Log in

Site menu:



Site search

January 2007



Archive for January, 2007

VoIP Spam Defense

NEC has developed a SPIT (Spam over Internet Telephony) defense based on a Turing test to separate human callers from computerized (presumably spam) callers. Lacking more details, one can only wonder how tolerant unrecognized callers will be of having to endure a pre-connection interrogation. Hopefully, it’s early enough in VOIP’s adoption to introduce such protection […]

Botnet Estimates

As if the previously cited estimate wasn’t bad enough, now Vint Cerf (the man who lives in Al Gore’s shadow) submits that of the 600 million internet connected machines, 150 million (1/4) are infected, active members of botnets. It’s clear that we can’t expect individual users to defend themselves, let alone to clean-up this situation. […]

A Step Toward 802.11n

Progress toward an 802.11n standard, as draft 1.10 is about to become draft 2.0. The new draft seems to have 802.11n playing nicer with non-n devices (consuming less of the spectrum in deference to 802.11b/g equipment) but this sort of neighborliness also means that even a single non-n client will slow down the network for […]

Broadcom Announces NAC Enabled Switch Silicon

Broadcom today announced the StrataXGS III BCM56510 which claims to provide some flavor of native NAC and well as Microsoft NAP support. Public details are a bit sketchy, with features like “BroadShield” being described as “a multi-layered security framework that includes a robust set of standards-based features to dramatically improve security while delivering unmatched scalability” […]

Full Disk Encryption

The US Government is in the process of doing a product comparison to select a solution (or solutions) for full disk encryption after last year’s mandate. Full disk encryption has advantages over file-based encryption, including non-selectively encrypting the whole disk, including system and boot partitions. Very useful toward the devaluation of data in the event […]

Stripping HTML from Email

Federal Computer Week is reporting that the DoD is now blocking HTML email (actually, converting it to plain-text) and also disallowing the use of OWA. What about enabling EmailSecurity to define an “HTML Content” filter and providing plug-in to perform a “Strip HTML” action? Rather than fully removing the html partition, or trying to clean-up/process […]

New SSL Certificates Launch

In doing some reading about the recently launched High Assurance / Extended Validation SSL certificates (which attempt to restore some trust and validity to the identity of the subject) I visited the CA/Browser Forum, who helped to define the requirements. Figuring that they would be the most obvious site at which to test my browser’s […]

A Proposal for Distributed Network Event Detection and Replay

Just something I was thinking about before the holiday break. Consider this a request for comments.

Man-in-the-Middle Attack Kit

Hot on the heels of the $15 WebAttacker malware kit comes an RSA report of a do-it-yourself Man-in-the-Middle kit. This is a scary evolution of phishing: by proxying the connection between the client (victim) and the real server (e.g. their bank) MitM can accurately indicate a failed login to the victim (making it harder to […]

Snort Vulnerability: Intruding on the Intrusion Protector

Secunia just announced an algorithmic complexity attack exploiting the behavior of Snort’s (pre-2.6.1) predicate-based rule matching. Susceptibility to the backtracking attack with custom crafted packets is rule dependent (based largely on the presence of relative-position content matching), and is estimated by the reporters to affect about 300 Snort signatures with varying intensity. A successful attack […]


You’ve probably heard about yesterday’s iPhone announcement – in fact, it’s commotion has likely drowned out everything else. What’s so interesting about a consumer electronic product? The fact that it’s the first product likely to deliver of the years-old “portable devices will be under a malware siege” threat. Until now, there have been relatively few […]

BioPassword – Software-based Biometrics

Seattle company BioPassword recently secured $11 million dollars in funding for their unique biometric solution based on a system called Keyboard Dynamics. Unlike most other Biometric solutions (fingerprint, retina scan, DNA analysis, spinal tap, etc.) which depend on external hardware, Keyboard Dynamics is implemented in software. The idea is that everyone has a unique typing […]


Consistent with SonicWALL’s affinity for the late-majority within the diffusion of innovations, I give you our inaugural blog, Worth A Glance, hosted by me, Joe Levy. After receiving requests for this from about 28 people over the last two weeks, I wanted to get it online as quickly as possible, so it’s currently running on […]