PTTP Systems

I took time today to update the ThreadMonitor tool and adapt it to 64-bit systems. The 32-bit version still works on 32-bit systems but also works correctly for 32-bit programs on 64-bit systems. However, if you want to monitor a 64-bit program then you'll need to use the 64-bit version of ThreadMonitor.

Oh, I also moved some user interface bits around. The "Company" and "Product" fields have been merged into a single base path and the edit field was made a bit longer. Why? Well, so that it is easier for you to make the path what you want it to be rather than trying to follow my personal registry versioning process.

Enjoy!

-Eric

OK! :) After too much time I have completed updating several tools. The updates include fixing some bugs, modifying the code to run on 64-bit Windows systems, and general stuff like that. The tools updated in this batch include

• My Network
• Multithreaded File Transfer
• UPnP NAT Router Configurator

I'm still working on the IP Packet Sniffer and IP Packet Filter Configurator tools. The Windows OS has had enough changes that their usefulness is in question -- I need to evaluate that. I have hope that I can work out just how munged raw sockets have become.

I'm still working, so come back later. ;)

It's true what they say - if you leave software unattended the bits rot and strange things start going wrong. ;)

If you have tried to use any of the software tools under the Tools and Software section on anything later than Windows XP, I apologize. They were last looked at some years ago and there has been some incredible bit rot. Some work on Windows 7 and Vista, and others don't. The raw sockets and packet level tools need the most care and attention, it seems.

Well, perhaps it is fairer to say that Microsoft operating system API's and configurations have seen some drift over the past years and that I was not keeping up. :| Darn me for wanting some free time!

In any case, I'm in the process of picking out the rotten bits, patching, fixing, and generally rehabilitating those thngs. Don't be surprised if I just retire one or two [raw sockets are so passé when we can use (Win)PCap ].

Stay tuned!

Suppose your security system chooses 10,000 controls (vulnerability checks, scripts, signatures, etc -- pick your preferred terminology) that can be applied to some example asset (a server, executive laptop, or whatever). That number could be smaller or it could be larger depending on the system but let’s say that 10,000 is the count after filtering out those controls that don’t apply (e.g., there’s no Apache server on that Windows 7 laptop).

Now, suppose that each control returns 100 characters of evidence data. That means you have 1,000,000 characters of data for one full assessment of one system. You are going to store those data in Unicode format because our company is international and hence so are our evidence data. That turns our 1,000,000 characters into 2,000,000 bytes of data.

The original story was on the M2GRC blog: http://m2grc.com/2010/01/18/data-data-everywhere/

The full article can also be found here. :)

Click to read more ...

Give me a few minutes of your attention and I’ll tell you how some very real "electronic vampires", while not very entertaining, are remarkably similar to fictional vampires. I think you’ll find vampires and malware behave very much alike and that the rules for dealing with vampires are a good guide for dealing with malware.

You can find the original story over at the M2GRC blog: http://m2grc.com/2010/02/16/mcafee-the-malware-slayer/ :)

The story can also be found here. :)

Click to read more ...

Full Disclosure

In my day job I am Solutions Architect for the McAfee Risk and Compliance Business Unit. Our products cover compliance management, risk management, IT security risk analysis, and a range of application and change control technologies.

[3/2/2010 note: when I wrote this article I worked for McAfee. I do, however, no longer. :)]

In a former life I evaluated complex, multidimensional data sets using models and metrics - I was a scientist performing quantitative analysis of noisy data. The result is that I've spent many years and a lot of energy thinking about and using models, metrics, and measurement. That background gives me certain views, opinions, and expectations.

Now that you know where I'm coming from let's talk about risk, measurements, metrics, and uncertainty. ;)

Click to read more ...

There must be something in the water. A few weeks ago we heard about a lack of encryption on the US Predator drone video downlinks. This week we hear about an attack vector on encrypted USB hard drives. Cryptography is getting attention. :) In this case the big deal is about a FIPS 140-2 certification of these USB drives and the fact that they are vulnerable to an attack.

"How did this happen?", one might ask? The answer can be found by in the FIPS 140-2 Level 2 certification requirements. The certification process does not require inclusion of the system into which the USB drive is plugged, meaning your computer. The result is that vetting the security of passphrase communication path between your computer and the USB drive was probably not part of FIPS 140-2 certification.

Click to read more ...

In the spirit of the new year, I posted some candidate resolutions for the use of cryptography over on the McAfee Risk and Compliance blog. :)

http://m2grc.com/2009/12/30/for-your-consideration-cryptographic-resolutions/

The full article can also be found here. :)

Happy New Year! -Eric

Click to read more ...

We learned some things this week about the US Predator drone program that has some people appalled and indignant - it is the kind of story that makes news.

A Predator drone is an unmanned aerial vehicle (UAV) used by the United States Air Force both for reconnaissance and for offensive operations. It seems that the video downlink from these drones has never been encrypted and it has been possible for those under surveillance to intercept and view the video feed.

This is the kind of news that makes great headlines. People read about it and slap their foreheads, proclaiming in a righteous voice, "What were they thinking? Head's should roll!" Stuff like that.

Here is an alternative viewpoint: this whole situation could just be a result of acceptable RISK MANAGEMENT practices.

Click to read more ...

I don’t want to bore you with yet another summary of what Security Content Automation Protocol (SCAP) is, how SCAP works, or how the mix of six XML based standards work together. You can find that information all over the place.

I do want to talk about "the what" and "the why" of SCAP because those technologies could be affecting you sooner than you think.

The original post was on the McAfee Governance, Risk, and Compliance blog.

The full story can also be found here. :)

Click to read more ...

The IT GRC field is in transition. Today we are dealing with UNCERTAINTY when we really, really want to be working with RISK because the management tools are so much better. However, there is a light at the end of the tunnel. The electronic medium that caused the situation should also help us solve the problem. We just need to keep collecting data, tracking the improvements produced through compliance, and creating new models and metrics.

Click to read more ...

We need to agree on what we mean when we use the word MODEL. Why? Because if we don't start at the base of our pyramid of understanding then we can each be going down different paths without ever knowing it. When we create IT Security risk metrics we need to be conscious of the models underpinning those metrics so that we can interpret them wisely.

Click to read more ...

It is widely agreed that managing IT security risk requires security metrics. This seems to be where widespread agreement stops, however. If we are going to work through this phase of the maturing of IT security we must speak a common language derived from common conceptual frameworks.

Click to read more ...

The Common Vulnerability Scoring System (CVSS) was constructed as a Vulnerability Metric. However, there is no structural difference between CVSS and a generalized Risk Metric model. The types of information that go into both are the same and the behavior of CVSS is consistent with the model.

Click to read more ...

The products that my employer develops are all about buzzwords like Vulnerability, Compliance, and Risk. You will find these words and phrases all over the computer security field along with others, like Buffer Overflow, Malware, PUPS (potentially unwanted programs, meaning, stuff you probably don't want but if someone called it Malware someone could get sued), Data Loss Prevention, Host Intrusion Prevention System, SPAM, and Antivirus. Most folks are only really aware of one, Antivirus, and may think it means all of the above. :)

Click to read more ...

If you use a computer today to buy anything over the internet then you are the end user of cryptographic algorithms. If you feel that you don't need to worry about the implementation of your cryptography, well, you are probably right. You may have read the news about how the MD5 cryptographic hash function is not as secure (collision resistant) as we used to think. Weaknesses in the SHA1 cryptographic hash function have also been found although SHA1 has fared somewhat better than MD5. That news causes people like me enough concern to track the progress of those attacks but so far there is no public indication that a disaster is at hand.

Click to read more ...

Moving house alwasy takes more time than you intend. Today I have moved a good chunk (in terms of bytes of bits) of the content that represents tutorials on various subjects.  Enjoy!

I am responsible for the architecture of an "Enterprise Level Product". What does that really mean? The software is big: well over a million lines of code (probably closer to 1.5M) incorporating something like 20 different software technologies. When we need to add a new feature there is rarely a perfect solution. Why? Because the solution needs to fit in with the rest of the product. If we simply chose the best options for that feature in isolation from the rest of the product we would have Frankenstein's Monster. Entropy would take hold, the cost of change would skyrocket, and progress would grind to a halt.

My thoughts on architecture are added to my previous gentle rant about the specific topic of SIMPLICITY and architecture, of course.

 

 

Welcome to the new home of PTTP Systems. This site has been hand-coded for years and my fingers just can't keep up, so I'm going with a better system. :)