2007

    Hacking video

    if down, get it directly http://www.mediafire.com/?cxpyxwktnfh
    clipped from www.darknet.org.uk

    I was thinking that the darknet authors should create videos when they write about different tools… It should be fun to see presentations… and also would bring darknet more hits…
    I made a video for my previous article, and uploaded it to youtube: stealth techniques - syn

    …for better quality download it: here

     blog it

    Monday, June 11, 2007

    Using industry best practices for effective security training

    security consultant needed
    clipped from www.cgisecurity.com

    "Improved employee understanding of appropriate behaviors and best practices for enhanced information security reduces security risks and helps ensure compliance with regulations such as Sarbanes-Oxley, HIPAA, the Payment Card Industry Data Security Standards (PCI DSS) and others. But merely providing security training is not enough. Organizations need to know if training programs have been successful in changing behavior.

    In order to provide an effective security training program, metrics must be set in place from the start. Measurements help establish a baseline of individual and organizational competencies in enterprise security. Additionally, metrics help identify gaps in current training initiatives that should be remedied and improve the methodology and/or content of training programs. Measuring training effectiveness can also be useful in validating the competency of the training entity itself."
     blog it

    No help from my friends

    Microsoft is telling the world how to attach its customers. Suggestion? Upgrade to the next version, or else.
    clipped from www.cgisecurity.com
    Microsoft is telling the world how to exploit their products being used by their customers. Not that the worst of those interested in it did not already know, but the one thing we need from Microsoft is not the exploit, but the patch or at least a decent work-around. And that patch is lacking. Their only defensive advice is to upgrade to IIS 6.0."
     blog it

    Volunteers do not do security

    who is the guy to rely on but hired help?
    clipped from www.cgisecurity.com

    "What if a Web researcher found a bug on your Website today -- but was too afraid of the law to tell you?

    The Computer Security Institute (CSI) recently formed a working group of Web researchers, computer crime law experts, and U.S. Department of Justice agents to explore the effects of laws that might hinder Web 2.0 vulnerability research. And the CSI group's first report -- which it will present on Monday at CSI's NetSec conference in Scottsdale, Ariz. -- has some chilling findings.

    In the report, some Web researchers say that even if they find a bug accidentally on a site, they are hesitant to disclose it to the Website's owner for fear of prosecution. "This opinion grew stronger the more they learned during dialogue with working group members from the Department of Justice," the report says. "
     blog it

    Friday, June 8, 2007

    Priamos Project - SQL Injector and Scanner

    clipped from www.google.com
    PRIAMOS is a powerful SQL Injector & Scanner
    You can search for SQL Injection vulnerabilities and inject vulnerable string to get all Database names, Tables and Column data with the injector module.
    You should only use PRIAMOS to test the security vulnerabilities of your own web applications (obviously).
    The first release of PRIAMOS...


    Read the full post at darknet.org.uk
     blog it

    Tuesday, June 5, 2007

    How Online Criminals Make Themselves Tough to Find, Near Impossible to Nab

    clipped from www.cio.com
    “Business leaders start to say,
    ‘I can’t be paying $400 an hour for forensics that
    aren’t going to get me anything in return,’”
     blog it

    Friday, June 1, 2007

    IBM: Public vulnerabilities are tip of the iceberg

    Lots of work for individual pen testers
    clipped from news.zdnet.com
    IBM's Internet Security Systems division has warned that there is a "colossal difference" between the number of publicly disclosed security vulnerabilities and the number of flaws that are discovered but not publicly disclosed.
     blog it