Where is your malware?

The F-Secure Blog has a good post on where to look for malware launch points on windows boxes. The looked at thousands of samples of malware to see where they were hiding themselves in the registry to ensure that they were launched when the machine is rebooted. They have a nice graph and a list of the top 10 registry keys to look in to see if you are unknowingly infected.

Singing the PCI Blues

Back in December I posted about being happy that I had finally been able to get an answer to my question as to whether or not my then current employer was subject to PCI/DSS. The answer was that they were not and I was happy.

Now that I'm in my new job PCI is a part of my daily life. I'm now having to refresh my memory on PCI (I boned up a little in the past just in case) and am having to start the process of checking out what we are doing and what we still need to do. I like it though. It's new ground in some ways.

This position is much different than my past jobs in that I'm doing less hands on with the network devices and more security support work. Things such as working on updating policies, reviewing configs and change request, reviewing results of a 3rd party Pen Test and working to ensure the issues are corrected. After I get my self firmly planted here and get many of these projects either well under way or completed I am supposed to take over some hands on jobs. I'll have to see how that works out. There is lots to do here and I'd like to see this continue in a position where I continue to focus on moving us into a more secure direction and let others do the hands on under my guidance. But then again I the "geek" in me doesn't want to get too far removed from the 1's and 0's.

Play Day

 Today I had a lot of "maintenance" things to do so while they are running in the background I'm taking time to "play" and catch up on reading. I've decided to play with a few of the portable web browsers and sandboxie to see how I like them and if I think they would be worth using and reccommending to some of my friends and consulting clients. Here is what I played with today: Firefox portable, torpark, Opera (It's not portable, but I haven't used it before) and Sandboxie

I'll start with firefox portable because it was the one I liked the best. It was easy to install and I was able to import my favorites and other settings with no problem. Even after shutting it down and restarting it all was well. No settings seemed to be lost. Now this may not be the best for pure privacy, but I can tweek it plus it does keep most of my browsing data off the hard drive.

I'm not overly crazy about torpark. It works OK if you disconnect from the tor network, but that kinda defeats the purpose. From the hard drive it ran OK, but even that took a couple of days. At first it rarely connected to a web site and then it was like using a 14.4 modem. I had to try it on 2 USB keys before it would ever connect and it was way too slow. I would have to be fearful of my life and ID to use it when there are other options.

I heard about sandboxie not long ago and decided to try it out. It seems to do a pretty good job of keeping stuff off your system. I ran Firefox, Thunderbird, and Yahoo IM in it and none of them seemed to mind at all. I did have trouble trying to do things like email an article from a web page and copy and paste. It took me a few minutes to figure out what was going on then I remembered sandboxie. Those are slight inconvenienced that I could live with.

I also decided to give opera a try. I've heard lots of good things about it and was not disappointed. I haven't decided to give up firefox for it, but I will keep playing around with it. Two things that I would like to see. If any of you know if this is available I'd love to know. I would like to be able to open multiple tabs at startup like firefox and I would like to be able to have a "no scripts" type of plugin for it.

My Mama told me......

I don't always listen to good advice. Especially when it comes to dealing with people or vendors who prove time and again that they are less than trustworthy. That being said I will give credit where credit is due. Microsoft has released a patch for the VML vulnerability. They did it early and out of cycle. So here is a big THANK YOU to Microsoft for getting on this quickly. If I'm gonna bust their chops when they are bad I'll pat them on the back when they are good.

Apple Eating Crow?

Finally, David Maynor and Johnny Cache get some satisfaction. Apple has finally admitted that there is a problem with their wireless driver. Unfortunately they still refuse to admit that this is related to the to the presentation at Black Hat last month. How does Apple expect us to believe that they just happened to find flaws, on their own, shortly after Black Hat? Their integrity and credibility seems to be getting worse and worse. I had considered getting a Mac after I played with one running Paralles and Windows, but then I read about Chris Hurleys experience and now seeing how they have handeled this has changed my mind.

I'm glad that David and Johnny have been vendicated. If not directly by Apple then by their actions anyway. It's just a shame that so many people jumped on Apples bandwagon and tried to drag their names through the mud. Those of us who are Security pros know that they had too much to lose to make up stories just for the shock factor. I don't think anyone who really matters ever doubted them anyway.