The rootkit developed by famous security researcher Joanna Rutkowska known as “Blue Pill” was once unstoppable, with claims that the malware was 100% undetectable and therefore extremely dangerous and useful for hackers (so why did she make it then- it’s like making a nuclear bomb just to see if you could). Now, Tom Ptacek and some close research buddies have found a way to detect the rootkit, and have challenged Joanna to a Secure-off aka SecureDown. This is all kind of like how the agents were impossible to beat until Neo came along, i.e. Tom Ptacek = Neo and Joanna/Blue Pill = Agent Smith.

In response to the offer of a showdown

Rutkowska posted a message saying she was ready for the challenge. But she stipulated that the challenging researchers—Ptacek, Nate Lawson of Root Labs, Symantec researcher Peter Ferrie and Matasano’s Dino Dai Zovi—fund two people, full-time for six months at $200 per hour, to develop the rootkit to a state of readiness.

Since the “Blue Pill” operates in the hypervisor level of the computer host, it is much harder to detect than a simple rootkit on the hard drive. Of course, most security enthusiasts think that this undetectable rootkit is a scare tactic or exaggeration, I somewhat agree. Even though hardcore system protection analysts can see right through this problem, an average novice computer user would have a lot more trouble realizing exactly how this rootkit even works (find out more about the Hypervisor Level in computers).

Either way, the challenge date between the two teams for rootkit supremacy is set to be at the Black Hat Briefings on August 1 or 2, loser goes home. Read the rest of the story here.

The O’Reilly Network system admin section posted an article about the many things that computer system administrators forget to do when it comes to security and protocol. It is a very well thought out list, including simple errors that should never happen, like:

1. Forgetting to Delete a Former User’s Account

When IBM, Novell, and HP hold seminars in the same city around the same week, you find out why you need their identity management systems. Some unnamed Fortune 50 companies forgot to delete former user accounts for five years. Those former employee accounts existed in the human resource and payroll databases, in the computer directory, address book in the SID, SAM, and AD. The vendors will say, you don’t have enough system administrators, will never find enough available, and therefore need Tivoli, eDirectory, or OpenView.

Who really knows if the workforce has enough system administrators? In my survey, system administrators complained about their workload, lack of time to plan, and a need to prioritize their tasks. I asked many if they kept a list of their tasks and few did. About 90 percent of the engineers surveyed went to work with their daily schedule in their heads. I counted that as forgetfulness.

I rarely go to the grocery store without a list because I cannot recall what I need. I forget the laundry detergent or some obvious item like vitamins. If I can’t remember 15 items on a grocery list, how do I expect to remember the things I need to do at work? I function poorly without a list.

We have to close the door when a user leaves. We also need a checklist to follow and a way to find out who left. You cannot justify leaving former user accounts active. Some things to remember include disabling the user’s password. I like to preserve her directory, since someone else may take the her place. I typically move the directory and rename it. We often want to keep the contents of the old user’s directory intact.

Depending on your organization’s IT policies, you’ll want to create a list of actions to take. Remember that you need to do more than simply changing a user’s password. If this user ever had root access you might find anything from a trojan system binary to an unknown kernel module. With that in mind we can move on to Rootkits.

More inside
(more…)

Ever had your car stolen? Or more conceivably, ever had your neighbor’s car alarm go off for two hours at 3am? Well now a company exists who hopes to kill two birds with one foggy, flashy stone. A company called FlashFog Security has made a new type of car alarm that doesn’t depend on noise at all. Instead of making the now universally ignored alarm sound featured in most theft deterrents, the FlashFog system concentrates on making a car virtually impossible to steal by assaulting your other senses.

First the FlashFog system rapidly disperses a cloud of glycol, filling the car in just a few seconds with thick, dense, harmless fog. And if a car instantly hotboxing itself isn’t enough to make a thief crap in their pants, the FlashFog system has a second line of defense. After blasting out the fog the system immediately begins strobing rapidly, blinding anybody in the cloud of confusion.

“FlashFog’s unprecedented power overwhelms even professional thieves who know it’s coming. The fog alone is incredibly disorienting but FlashFog doesn’t stop there. The terrifyingly bright strobe light hits him 12 times per second, forcing his eyes into constant shock.”

On top of disorienting fog and the threat of frighteningly implied “constant eye shock,” the FlashFog also claims to offer protection for up to one hour, ensuring that the would be thief doesn’t just wait it out. FlashFog Securities also says that the fog leaves no residue or odor, stating on their web site that it won’t even effect tobacco flavor. So upon discovering your flashing, smoldering Mercedes, at least you don’t have to sweat the pack of menthols in the glove box. The machine itself also comes with a three year extended warranty, giving you the piece of mind that you won’t be enveloped by a terrifying, blinding cloud of fog while you’re on your way to pilates. At least not for three years.

“The fog is so thick that even finding the door is a great challenge. Finding anything to steal is virtually impossible.”

Honestly FlashFog sounds pretty fool proof and looks to be a logical evolution from the “This car is protected by Viper!” days. Just don’t freak out after dinner when you find a blinded car thief in your driver seat frantically groping for a door handle. What do you think? Hit the comment bar to leave some feedback.

Advertisers hate Tivo, but love people.  People love Tivo, but hate advertisers.  Tivo loves people and wants advertisers to love them.  See the inevitable problem?

So what is Tivo to do?  Install a new system called StopWatch of course, where your skipped commercial data is shipped over to Tivo HQ and analyzed.   Tivo hasn’t sold their info to advertisers yet (so they say), but it’s only a matter of time until the damn breaks and the shit hits the fan.  Better start looking into MythTv, Linux fanboys rejoice.

[via sfgate]

There is an apparent vulnerability in Microsoft Excel. The big M is releasing an update for it which should be available February 13.  The vulnerability is present in Office 2000, XP, 2003 and the 2004 Mac Version.

I figured it was good to let you guys know but I think NextLust readers are smart enough to avoid this problem, seeing as how you have to open an email attachment to get a malicious excel file.

[Via PC World]