Articles & Presentations

Wednesday, September 29, 2010

One of my favorite browser plugins.. Pulls the plug




XMarks, formerly FoxMarks announced they are ceasing operations. XMarks was by far the best Bookmark synchronization tools there are. You add a bookmark or favorite in FireFox, IE, Chrome or Safari and they would show up on my other system browsers on my other systems.

Sad day when the best of something fails to get funding... Booooo to the Angel and Venture Capitals that let this fail.

Tuesday, September 28, 2010

(W) Twitter Worm - WTF




Another Twitter WORM.. WTF.. No really.. WTF is the message.
http://ping.fm/bk4VJ

(W) LinkedIn Malware - Danger Will Robinson




Warning LinkedIn users !!!! Zeus is THE worst Malware known.. BE careful!!!
http://ping.fm/4qOvm

Monday, September 27, 2010

So much for our privacy





FBI cheating on exams on proper surveillance of Americans, backdoors being added to encryption, I guess our expectation of privacy is a thing of the past...

"WASHINGTON – A Justice Department investigation has found that FBI agents, including several supervisors, cheated on an important test covering the bureau's policies for conducting surveillance on Americans." Article on cheating Feds

Proposed legislation would add backdoors to encryption solutions for government sniffing.. I mean investigation. Article on encryption backdoor" the Obama administration will propose new legislation to mandate that the U.S. Government have access to all forms of communications, "including encrypted e-mail transmitters like BlackBerry, social networking Web sites like Facebook and software that allows direct 'peer to peer' messaging like Skype." In other words, the U.S. Government is taking exactly the position of the UAE and the Saudis: no communications are permitted to be beyond the surveillance reach of U.S. authorities."

Sunday, September 26, 2010

US Official does not know source or reason for Stuxnet?


Really? "Because they can" it's simple really. This is a proof of concept worm that tested multiple concepts, one of which is that it did not morph the filenames so the authors did not seem to care if they were going to be detected. This worm was unique in that it had several first time ever items...
1. It utilized Four 0-day exploits, not one, but 4 !!!! Talk about proof that you can't patch or react to an exploit that there is no patch for, thus testing or proving Incident Response sucks.
2. It did not use tricky tactics to avoid detection. This was not a Zeus level worm, it used basic techniques for spreading and thus easy to irradicate.
3. It used USB/thumb drives to spread, assumably so it could breach the gap between SCADA and core network systems. Again showing how poor the detection of this worm and the staff to respond.
4. It was intelligent to detect the corporate network versus the SCADA nets and did not launch Win Server 2008 spoits if it was on the corporate network, only the SCADA net. Shows they tried to avoid corporate infection and possibly detection and focused on the SIEMENS PLC systems to install a root kit in the PLC controllers.
5. If it were a targeted attack, it would have been hidden better and only go after the networks of that nation or language. This worm hit everyone equally if they were vulnerable.
6. Symantec's analysis of the code, O Murchu said, shows that nearly 60 percent of the computers infected with Stuxnet are in Iran. An additional 18 percent are in Indonesia. Less than 2 percent are in the U.S.

It is not rocket science and I think Occams razor applies to this worm - "the simplest explanation is usually the correct one".

If this worm was intended to wipe out SCADA PLC's then it could have and would have. It could have gone easily undetected if the authors intended it to. The fact that it did not hide itself well and Symantec was able to gain control over it quickly, shows that it was a simple "Look what I did and how far I got"... We have a name for this kind of result... POWNED and OWNED.

Remember Defense in Depth and Time Based Security.. Your Defenses must be greater than your ability to detect and respond.

Clearly Stuxnet proved the Critical infrastructure systems were not able to detect and respond quick enough to stop what could have been a terrible Cyber event in our and other nations Nuclear Plants.

This was simply put, a proof of concept worm that wanted to send a message and show how incredibly weak the systems that control Nuke plants and other systems relying on older technology really are and send us all a message..

WAKE THE FRACK UP !!!!

I recommend readers listen to PaulDotCom's PodCast where they discussed this event: Link to PaulDotCom article

(C) 3 different conferences in three days in Austin Oct 27, 28, 29

October is a busy month for Conferences in the Austin area.




Forensics:
HTCIA is hosting their local all day Forensic Conference - Weds Oct 27th
HTCIA Austin website




Technology:
InnoTech Business and Technology conference hits town - Thus Oct 28th
InnoTech website



Web Application Security:
The Austin OWASP chapter is hosting their first Applications Security conference - Fri Oct 29th
LasCon website

(C) HouSecCon Nov 4th




Meet me in Houston with some leading Information Security professionals talking shop.. And Information Security.
Houston Security Conference website

Saturday, September 25, 2010

(F) Free Web Filtering by OpenDNS




OpenDNS offers a FREE solution for families to filter websites that most parents do not want their children to find or visit. No account required, you just point each computer or your router/wireless device the DNS addresses to the OpenDNS servers listed below and their default filters block content.

208.67.222.123
Alternate DNS server address for Open DNS is:
208.67.220.123

OpenDNS FamilyShield website

For a more configurable web filter, OpenDNS offers another free solution where you create an account and customize the web filter as well as get reports for the past week.

You can also pay for an upgrade and get more features.




(F) Free family security tool from Norton







Symantec has released a new Online tool designed for families. Norton Online Family allows a parent to setup rules from Web Filters to what time the computer stops access as well as email alerts, IM and Social website filtering and more.



The web filters allow a parent to customize what is blocked. You will need to install an agent that controls the access, but all the controls are done via your browser.




All you do is create an account linked to your email and then install the agent that is linked to the same email account. You can on your child's activity from work or mobile device and even update it on the fly.

Visit the website for more information - It's FREE
Norton Online Family website






Blog Legend

For those interested in following my InfoSec Blog, I will use a legend so people know when the post is something for you...

(F) Family Home Security related
(SC) Security Conferences
(U) Upgrade notice
(W) Warning Will Robinson
(P) Patch available
( ) General post

Follow my InfoSec Blog

Checkout my new InfoSec Blog and/or follow me on Twitter...
Www.HackerHurricane.com
Twitter: HackerHurricane

PCI and Daily Compliance

Article posted about being InfoSec compliant daily
http://ping.fm/GCn8s

We have begun

Yet another Information Security BLOG...  Yup, a place to comment, BLOG and rant about the world I live in and the industry I work in.  Hopefully it won't be too boring and you might just learn something!