Joined: 04 Mar 2003
|Posted: Fri Sep 02, 2005 12:35 am Post subject: Aug '05 SFDC Column
August ’05 SFDC Column
Another busy month for us at SFDC comes to a close. Several excellent book reviews have been posted in the reviews forum. If you are contemplating buying a new, or used book it would be well advised to see if one of our very own has reviewed it. A big thank you goes out to the book publishers who work with us on the book reviewing venture. On another note the “Interview with a security professional” series is still going strong with Chris Brenton having graciously given of his time to answer some questions for us. Coming next in our series will be FX of IRPAS fame who has been handling many interview requests due the Cisco debacle at Blackhat 2005. We will also have Bruce Potter who is the founder of the Shmoo Group that is composed of a large group of talented hackers that remain active in the computer security industry. Please note that if there is someone that you would like to see interviewed please pm me with their name. On that note lets move on with reviewing some of last months interesting posts.
Does a self-employed PC engineer need liability insurance?
The poster who started this thread is looking for advice on limiting his exposure to any liability, which may result from his work on client’s computers. These types of situations, and their potential impact on you as a contractor, or small business owner can vary wildly. You must really only worry about the law in your own country, state, province, and so forth. Even my giving this advice is not a good idea. To get a definitive answer you really don’t have much choice, but to obtain the professional legal advice of a lawyer. Before engaging in any type of small business, whether it be incorporated or not, you would be well advised to have some standard contracts/disclaimers drawn up to cover yourself. It may cost you several thousand dollars, but that is small change compared to potential damages you could be sued for.
Weird Firefox http packet metric
I decided to post a question I had upon seeing some strange metrics in a packet that was generated by my Firefox browser. Though I googled around a fair bit I came up with nothing till I posted on the mozilla forums themselves. It turns out that the q value I was referring to was a built in feature used by Firefox to differentiate preference for certain mime types. Of note though is that only Firefox uses this, as Internet Explorer does not, and to my knowledge nor does Opera. A feature of Firefox is being able to change the user agent string. This allows you to appear to be a browser other then Firefox, and say appear to be Internet Explorer instead. That being said, the q values that I was curious about to begin with would still be a dead give away that you are using Firefox. All in all, a rather nice way to definitively identify this browser.
A member recently asked about what books would be best to learn TCP/IP from. Several opinions were put forth by various members. Though one key point that needs to be pointed out here is that much like programming, TCP/IP is a subject area that will take you a long time to assimilate. When beginning to learn such dense topics as the aforementioned don’t expect to speak like a native within weeks, or months for that matter. It is key that you realize a great deal of effort, and time will be required of you. Many people consider the book TCP/IP Illustrated Vol 1 to be the definitive work on the protocol suite. While it may seem over your head it is in my opinion definitely the best book to study from. A great amount of detail went into that book, with some excellent explanations of the minutiae of the protocols that make up part of the TCP/IP protocol suite.
How can we avoid administrators from reading emails?
This question comes up from time to time, and this poster asked for some possible work arounds to help him keep his email confidential. The normal solutions are put forth, notably to use PGP for one. You really need to think hard about using a solution such as PGP first. Ask yourself several questions first; am I allowed to install software on my computer at work, is there already a solution in place such as PKI that you can take advantage of, and so on. Lastly, you should also know that while you are at work, you should be working, vice composing encrypted emails to your friends or colleagues. Your boss may take a dim view of this kind of activity.
Well as the flashy title of this post indicates the member ran across an article detailing that some exploit code sites were offering exploit code, which had some backdoors built into it. This is not exactly ground breaking news as this has been known to happen before. Before you go playing with exploit code it is worth mentioning a few points, that will help you in your studies. It is rather helpful if you can at least follow along with what the source code is doing. That way you will notice if there are any inconsistencies ie: socket creation on the local computer. Secondly, you should play with exploit code on a lab computer, or in a VMWare environment. That way if you really don’t understand source code at least if you are exploited there is no damage done. All that aside though you really should learn some basics first. Learn about programming, and networking. That is also after you have become quite proficient in the operating system of your choice. There are no shortcuts when it comes to knowledge. You cannot simply go from A and jump to S. You really need to learn everything in between. Not everyone can be a talent like Dave Aitel, or HD Moore, but you can differentiate yourself from the script kiddies by actually trying to learn something before you use it.
Well on that note I will wrap up the monthly column. Please note that if you are thinking about writing a member column for us that you will need to pm me with your idea so that we can discuss it. Also keep in mind the next quarterly prize draw is not that far away, so keep working on those excellent posts! Till next month.