[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ISN] Local researchers offer free security service
By Ulrika Hedquist
8 May, 2007
New Zealand's Honeynet Alliance is offering a free service for
webmasters. The local project is part of the global, non-profit Honeynet
Project, a research organisation dedicated to improving the security of
the internet at no cost to the public.
"Webmasters are, generally, at risk of having their websites attacked
and compromised, and they usually don't have the means to monitor their
page," says Christian Seifert, who runs the local Honeynet Alliance.
Seifert, one of four volunteer researchers involved in the project, is a
PhD student at Victoria University in Wellington.
Once a website is compromised, the attacker might manipulate it to host
malicious content, so that when a user visits the site they might be
attacked, or spyware might be downloaded to the user's machine without
their consent, says Seifert.
The free web service, PATROL (Periodic Assessment of TReasured Online
Links), allows webmasters to submit their own URL to the Honeynet
Project's open-source client honeypot, called Capture. Submitted URLs
are monitored periodically by the client honeypot. Reports are generated
on a regular basis and published on the New Zealand Honeynet Alliance
website, says Seifert.
The Honeynet Project also offers a service called SCOUT (Speedy Complete
Online URL Test) which is more targeted at end-users, says Seifert. It
allows them to submit a URL and get immediate feedback, he says.
Christian Seifert"For example, if you get an email with a link that
looks suspicious to you, you can submit that URL to our site and we will
immediately tell you whether it is malicious or not," he says.
The service was launched in mid-April and the Honeynet Project has
identified 15 malicious URLs already, says Seifert.
Capture, developed at Victoria University, identifies malicious servers
by interacting with potentially malicious servers using a dedicated
virtual machine and monitoring any state changes on that box, says
"If a new file appears in the start-up folder we know that that website
is malicious," he says.
The Honeynet Project's method is not signature-based.
"We are looking at the effects of a successful attack and that allows us
to detect [attackers] that we don't know anything about yet," he says.
"So it is really geared towards the future, looking at future exploits —
zero-day exploits," he says.
Capture can be downloaded from the Honeynet website and is distributed
under the GNU General Public Licence.
"The latest version of the client honeypot allows you look at attacks on
various web browsers, not just Internet Explorer, but also Firefox and
Opera," he says.
It also features kernel level monitoring and is compatible with Vista.
Seifert says he is quite excited about the new version of Capture as it
brings client honeypot technology into the hands of security people and
"But we realise that not everybody has the time and resources to install
the client honeypot," he says. "That is why we have created the web
Copyright (c) Fairfax Business Media A Division of John Fairfax
Publications Pty Limited
Subscribe to InfoSec News