Chad Perrin: SOB

4 August 2007

itsec posts: after the first

Filed under: Metalog,Profession,Security,Writing — apotheon @ 06:36

The following are new posts since my first as a security blogger at TechRepublic, in chronological order:

  1. Check out the results of CNET’s security vendor survey

    By now, we should all know that federal law enforcement is using keyloggers in surveillance activities, and a court ruled it constitutional — even without probable cause. What this means to the general public is that the U.S. Constitution provides absolutely no protection against law enforcement eavesdropping on our digital lives. Somehow, the fact that it’s a computer means none of the usual rules apply.

    Many TechRepublic regulars will also be aware of the fact that CNET has published the results of a survey of 13 security software providers that questions their policies toward law enforcement malware — specifically spyware, such as keyloggers. The results were varied and interesting.

  2. Myth: I’m not really at risk.

    I regularly hear variations on a theme:

    • “Security vendors blow the threat out of proportion. Don’t worry so much about it.”
    • “I’m a careful computer user. I’ve been using computers for years without antivirus solutions and have never been infected.”
    • “There’s nothing on my computer that anyone wants. Nobody’s going to bother cracking security on this machine — and even if they did, they’d be disappointed and find someone else to bother.”
    • “Security software itself introduces more problems than it solves. I’m better off without it.”
    These are seductive ideas, tempting us to take them at face value — because each contains a grain of truth. The important thing to do with such statements, however, is to find that grain of truth and ignore the rest.

  3. Reduce permissions to increase DNS security

    Every server process you run on your system provides another potential point of compromise. That’s why it’s so often recommended that you turn off unnecessary services on Windows machines and deactivate unneeded daemons on UNIX operating systems.

    You can’t simply turn off all services and daemons, however, as the ability to use your operating system environment would be severely crippled if you did. As a result, it becomes necessary to attempt to secure the operation of the server processes you need.

  4. UNIX/Linux rootkits 101

    The term rootkit originated with a reference to the root user account on UNIX systems. Rootkits are not limited to UNIX, however, or even to administrative user accounts such as the UNIX root account. No matter what operating system you use, you should be familiar with good practices for detecting and dealing with the threat of rootkits.

  5. Rootkits 201

    Once you have security measures in place to protect you against unauthorized access to your computers and data, as well as the means to detect rootkits in case security is compromised despite your best efforts, you should have a plan ready for recovering in case the worst happens. Rootkit detection is a little different from one operating system platform to the next; whether you’re using, for example, Microsoft Windows XP or FreeBSD, makes a difference for what tools you’ll use to detect rootkits.

    The procedures for recovering from a rootkit infection, however, are effectively the same no matter what platform you’re using.


  1. The only recovery process I’d be completely satisfied with is a complete format and re-install of the OS and a serious look at your security practices.

    Comment by Joseph A Nagy Jr — 13 August 2007 @ 08:36

  2. Yeah . . . that’s pretty much what I wrote in the Rootkits 201 piece. It’s a good policy.

    Comment by apotheon — 13 August 2007 @ 10:43

RSS feed for comments on this post.

Sorry, the comment form is closed at this time.

All original content Copyright Chad Perrin: Distributed under the terms of the Open Works License