Sunday, November 18, 2007

GreyHat Cyber Defense Workshop

I attended a recent network mapping workshop hosted by the University of Washington Grey Hat Group at the Tacoma campus. Although the nmap exercise was review for me, I found out about a couple new tools and an upcoming event that are worth sharing.

BackTrack is a sweet Linux distro that bundles some great security tools. Although Nessus is notably missing, apparently because of their new proprietary license for version 3, the distro appears much more up-to-date than Knoppix STD and Nubuntu.

DVL (Damn Vulnerable Linux), a play on Damn Small Linux, is neat little distro that you can use as a test target of your scanning and pen testing skills.

Finally, there is a cyber-security competition coming up in April 2008, to be hosted at a large Redmond software company. This is not a vendor specific event; it was held last year at a military base near Tacoma. Here's the rub: this appears to be the same weekend as LinuxFest NW, so I'm undecided on how I'll spend my weekend. LinuxFest is a lot of fun, and makes for a good family outing. My son enjoys it too; we both like the presentations, salmon bake, and world-famous raffle.

Thursday, November 15, 2007

More decent blogs

It's not like everyone isn't already suffering from information overload, but just in case someone missed the boat, here's another great RSS feed.

The Burton Group provides high-quality business analysis as a paid service. However, they also offer free RSS feeds to a handful of their blogs. The info is timely and deals with all manner of tech happenings. If you're looking for a new feed, plug burtongroup.com into your RSS reader. The Application Platform Strategies blog is pretty interesting and not as intimidating as it sounds. Recent posts deal with intellectual property and Google's new Android OS.

And if you happen to not be reading this on an RSS reader or aggregator, here's a primer on readers. I've used Bloglines in the past and am currently pretty happy with the Google Reader.

Saturday, November 10, 2007

Block ads, tracking, and browser hi-jacks

I've found a very useful tool to block ads, cookie trackers, and known browser hi-jacks. I've been using it successfully for several years, and it significantly reduced the spyware on the machines I manage. It works by sending unwanted communication attempts to known servers back to the loopback address (127.0.0.1) where, of course, that server doesn't exist. It works on Mac, Linux, and Windows by replacing the hosts file.

Simply download MVPS's custom hosts file, remove the .txt suffix, and place it in either /etc (Linux/Mac) or C:\windows\system32\drivers\etc (Windows), overwriting the file that's there. For a warm fuzzy, save a copy of the old hosts file first. For Windows, you should then either do a reboot or a dnsflush to help your network software recognize the new file entries.

Aside from the security benefits, it will speed up your internet connection, since you don't have to download ad graphics. It will display a red 'X' for those graphics in your browser.

You'll notice that the Google search results that point to ads don't work anymore. If you need to see certain ad servers, simply edit the file and comment out those entries. Warning: don't curiously plug any of the host entries into your browser; some of them are very nasty and/or malicious (that's why you want to block them in the first place!).