PCI App Security, Kraken Hackback Ethical Dilemma, and MS Forensics

I realize that I've been a bit light on infosec subjects lately, so thought that I'd better get back on topic. :) There are three bits out today that I've found particularly interesting.

First, more information has been released by the Payment Card Industry regarding their DSS 6.6 requirement on application security. It's a very insightful read and should help calm the nerves of those doing compliance.

Second, TippingPoint has broken into the Kraken botnet, to the tune of potentially controlling 25,000+ compromised hosts. They're now debating the ethics of using the infection to clean and secure the infected hosts. This issue is not nearly as simple as some might imagine. For one thing, to do so could be illegal. For another, who knows how much liability could be involved, especially when considering the law of unintended consequences.

Third, it's been disclosed that Microsoft has been providing law enforcement with free USB pendrive toolkits for forensics response purposes. It's not clear what all is on these devices, though one might assume many of the SysInternals tools are included (MS bought them a while back). Some have raised questions about the quality of evidence collected using these tools, since many of us doubt that write protection is enabled, etc. These devices appear to be designed for live response and requires physical access to the box. I am curious about how they're bypassing the login screen, where they're capturing data to (is MS playing custodian for network-based data capture?), and what toys they've included. Hopefully there aren't any secret backdoors that will be subsequently exploited. :(

About this Entry

This page contains a single entry by Ben Tomhave published on April 29, 2008 6:11 PM.

The Tax Rebate for Big Oil Conspiracy :) was the previous entry in this blog.

Security Poetry... is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.

Monthly Archives


  • about
Powered by Movable Type 6.3.7