j-j.co.za
Sharing thoughts and ideas on business, security and photographyProposed MSc in Information Security (Rhodes)
Posted on June 19, 2010Barry Irwin from Rhodes University is looking into getting a MSc Infosec (Masters in Applied Computer Science – Focusing on Information Security) up and running, including potentially for part time / distance students. This certainly sounds like a good addition to the formal information security learning options in SA. He has placed a survey online and anyone interested in further information can mail Barry at “b.irwin (at) ru.ac.za”.
Some further info from the survey page about the proposed MSc :
The degree will consist of a combination of Coursework Modules and a Research project and will be run by the Department of Computer Science at Rhodes University. The intended target for the Degree programme is individuals working within the information security field. These individuals should ideally have at least 2-3 years working in information security or associated fields. While primarily targeted at individuals within South Africa, others may be interested, particularly in the one year full time option.
Based on the feedback received from the survey and other market studies, a final feasibility decision will be made. Those wishing to be kept informed of the status of the course can complete the contact details section at the end of the survey or email Barry.
The lurking dangers hidden in .PDF’s
Posted on June 13, 2010A couple of days ago there was some noise around some nasty payloads being delivered through .PDF’s. So just in-case you thought that opening a PDF file was safe, take a read of the blog post that Z0nbi put together on the actions of a spam PDF that he received :
” Today I was trawling through my Gmail spam folder like a good little mail monkey when I came across a rather strange bit of spam. Usually you just get rubbish about making your manhood the size of a small country or the latest twitter/gmail support/facebook AV malware. Most of the time I just ignore the messages due to them being very boring and not really worth a coffee and a few hours in Terminal…Today’s message was a little different. It was a very simple email with the subject line “New Resume” and one line in the body of the email saying “Please review my CV, Thank You!“. So, seeing as I have NO idea who the sender was and that there are no issues with the PDF format that I know of, I saved the PDF document to my desktop as I had a virtual machine I just knew the PDF would love immediately. ”
ISG (Whitehat) Durban June meeting : Information Warfare
Posted on June 13, 2010The details for the next ISG Durban (White Hat) meeting :
Title: Information Warfare
Speaker: Brett van Niekerk
Date: 17 June 2010
Time: 18:30
Venue: Elephant Room, M Block, UKZN Westville Campus
If you have any problems or need help getting to the venue, email ralfepoisson@gmail.com or drop me a mail and I will provide you with whatever details you need.
To get to the Elephant Room, first follow the map to get to M block, then go through the door to the right, in front of you there will be the access the LANs (light blue turnstiles and a door), the door will be open, go through and listen for the voices 
Reminder : ISACA KZN Chapter meeting 17th June
Posted on June 13, 2010Region: Durban, KZN
Date: 17 June 2010
Time: 2:30pm for 3pm
Topic : Compliance Services (Financial Risk Management) will be presenting: “Privacy – Protection of Personal Information”
Importing NMAP .xml output into MS Access part 2
Posted on June 13, 2010As in the previous post, our initial NMAP scan produced an XML file over 600mb in size. To finish the scans we split the remaining ip ranges into more manageable chunks and ended up with another 20+ xml files of around 50mb each.
Running all of these through Exult XML to get a single consolidated access database was a bit problematic. The tool didn’t have the functionality to add additional scans to our original database, so all of the XML files had to be selected together and run through the tool to produce a single database. The conversion ran for 24hrs without completing so we had to come up with a better plan. Initially we considered running the conversion on a more powerful machine with much faster disk, but when trying to install the tool discovered the license key wouldn’t work. It used some (undisclosed) technique to ensure single install only. An email off to the developers and they sent us a new key (about 6 hours later – thanks to time differences, not any delay on their part). In the meantime plan B was in place.
Looking through the raw XML files I saw that the vast majority of the IP’s were non responsive and those few lines indicating this were taking up an awful lot of space when looked at collectively. A quick search and replace to remove these lines and the XML files were reduced to about 1/20th of their original size. With the new reduced file sizes Exult happily produced our Access database in less than half an hour and we were ready to continue with the exercise. The old sayings about better planning and new strategies certainly applied here.
Using access we were then able to produce great summary reports to pull out details on top active ports, numbers of machines in each class, active IP ranges etc etc. Next step choose our samples for more detailed scanning.
Exclus1ves.co.za the bad and the slightly better (updated)
Posted on June 03, 2010Three weeks ago (20 days to be exact) I ordered the Blu-ray version of The Lord of the Rings trilogy from Exclusive Books online store. I had been given a gift voucher by ITWeb for talking at their Infosec conference so thought it would be a good way to spend it.
The online process was reasonably painless, I was signed up with a new account linked to my Fanat1cs card. I went to check out, was prompted that I had a R50 discount voucher from Fanat1cs (which I didn’t know about – nice bonus), and chose the option to deliver it to my local bookstore for collection. Nowhere in the process could I use my paper based gift vouchers. What a pity. Still, with the decent price and R50 off I placed the order anyway with a notice that I could expect delivery in 8-10 days. Great.
8 Days later I was in the local exclusive bookstore so visited to found out the status of my order. #fail. The store has no way of tracking my order and could only tell me to check online or call the call centre. mmm.
I went online, found my order, the status was useless. It told me the status was “confirmation”. Great. There was a button to “send a message” to customer service. Perfect, clicked that sent a message, 2 days later I hadn’t heard from them so called. Item was out of stock, I would definitely get it next week (being this week). This morning I went online, checked status, same status. Clicked on “send message” – heard nothing. This afternoon I called them around 4:15.
Sorry sir, our warehouse is closed, we can’t help you. Great. What happened to the message I sent online I asked? “We get too many messages online, we can’t possibly respond to them all, its better you phone us.” I see red. Why have the #@%@$$ button if that is the attitude. I asked if they had a customer services manager, they do. Can I speak to him? No, sorry, he is in a meeting. Mmmm, where have I heard that before. Anyhow, his name and number was promptly supplied. He was out of the meeting at 4:30 I was told. Called at 4:40, he answered 
I spoke to the man, he was very apologetic, seemed appalled to hear the story, and what the staff in-store and on the call centre were telling me. He offered me a further discount on my purchase, promised to call me tomorrow to explain the whereabouts of my purchase, and explained the site was still being developed further to remove the teething troubles. In my eyes he redeemed the situation (slightly) and if he follows through I will order from them again. If he doesn’t, they won’t be getting any more business. I certainly haven’t had these kinds of problems from Take2.co.za or Kalahari.net. Amazing how the “big guys” can get on-line so wrong. Here is hoping they can turn it around and get things working properly. I really want to order Avatar Blu-ray and Fifa worldcup soccer for PS3. Their prices are good. Come through and you can have the business.
Update:
I received a mail this afternoon from Exclus1ves. They are now promising me that I can have it in another 11 days time (its been 21 days, and the original order said 10 days).
The mail tried to console me by telling me no retailers have stock (strange I have seen it at Look & Listen in the Pav a few times), and that if they can’t deliver they will give me a full refund (by then having had my money for 6 weeks). mmmm. I’m back to being less than impressed. Honesty I appreciate, but treating the customer like a fool?
Importing NMAP .xml output into MS Access
Posted on June 03, 2010Over the last few days we ran a really large discovery scan on a client’s network. The scan was discontinued part of the way through and at that stage had produced a 650Mb .xml file. Smaller files are easy to load into Excel or Firefox to view and work with. With this much data we needed a more workable solution.
The first though was to import it into MS Access 2007. Access has built in import filters, easy enough we though. Two error lines in a table and no data brought an end to that hopeful idea. A little bit of googling found as a tool that promised to do pain free importing of XML into access, building the table structures on the fly and automatically creating the necessary table links.
The Exult XML converter from novixys.com was a lifesaver.We downloaded the trial, tested it on a scan of the local class C and it worked wonders, creating all the required tables and links. $105 later on the credit card and the full version was purchased.
Using it on out full scan file was a little trickier. Since we aborted the scan the .xml file hadn’t been properly completed. Exult didn’t like the incomplete file so threw out an error message and refused to build the access database. A comparison of the short test scan and the full scan revealed the missing XML tags. We copied and pasted these over to the full file, updating the scan information manually, and saved the file. Running Exult again took a while (over an hour) but produced the required file. Perfect solution.
Thanks Novixsys.
We are scanning the rest of the network as we speak. Not sure how we will import the balance of the .xml files into the same database. Hopefully Exult can do that for us too. Will find out soon enough 
What people say
Close block