MS SQL Server Resolution Service enables reflected DDoS with 440x amplification

Summary The MS SQL Server Resolution Service allows a client to interrogate a server hosting a SQL Server installation and to receive back detailed information about the SQL Server instances available on the server.  The client sends a one-byte request to the server, and the server responds with a variable-length message containing instance names, versions, … Continue reading MS SQL Server Resolution Service enables reflected DDoS with 440x amplification

VMware Leaves Artifacts of Guest Applications on the Host Summary

In the VMware environment, Unity Mode presents guest VM applications to the host desktop.  This provides a convenient way for the user to access applications installed on the guest without switching back and forth from the host to the guest.  When a guest VM application is run in Unity Mode, the application appears in the … Continue reading VMware Leaves Artifacts of Guest Applications on the Host Summary

Cross-Contamination of Unallocated Space between VMware Guest and Host

Summary In a VMware environment, a virtual disk can be shrunk if it becomes too large.  If the virtual disk has a large amount of unallocated space, the user can use VMware utilities to shrink it to the smallest size required.  When the user does this, unallocated space from within the VM may be transferred … Continue reading Cross-Contamination of Unallocated Space between VMware Guest and Host

Artifacts of Host-to-Guest File Copy in the VMWare Environment

Summary In a virtualization environment using VMWare, one method of introducing a file onto a guest virtual machine is to simply copy and paste the file from the host system into the VMWare window. From the user’s perspective, this is a typical copy-and-paste operation, resulting in a new file in the context of the guest … Continue reading Artifacts of Host-to-Guest File Copy in the VMWare Environment

Start Menu and IE Favorites Artifacts in the MenuOrder Registry Key Summary

In most versions of Windows, a user can manually organize the order in which applications and application groups are displayed in the Start Menu.  A user might, for example, drag a frequently-used application group to the top of the Start Menu and leave the remainder of the items in alphabetical order.  The displayed order of … Continue reading Start Menu and IE Favorites Artifacts in the MenuOrder Registry Key Summary

Colleges and Universities Account for a Disproportionate Number of Reported Data Breaches

Introduction As the depressingly steady march of breach notifications comes across my RSS feeds, I notice that US colleges and universities seem to be the victims of an awful lot of breaches.  At least, when I skim the list of breaches cataloged by resources like the DataLossDB and the Privacy Rights Clearinghouse, the names of … Continue reading Colleges and Universities Account for a Disproportionate Number of Reported Data Breaches

NPV and ROSI, Part II: Accounting for Uncertainty in the ARO

Introduction In a previous post, I proposed a Monte Carlo simulation model that attempts to determine the probability that a security investment will result in a positive Return on Security Investment (ROSI).  The model views security countermeasures and breaches as streams of cash flows and evaluates the Net Present Value (NPV) of each. To account … Continue reading NPV and ROSI, Part II: Accounting for Uncertainty in the ARO