IT Security Blog

The Penetration of LCD Monitors in the Technology Market

By

The cost for owning LCD monitors today have severely been lowered, putting into peril the usual CRT monitors known as the bulky packaged ones that are usually partnered with a desktop system. While the CRT series have gone as far as widening their screens towards the 19” Flat Screen monitor, from all indications, everyone will be leaning more towards a space consuming and screen optimized LCD monitor regardless of its screen width.

LCD Monitors

Such was forthcoming. In its initial introduction to the market, a lot of people were hesitant due to the astronomical price that it was pegged at. But like all competing products, once the competition sets in, the need to adjust the price to be competitive in the market is a must. Thus, such a trend can be seen with the large drop in the price of LCD monitors such as Samsung and LG Collins, two players who are not really tagged to be in the line of Viewsonic and AOC.

As it stands, the final decision would be left on the price and the screen resolution as required. For people who are simply wanting to get in with the times, this is certainly welcome news for the lower costing manufacturers who aim to satisfy the need for LCD monitors, regardless if this is just for personal satisfaction or not.

[tags]lcd monitors, samsung, lg collins, crt monitors, desktops[/tags]

MajorGeek.com: A Download Site for Computer Care

By

Major Geek

Day-in and Day-out, people surf the web for possible downloads in the form of drivers, security stand alone cleaners, and free programs that will help them in their specific needs. One drawback is the potent threats and reliability of such sites since everyone is aware that such malicious Spyware or Trojans may be present in these programs which are usually compressed in zip files prior to free downloading.

Majorgeeks.com is one site that contains a lot of the helpful tools to aid computer users in their everyday issues and improvements for their overall operating system and performance. One notable thing that most users are aware about is that of intrusions in their system from the usual cookies and attachments that people get from the Internet. With the mischief going around, no one really knows how safe their computer is and what files are needed and not on their hard drives.

Switched Network Security

By

Many people I speak to think that simply because they are on a switched network, they are immune to packet sniffing, a process whereby a computer listens for packets not intended for that address, and logs them, potentially gathering usernames, passwords, and other useful information within network traffic. For example, every time you log into a website which does not use SSL (Secure Sockets Layer), your username and password are transmitted in plain text as part of the HTTP (HyperText Transfer Protocol) request. If another user is running packet sniffing software, this request will get logged for later analysis, which could lead to that user gaining access to the website you visited, under your account.

Packet sniffing was easy on networks connected using hubs, as a hub is a device which sends every packet it receives to every computer connected. This is bad for a number of reasons, including reducing transfer rates due to collisions and unnecessary transmission; if data is not destined for a computer, it would still be sent there. It does, however, also allow for easy packet sniffing; simply set a network card to pass every packet up to the application layer, instead of only those addressed to the specific computer. These can be logged for later analysis.

On a switched network, packets usually go only to the computer to which they are addressed, based on MAC address resolution of the IP. The switch then sends packets to the port hosting that MAC address, and only that port.

So, how is it that switched networks are still vulnerable to packet sniffing, if packets only get transmitted to their destination?

This is where ARP Poisoning comes in. ARP is the Address Resolution Protocol, and maps IP addresses to MAC addresses. In an ARP Poisoning attack, a system sends out faked ARP responses claiming to be the MAC associated with an IP. As such, packets destined for that IP will be sent to the computer doing the ARP poisoning, as they traverse the switch, instead of the real destination.

Using this mechanism, it is possible to redirect packets between a computer on the network to the border router, forcing them to be delivered to a system running a packet sniffer, instead. From here, they can be logged and then sent on to the real MAC address of the router. This is known as a man-in-the-middle ARP Poisoning based network sniffing attack, and is effective against switched networks.

Because this attack is based on ARP requests and responses, which are a local network mechanism, this attack cannot traverse routers or any other level 3 or higher device.

Can they offer anonymous browsing?

By

September saw the introduction of two new web browsers focusing on anonymous web browsing. Early this month, Browzar was launched by Freeserve founder, Ajaz Ahmed. It automatically deletes any cookies after each session, does not save save pages in cached folders, and its relatively small size makes it easy to bring along. There has been issues on it being merely an IE shell and that search results lead to sponsored links and adverts. Also, users need to download any security patches from Microsoft once a flaw has been identified for IE. After the two recent attacks on the browser, many are skeptical to its overall usability.A screenshot of browzar

Torpack on the other hand came from Hacktivismo, a group of computer security experts and human rights workers, and is based on Mozilla’s Firefox. No installation is required to run the browser, though the two folders generated from the free download have to be kept together for it to run. This browser encrypts the data passing from the user’s computer and the TOR network, and causes the IP address seen by the website to change every few minutes. Torpack does have limitations; browsing speeds will be slower and it’s suggested not to log-in sites which cannot offer secure log-ins.

Both of these applications are not meant to replace the current browsers you’re using in your computer. It’s interesting to note that they both have privacy and secure browsing as their main selling points. These features are useful for users who are leery of going online in public access locations like schools and Internet cafés, where a secure connection cannot be guaranteed. So far both of these are available for free download, and you might want to see which one will stand the test of continuous use.

2006 Security Book Roundup

By

This year has seen a steady increase in the number of new books being published on security-related topics. Since the year is about to end, I thought I’d round up a few of the best I’ve read, seen, or heard about, and comment briefly on each one!

Apache Security
O’Reilly
Published March 2006
http://www.amazon.co.uk/exec/obidos/ASIN/0596007248/

This book covers installing a secure Apache web server, discusses a variety of attack techniques, and looks at securing a multi-user hosting environment. All round, an excellent book for webhosts or anyone running Apache on an Internet-accessible system! You can also rent textbooks to save money.

SSH, The Secure Shell: The Definitive Guide, Second Edition
O’Reilly
Published May 2006
http://www.amazon.co.uk/exec/obidos/ASIN/0596008953/

This book takes a look at the SSH program, a replacement for telnet or rsh, providing an encrypted link over which programs can be run. SSH also contains programs for file copy, replacing rcp and perhaps even FTP! The book looks at the latest developments in OpenSSH and other SSH implementations, and includes some powerful examples including setting up SSH tunnels and forwarding systems.

Security And Usability
O’Reilly
Published February 2006
http://www.amazon.co.uk/exec/obidos/ASIN/0596008279/

This book reaches a compromise between the two design goals of security and usability. I haven’t actually read this one, but everyone I speak to that has thinks its worthwhile!

Extrusion Detection
Addison-Wesley
Published June 2006
http://www.amazon.co.uk/exec/obidos/ASIN/0321349962/

One of the few books in publication which covers the important topic of internal attacks! Again, I haven’t read this, but it is an important topic, and its nice to see books finally starting to appear to bridge the gap between the generic security books and the knowledge that network administrators need!

Cryptography In The Database
Addison-Wesley
Published May 2006
http://www.amazon.co.uk/exec/obidos/ASIN/0321320735/

This book approaches security from the opposite end to many; from the innermost structure in many applications. Databases are often left open to attack because it is assumed that the outer layers of a program protect any database access against exploitation. Using cryptography in the database helps to prevent attacks which take advantage of most peoples false sense of local security! Once again, this book is a much-needed addition to the stores!

If I’ve left out your favourite security book of the year, or, if you’re one of the lucky few, the book you wrote this year, don’t be offended! I just chose a few of the ones that stood out most to me. There were, as I said, a large number of books dealing specifically with security this year, from VPNs to SSH, rootkits to software vulnerabilities, Apache to IIS, and PHP to SQL. In each case, the books have contributed new and fresh ideas, shown the latest attack patterns, and offered advice for prevention, or, failing that, cure.

As the threat from malware, malicious hackers and even corporate software with unintentional (or intentional) security issues grows, books like these serve not only to educate the developer and system administrator in prevention, but also to alert the user to the threat. Most technical users cannot fail to notice the distinct rise in security related books this year, and should easily be able to correlate this to the ever-increasing threat as our world becomes ever more connected!

RedHat Enterprise Linux 4 vs. Windows Server 2003

By

You will constantly see “religious” wars being fought between the camps of the above mentioned platforms. You’ll also see a lot of comparisons between the two on the net, all of which have a hint of bias in them. Well today I’m going to cover just facts between the two platforms to see which one comes out a clear winner, if any.
Let’s see when each platform launched. If we look up RedHat we’ll find that they launched version 4 of their highly acclaimed Enterprise Linux on February 15th, 2005 according to CRN. Microsoft Windows Server 2003 was released on March 28th, 2003 according to Microsoft’s own site. That’s nearly a two year gap between the two which in the IT world is nearly a lifetime of most software product versions themselves.
So Windows Server 2003 has a near 2 year head start on RedHat Enterprise Linux 4 to collect all sorts of vulnerabilities that we all know Microsoft is famous for. However, this is where it gets to be a tad bit surprising. Outside the hype and FUD (Fear, Uncertainty and Distrust), it’s not nearly as bad as the general tech community paints it out to be. A little research from Secunia reveals that it’s not bad at all.

Graph
Since its release in 2003, Windows Server has accumulated a total of 74 Secunia Advisories.

Now let us take a look at Redhat Enterprise Linux

graph

Since its release in 2005, Enterprise Linux 4 has accumulated a total of 128 advisories.

Wait, what? There must be some mistake. Well ok, perhaps the Enterprise Linux 4 vulnerabilities are a lot less severe than Windows Server 2003. A local vulnerability is a lot less severe than a remote vulnerability.

So let’s look at RedHat Enterprise Linux 4 first.

graph

Ok so 83 percent of all the vulnerabilities are able to be exploited remotely. That’s a pretty high number. Let’s take a look at Windows.

Graph

59 percent of all Windows Server 2003 Secunia Advisories are remotely exploitable.

Well now, this is fairly interesting. So far, dare I say, Windows is leading in terms of security.

Ah but wait, it’s not over yet. We have yet to see the type of impact most of these vulnerabilities have, and most importantly, the impact they have at the system level.

So let’s take a look at RedHat Enterprise Linux 4 first.

Graph

We see here that 30 percent of the vulnerabilities allow system access.

Now let’s take a look at Windows Server 2003.

Graph

We see here that Windows Server 2003 is a bit more severe in that 53 percent of their vulnerabilities allowed system access. That’s a fairly high percentage that is dangerous, especially in an enterprise environment.
Secunia also keeps track of vulnerabilities that they have discovered and are unpatched as of yet by the vendor, which gives us an idea of the rate at which each vendor responds to security.

The Secunia database currently contains 0 Secunia advisories marked as “Unpatched“, which affects RedHat Enterprise Linux AS 4.

That’s pretty decent, so we know that RedHat responds very quickly to any discovered security threats. Let’s have a look at Microsoft.

Currently, 8 out of 74 Secunia advisories, is marked as “Unpatched” in the Secunia database.

A much more dangerous number than zero. Although, to their credit, all of the “unpatched” vulnerabilities are not too critical. However, this still shows us how seriously Microsoft lags behind in their patching efforts. One could only attribute this to the massive complexity of the Windows system that Microsoft engineers must go through in contrast to the modular nature of Linux itself.

In conclusion, what we have here is a very interesting set of differences between the two platforms and neither comes out as a clear winner. (I know, you are disappointed!) However, we did uncover the fact that Windows Server 2003 is not nearly as bad as the general tech community paints it out to be and would be a fairly solid choice in an enterprise environment despite all the FUD.