Articles & Presentations
Thursday, December 22, 2011
(I) great example of session timeout.. Everyone should follow this
Wednesday, December 21, 2011
(I) How to erase a hard drive before re-using, a service call, giving away or selling a computer
Encryption as a protection:
RAID:
If you think a set of drives in a RAID array would be safe if you broke the drive out of the array, you would be incorrect. I can tell you as I was involved with decommissioning a SAN and we tested a single drive of a RAID group and retrieved data. You will have to treat non-encrypted SAN drives the same as any other drive. Newer SANs have secure clearing options as a part of maintenance, so check if your system has the option, better yet, make it a requirement for your next SAN or RAID storage solution.
Wiping:
Wiping is where you write the entire drive with 0's, 1's or any other character(s) over the entire disk surface and then again and again to meet whatever legal or regulatory requirements you might have. DoD wiping at a minimum is 3 passes, Standard DoD 5220.22-M, US DoD 5220.22-M (ECE) requires 7 passes and there are requirements for even more passes in order to cover up any ghost data that may reside on the drive that researchers have found can exist.... Using a fancy dancy microscope and lab.
By the Numbers... What it took me:
- 250GB - Long Test using SeaTools = 1.0 hour (validate/repair drive)
- 250GB - Full Erase using SeaTools = 1.5 hours
- 250GB - 1 Pass wipe using KillDisk = 1.5 hours
- 250GB - 1 Pass wipe using DBaN = 5.0 hours
- 250GB - 3 Pass wipe using DBaN = 11.0 hours
- 500GB - Long Test using SeaTools over USB = 2.5 hours
- 1TB - Full Erase using SeaTools = 5.5 hours
- 1TB - Full Erase using SeaTools over USB = 8 hours
Of course the type, speed and performance of the drive will vary by model how long wiping will take, but you can get an idea of what to expect with these numbers.
Drive vendor tools:
Use a service:
After running these tests to decide what the Policy, Standard and Procedure will be, the next step is to setup a system to do the wiping. Keeping in mind that several pieces of information are needed to make sure your sanitization is complete and will stand up to an audit. Here is what I came up with for a small Sanitization Station or stations:
- Windows PC.. (Yeah I know we all love Linux)
- Install all vendor disk tools for Windows
- USB to SATA/IDE adapter
- SAS/SATA controller
- Install KillDisk Windows
- Install Secure Erase
- Install SDelete
This setup would let you wipe most drives we use today including flash, thumb, USB, SATA and SAS drives that are found in servers along with older IDE drives and many memory cards used in cameras, phones and smart devices.
A Windows system because it provides you a simple screen capture that you can then paste into a Word document to capture and save the Repair and/or Wiping of the drive for audit purposes. This is difficult to do on a bootable ISO image as there is no easy way to grab the output of the results from the wiping unless the solution builds in saving to another USB device.
RESOURCES:
The vendor tools finish a close 2nd as they are also fast and provide an option to repair/validate your drive in the case you are recycling a system for reuse. For true drive repair and data recovery, nothing beats Steve Gibson's SpinRite!!
GRC SpinRite:
http://www.grc.com/spinrite.htm
Tools:
I hesitate to recommend 'Boot and Nuke' since it is so slow (3x+ slower) and drive wiping is time consuming, so I am pointing you towards the most efficient solution. Nor can it provide a report like KillDisk and the Vendor Tools running under Windows can.
KillDisk:
http://www.killdisk.com/
Secure Erase: (For all drive types, including thumb drives, flash and SSD's)
http://cmrr.ucsd.edu/people/Hughes/SecureErase.shtml
SDelete: (Microsoft/SysInternals) utility to wipe drives, files or free space)
http://technet.microsoft.com/en-us/sysinternals/bb897443
Drive Vendors Tools:
Hitachi:
http://www.hitachigst.com/support/downloads/#DFT
Samsung:
http://www.samsung.com/us/support/SupportOwnersFAQPopup.do?faq_id=FAQ00000083&fm_seq=251#
Seagate and Maxtor:
http://www.seagate.com/www/en-us/support/downloads/seatools
Western Digital: (Select your drive and select the correct version of DLGDiag)
http://support.wdc.com/product/download.asp?modelno=DLGDiag&x=0&y=0
General Info:
Security through data erasure website:
http://www.dataerasure.com/
Government Docs:
DSS Clearing and Sanitization Matrix:
http://www.oregon.gov/DAS/OP/docs/policy/state/107-009-005_Exhibit_B.pdf?ga=t
NIST 800-88: Guidelines for Media Sanitization:
http://csrc.nist.gov/publications/nistpubs/800-88/NISTSP800-88_rev1.pdf
Common Criteria Validated Products List: (approved wiping tools and other stuff):
http://www.niap-ccevs.org/cc-scheme/vpl/
- Be sure to use the FREE KillDisk version for home computers or Boot and Nuke to wipe your personal drives before you give or sell them to someone.
(I) Update to Blogging with an iPad and Social Dashboard
(W) Warning Will Robinson.. Walgreen's Phishing scam looks real !!!
Monday, December 19, 2011
(I) Health Care lost laptop... Really people... Beyond Stooopid!!!
Friday, December 16, 2011
(W) What have you downloaded on BitTorrent?
Monday, December 12, 2011
(W) Card Skimmers found in Self-Service checkout line in grocery store
Sunday, December 11, 2011
(I) How to Blog with an iPad
So you wanna Blog...
Since I got my iPad I have been blogging 100% on my iPad, with only a few exceptions where I opened the browser to correct the Blog site or add a file or page, something not easily done from the iPad. By the way, I use Blogger for my Blog, so no WordPress info here, except many of the manual steps would apply for any Blogger.
With the Blog Apps broken, I set out wondering how to do this manually using multiple tools vs. relying on BlogPress like I had up to this point. Let's first look at what my, and I am sure others requirements are to Blog and post.
1. Write the Blog of course - All the Apps do this, write it in whatever you want
2. Add pictures
3. Resize pictures so you get a consistant size in your posts
4. Add links
5. Text formatting
6. Some sort of upload to a picture repository like Flickr or Picasa
7. Post to Facebook
8. Post to one or more Twitter feeds
9. Post to LinkedIn
10. Post to website
11. Post to Google+
Simple right? Apparently not... Up until the last month when I updated my iPad to IOS 5.1, BlogPress did it all, well most of the above anyway. By far BlogPress is the best Blogging App available, but alas, since it is dead I cannot use it anymore... So how was it done before BlogPress ?
Well first you need pictures... Every Blog post needs a picture to help grab the eye and attention of the reader. On the iPad you just search Google Images and take a snapshot (press both buttons) to add the screen to your Saved Photos Library. Next, you use a killer app called 'PhotoPad' to crop and resize your photo and then save it. I use a 100 pixel width for my blog pics and I do not size them in PhotoPad, I do it in the Blogging App, BlogPress or Blogsy.
Second, you need to upload the pictures to your Cloud based repository like Flickr and/or Picasa. Now this is where BlogPress shines... It does it as a part of posting your blog. Blogsy does not and you have to upload them before writing your blog entry. For uploading cropped and rotated pictures to Picasa and Flickr I use Web Albums for Picasa and FlickStackr for Flickr. Both of these Apps manage your Cloud Photos really nicely for viewing or uploading. Once you do this you can delete the pics from your Saved Photos library and keep your iPad memory freed up.
Third, you need to save your URL's and links that you will reference in a Blog entry so you can just cut and paste them into your Blog Post. All I do when I read something worth saving on the InterWebbings or in RSS is send them to one of my email addresses with a subject. Now when I want to Blog I have the link to copy and paste.. easy. The email also acts as a ToDo list for Blogging.
Sixth, Send to the other sites... I use Seesmic on the iPad which has a profile for my Ping.FM account that allows me to post to my website, Facebook, Twitter and LinkedIn with one post... I paste the title that I copied in Step 5 and then I open Safari, go to my Blog and copy the URL to the specific post, and paste it into the URL shortener Ow.ly (OW.LY website) and then paste it into Seesmic for the Ping.FM profile to send out since you are still limited have the 140 character limit Twitter imposes you want to use short URL's. Before I hit send, I Select All and copy it for Step 7.
Seventh, Post on Google+... I open the Google+ App on my iPad (iPhone App really 2x) and paste the entry from Step 6 and send...
Now I have made my Blog entry....
Simple huh?
Come on BlogPress.... Update your App. I would only need to post to LinkedIn and Google+ when I use BlogPress and skip the Sessmic step since Google has yet to allow API posting to Google+ via apps like Ping.FM.
Tips and Tricks? Send me an email... you know how...
Friday, December 9, 2011
(R) BrowserID option over OpenID, OAuth and others
(W) Warning !!! If you have seen one of these.. Cancel your Credit/Debit Cards
(I) How to validate shortened or any URL's are safe
Thursday, December 8, 2011
Monday, December 5, 2011
(W) Yahoo Mail users - DON'T CLICK ON THAT !!!
Here we go again with Phishing attempts to gain your username and password...
NEVER, EVER, EVER provide your username and password or any other personal information to validate an account or login. The website or company will NEVER do this, so don't fall for something so obvious...
And yahoo can't block this ??? Can you say "FAIL!!!"
#InfoSec #Yahoo #Phishing
Friday, December 2, 2011
(I) VanishCrypt..Fails practical use
Thursday, December 1, 2011
(R) Research on HP Printers
HTTP/1.1 400 Bad Request
Connection: close
Server: HP HTTP Server; HP Officejet Pro 8600 - CM750A; Serial Number: CN19T1K0W
V05KD; Coulomb_pp Built:Wed Sep 07, 2011 11:21:09PM {CLP1CN1136AR, ASIC id 0x00320104}
Yup... Now if you read this from a simple telnet query, you can grep what you're looking for and know exactly what firmware sploit to throw at an HP printer..
Not targeted, just plain stooped to serve up so much info...
HP... Epic FAIL !!!!
Taking a Blogging break.. Not by choice.. By IOS 5 upgrade
Tuesday, November 22, 2011
(I) LastPass users MUST take this challenge, how strong are your passwords?
If you are a LastPass user, then the LastPass Security Challenge is a must do. You can email your results to your colleagues and have a contest of who can get the highest score. It shows you how many duplicate passwords you have in your vault along with The strength of each and links to change them.
LastPass Security Challenge
#InfoSec #LastPass
Monday, November 21, 2011
(I) LastPass adds Google Authenticator option for your phone
LastPass has added the option to use your Smartphone as your second factor authentication token. Very nice option for those of us that have iDevices, Android or BlackBerry... For those that use some other cell phone... You can use YubiKey or a USB thumb drive and the Sesame option.
Wednesday, November 9, 2011
(I) LastPass adds Google Authenticator so your phone adds 2 factor Auth
If you are a LastPass user or thinking of sing LastPass as your password manager, which I highly recommend... They have added the option of using your smartphone with the Google Authenticator app as your 2nd Factor 'something I have' authentication. Now your password vault can only be opened if you have your phone and enter the Google Auth code from the App... Very kewl LastPass!!
Friday, October 7, 2011
Two Greats in InfoSec and technology passed this week
Dr. Eugene Schultz, a famed Information Security expert passed away suddenly this week. For those that met Gene or had a chance to hear him speak, you are one of the lucky ones. I had the opportunity to talk with him on many occasions. Dr. Schultz will be missed and there is no doubt many people got into Information Security because of what he shared over the years.
Rest securely Gene!!!
Steve Jobs, a genius and technology revolutionary also passed away this week. Steve helped create the Apple or Windows debates and that has led to an improvement to security as well. I used to say, "Just look at all the applications you see in Computer City, Incredible Universe and CompUSA". Windows was clearly the winner... Not so fast... The App store through Steve's genius clearly now shows Apple has won the most available apps game, and yes Apple systems are far less exploited than Windows systems and thus more secure.. Yup I said it.. Apple shtuff is more secure.
Rest well Steve, you changed the world!!!
#InfoSec
Tuesday, September 27, 2011
(W) So you think you are clever and anonymous when using anon proxies and VPN?
Are you one those people that hide your Internet activity by using anonymous proxies or an anonymous hidden secret VPN solution?
Think you are truly secure and obscure? Think again..
A web proxy service has come under fire after a federal indictment revealed that the company cooperated with U.S. authorities in their investigation into the hacking of SonyPictures.com.
HideMyAss.com, a VPN service that encrypts one's traffic to enable users to surf the web anonymously, was ordered by a U.K. judge, at the request of FBI agents, to release log information about an Arizona man who was arrested Thursday for his role in the Sony intrusion.
SC Magazine article
#InfoSec
Monday, September 26, 2011
(I) Card Key system updated by the vendor - research to continue
We received updated hardware and software from the vendor we are working with from the original vulnerability/exploit and setup this Testing configuration in order to test and verify any improvements the vendor integrated into the new hardware and software.
It is a simple emulation of a Card Key reader that triggers a buzzer when the user is authorized to enter. The buzzer is clearly smaller than an actual door lock..
It works like a charm, the Cards were added, given permission and tested to open the door, aka sound the buzzer for 5 seconds to emulate the door unlock period.
Stay tuned as we continue our testing on the update or attend one of the two InfoSec conferences where we will be presenting.
HouSecCon 2011 - Houston Nov 3rd
Security BSides DFW 2011 - Dallas Nov 5th
#InfoSec #keycard #cardkey
Wednesday, September 21, 2011
(W)(I) Do you store email on your Cloud email provider servers?
If you are like most of us today, we all use and rely on Internet email and especially those that are browser based like Gmail, HotMail, Yahoo mail and others.
Do you also store information you would consider 'confidential' like Health, Financial and photos of yourself?
Recently Kunis Scarlett Johansson, Christina Aguilera, Lady Gaga, Miley Cyrus and High School Musical's Vanessa Hudgens have all had pictures stolen from their emails and smart phones because they stored these pics in the cloud and probably had easy, discoverable or guessable passwords.
If you do store confidential data in the cloud, you should seriously consider long and complex passwords and a password manager like LastPass to remember the passwords and URL's and make it easy to keep track of all those websites we have to login to these days.
#InfoSec #LastPass
(W)(I) Your GM OnStar enabled car will rat you out starting Dec 2011
Yup.. GM cars with OnStar will start in Dec 2011 sending critical data to GM whether you want to or not... So if you are going too fast, get in a fender bender, don't use your seatbelt or various other items, GM will provide this info to Insurance companies, law enforcement when asked and send you service notices, without you 'Opting in' to the program...
So now your GM car is a 'Dirty Rat'..
PacketStorm article on GM.. You Dirty Rat..
#InfoSec #OnStar
Thursday, September 15, 2011
(I) BackTrack 5 Wireless book now available
Vivek Ramachandran has written a beginners book for BackTrack 5 WiFi Tools that is a must read for new or seasoned InfoSec Pros that want to learn about this Live CD Tool that should be in every InfoSec and Forensic Toolkit.
Hacker News article
#InfoSec #BackTrack
Friday, August 26, 2011
(W)(I) Care to know how many malware samples go to an AV vendor per day??
Anti-Virus vendor Sophos just released their "Mid-year 2011 Security Threat Report" and stated the following...
"Since the start of 2011, we've seen 150,000 malware samples ever day. That's a unique file almost every 1/2 second, and a 60% increase as compared to malware analyzed in 2010. We've also seen 19,000 new malicious URL's each day in the first half of this year. And, 80% of those URL's are legitimate websites that were hacked or compromised".
If this doesn't surprise and spook you into improving YOUR Internet surfing and use behavior, like I promote with 'Don,t Click on That', then you WILL be one the statistics above.
Safe Surfing... Errrrr Good Luck on the InterWebbings !!!!
Sophos Mid-year 2011 Report
#InfoSec
Monday, August 22, 2011
(I) Facebook publishes a Security Guide - a MUST read
This is a MUST read for all Facebook users young and old! This 14 page guide will explain many of the ills of being a Facebook user and some things you can do to protect yourself.
And be sure to add "Web of Trust" (WOT) to your browser to show you safe and bad links within FB messages... Don,t Click on anything that is NOT green!!!!
A Guide to Facebook Security (PDF)
#InfoSec #Facebook
Thursday, August 11, 2011
(I) FireCAT - Security Audit extensions for your browsers
Here Kitty Kitty...This is swEEEt! Ever want a list of all the security related extensions for FireFox and Chrome?
Well FireCAT is it! Download the local HTML files and have a nice browsable index of security audits browser plug-ins and add-ons.
FireCAT website
#InfoSec #FireCAT
Tuesday, July 26, 2011
(T) Ethical Hacker Video Training - FREE
Want to learn some Ethical Hacker skills? Thanks to the folks over at Logical Security you can. View over 25 hours of videos on CEH training - FREE!!!!!
LogicalSecurity CEH Training videos
#InfoSec #LogicalSecurity #CEH
Monday, July 25, 2011
(I) check out a collection of info on recent Hacks.. CNET Hacker Chart
Very kewl... CNET has compiled info on recent hacks... It shows when the hack occurred, the type of hack, who got hacked and by whom, lost IP and other info and links... Very handy.
CNET Hacker chart - Google Doc
#InfoSec #CNet #Hacks
(I) Want to see how websites track you graphically?
Ever wonder what websites track about you and how they are related? Now you can with these two Firefox add-ons.
Ghostery website
Collusion Toolness website
Thanks Steve Gibson for these!
#InfoSec #Ghostery #Collusion #SGgrc
Thursday, July 21, 2011
(I) Microsoft Forefront Event Log ID's
If you are a Microsoft ForeFront user and want to know an undocumented Event Log item, here you go...
You can setup email alerts and get flooded with un-actionable information, or tweak the settings to reduce the noise, which you should by the way.
But what about those of us that use SEIM or logging solutions? You can find some event ID's in TechNet, but here are two that you really need that are events you should take action on...
3007 - Forefront Endpoint Protection Alert: Malware Outbreak
3009 - Forefront Endpoint Protection Alert: Repeated Malware Detection
3010 - Forefront Endpoint Protection Alert: Multiple Malware Detection
Ignore EventID '3006 - Malware Detected' as it is just noise and not actionable as the AV client acted upon it, the three above are what's actionable.
Look for these two events from the source Fepsrv or use Wevtutil.exe to query your servers event logs for these two events.
Wevtutil qe "Forefront Endpoint Protection" /q:"*[System[(EventID=3009 or EventID=3010)]]" /r:system_name /f:text
Or look for events in the last 24 hours:
Wevtutil qe "Forefront Endpoint Protection" /q:"*[System[TimeCreated[timediff(@SystemTime) <= 86400000]]]" /r:system_name /f:text
43200000 - 12 hours
86400000 - 24 hours
129600000 - 36 hours
172800000 - 48 hours
604800000 - 7 days
2592000000 - 30 days
You can pipe it to a file ">file_name_AV.log" if you want to as well.
If you see them, take action, these are bad offenders getting repeated malware of the same kind or received multiple malware at once, either way these systems need some attention. Are they Administrators? I recommend a re-image, if not then maybe a deep scan. Create a process flow that your admins can follow when alerts occur and consider having the Forefront alerts send an email to your Help Desk solution to automatically open tickets for these items, ignore the 'a user has Malware' alerts and set 'Malware Detection Alerts' to 'Medium' to reduce some noise.
Logs have good data you can act upon if you look, find what you want and parse it out so what you see is actionable... Not hard if you do a little prep.
#InfoSec #ForeFront #eventlogs #Wevtutil
Wednesday, July 20, 2011
(I) Want to force all Internet sites to use HTTPS?
If you want to make sure your web surfing always uses and forces websites to use HTTPS (encrypted connections) to prevent ne'er-do-wellers from sniffing your surfing, logins and other info you might enter while using the InterWebbings.. Then use FireFox and add EFF's add-on 'HTTPS Everywhere' and poof! If a site has HTTPS, this little add-on will force it to use HTTPS... Handy, oh yeah.. Donate them some $$$$, they fight for our Internet rights!!!
EFF website download
#InfoSec #EFF
(W) If you see this message while Googling.. Your screwed !!!
If you see this message while searching for something on The Google.. You're screwed and your computer needs to have Windows re-installed.
Google now looks for certain types of behavior from clients that indicate a system is infected with Malware, if you are,The Google will popup the above message and tell you. Only in your browser, so if you see an email with this message.. WARNING WILL ROBINSON.. It's malware via email trying to get you to click on that.. And we all hopefully know.. 'Dont Click on That!'
If you do see this message, then your system needs a rebuild! Plain and simple, don't pass go and try to 'clean' your computer, the fact you are infected and see this message means your system is not security worthy and other problems most likely exist.
So what do you do? Read my article "Top 10 Tips - If your Windows PC or an account has been hacked" and rebuild your system with these tips to avoid future issues.
Thanks Google!
Brian Krebs article on the Google warning
#InfoSec #Krebs #Malware #Google
Thursday, July 14, 2011
(I) Microsoft to block common passwords for HotMail users
Hard to believe that Micro$oft of all people is taking the lead in such an obvious area as passwords. With all the password breaches Micro$oft feels it is time to block many of the more stoopid passwords that people use.
List of Top 500 worst passwords
For years we have been Whitelisting (allow) and Blacklisting (block) websites with web proxies in the corporate world, it is obvious to implement a blacklist for known bad passwords as well. Frankly, EVERY Internet facing website should implement this feature to not just protect your users, but improve customer service. How is at you say? Well, if you are suffering from a brute force attack that either creates a DoS situation locking out thousands of your users, because you know they use crappy passwords and locking out their account to keep it from being breached is the best option.. Sucks, but the best option. Unless you want to force two-factor authentication on your users, forcing them to use stronger passwords so you can ignore typical brute force web based attacks is the best low cost solution you can do.
Many web and email proxies and web filtering solutions like OpenDNS and Norton Online Family use blacklist providers to block users from going to well known bad sites and email senders.
This is an easy solution to implement and I would hope Micro$oft would use their reason (too many p0wned accounts.. Aka too many customer support calls and emails) to implement common password blocking into a service that we all can use and access, just like URL Blacklists..
Your ability to create ridiculous and easy passwords is coming to an end... Start considering using solutions like SuperGenPass, LastPass, PasswordSafe, RoboForm and other password managers to avoid this issue in the future.
Come on FaceBook, Twitter, Gawker, Sony... The list is endless.. Get a clue from... I can't believe I am going to say this... Microsoft and implement common stoopid password blocking!!!
Article on MS HotMail common password blocking
#InfoSec #HackerHurricane