Justin.MadIrish.net

This week Google entered the web browser wars with a vengeance, releasing their own web browser, dubbed Chrome, as a free beta. Chrome sports some impressive features and is being released as entirely free, open source software. Of particular interest are the new security features that are built in to chrome. Two extremely interesting security features are the browser privacy mode and the tabs in Chrome.

On September 1, OSSEC announced the release of the latest version of the OSSEC-HIDS tool (version 1.6). This release includes many notable new features including:

• Support for Microsoft Vista/Server 2008
• Performance and stability enhancements on Windows
• Active response on windows
• Upgraded rootkit checking
• Added support for more log formats

For a full list of upgrades and enhancements check out the change log. OSSEC can be downloaded from http://www.ossec.net/main/downloads.

While reading the F-Secure blog today I came across an interesting service that I hadn't know about before. PhishTank (http://www.phishtank.com/) is a service that allows you to submit suspected phishing sites and tracks their status. With an open API, PhishTank even lets you write tools to query their data.

This is a really neat development. It's about time that phishing sites faced the same sort of scrutiny that e-mail has in the past with sites like Spamhaus (http://www.spamhaus.org/sbl/). Unfortunately that sort of scrutiny led spammers to utilize infected end users systems rather than open e-mail relays or compromised servers. With botnets providing much of the SMTP service these days it isn't feasible any more to block specific sender IP addresses (with hundreds of thousands of bots, the herders just promote one after another to be an SMTP server until it's blocked, with a nearly inexhaustible pool).

OSSEC is an open source host based intrusion detection system (IDS). An IDS is one of the most important tools available to a security administrator. As a host based IDS (or HIDS), OSSEC is uniquely advantaged to monitor activity from the server side. Although a network based IDS may be able to spot malicious traffic and identify attacks based on traffic, a HIDS can look directly at log files and system behavior to spot oddities such as successful brute force attacks or evidence of rootkit installation.

I tried out the TrueCrypt whole disk encryption today and so far it looks pretty promising. You can download TrueCrypt 5 from http://www.truecrypt.org/downloads.php, which includes whole disk encryption (for Windows only). I have discovered one serious caveat though. Prior to encryption I had a partition on my drive that I was using as a TrueCrypt volume. Luckily I backed everything up from that volume because after the TrueCrypt whole disk encryption the volume would no longer mount. It was no longer assigned a drive letter and wouldn't mount if I selected it manually or attempted the 'auto-mount' option from within TrueCrypt. Beware that this whole disk encryption will likely destroy your TrueCrypt volumes! Be sure to move any important data out of those volumes before encrypting the whole disk.