AusCERT Web Log: The AusCERT web log is where our staff have the opportunity to informally discuss current activity and interesting developments in the area information security.
Member Newsletters: Complete archive of news letters distributed to AusCERT members
Presentations and Papers:
Update on Kezaam SecuryTeam Spam and Associated Trojan Incident
- This paper provides an overview of a recent "Kezaam SecuryTeam" incident which involved a wide spam run in Australia and elsewhere that attempted to induce recipients to click on a link to a web site for the purposes of installing malicious software.
Windows Rootkit Prevention and Detection
- This document is intended to introduce Windows system administrators to the concepts necessary to understand the threat posed by rootkits on the Windows platform.
The document also outlines tools and techniques that system administrators, and those responsible for incident response can use to detect and respond to rootkits on the Windows platform.
Risk of Compromise for Organisations using SSL
- Specialised software being used by some marketing companies poses a serious threat to the confidentiality and integrity of sensitive data organisations seek to protect through their secure socket layer (SSL) enabled web connections. This paper provides information about this threat, its potential impact on organisations wishing to protect access to confidential web data using SSL and explains what can be done to mitigate the risk. In particular we examine the potential for an SSL man-in-the-middle technique to be used to facilitate online banking fraud compared to other methods of online identity theft.
2005 Australian Computer Crime and Security Survey
- AusCERT members are encouraged to participate in the 2005 Australian Computer Crime and Security Survey, which is produced by the AHTCC, the AFP, all state police forces and AusCERT. The secure survey web-based questionnaire will be available until Monday, 7 March 2005.
Windows Intrusion Detection Checklist
- Checklist designed to assist administrators in intrusion detection for Windows Systems.
Enhancing Security of IP Multicast Traffic in Corporate Networks
- The use of multicast applications within the Internet is
increasing. This paper identifies the security implications related to
multicast communication. Possible solutions for enhancing multicast security
- A list of Computer Security Incident Response Team (CSIRT) resources useful
for people interested in designing, developing and implementing their own CSIRT.
Handbook for Management of IT Evidence
- The Management of IT Evidence handbook has been completed and is now available from Standards Australia.
NIST Special Publication 800-36 - Guide to Selecting Information Technology Security Products
- The National Institute of Standards and Technology has published Special Publication 800-36 - Guide to Selecting Information Technology Security Products
Putting cyberterrorism into context
- 'Cyberterrorism' is an often misused and abused term which results in a misunderstanding of the threat. This article provides an assessment of the threat of cyberterrorism for Australian networks and compares this threat with other existing cyber threats.
Business Impact Assessment - Blaster revisited
- The Blaster and Welchia worms continue to have a sustained impact on many Australian networks. The newest Microsoft RPC vulnerabilities announced early on 11 September 2003 provide the potential for a new round of worm attacks. This time, however, the impact could be more severe - if, as we expect, the time to develop the worm code occurs more quickly than before.
Business Impact Assessment - Possible Slammer hiatus
- The effects of the Slammer worm were short-lived but if circumstances permit a resurgence of harmful network activity may easily occur.
Impact analysis of Apache/mod_ssl worm
- There are reports that the Apache/mod_ssl worm has compromised around 30,000 hosts. This article looks at some of the implications of distributed denial of service attacks that could be unleashed by compromised Slapper worm agents.
Windows 95/98 Computer Security Information
- This document is written for users of Microsoft Windows 95/98. The MS
Windows 95/98 operating systems are not designed to be used with
computers storing data that is considered critical to a project or
that must be very securely protected. The Windows 95/98 operating
systems are commonly installed on home computers. Because of an
increasing number of incident reports from Windows 95/98 users the
CERT Coordination Center (CERTCC) and AusCERT have created this
document to help users become more aware of computer security.
Know Thy Attacker
- A pdf file of the presentation "Know Thy Attacker"
Secure Unix Programming Checklist
- A check list, in short form, for quick reference by lab engineers to use in writing secure Unix code
Windows NT Intruder Detection Checklist
Windows NT Configuration Guidelines
- This document is being published jointly by the CERT Coordination
Center and AusCERT (Australian Computer Emergency Response Team) and
details common Microsoft Windows NT 4.0 configuration problems that
have been exploited by intruders and recommends practices for deterring
several types of break-ins. We encourage system administrators to
review all sections of this document and modify their systems
accordingly to fix potential weaknesses.
Anonymously Launching a DDoS Attack via the Gnutella Network
Information Security Standards
- This page provides a range of information about standards directly or
peripherally associated with information security within Australia New
Zealand, and elsewhere throughout the world. It does not set out to
exhaustively list all standards in the known universe that may relate
primarily or peripherally to information security.
Multiple Vulnerabilities in SNMPv1 implementations - Briefing Note
Steps for Recovering from a UNIX or NT System Compromise
- This document is being published jointly by the CERT Coordination
Center and AusCERT (Australian Computer Emergency Response Team). It
describes suggested steps for responding to a UNIX or NT system
UNIX Security Checklist v2.0
- This document details steps to improve the security
of Unix Operating Systems. We encourage system administrators to review
all sections of this document and if appropriate modify their
systems accordingly to fix potential weaknesses.
AusCERT - UNIX Security Checklist v2.0 - The Essentials
- This document extracts from the "UNIX Security Checklist v2.0" essential steps to improve the security of Unix Operating Systems. We encourage system administrators to review the full UNIX Security Checklist.
Collecting Electronic Evidence After a System Compromise
- Collecting forensic evidence for the purposes of investigation and/or prosecution is difficult at the best of times, but when that evidence is electronic an investigator faces extra complexities....
Lessons Learned from Loving Melissa
- Between April 1999 and May 2000 a series of events relating to
computer security received blanket worldwide coverage.
Windows NT Security and Configuration Resources
- This document is being published jointly by the
CERT Coordination Center and AusCERT (Australian Computer Emergency
Response Team). The CERT® Coordination Center and AusCERT® do
not review, evaluate, or endorse the resources, tools, mailing lists,
or contents of any web sites listed below. The decision to use any of
these resources is the responsibility of each user or organization,
and we encourage each organization to thoroughly evaluate any
resources, any new tools or techniques before installing or using
them. We are simply including this information here so that you may
be aware of their existence and may evaluate them as appropriate for
Distributed Denial of Service Attacks
- Recent media coverage has focused on a series of Distributed Denial of
Service (DDOS) attacks against a number of high profile sites. In
general, these sites have been E-Commerce related. Previous years
have seen concentrated Denial of Service (DOS) attacks against other
industry groups, particularly ISPs, universities and other agencies
throughout the world.
Copyright Amendment (Digital Agenda) Bill 1999 Submissions
- Submissions on the Exposure Draft of the Copyright Amendment (Digital Agenda) Bill 1999 and Commentary in pdf format.
UNIX Intruder Detection Checklist
- This document outlines suggested steps for determining if your system has
been compromised. System administrators can use this information to look
for several types of break-ins. We encourage you to review all sections of
this document and modify your systems to close potential weaknesses.
Improving Computer Security through Network Design
- Security conscious organisations have learned the benefits of protecting
their information processing infrastructure from unauthorised actions by
intruders. Unfortunately, many organisations leave key systems open to attack due to poor network design.
- Source code to a wrapper which is designed to limit exploitation of programs which have command line argument buffer overflow vulnerabilities. It referenced in the Unix Security Checklist.
wrap programs to prevent command line argument buffer overrun vulnerabilities
Secure Programming Check List
- A check list, in short form, for quick reference by lab engineers to use in writing secure Unix code. The document is reference by the Unix Security Checklist.
Enhancing Security of Unix Systems
- This paper examines the common threats to data security in open systems
highlighting some of the more recent threats, and looks at some of the
tools and techniques that are currently available to enhance the security
of a Unix system.
Forming an Incident Response Team
- This paper examines the role an IRT may play
in the community, and the issues that should be addressed both
during the formation and after commencement of operations.
Previous 1, 2, 3, 4 Next
denotes AusCERT member only content.