Home

In the news

Victim archive

Exploits archive

Product info

Forum

NetLeets shop

NetLeets hosting

Online tools

Links

 

 

Search NetLeets.com

 

 

 

 

 

 

Start up company promises to boost cloud based security services

Jay Chaudhry, CEO of Secure Computing (CipherTrust), is promising to change the way we think of cloud based security services with his latest startup, Zscaler. Launched as an alternative to CPE (Customer Premises Equipment) web security services, Zscaler will provide cloud based internet firewall, IPS, antivirus, and web filtering using "single-Scan Multi-Action gateways and NanoLog log-reduction technology". according to InformationWeek. <Read the entire Zscaler story here>

 

 

Major Security Services provider playing both sides as they release malware application

 

Radware is a publicly traded company (NASDAQ:RDWR), with over 6000 customers world wide. They are an application delivery and network security services company who, according to their site, has forged alliances with Microsoft, Avaya, Juniper, HP, and many other major players.  Their security offerings provide IDS Management, Web Application Firewall, Fraud Detection, Content Security, and DOS Protection. To ensure that there will never be a shortage in potential customers, Radware has decided to release the source code and proof of concept for some of the most malicious malware to ever hit the internet.<More on Radware at Black Hat 08>

\

Checkpoint gives away ZoneAlarm ForceField for free

On yesterday, August 12, Checkpoint ran a 24 hour promotion coinciding with Microsoft's slew of Tuesday patches. The promotion included a free full version of ZoneAlarm's ForceField virtualized browser software. Checkpoint also offered a 3 user ForceField license for $19 (regularly $49). Read the entire article on Checkpoint's site here.

 

Juniper's Network and Security Management now supports router and switch management

Juniper recently announced an expansion of their NSM product that will allow it management capabilities of it's Juniper Routing (J-series), switches, and expanded security capabilities. The new version will support their entire J-series line as well as the EX-series Ethernet switches, IPS, firewall VPN, and Secure Access SSL VPN (formerly IVE) and integration with it's new Unified Access Control (UAC). <Read more about NSM>

 

 

Network World gives IPSEC a bad rap

   For years Network World has been the holy grail of network and infrastructure information. Their presumably unbiased reviews and information are invaluable to anyone in the IT industry. Recently however, I have witnessed a slight slant in their coverage. It started to sink in when their biased view of VMWare happened to coincide with the release of Microsoft's Hyper-V. Most recently Network World used an article called "VPNs: Six burning questions" to promote the use of MPLS and SSL VPNs. As MPLS is a standard that is quickly replacing ATM and Frame relay, the impression that I got was that it's purpose was to retire IPSEC. 

   The article talked about the worry free approach to MPLS VPNs but doesn't mention why it's that way. It doesn't talk about how your MPLS provider is now responsible for all of your VPN connections to partners that do not run in a MPLS environment and how the data is completely unprotected outside the WAN links. It also only hints at how using MPLS as a VPN solution would undoubtedly require a larger internet pipe than currently implemented in your Frame Relay environment. I'm not saying that MPLS is not a good solution. I just don't understand how it is being viewed as a slam dunk. <Read more>

 

 

Rumor mill: Checkpoint and Nokia relationship coming to an end?

      Roughly 4-5 years ago we asked Checkpoint to pay us a visit to discuss possible replacements for the under sized Nokia 260's we had scattered around the US. The meeting ended up including 2 Checkpoint engineers, 1 sales rep and 1 guy from a relatively new company called Crossbeam Systems. The sales rep went on to explain how Checkpoint was about to acquire Sourcefire in a "deal that would revolutionize  the security industry" (there words not mine).  They went on to explain that this acquisition would open possibilities that were never before explored by Checkpoint. This partnership opened the door for a blade solution that would be a one-stop-shop for  IT security. Imagine using 1 device for your Firewall, IPS, AV, Anti-spam, and Webfiltering. <Read more>

 

Rumors swirl as Apple pulls out of Black Hat

 

   Every year Black Hat administrators try to convince Apple Security Engineers to address the thousands of Black Hat security enthusiasts and every year Apple disappoints.  This year was primed to be a historic year for Black Hat patrons who were finally going to be able to sit face to face with some of the top security guys from the Big Fruit. That was until Apple pulled out of the conference.

 

   Historically Apple has always been shrouded in secrecy. They rarely, if ever, allow face time between security researchers who discover bugs and the Apple team responsible for patching them. Even when Dan Kaminsky's major DNS flaw was discovered and a secret alliance was formed among all the major players like Microsoft and HP, Apple was no where to be found. <Read more>

 

McAfee acquires Data Protection company

            McAfee beefed up it's Data Protection offerings today by acquiring California based Reconnex for $46 million dollars in cash. Reconnex's bread and butter is their data indexing service that keeps tabs on "upto all communications and upto all content". Read the full story here.

 

Victim of the month: Kaspersky Antivirus 7/19/2008

What happened:

   The Kaspersky online shop and the Malaysian Kaspersky Antivirus website was hacked by a Turkish hacker names “m0sted” using a Sql Injection attack. As a result, several pages were defaced and there is a concern that evaluation copies of Kaspersky Antivirus may now contain Trojans.

   Zone-h has reported that Kaspersky’s sites have been hacked 36 times since 2000.

   How it happened:

   The specific method of attack is still pretty vague at this point. All we know is that it was a SQL injection attack that crippled the site for days.  For more information on SQL injection attacks, check out my overview here.

 

The White Hat Revolution starts here

   12 years ago, my friends and I came up with a brilliant idea. We were all going to invest $25,000 each to open an IT sales and service franchise. At the time this particular franchise had more than 100 locations nation wide and offered us exclusive rights to a 30 square mile radius of the fastest growing area suburb or Atlanta (which, at the time, was the fastest growing city in the US). It was a can’t miss opportunity. This franchise was also expanding its service offerings to include networking services in the next few years, which was my specialty. When this opportunity fell in my lap I couldn’t stop salivating. It was a sure fire way to own my own business, do what I love to do, and make a hell of a lot of money doing it.

   About a week later I went to the bank to apply for a small business loan. After completing my application,  I was interviewed by the loan officer (more like interrogated). After several preliminary questions, she asked me one question that will forever reside on my brain like an inoperable tumor. The conversation went something like this:

Loan officer: “What will your niche be?”

Me:”Huh?”

<Read more>