J Wolfgang Goerlich's thoughts on Information Security
Clickjacking Revealed

By wolfgang. 18 October 2008 08:11

Webmonkey offers a look at “Clickjacking” attacks. The article is interesting.

http://www.webmonkey.com/blog/A_Look_at_the__Clickjacking__Web_Attack_and_Why_You_Should_Worry

The “Clickjacking” attack bothers me because it seems so obvious. Well, obvious to someone who has done JavaScript web development.

Years ago, I worked on a web user interface (wui) where we tried to duplicate all the functionality of a gui using Javascript and XML. This was Ajax before it was called Ajax. I had a demo that basically was a clickjack attack whose intent was to annoy the user or to trigger an event. A prank or a feature, it was trivial to implement with a few lines of code.

Thus the attack is another case of media hype. Giving this attack a clever name like “Clickjacking” seems to be like calling a person who unplugs your network cable a “Cablejacker”.

J Wolfgang Goerlich

(Incidentally, in case anyone is interested, my employer attempted to patent the wui idea. The details are online.)
http://www.freepatentsonline.com/y2003/0088640.html?query=Goerlich&stemming=on

Tags:

Security

Hyper-V Disk Issues

By wolfgang. 16 October 2008 18:17

I am seeing an odd issue with Hyper-V vms on pass-thru disks. Say an event occurs on the storage array that causes the disks on the Hyper-V server go offline momentarily. They can be brought back online afterwards. Hyper-V then loses the handle on the disk. There are four broad categories of symptoms that then occur:

1) Very broadly speaking, if the disk contains server-specific information such as a paging file, then the server behaves erratically when it goes offline.

2) If the disk in question goes offline and it contains the vm definition files (.bin, .vsv), then the vm disappears from the Hyper-V console.

3) If the disk goes offline and it contains vm disks (.vhd), then the vm in question crashes.

4) If the disk is directly mapped to a vm as a host resource, then the vm is shutdown. Sometimes the state is saved. The settings show that the physical disk cannot be found. The vm’s saved state has to be deleted and then the physical disks reselected in the vm settings dialog.

I am still troubleshooting. More details to follow.

Tags:

Troubleshooting | Hyper-V | Virtualization

Gmail Outage

By wolfgang. 16 October 2008 15:38

"A prolonged, ongoing Gmail outage has some Google Apps administrators pulling their hair out as their end users, including high-ranking executives, complain loudly while they wait for service to be restored."

"However, a major concern and objection to SaaS applications is their performance and availability, since they're provided by the vendor via the Internet and accessed by end users through browsers. When the applications become slow or altogether unavailable because of problems in the vendors' data centers, IT administrators have little to do but sit and wait for the problem to be fixed."

http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9117322

That means the core issue is that administrators become users. After all, how different is this than when a system within the data center becomes unavailable? People thru out the company have little to do but sit and wait. It is the same thing. And this is the reason why arguments against SaaS often fall short.

Tags:

Security

Hyper-V Scripting Guide

By wolfgang. 15 October 2008 16:31

I have posted a guide to writing scripts for Microsoft Hyper-V. Check my website under Papers.

Tags:

Hyper-V

Double-Take Software aquires netBoot/i

By wolfgang. 7 October 2008 22:10

Double-Take Software Expands Infrastructure Software Solutions with Network Boot Technology and Software-Based iSCSI SAN.
http://www.doubletake.com/english/news-events/pressreleases/full-story/pages/default.aspx?NewsID=33&SiteType=Global

"Our company's top priority is delivering IT services in a flexible and agile fashion, whether it's shifting services from one site to another, from one computer to another, or even from one computer to a virtual machine," said J. Wolfgang Goerlich, network operations and security manager.

"Double-Take Software's netBoot/i plays an important role in achieving this vision by enabling us to seamlessly move servers between iSCSI and FC, lower and higher capacity hardware, and between physical and virtual machines; the result is a smooth transition between various equipment tiers."

Tags:

Storage

LinkedIn Security Information Management Group

By wolfgang. 3 October 2008 13:27

I have been working on a Security Information Management (Sim) system for some many years, off and on. It started as a collection of WMI scripts that gathered information into a flat file structure. Initially these were only for system logs. More recently, I have moved to a SQL back-end and added network traffic captures and analysis. A few people have joined in my efforts and we hope to have software release within a year.

The SimWitty project has a website and a LinkedIn group. I hope you will come join us. We could use the help, particularly in C# development and SQL Server 2005 optimizations.

 

Tags:

Security Information Management

iPhone Forensics book

By wolfgang. 2 October 2008 08:06

iPhone forensics guru Jonathan Zdziarski (NerveGas) has a book out with O'Reilly. "With iPhone use increasing in business networks, IT and security professionals face a serious challenge: these devices store an enormous amount of information. If your staff conducts business with iPhones, you need to know how to recover, analyze, and securely destroy sensitive data. iPhone Forensics supplies the knowledge necessary to conduct complete and highly specialized forensic analysis of the iPhone, iPhone 3G, and iPod Touch."

Amazon.com has the iPhone Forensics book online.

Tags:

Forensics

The Technology Angle of the Economic Situation

By wolfgang. 1 October 2008 12:02

On Monday, I checked out the House’s website after the vote. I could not get thru. The site was still very sporadic on Tuesday. Wired has coverage and they point to the site's email functionality as the culprit. "The House of Representative's website is overwhelmed in the wake of the $700 billion Wall Street bailout vote. The site's button allowing constituents to e-mail their representatives is functioning sporadically after receiving millions of hits."

The website simply couldn’t handle the load. It is a reminder at how technology must respond to shifts in attention.

J Wolfgang Goerlich

House Website Crumbles Under Weight of $700 Billion Bailout
http://blog.wired.com/27bstroke6/2008/09/house-web-site.html

Tags:

    Log in