security asceticism - getting list of subdomains

Hi folks.

During first step of security audit you need to get list of all sub-domains for a company domain name. How we can do it?

1. If target corporate DNS server support zone transfer (it's a security problem itself) it's easy:

#dig nameserver domainname axfr

#host -l domainname

2. DNS brute forcers - as a any brute force attack it's take a lot of time and it's always dirty work

3. My favorite way - ,sure thing, using google:

Just do a simple request

-inurl:www.ibm.com site:ibm.com

So, if google already indexed these domains you will find it in the list!

Sure thing, it works only with domains with web-servers on it.

Big Brother watching you or mobile phone security issues

Lets talk about mobile phone security. You are well qualified security specialist and never install suspicious application on you handset, so, you think you are secure? Have you heard about OMA-DM technology? OMA-DM stands from Open Mobile Alliance Device Management. Within the Open Mobile Alliance Device Management the standard for firmware handset updates is known as the Firmware Update Management Object (FUMO) This standard permits Firmware Over the Air (FOTA) technology. How it works - here you can find short description. But it was only first step of implementing such technology on the market.

The second step is SCOMO - Software Component Management Object standard that permits Software Component Over the Air (SCOTA) technology. This technology was created for more granular and flexible management of each software components. With SCOTA, one or more piece of software could be changed without requiring update whole handset firmware. SCOTA is a best way to create phones' application stores, so, consumers can have access to the latest applications, without needing to replace devices.

The most interesting thing that all these technologies use http/https over IP and xml data format.

Sound cool, does it? But lets turn on our paranoia:

1. These technologies allow vendors, mobile or value added service providers (but not only them) to install or delete any application or data on your mobile phone.

2. This technology uses centralized management model , so, from the one management Center it's possible to legally control a huge botnet of mobile phones.

3. This technology could allow (or it could be already used) government to spy on citizens.

4. These system components could be penetrated by some "bad guys" and used for stealing your data or spying on you.

Talking about OMA-DM overall security conception - I' ve found only OMA Device Management Security Candidate Version 1.2 document. According to it OMA-DM protocol use to level of authentication: on transport layer (recommended to use TLS 1.0, SSL 3.0 ) and on application layer (OMA-DM use MD5 !).

Some useful information for Windows based smartphones you can find on msdn web site:

OMA Device Management Security Best Practice

OMA Device Management

How many phones support these technologies? There are two types of OMA-DM support: OMA-DM ready terminals (soft client already build-in) and terminals that need OMA-DM client to be installed by user to enable OMA-DM support. Some useful but a bit old information you can find here .

Big Brother is watching you! Stay secured!

Увеличения объема доступной виртуалке памяти в esxi3.5 или работа в esxi3.5 на хосте с 1 GB RAM

Куда нынче ИТ-безопаснику без виртуализации? А как быть при наличии старого железа?

Итак у нас есть физический сервер с 1 GB RAM и большое желание поднять на нем среду вируализации для запуска 1 виртуалки. (Вопрос зачем здесь виртуализация деликатно упустим: например для упрощения переноса системы или ее тестирования)

Итак какой гипервизор выбрать? Ответ прост esxi3.5 единственный из гипервизоров который согласиться работать на таком обеме памяти. esxi4 требует минимум 2 GB RAM. Итак установка прошла нормально. Виртуальный аплайнс смигрировал и вот теперь его нужно сконфигурить и запустить.

Только вот незадача ему не удаеться выделить более 256 М памяти! Казалось бы легкая и проворная esxi3.5 откушала более 700 метров. Итак как мы будем это бороть.

По умолчанию гипервизор резервирует 500 метров под управление WMами. Нам же с одной WMкой такого не нуно. Тюним: Идем в Configuration \ System Resource Allocation. Выбираем advanced находим VIM объект и ставим все параметры резервации на 256 метров

Затем переключаемся снова в простой режим из адванседа и правим системные ресурсы целиком, ограничивая их

и после всех этих танцев з бубном получаем столь необходимую нам память в общем размере 512 Мб и отдаем их виртуалке. вуаля