-
Equifax
Being in the industry, I understand how difficult it is to secure an organization, so I have some sympathy for Equifax. As an ex-NSA colleague noted (paraphrasing), “A defender has to protect everything, an attacker only has to find one hole.” That said, their business is PII, so there is a higher standard there. In…
-
Installing Plixer’s “Scrutinizer” NPMD
Plixer makes a good “Network Performance Monitoring and Diagnostics” (NPMD) application called “Scrutinizer“. NPMD, as Gartner calls it, mostly omeans, collecting, aggregating, and reporting on Netflow data. Plixer provides a VMware OVF for installation of a virtual appliance. I, however, ran into a few issues with the installation: I couldn’t get the install to work…
-
Good basic email advice
Professor Alan Woodward from the Department of Computer Science at the University of Surrey via The Register: “Educate users not to open files that they are not expecting. Practice your ABCs – Assume nothing. Believe no one, and Check everything should be drummed into users – personally I preach ABCD – if in any doubt…
-
ASA Firewall Rules of Thumb
Some important Cisco ASA firewall details I and others have learned and shared over the years: Don’t use “security-level” as your method of security. In the long term at best “security-level” will cause you to block traffic you didn’t expect, at worst, it will allow traffic you didn’t want. Why? Well… If you add an ACL…
-
IC3 Alert on Microchip-Enabled (EMV) Credit Cards
Unfortunately quite accurate and what a number of us have been saying all along: http://www.ic3.gov/media/2015/151008.aspx The gist can be found in a single paragraph: Although EMV cards will provide greater security than traditional magnetic strip cards, they are still vulnerable to fraud. EMV cards can be counterfeited using stolen card data obtained from the black market.…
-
More on “tiny” URLs…
I keep getting them from very smart, very security conscious people. However, to make my point: http://goo.gl/1LJ1Wz I love what they offer but… Some do offer a preview, but users aren’t used to seeing that and unfortunately won’t care (ie: they are so used to getting them without preview, they won’t expect it or demand…
-
Dear Secure Companies…
Dear Secure Companies, Please stop sending me emails to pick up critical documents or surveys where the URLs I need to follow point into random unverifiable domains. A link that leads to a URL like: http://wl1.peer360.com/b/J9dqJDSALAS87ZWR3Te7/mle.asp?hl=5621312750&r=BBGGHHSF&CID=305151 is not going to inspire confidence and, assuming it isn’t spear-fishing or malware, is teaching end users bad practice.…
-
Dumping SSL certificate information
It seems lately I’m regularly having to dump the information from SSL certificates (for instance to get the “Subject” or CA signer). Since I keep having to look up the exact syntax, I thought it easier to save here and figured it might help others. So, if in PEM format, use the following: openssl x509…
-
BankInfo Ramnit Article
Tracy Kitten at BankInfo has an interesting article about the Ramnit worm which is worthy of a read (even I would say by the general public). Ramnit is particularly pernicious because: Ramnit’s man-in-the-middle looks like an actual social-media or bank-account sign-in page that captures a user’s ID and password, and sometimes other personal information en…
-
Why I hate tiny-fied URLs…
In theory if the world were filled we universally good people, “bitly” and “TinyURL.com“, which given long URLs provide short ones, are a great idea. However whenever I get one I find that I’m frankly terrified to click on them. Why? Because while they could be going someplace useful, they could also be going to…
-
SSL certs – probably not worth the bits they’re printed on…
This failure of the trusted Certificate Authority (CA) “Comodo”: http://nakedsecurity.sophos.com/2011/03/24/fraudulent-certificates-issued-by-comodo-is-it-time-to-rethink-who-we-trust/ highlights something that is becoming more apparent: SSL certificates probably aren’t worth the bits they’re printed on. Forgetting that there is a fairly regular stream of issues with the authorities, companies like GoDaddy issue certificates for all of $12 with nearly instantaneous issuance. That is,…
-
Zone Firewall TCP reassembly size
If you get something like this in your Cisco’s IOS firewall log: Mar 12 15:05:33 192.168.1.1 3129: 003121: *Mar 12 15:03:03.195 EST: %FW-4-TCP_OoO_SEG: Dropping TCP Segment: seq:525214740 1415 bytes is out-of-order; expected seq:525170856. Reason: TCP reassembly queue overflow – session 192.168.1.5:53022 to 208.79.250.63:80 on zone-pair ccp-zp-in-out class ccp-protocol-http sometimes accompanied by hangs in downloads, then…
-
The kitchen sink of security tools…
This seems to be a useful location to find security tools: http://www.proactiverisk.com/links Everything including the kitchen sink!
-
Apparently George Romero was right…
That a deadly virus would escape from the military possibly causing zombies: http://www.cnn.com/2010/TECH/web/11/17/stuxnet.virus He was just wrong that humans would be the target.
-
Another case of “With friends like these…”
Well, researchers have devised a way around most modern anti-virus software. Yet another example of, “With friends like these, who needs enemies.” Again, I know “security by obscurity” is false security, but it’s not like the bad guys need as much help as they’re getting!
-
How to kill a session on a Cisco PIX/FWSM
Completely different from Cisco IOS, so hard to remember: Log into the PIX/FWSM and go to “enable” mode. Do a “who”: fwsm# who 0: 192.168.100.80 2: 192.168.100.5 Choose the IP of the session you want to kill and grab the number. In this case I want to kill the “192.168.100.5” session, so I want “2”.…
-
A good Blackberry security primer…
ComputerWorld has published a good Blackberry security primer here: http://www.computerworld.com/s/article/9165238/Five_tips_to_keep_your_Blackberry_safe I highly recommend all Blackberry owners read it.
-
Rubber Or Glue, It Still Sticks…
This brings up a sort of interesting if not chilling thought in the world of security, particularly for large organizations: Mozilla shuts online store after security breach The title of this entry, which I’ve included verbatim, is important. To me when I read it, I’m reading “Mozilla has a problem”, or “Mozilla isn’t secure”, or…
-
Eating ourselves alive…
Here is yet another example of how the “good guys” are figuring out ways to subvert security to “help” us: http://www.h-online.com/security/Bootkit-bypasses-hard-disk-encryption–/news/113884 Basically Peter Kleissner, a young and clearly very smart university student, has figured out how to inject a bootkit in front of TrueCrypt (an excellent and free encryption product) to subvert its protections. While…