Operation n

There has been a recent spate of domain hijacking. Even IANA and ICANN who have authority over some of the most the Internet’s most critical functions suffered from domain hijacking. Photobucket and Comcast have suffered the same fate. The attack may have simply been caused by a single email to the technical staff to update the DNS records according to Dancho Danchev.

SQL-Injection: Microsoft and HP help out?
Both Microsoft and HP have released a free set of tools that will check web applications for any weaknesses that revolve poor parameter filtering that would lead to SQL injection or XSS. HP have released Scrawlr, which based around the commercial product, WebInspect Wait a second, didn’t Spidynamics create WebInspect? Yes but HP bought them out.
Microsoft offer urlscan 3.0 beta and have a source code analyser that detects whether ASP code is susceptible to SQL injection.

System administrators have a lot of power when it comes to access control of systems and perhaps more importantly data. There is a lot of responsibility for these key players.

Nothing more highlights what can go wrong when you upset an administrator. An ex-IT manager for the Council of Community Clinics resigned after unfavourable evaluation. Over the Christmas period of 2007, he logged onto the servers and disabled the backup program. He logged in once again a week later and systematically deleted the files containing patient appointments.

Now one could argue that there was no exit strategy for the administrator, that is disable the former employee’s account and having a set of policies may have stopped this from happening. You could log the administrator’s activities automagically, etc.

But in a way, you have to trust your administrator. Administrators should understand the responsibility they have. Play nice guys!

Really, it doesn’t matter whether you leave, lose or have something of value stolen. It’s not good but there have been a number of stories doing the rounds including that top secret being left on a train and this local government official. Now I don’t know about actual files, if it’s top secret, you should know that lives literally depend on it! I’d make sure they are left in secure areas.

For laptops and other devices, at least you can set power-on passwords and use encrypted drives. But a determined person will find a way of getting into hard drive.

UK government have been trying to revamp computer crime laws. There are a number of issues discussed at theregister. One of which relates to the provision to ban development, ownership and distribution of “hacker tools”. But what are hacker tools? An example of a tool is a password recovery tool (good), which also happens to be also called password crackers (evil). As you can see hacker tools are a media. These tools are devices that can be used for good or evil. Examples include television and newspaper and of course money. As they say “money is root of all evil”. UK government at this stage don’t seem to be differentiating both angles, which has has caused some sharp criticism in industry.