Articles & Presentations
▼
Wednesday, September 29, 2010
One of my favorite browser plugins.. Pulls the plug
XMarks, formerly FoxMarks announced they are ceasing operations. XMarks was by far the best Bookmark synchronization tools there are. You add a bookmark or favorite in FireFox, IE, Chrome or Safari and they would show up on my other system browsers on my other systems.
Sad day when the best of something fails to get funding... Booooo to the Angel and Venture Capitals that let this fail.
Tuesday, September 28, 2010
Monday, September 27, 2010
So much for our privacy
FBI cheating on exams on proper surveillance of Americans, backdoors being added to encryption, I guess our expectation of privacy is a thing of the past...
"WASHINGTON – A Justice Department investigation has found that FBI agents, including several supervisors, cheated on an important test covering the bureau's policies for conducting surveillance on Americans." Article on cheating Feds
Proposed legislation would add backdoors to encryption solutions for government sniffing.. I mean investigation. Article on encryption backdoor" the Obama administration will propose new legislation to mandate that the U.S. Government have access to all forms of communications, "including encrypted e-mail transmitters like BlackBerry, social networking Web sites like Facebook and software that allows direct 'peer to peer' messaging like Skype." In other words, the U.S. Government is taking exactly the position of the UAE and the Saudis: no communications are permitted to be beyond the surveillance reach of U.S. authorities."
Sunday, September 26, 2010
US Official does not know source or reason for Stuxnet?
Really? "Because they can" it's simple really. This is a proof of concept worm that tested multiple concepts, one of which is that it did not morph the filenames so the authors did not seem to care if they were going to be detected. This worm was unique in that it had several first time ever items...
1. It utilized Four 0-day exploits, not one, but 4 !!!! Talk about proof that you can't patch or react to an exploit that there is no patch for, thus testing or proving Incident Response sucks.
2. It did not use tricky tactics to avoid detection. This was not a Zeus level worm, it used basic techniques for spreading and thus easy to irradicate.
3. It used USB/thumb drives to spread, assumably so it could breach the gap between SCADA and core network systems. Again showing how poor the detection of this worm and the staff to respond.
4. It was intelligent to detect the corporate network versus the SCADA nets and did not launch Win Server 2008 spoits if it was on the corporate network, only the SCADA net. Shows they tried to avoid corporate infection and possibly detection and focused on the SIEMENS PLC systems to install a root kit in the PLC controllers.
5. If it were a targeted attack, it would have been hidden better and only go after the networks of that nation or language. This worm hit everyone equally if they were vulnerable.
6. Symantec's analysis of the code, O Murchu said, shows that nearly 60 percent of the computers infected with Stuxnet are in Iran. An additional 18 percent are in Indonesia. Less than 2 percent are in the U.S.
It is not rocket science and I think Occams razor applies to this worm - "the simplest explanation is usually the correct one".
If this worm was intended to wipe out SCADA PLC's then it could have and would have. It could have gone easily undetected if the authors intended it to. The fact that it did not hide itself well and Symantec was able to gain control over it quickly, shows that it was a simple "Look what I did and how far I got"... We have a name for this kind of result... POWNED and OWNED.
Remember Defense in Depth and Time Based Security.. Your Defenses must be greater than your ability to detect and respond.
Clearly Stuxnet proved the Critical infrastructure systems were not able to detect and respond quick enough to stop what could have been a terrible Cyber event in our and other nations Nuclear Plants.
This was simply put, a proof of concept worm that wanted to send a message and show how incredibly weak the systems that control Nuke plants and other systems relying on older technology really are and send us all a message..
WAKE THE FRACK UP !!!!
I recommend readers listen to PaulDotCom's PodCast where they discussed this event: Link to PaulDotCom article
(C) 3 different conferences in three days in Austin Oct 27, 28, 29
October is a busy month for Conferences in the Austin area.
Forensics:
HTCIA is hosting their local all day Forensic Conference - Weds Oct 27th
HTCIA Austin website
Technology:
InnoTech Business and Technology conference hits town - Thus Oct 28th
InnoTech website
Web Application Security:
The Austin OWASP chapter is hosting their first Applications Security conference - Fri Oct 29th
LasCon website
Forensics:
HTCIA is hosting their local all day Forensic Conference - Weds Oct 27th
HTCIA Austin website
Technology:
InnoTech Business and Technology conference hits town - Thus Oct 28th
InnoTech website
Web Application Security:
The Austin OWASP chapter is hosting their first Applications Security conference - Fri Oct 29th
LasCon website
(C) HouSecCon Nov 4th
Meet me in Houston with some leading Information Security professionals talking shop.. And Information Security.
Houston Security Conference website
Saturday, September 25, 2010
(F) Free Web Filtering by OpenDNS
OpenDNS offers a FREE solution for families to filter websites that most parents do not want their children to find or visit. No account required, you just point each computer or your router/wireless device the DNS addresses to the OpenDNS servers listed below and their default filters block content.
208.67.222.123
Alternate DNS server address for Open DNS is:
208.67.220.123
OpenDNS FamilyShield website
For a more configurable web filter, OpenDNS offers another free solution where you create an account and customize the web filter as well as get reports for the past week.
You can also pay for an upgrade and get more features.
(F) Free family security tool from Norton
Symantec has released a new Online tool designed for families. Norton Online Family allows a parent to setup rules from Web Filters to what time the computer stops access as well as email alerts, IM and Social website filtering and more.
The web filters allow a parent to customize what is blocked. You will need to install an agent that controls the access, but all the controls are done via your browser.
All you do is create an account linked to your email and then install the agent that is linked to the same email account. You can on your child's activity from work or mobile device and even update it on the fly.
Visit the website for more information - It's FREE
Norton Online Family website
Blog Legend
For those interested in following my InfoSec Blog, I will use a legend so people know when the post is something for you...
(F) Family Home Security related
(SC) Security Conferences
(U) Upgrade notice
(W) Warning Will Robinson
(P) Patch available
( ) General post
(F) Family Home Security related
(SC) Security Conferences
(U) Upgrade notice
(W) Warning Will Robinson
(P) Patch available
( ) General post
Follow my InfoSec Blog
Checkout my new InfoSec Blog and/or follow me on Twitter...
Www.HackerHurricane.com
Twitter: HackerHurricane
Www.HackerHurricane.com
Twitter: HackerHurricane
We have begun
Yet another Information Security BLOG... Yup, a place to comment, BLOG and rant about the world I live in and the industry I work in. Hopefully it won't be too boring and you might just learn something!