10 things to learn on March 28th

10 things to learn from the almighty WWW today:

The art of unpacking Conficker worm | Fortinet FortiGuard Blog

Over the past two years, rarely did a worm get as much attention that Conficker (aka Downadup) is getting now. Its last variant, the infamous W32/Conficker.C, which surfaced in early March and is set to time-bomb on April 1, is literally all over the media. Of course, its features are well known and documented and some papers (such as SRI’s excellent analysis and a blog post from Sourcefire) even give interesting insights on the reverse engineering process. Indeed, while understanding the behavior of the malware is important to most people, learning how to understand it is even more important to some.

That is the purpose of this post. While not delving into the depths of reverse engineering Conficker, it aims at providing a few tips to whomever may want to participate in the community efforts, for a better understanding of the infamous worm variants. And the best part is that part of these tips apply to other malware pieces.

Lookout : Watcher: a free web-app security testing and compliance auditing tool

I announced Watcher at CanSecWest and I’m happy to say IE8 Security Program Manager and Fiddler author Eric Lawrence also announced our it at MIX09 yesterday. Check out his talk at http://videos.visitmix.com/MIX09/T54F it’s an eye opener for Web developers – introducing us to the new features of IE8 while also covering state-of-the-art secure development practices for today’s Web applications.

Watcher is designed as a Fiddler plugin that passively monitors HTTP/S traffic for vulnerabilities. It gives pen-testers hot-spot detection for user-controlled inputs, open redirects, and other issues, and it gives auditors an easy way to find PCI compliance and other organizational issues. Here’s some of the issues Watcher has checks for now:

The Spanner – XSS Rays

I’ve developed a new XSS scanner tool that’s written in Javascript called XSS Rays for Microsoft. They have given me permission to release the tool as open source which is awesome because it can be used for other open source applications. I recommend you use it as part of the web development process to make sure you’ve filtered XSS correctly on your application.

It works as a bookmarklet and scans any links, paths or forms on the target scanning page (even cross domain). You can add vectors to it quite easily and it includes some of the most common injections I’ve found on sites over the years. I’ve tested it on IE7/IE8 and Firefox but it could work in other browsers.

The advantage of the bookmarklet is that vectors can be customised for each browser and they are executed in the context of the browser, in IE8 standards mode were css expressions are disabled in IE8 the vector won’t be executed for example.

Conficker nails Parliament slowing the network and locking accounts

“The Parliamentary Network has been affected by a virus known as Conficker. This virus affects users by slowing down the Network and by locking out some accounts. We are continuing [sic] to work with our third party partners to manage its removal and we need to act swiftly to clean computers that are infected,” the memo reads.

“We are scanning the Network and if we identify any equipment which we believe is infected with the virus then we will contact you to ensure that the device is either removed from the Network or cleaned and loaded with the correct software to prevent this infection reoccurring.”

FT.com / Columnists / Lucy Kellaway – What if women ran the world?

If women ruled, they variously declared, there would be fewer meetings. Things would run more efficiently. There would be no more wars. There would be no more jokes, either. It would be just as nasty as a male world. It would be a kinder place. Superior childcare would be free. Expense accounts would be slashed. The world would be safer and saner. It would be dull. There would be more teamwork. Botox not baseball would be discussed over lunch.

Tumblr Post :: Firefox Add-ons

This extension lets you post photos, videos, mp3s, quotes or links to your Tumblr account by dragging the content to the Tumblr icon that this extension adds to your statusbar.

By default the content you drop on the Tumblr icon will automatically be posted to your tumblr.com tumblelog. If you however want to attach the optional values for each content type, like sources for the quotes, captions for the photos and videos or descriptions for your links, you can set the extension to popup an input dialog for the types you want to specify the optional values for.

When you drop text on the statusbar icon the extension will check if the text is a link to a Youtube video, or the raw embed-tag from any video/flash site that can be embedded into your tumblelogs. If it finds a match on any of the above criterias the text will be posted as a video entry instead of a quote which is the default type for dragged text.

The Quiet Coup – The Atlantic (May 2009)

The crash has laid bare many unpleasant truths about the United States. One of the most alarming, says a former chief economist of the International Monetary Fund, is that the finance industry has effectively captured our government—a state of affairs that more typically describes emerging markets, and is at the center of many emerging-market crises. If the IMF’s staff could speak freely about the U.S., it would tell us what it tells all countries in this situation: recovery will fail unless we break the financial oligarchy that is blocking essential reform. And if we are to prevent a true depression, we’re running out of time.

One thing you learn rather quickly when working at the International Monetary Fund is that no one is ever very happy to see you.

A special report on entrepreneurship: Lands of opportunity | The Economist

DOV MORAN’S desk is littered with the carcasses of dismembered phones. Mr Moran has already had one big breakthrough: inventing the now ubiquitous memory stick. But he dreams of another one: he wants to separate the “brains” of the various gizmos that dominate our lives from the “bodies” to enable people to carry around tiny devices that they will be able to plug into anything from phones to cameras to computers. Mr Moran sold his memory-stick business to SanDisk for $1.6 billion, creating a thriving technology cluster near his office. This time he wants to build an Israeli business that will last, challenging the giants of the camera and phone businesses.

How Chris Hughes Helped Launch Facebook and the Barack Obama Campaign | Fast Company

The untold story of how Chris Hughes, today only 25 years old, helped create two of the most successful startups in modern history, Facebook and the Barack Obama campaign.

An Analysis of Conficker C

This addendum provides an evolving snapshot of our understanding of the latest Conficker variant, referred to as Conficker C. The variant was brought to the attention of the Conficker Working Group when one member reported that a compromised Conficker B honeypot was updated with a new dynamically linked library (DLL). Although a network trace for this infection is not available, we suspect that this DLL may have propagated via Conficker's Internet rendezvous point mechanism (Global Network Impact). The infection was found on the morning of Friday, 6 March 2009 (PST), and it was later reported that other working group members had received other DLL reinfections throughout the same day. Since that point, multiple members have reported upgrades of previously infected machines to this latest variant via HTTP-based Internet rendezvous points. We believe this latest outbreak of Conficker variant C began first spreading at roughly 6 p.m. PST, 4 March 2009 (5 March UTC).

Share and Enjoy: