Over at at spoofed.org my friend Jon Hart's written two good posts. His first post is about how a user can abuse SSH Agent Forwarding. Although not a new thing I'd have to say that it really isn't common knowledge. Plus he has code to prove his point. His second article points out that a security practicioner's job doesn't stop for the holidays. Since Spoofed.org doesn't have any form of comment system I'm leaving my thoughts here.
My only concern with the first article about abusing ssh agent forwarding is that doing this a yet another userland process isn't the stealthiest. So my brain still says hide this functionality in some sort of rootkit. Possibly extend it so that waits for a ssh agent unix sockets to open up in /tmp automatically does some sort of hack back. But really this is just toying around with extending the ideas he's already written up.
As to the second article, I think the holidays actually see a significant increase in incidents and malicous behavior because in addition to vacation, the events and tradditions of the holidays facilitate phishing. In otherwords users expect to get mail from other users regarding xmas or happy new years etc. The F-Secure blog has already reported this behavior many times before major holidays. Since xmas has such a strong commercial component I would argue that banking phishing probably would work better in the holidays as well however.
Also on a completely separate note I read The Art of Software Security Testing by Chris Wysopal, Lucas Nelson, Dino Dai Zovi, and Elfriede Dustin. I have to say I was impressed. I can't say that I learned a whole lot but the organization and the tone made it an excellent book that I think deserves it's own post.
Next up is finishing the rootkit book again (I put it down so that I could get a working windows dev environment in parallels and actually follow along with code). Followed by The Art of Software Security Assessment and a few novels. In there.
0 comments:
Post a Comment