Welcome to Montebello Partners' security home page. Here we include important current alerts, resources, and announcements. If this is your first visit here, you may want to browse:

• Our introduction to Internet Security,
• Description of our security services
• Monthly email news and updates
• The monthly meetings of the SDForum Internet Security SIG
• The FBI-sponsored bay area Infragard chapter
• Useful security links and tools
• Various presentations given by us.

August, 2004 Update

Hacks

• Miami-Dade County's touchscreen voting machine system crashed in May and in November of 2003, erasing information from gubernatorial primaries. Daily backups were not started until December 2003. A Florida state rule prevents counties using touchscreen voting from conducting manual recounts. At a recent SDForum Security SIG, Dr. David Dill of Stanford spoke on the risks of electronic voting systems with no paper audit trail.

• A number of leading web sites running Internet Information Server 5 were compromised. Malicious JavaScript was appended to the bottom of pages on these sites, which then in turn compromised end-user computers by installing backdoors and tools to collect banking passwords. No defensive patches were available at the time these attacks occurred. The US CERT center recommends disabling JavaScript if you use Internet Explorer, even though some web sites will not display properly.

Holes

• A variant of the MyDoom worm spread widely on July 26th, and interfered with Google and Yahoo search sites. Many desktop computers have been left with "back-doors" that will allow the worm author to enter their system at a later date.

• Microsoft released a security bulletin which identifies five separate Windows vulnerabilities which could allow remote attackers to run arbitrary code on your system. Most of these are triggered by accidentally browsing a malicious web page with Internet Explorer, or by viewing a malicious html-formatted email with Outlook. Patch, patch, patch!

• A vulnerability in the popular ISC open source dhcp server could let malicious users on your local network execute arbitrary code. Patch, and make sure your firewall is nice and tight!

• The two most popular wireless routers for the home have recently discovered vulnerabilities. The LinkSys WRT54G's continues to allow remote administration even if disabled in the configuration screens. The Netgear WG602 allows remote administration with the username "super" and the password "5777364", even if the user has configured a different username and password. Patches are available.

Upcoming Events

• The next SDForum Security SIG will feature venture capitalist Asheem Chanda of Greylock and CheckPoint, along with a re-cap of information from Defcon and Black Hat conferences. The meeting will be in Palo Alto on Wednesday, August 25th.

• The next meeting of the Bay Area Infragard chapter will focus on current information security threats. The meeting will be held at the San Francisco Federal Reserve Bank on Thursday August 19th.

Other Updates

• June, 2006
• May, 2006
• November, 2005
• August, 2005
• June, 2005
• May, 2005
• April, 2005
• March, 2005
• January, 2005
• December, 2004
• November, 2004
• October, 2004
• September, 2004
• August, 2004
• April, 2003
• March, 2003