Tuesday, June 29, 2010 at 06:29PM Two of the tools on this site have outlived their usefulness. For that reason I am no longer going to support them or provide further downloads. They are
There is at least one more on the chopping block. I'll decide on that one soon, so stay tuned. :}
Thanks,
Eric
Wednesday, April 7, 2010 at 09:32PM Secure Parcel Delivery version 1.2 brings a number of long-awaited improvements.
This version is 32-bit only and tested on:
Cheers!
-Eric
Saturday, April 3, 2010 at 07:57PM I've updated several tools today. The changes include a bug fix and a small expansion of capability as listed below. :)
Oh, and an update to the Secure Parcel Delivery program is on the way.
Cheers!
-Eric
The tool is expanded to detect more block cipher modes of operation. That is, the algorithms employed to make a block cipher encrypt a chunk of data bigger than the native block size. I noticed that some new modes had been added in the Microsoft header files since last I looked. Although these modes don't seem to be available with the Microsoft native Cryptographic Service Providers (CSPs), they must be available in some third party CSPs. The modes added are:
Fixed a bug in the formatting of the lease times for interfaces with DHCP enabled. This turned out to be a 32-bit to 64-bit portability issue on windows.
Fixed the same bug in the formatting of the lease times for interfaces with DHCP enabled.
Wednesday, March 24, 2010 at 07:07PM In order to make some examples of thread and TCP/IP server management clearer I decided to clean up the full, standalone project and post it here for your download. The project files build with Visual Studio 2008 (VC9) for Release and Debug mode on both x86 and x64 systems. Note that this project is simply a demonstration of thread and TCP/IP server management on an MS Windows system. A full-fledged application would have much more in the way of error checking, unit tests, and other infrastructure. :)
These are all plain source code files, not executables, and I'm making them available under the Mozilla trifecta license.
Cheers!
-Eric
open source, software, tcp/ip, threading, tool Wednesday, March 17, 2010 at 07:52PM Today's update is for the MyCryptInfo tool that allows you to explore the Microsoft Cryptographic Service Providers (CSPs) on your system. It has been updated to run on 64-bit systems and to include some missing information about the SHA2 hash that is in the AES enabled CSP.
Otherwise the tool hasn't needed to change much.
Have fun, and don't delete any cryptographic containers that you really need!
-Eric
cryptography, tool Saturday, March 13, 2010 at 07:02PM I took time today to update the ThreadMonitor tool and adapt it to 64-bit systems. The 32-bit version still works on 32-bit systems but also works correctly for 32-bit programs on 64-bit systems. However, if you want to monitor a 64-bit program then you'll need to use the 64-bit version of ThreadMonitor.
Oh, I also moved some user interface bits around. The "Company" and "Product" fields have been merged into a single base path and the edit field was made a bit longer. Why? Well, so that it is easier for you to make the path what you want it to be rather than trying to follow my personal registry versioning process.
Enjoy!
-Eric
Wednesday, March 10, 2010 at 08:40PM OK! :) After too much time I have completed updating several tools. The updates include fixing some bugs, modifying the code to run on 64-bit Windows systems, and general stuff like that. The tools updated in this batch include
I'm still working on the IP Packet Sniffer and IP Packet Filter Configurator tools. The Windows OS has had enough changes that their usefulness is in question -- I need to evaluate that. I have hope that I can work out just how munged raw sockets have become.
I'm still working, so come back later. ;)
Tuesday, March 9, 2010 at 07:48PM It's true what they say - if you leave software unattended the bits rot and strange things start going wrong. ;)
If you have tried to use any of the software tools under the Tools and Software section on anything later than Windows XP, I apologize. They were last looked at some years ago and there has been some incredible bit rot. Some work on Windows 7 and Vista, and others don't. The raw sockets and packet level tools need the most care and attention, it seems.
Well, perhaps it is fairer to say that Microsoft operating system API's and configurations have seen some drift over the past years and that I was not keeping up. :| Darn me for wanting some free time!
In any case, I'm in the process of picking out the rotten bits, patching, fixing, and generally rehabilitating those thngs. Don't be surprised if I just retire one or two [raw sockets are so passé when we can use (Win)PCap ].
Stay tuned!
Sunday, February 21, 2010 at 01:42AM Suppose your security system chooses 10,000 controls (vulnerability checks, scripts, signatures, etc -- pick your preferred terminology) that can be applied to some example asset (a server, executive laptop, or whatever). That number could be smaller or it could be larger depending on the system but let’s say that 10,000 is the count after filtering out those controls that don’t apply (e.g., there’s no Apache server on that Windows 7 laptop).
Now, suppose that each control returns 100 characters of evidence data. That means you have 1,000,000 characters of data for one full assessment of one system. You are going to store those data in Unicode format because our company is international and hence so are our evidence data. That turns our 1,000,000 characters into 2,000,000 bytes of data.
The original story was on the M2GRC blog: http://m2grc.com/2010/01/18/data-data-everywhere/
The full article can also be found here. :)
compliance, risk, security Sunday, February 21, 2010 at 01:37AM Give me a few minutes of your attention and I’ll tell you how some very real "electronic vampires", while not very entertaining, are remarkably similar to fictional vampires. I think you’ll find vampires and malware behave very much alike and that the rules for dealing with vampires are a good guide for dealing with malware.
You can find the original story over at the M2GRC blog: http://m2grc.com/2010/02/16/mcafee-the-malware-slayer/ :)
The story can also be found here. :)
Sunday, January 31, 2010 at 06:19PM Saturday, January 9, 2010 at 01:05PM There must be something in the water. A few weeks ago we heard about a lack of encryption on the US Predator drone video downlinks. This week we hear about an attack vector on encrypted USB hard drives. Cryptography is getting attention. :) In this case the big deal is about a FIPS 140-2 certification of these USB drives and the fact that they are vulnerable to an attack.
"How did this happen?", one might ask? The answer can be found by in the FIPS 140-2 Level 2 certification requirements. The certification process does not require inclusion of the system into which the USB drive is plugged, meaning your computer. The result is that vetting the security of passphrase communication path between your computer and the USB drive was probably not part of FIPS 140-2 certification.
Saturday, January 9, 2010 at 12:41PM In the spirit of the new year, I posted some candidate resolutions for the use of cryptography over on the McAfee Risk and Compliance blog. :)
FIPS 140-2, PKI, security in cryptography, risk management Saturday, December 19, 2009 at 01:09PM We learned some things this week about the US Predator drone program that has some people appalled and indignant - it is the kind of story that makes news.
A Predator drone is an unmanned aerial vehicle (UAV) used by the United States Air Force both for reconnaissance and for offensive operations. It seems that the video downlink from these drones has never been encrypted and it has been possible for those under surveillance to intercept and view the video feed.
This is the kind of news that makes great headlines. People read about it and slap their foreheads, proclaiming in a righteous voice, "What were they thinking? Head's should roll!" Stuff like that.
Here is an alternative viewpoint: this whole situation could just be a result of acceptable RISK MANAGEMENT practices.
UAV, cryptography, military, news, risk in risk, risk management Wednesday, December 16, 2009 at 11:47PM I don’t want to bore you with yet another summary of what Security Content Automation Protocol (SCAP) is, how SCAP works, or how the mix of six XML based standards work together. You can find that information all over the place.
I do want to talk about "the what" and "the why" of SCAP because those technologies could be affecting you sooner than you think.
The original post was on the McAfee Governance, Risk, and Compliance blog.
The full story can also be found here. :)
Sunday, December 6, 2009 at 06:28PM The IT GRC field is in transition. Today we are dealing with UNCERTAINTY when we really, really want to be working with RISK because the management tools are so much better. However, there is a light at the end of the tunnel. The electronic medium that caused the situation should also help us solve the problem. We just need to keep collecting data, tracking the improvements produced through compliance, and creating new models and metrics.
compliance, metrics, models, risk in risk Sunday, November 29, 2009 at 06:24PM We need to agree on what we mean when we use the word MODEL. Why? Because if we don't start at the base of our pyramid of understanding then we can each be going down different paths without ever knowing it. When we create IT Security risk metrics we need to be conscious of the models underpinning those metrics so that we can interpret them wisely.
Saturday, November 28, 2009 at 05:17PM It is widely agreed that managing IT security risk requires security metrics. This seems to be where widespread agreement stops, however. If we are going to work through this phase of the maturing of IT security we must speak a common language derived from common conceptual frameworks.
Sunday, September 20, 2009 at 01:41PM The Common Vulnerability Scoring System (CVSS) was constructed as a Vulnerability Metric. However, there is no structural difference between CVSS and a generalized Risk Metric model. The types of information that go into both are the same and the behavior of CVSS is consistent with the model.
metrics, philosophy, risk, vulnerability in metrics, philosophy, risk Sunday, September 13, 2009 at 08:28PM The products that my employer develops are all about buzzwords like Vulnerability, Compliance, and Risk. You will find these words and phrases all over the computer security field along with others, like Buffer Overflow, Malware, PUPS (potentially unwanted programs, meaning, stuff you probably don't want but if someone called it Malware someone could get sued), Data Loss Prevention, Host Intrusion Prevention System, SPAM, and Antivirus. Most folks are only really aware of one, Antivirus, and may think it means all of the above. :)
compliance, metrics, philosophy, risk, security, vulnerability in metrics, risk 