Risque Management - All Comments

re: Degradation: a new generation of computer worms

FlitteBrealry — Sun, 13 Jan 2008 23:25:38 GMT

Hi people!!! I want introduce my <a href=http://www.xrum.977mb.com>new year foto</a>

re: Degradation: a new generation of computer worms

FlitteBrealry — Sat, 12 Jan 2008 19:24:41 GMT

Hi people!!! I want introduce my <a href=http://www.xrum.977mb.com>new year foto.</a>

Security Product Watch » Blog Archive » What is more secure?

Security Product Watch » Blog Archive » What is more secure? — Sat, 10 Nov 2007 07:26:49 GMT

Pingback from Security Product Watch » Blog Archive » What is more secure?

re: Integrating Java, JDBC and Kerberos

grrd — Thu, 01 Nov 2007 10:54:38 GMT

host/XXXXX@FORMUE.LOCAL is a user account in Active Directory, but it represents the machine on which the application runs (as described in edocs.bea.com/.../sso.html). The user in 'Invalid Subject: xxxxx' is a normal user with a valid account.

re: Integrating Java, JDBC and Kerberos

Slav — Thu, 01 Nov 2007 07:17:49 GMT

Principal is host/XXXXX@FORMUE.LOCAL, eh? I reckon using a user account is a better option.

re: Integrating Java, JDBC and Kerberos

grrd — Wed, 31 Oct 2007 11:09:37 GMT

Hello and thanks for your helpful blog post. This is the only useful piece of information I have been able to find on this subject.

I am running WebLogic 8.1.6 on Win2003 server, and using the Datadirect Driver for my connection pool. I have set up Kerberos authentication as described and am trying to get a connection (and execute a stored procedure) as a logged in user, but when I do Datasource#getConnection (in Security.runAs(subject, new PrivilegedExceptionAction() {....) I get the following error:

Debug is true storeKey false useTicketCache true useKeyTab false doNotPrompt true ticketCache is null KeyTab is null refreshKrb5Config is false princ

ipal is null tryFirstPass is false useFirstPass is false storePass is false clearPass is false

Principal is host/XXXXX@FORMUE.LOCAL

Commit Succeeded

applicationlogger 2007-10-31 12:01:54,202 ERROR java.sql.SQLException: Pool connect failed : java.lang.SecurityException: [Security:090398]Invalid Sub

ject: xxxxx

<Oct 31, 2007 12:01:54 PM CET> <Error> <HTTP> <BEA-101020> <[ServletContext(id=28475974,name=web,context-path=)] Servlet failed with Exception

java.lang.RuntimeException: java.sql.SQLException: Pool connect failed : java.lang.SecurityException: [Security:090398]Invalid Subject: xxxxx

at no.formue.util.database.DBMgr$1.run(DBMgr.java:308)

at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)

at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:147)

at weblogic.security.Security.runAs(Security.java:61)

at no.formue.util.database.DBMgr.getConnection(DBMgr.java:294)

at no.formue.util.database.DBMgr.getDefaultConnection(DBMgr.java:262)

at no.formue.login.servlet.ADLoginServlet.doGet(ADLoginServlet.java:45)

at javax.servlet.http.HttpServlet.service(HttpServlet.java:740)

The subject is authenticated and valid at this point as far as I can tell. Any ideas what might cause this?

re: Notes from RIM BlackBerry presentation

muugi — Wed, 10 Oct 2007 01:30:01 GMT

want to see content

re: VoIP Scaremongers

Joshua Thomas — Mon, 06 Aug 2007 19:34:16 GMT

who knows they might have lots more up their sleeves ...

AFAIK I know OCS has been cracked open too.

Virtually hopeless

Risque Management — Mon, 30 Jul 2007 09:50:55 GMT

I don't know if that's CIOs, or the press, or both. Recently Byte & Switch, CMP Technology's

re: Virtual infrastructure v Terminal servers

Slav — Sun, 22 Jul 2007 01:35:16 GMT

Appareltly VMWare/EMC don't recommend iSCSI for enterprises. The recommendation is Fibre Channel but there are few things that aren't trivial if you want dynamic DR capability in multidatacentre environment. Namely - eliminating SAN as single point of failure.

Governments are hopeless at security

Risque Management — Wed, 04 Jul 2007 09:36:13 GMT

One of the good things about BlackBerry - apart from the main client platform that will never get really

re: Use glue instead

Nhon Yeung — Tue, 26 Jun 2007 23:59:03 GMT

Another way without extra software is to do it in the BIOS. Most corporate pc's (ie dell/HP) also have hardware interlocks which can be configured to alert if the pc is opened as well. So you can be notified if someone tries to reset the BIOS or remove the HDD. I guess the only thing you need to glue to the pc is the mouse considering ps/2 or serial ports are pretty much extinct these days.

But i agree, siphoning info is a null point.

The attack surface

Risque Management — Thu, 14 Jun 2007 09:25:00 GMT

Jabez Gan, a fellow MVP, did an interesting book review - that of Professional Windows Desktop and Server

re: Single authority principle

Slav — Fri, 08 Jun 2007 07:58:06 GMT

Yes, I should have used "circular cause" or something like that. Not that illustrous...

re: Single authority principle

Adrian — Fri, 08 Jun 2007 06:49:54 GMT

you can't have a chicken-egg problem. An almost chicken can produce a chicken egg, but a chicken can't evolve from the part-chicken egg to become a chicken, hence the egg must come first.

re: The weakest link

Robert — Sun, 06 May 2007 10:59:06 GMT

Yes, Paul Ashton posted something into mailinglists in around 1998. I have been spoking about the concept since 1999 in different conferences.

But generally available Linux/SAMBA tools are newer than the POCs I meant.

Original public concept for Windows tools was released by Hernan Ochoa, in year 2000. The tool he did was a Windows tool.

Earlier to this, Dominique Brezinski and Eric Schultze did local SAM database writing directly, Foundstone spent some time to demo this Core's Windows tool in 2000-2001 mainly in USA conferences. I also heard concept was demoed with a Windows tool, in a conference held in Finland around December 2003, and a year after as well. So nothing new in that sense either - seems that what goes around, goes around.

Passing the hash works because that is how protocol was designed. Vectors how to do it...that is another story.

Take care,

Rob

How to prevent 1% of cybercrime?

Risque Management — Sun, 06 May 2007 03:56:36 GMT

An interesting picture appears on the PBS Shop Web site: Because of what it says I felt an urge to click

How to prevent 1% of cybercrime?

Risque Management — Sun, 06 May 2007 01:20:28 GMT

An interesting picture appears on the PBS Shop Web site: Because of what it says I felt an urge to click

Measuring efficiency of systems management

Risque Management — Thu, 03 May 2007 10:54:00 GMT

Have you ever wondered how efficient your systems management is? Here's some questions that will

re: The weakest link

Slav — Thu, 03 May 2007 06:24:59 GMT

Yes, I have found few mentions of Linux/SAMBA tools searching for "pass the hash".

I wonder why Microsoft decided to do nothing. Perhaps they see the need to become local system equivalent the root issue - but the ways to collect NTLM hashes aren't limited to that. Some additional threat modeling needs to be done.