Category: Security

  • Equifax

    Being in the industry, I understand how difficult it is to secure an organization, so I have some sympathy for Equifax. As an ex-NSA colleague noted (paraphrasing), “A defender has to protect everything, an attacker only has to find one hole.” That said, their business is PII, so there is a higher standard there. In…

    Continue reading →

  • Installing Plixer’s “Scrutinizer” NPMD

    Plixer makes a good “Network Performance Monitoring and Diagnostics” (NPMD) application called “Scrutinizer“. NPMD, as Gartner calls it, mostly omeans, collecting, aggregating, and reporting on Netflow data. Plixer provides a VMware OVF for installation of a virtual appliance. I, however, ran into a few issues with the installation: I couldn’t get the install to work…

    Continue reading →

  • Good basic email advice

    Professor Alan Woodward from the Department of Computer Science at the University of Surrey via The Register: “Educate users not to open files that they are not expecting. Practice your ABCs – Assume nothing. Believe no one, and Check everything should be drummed into users – personally I preach ABCD – if in any doubt…

    Continue reading →

  • ASA Firewall Rules of Thumb

    Some important Cisco ASA firewall details I and others have learned and shared over the years: Don’t use “security-level” as your method of security. In the long term at best “security-level” will cause you to block traffic you didn’t expect, at worst, it will allow traffic you didn’t want. Why? Well… If you add an ACL…

    Continue reading →

  • IC3 Alert on Microchip-Enabled (EMV) Credit Cards

    Unfortunately quite accurate and what a number of us have been saying all along: http://www.ic3.gov/media/2015/151008.aspx The gist can be found in a single paragraph: Although EMV cards will provide greater security than traditional magnetic strip cards, they are still vulnerable to fraud. EMV cards can be counterfeited using stolen card data obtained from the black market.…

    Continue reading →

  • More on “tiny” URLs…

    I keep getting them from very smart, very security conscious people. However, to make my point: http://goo.gl/1LJ1Wz I love what they offer but… Some do offer a preview, but users aren’t used to seeing that and unfortunately won’t care (ie: they are so used to getting them without preview, they won’t expect it or demand…

    Continue reading →

  • Nothing new here…

    But everyone should read it:

    Continue reading →

  • Dear Secure Companies…

    Dear Secure Companies, Please stop sending me emails to pick up critical documents or surveys where the URLs I need to follow point into random unverifiable domains. A link that leads to a URL like: http://wl1.peer360.com/b/J9dqJDSALAS87ZWR3Te7/mle.asp?hl=5621312750&r=BBGGHHSF&CID=305151 is not going to inspire confidence and, assuming it isn’t spear-fishing or malware, is teaching end users bad practice.…

    Continue reading →

  • Dumping SSL certificate information

    It seems lately I’m regularly having to dump the information from SSL certificates (for instance to get the “Subject” or CA signer). Since I keep having to look up the exact syntax, I thought it easier to save here and figured it might help others. So, if in PEM format, use the following: openssl x509…

    Continue reading →

  • BankInfo Ramnit Article

    Tracy Kitten at BankInfo has an interesting article about the Ramnit worm which is worthy of a read (even I would say by the general public). Ramnit is particularly pernicious because: Ramnit’s man-in-the-middle looks like an actual social-media or bank-account sign-in page that captures a user’s ID and password, and sometimes other personal information en…

    Continue reading →

  • Why I hate tiny-fied URLs…

    In theory if the world were filled we universally good people, “bitly” and “TinyURL.com“, which given long URLs provide short ones, are a great idea. However whenever I get one I find that I’m frankly terrified to click on them. Why? Because while they could be going someplace useful, they could also be going to…

    Continue reading →

  • SSL certs – probably not worth the bits they’re printed on…

    This failure of the trusted Certificate Authority (CA) “Comodo”: http://nakedsecurity.sophos.com/2011/03/24/fraudulent-certificates-issued-by-comodo-is-it-time-to-rethink-who-we-trust/ highlights something that is becoming more apparent: SSL certificates probably aren’t worth the bits they’re printed on. Forgetting that there is a fairly regular stream of issues with the authorities, companies like GoDaddy issue certificates for all of $12 with nearly instantaneous issuance. That is,…

    Continue reading →

  • Zone Firewall TCP reassembly size

    If you get something like this in your Cisco’s IOS firewall log: Mar 12 15:05:33 192.168.1.1 3129: 003121: *Mar 12 15:03:03.195 EST: %FW-4-TCP_OoO_SEG: Dropping TCP Segment: seq:525214740 1415 bytes is out-of-order; expected seq:525170856. Reason: TCP reassembly queue overflow – session 192.168.1.5:53022 to 208.79.250.63:80 on zone-pair ccp-zp-in-out class ccp-protocol-http sometimes accompanied by hangs in downloads, then…

    Continue reading →

  • The kitchen sink of security tools…

    This seems to be a useful location to find security tools: http://www.proactiverisk.com/links Everything including the kitchen sink!

    Continue reading →

  • Apparently George Romero was right…

    That a deadly virus would escape from the military possibly causing zombies: http://www.cnn.com/2010/TECH/web/11/17/stuxnet.virus He was just wrong that humans would be the target.

    Continue reading →

  • Another case of “With friends like these…”

    Well, researchers have devised a way around most modern anti-virus software. Yet another example of, “With friends like these, who needs enemies.” Again, I know “security by obscurity” is false security, but it’s not like the bad guys need as much help as they’re getting!

    Continue reading →

  • How to kill a session on a Cisco PIX/FWSM

    Completely different from Cisco IOS, so hard to remember: Log into the PIX/FWSM and go to “enable” mode. Do a “who”: fwsm# who 0: 192.168.100.80 2: 192.168.100.5 Choose the IP of the session you want to kill and grab the number. In this case I want to kill the “192.168.100.5” session, so I want “2”.…

    Continue reading →

  • A good Blackberry security primer…

    ComputerWorld has published a good Blackberry security primer here: http://www.computerworld.com/s/article/9165238/Five_tips_to_keep_your_Blackberry_safe I highly recommend all Blackberry owners read it.

    Continue reading →

  • Rubber Or Glue, It Still Sticks…

    This brings up a sort of interesting if not chilling thought in the world of security, particularly for large organizations: Mozilla shuts online store after security breach The title of this entry, which I’ve included verbatim, is important. To me when I read it, I’m reading “Mozilla has a problem”, or “Mozilla isn’t secure”, or…

    Continue reading →

  • Eating ourselves alive…

    Here is yet another example of how the “good guys” are figuring out ways to subvert security to “help” us: http://www.h-online.com/security/Bootkit-bypasses-hard-disk-encryption–/news/113884 Basically Peter Kleissner, a young and clearly very smart university student, has figured out how to inject a bootkit in front of TrueCrypt (an excellent and free encryption product) to subvert its protections. While…

    Continue reading →