Category Archives: Security

Peerlyst – A Great Resource for Security Professionals

While researching some security stuff, I stumbled across the Peerlyst website…and wow!! This is a great resource for security professionals…lots of helpful information and discussions. Make sure you check out their list of security cheat sheets…this is a treasure trove of information all in one place!!

WannaCry Ransomware – That Got Our Attention, Didn’t It?

If you see this screen, then you will wanna cry!!

If you have not heard about the WannaCry ransomware that is (and perhaps was) running rampant over the past weekend, then you must have been in a cave or on your honeymoon! This one is a doozie, let me tell you!! Some quick facts…

  • This ransomware is based on the EternalBlue exploit (developed by the NSA, and then stolen and leaked on the Internet)
  • Microsoft released a patch for this (MS17-010) in March
  • Some quick thinking good guys were able to slow down the spread of WannaCry by activating a killswitch within the ransomware code
  • MANY people and organizations, throughout the world, have been hit by this

An excellent analysis of WannaCry can be found here…

WannaCry no more: ransomware worm IOC’s, Tor C2 and technical analysis + SIEM rules

Stay informed…AND patch your systems!!

SHA1 Got Shattered (Major Geek Stuff!!)

https://shattered.io Website Logo

This blog is for us true geeks!! (All others will be bored.)

It was announced today that the cryptographic hash function SHA-1 is susceptible to collisions. Although this has been theorized for a number of years, there has been no proof of a collision. Well…until today, that is. Teams from CWI Amsterdam and Google have been working together for the last couple of years, and have demonstrated an actual collision.

What is a cryptographic collision? It’s when two different files have the same hash signature. In other words, if you run a hash function against a file, the resulting hash is a “signature” for that file. Change anything in that file, and the hash result will be very different. However, these teams were able to manipulate two different files and get the same hash signature.  NOT good at all. The security implications for this is HUGE!

SHA-1 has already been deprecated, and is on it’s way out…today’s announcement adds urgency to it. You should move to SHA-256 or SHA-3.

For some really good reading on this, check out the following links…

SHATTERED

At death’s door for years, widely used SHA1 function is now dead

Enjoy!!

IoT (Internet-of-Things) and Port 23

Greetings…

Yes, I know…it has been a long time since my last post. Sorry…I’ve been busy.

This afternoon, I was doing some configuration work on one of my Internet facing routers, and I noticed a large amount of scanning, looking for an open Telnet port (scanning for ports 23 and 2323)…take a look…

A lot of "knocking" on ports 23 and 2323

A lot of “knocking” on ports 23 and 2323

I was wondering if it was just this router, so I checked several other routers on my network and they are all seeing exactly the same thing, and it all started at roughly the same time. VERY interesting! (Note…you may notice that there are two different ACL’s involved…that’s because I have two Internet facing ports…a primary circuit and a backup circuit, each with their own custom ACL.)

This activity might be related to the recent Mirai malware attacks on the “Internet of Things” (IoT), and the use of port 23 for C&C (Command & Control) traffic.  Hard to say really…maybe it’s just ET trying to phone home…

Have a great day!!

The Move to HTTPS…There is Good and Bad

 

Adding one little letter should be easy!!

Adding one little letter should be easy!!

There is a large push for all websites to move to HTTPS, instead of the traditional HTTP. Although there is just one letter difference, it’s a big move…ultimately affecting 10’s of thousands of websites, including the one you are reading now.

Why the big push? Security!!  (Hence the letter “S” in HTTPS.) Is this really necessary? Do readers care if my static website blogs are sent in plain text? Should I have to worry about fixing a BUNCH of links in my website? Ugh…and it begs the question…is it even worth trying to fix?

I could write a large blog on the pros and cons of HTTPS, but I don’t have the time or energy, and I doubt it would be that good. However, Ars Technica already did…today in fact. I would encourage you to read HTTPS is not a magic bullet for Web security, by Scott Gilbertson! He did a great job of detailing out the reasons for the move to HTTPS, as well as reasons not too….it will make you think.

As for me…I have a feeling I will be moving to HTTPS one of these days. Probably sooner rather than later.

And…let’s be kind to one another.

Verizon 2016 Data Breach Investigations Report is Available

Verizon 2016 Data Breach Investigations Report

Verizon 2016 DBIR

Verizon has released their 2016 Data Breach Investigations Report. (You can download it without registering…note the “Download Only” link.) It’s a big read (and getting bigger every year), but there is a lot of good data in there if you take the time to dig through it. And once again, the level of growth and sophistication of nation-state and organized crime players is incredible…and scary.

Why didn’t I become a farmer?? I should have been a farmer…out in the middle of Kansas somewhere…

US-CERT Alert – Ransomware and Recent Variants (Read this!!)

The US-CERT and Homeland Security just released an alert concerning recent ransomware events targeting the medical industry, along with businesses in general…

US-CERT Alert – Ransomware and Recent Variants

This is important information which ALL network engineers should be aware of  and act upon! Please…do not delay!!

PS:  And no, this isn’t an April Fools joke…I sure wish it was!

1984 Has Arrived, Though a Bit Late

If you want to read a novel that paints a bleak picture of our future, then read Nineteen Eighty-Four. It was written by George Orwell way back in 1949, and basically describes a future society that controls all thought and expression, in favor of the ruling party. Government surveillance of the population runs rampant, with little or no privacy.

I remember when 1984 arrived thinking how glad I was that this vision of the future was wrong. Unfortunately though, it’s starting to look like certain aspects of the novel are in fact becoming real. Just look at the NSA and it’s surveillance program (which it just ended…maybe), or all the talk about installing back-doors into applications so that governments can track “terrorists”. Of course they won’t track us, right??

So today I read an article at ComputerWorld authored by Darlene Storm…

LA’s plan to scan license plates and send Dear Prostitute-seeking John letters

Incredible!! Just driving through the area could trigger this letter. Yes, we need to target the John’s and do what we can to shut down the sex-slave industry, but I’m not sure this is a good solution. Plus, our society is already a lot closer to 1984 than some may care to think…with all of the license plate scanning, facial recognition, and related Internet tracking that is in effect now, our perceived level of privacy is much smaller than we think.

So, we need to ask (if it’s not already too late), where do we draw the line?

New Versions of NMAP and Wireshark

If you have not already heard, new versions of NMAP and Wireshark have been released recently. These are my favorite open source programs, and to be honest, pretty much my favorite programs period. They are both maintained and managed by a dedicated team of people, and the quality of the software shows. Plus, the main authors (Gerald Combs for Wireshark, and Fyodor for NMAP) are both class acts…

NMAP is THE tool for running forensics on your network…to find the weaknesses before the bad guys do. It has MANY parts, which all work together in a very seamless manner, and should be in every network engineers tool kit. If you are not using it, stop what you are doing and get it now!! (Enough said!!) New version is 7.00.

Same thing about Wireshark. I’ve said it before and I’ll say it again…if you don’t have a network analyzer, then you’re not really a full and complete network engineer. Get it and learn it. There are plenty of resources on the Internet, for free, to help you get started (Google is your friend), and if you want to pay a little bit of money, Laura Chappell has a great website devoted to Wireshark training.

I just downloaded the updated Wireshark today (version 2.0.0), and I have to say the default screen is spartan, to say the least. Not sure if this is temporary in this initial v2 build, but either way, it does not look like it’s predessor. Note how clean (and empty) the startup screen is…

Initial Wireshark startup screen

Initial Wireshark startup screen

Here is some info from Gerald about this new version. I’m looking forward to learning what it has to offer!

A Good Laugh for a Friday!!

So, did you hear that China and the US have agreed to no longer engage in cybertheft against each other? No…I’m serious. Really. Take a look at this…

CNN Report – US & China Agreement

See…I told you!

When I first heard this I just laughed. Is today April 1st??  Way too funny. I’m just sure that China will now curtail their state sponsored cyber warfare. No…seriously…I’m sure they will.

Oh…and I saw some pigs flying today too!!