Tag Archives: security

For Your Prompt Attention — NOT!!

I get these emails somewhat regularly, as I’m sure you do too. I usually just laugh…how stupid do you have to be to fall for this stuff??? However…I then realize there must be enough people that do fall for it, otherwise these criminals would not be sending the emails out. Ugh!!

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

For Your Prompt Attention:

I am Peter Douglas, United Nations Inspection Agent in Hartsfield Jackson Atlanta International Airport Atlanta GA. We are conducting second phase audition, all abandoned Consignment in USA Airports are being transferred to our facilities here for inspection and confiscation. During our investigation, I discovered an abandoned luggage on your name which was transferred to our facility here in Hartsfield Jackson Atlanta International Airport and when scanned it, it revealed an undisclosed sum of money in a Metal Trunk Box. The consignment was abandoned because the Content was not properly declared by the consignee as money, rather it was declared as personal effect to avoid diversion by the Diplomatic Agent also the Diplomat inability to pay for Non Inspection Fees.

On my assumption, the box will contain more that $6M and the consignment is left in storage house till today through a Courier Dispatch Service. The Consignment is a metal box with weight of about 162LBS (Internal dimension:

W61 x H156 x D73 (cm) Effective capacity: 680 L)Approximately.

The details of the consignment includes your name, the official document from United Nations office in London all are tagged on the Metal Trunk box.

< etc, etc >

Verizon Data Breach Investigations Report 2018

Verizon 2018 DBIR

Last week, Verizon released its annual Data Breach Investigations Report for 2018. It’s another very good read…lots of insights in the world of hacking and nation-state activities. It is well written with some good humor thrown in too.

And it is very scary.

Sometimes I just want to unplug my network from the Internet…I know that I would sleep better, that is for sure. But…business depends on the Internet…so that is not an option. I just need to research and implement security as best as I can. And be prepared as best as I can for the inevitable security event…it will happen. It might be this year or next…or it might be happening right now.

You can download a copy of the report here:  Verizon 2018 DBIR

Note…you will be asked to register, but it is optional…just click the “View only” button.

US-CERT Ramsonware Reminder

If you have subscribed to the US-CERT alerts (and I sure hope you have!!), then you will have received today’s alert on “Ongoing Threat of Ransomware“. PLEASE read it!! Ransomware is getting worse…and it’s not going away anytime soon. This alert is more of a friendly reminder…a tap on your shoulder…to double check your policies and procedures, and make sure you are ready for a Ransomware event. I’m being very honest here…if you haven’t been hit yet, you will.

The alert mentions three main best practices…(with some of my thoughts)…

  • Create system back-ups: This is a no brainer! (I’ll assume you are backing up all of your critical systems and important data.) However, there is more to do…you need to regularly validate the integrity of those backups. Perform test restores and make sure you are comfortable with the processes. And make sure the back-ups are segmented from possible Ransomware attacks. Back-ups are worthless if they end up part of the Ransomware encrypted files.
  • Be wary of opening emails and attachments from unknown or unverified senders: Translated…TRAIN your users!! They are the first line of defense!! And you may groan at that thought, but I will tell you they WANT to be well trained! Just keep it simple and show them examples of what to expect (especially with phishing emails!). Send out regular reminders and make sure to publicly praise them as they catch this stuff…they will love it!!
  • Ensure that systems are updated with the latest patches: Ladies and gentlemen…this is Network Administration 101. If you do not have a regular patch procedure in place, then shame on you!! Failing in this area can get you fired! Nuff said…

And I want to add one more “best practice”…  Segment your network: This is a huge undertaking…one that is a pain in the butt to be honest. But it can pay huge dividends if done right. Most of you will have a Ransomware event at some point (or other security event)…it’s going to happen. However, if you segment your network, you can greatly reduce the impact of an attack or hack.

Segmenting simply means to put in place policies that restrict what type of network traffic can flow where. A simple example is printers…every company has them (lots of them!). Yet most companies place them on the same network segments as the users…not good. You should place all of your printers in their own VLAN, and then apply a policy, such as an ACL (Access Control List) that allows the printers to talk just to the print-servers, and nowhere else. Another example is SQL servers…they should not be accessible to everyone. Apply an ACL that limits communications to only the application servers that need that data (IP addresses and ports).

If you decide to implement network segmentation, take your time! This is a complex undertaking…and if done incorrectly can break things very quickly!

Hope this helps you in your security planning! And have a great week!

Peerlyst – A Great Resource for Security Professionals

While researching some security stuff, I stumbled across the Peerlyst website…and wow!! This is a great resource for security professionals…lots of helpful information and discussions. Make sure you check out their list of security cheat sheets…this is a treasure trove of information all in one place!!

SHA1 Got Shattered (Major Geek Stuff!!)

https://shattered.io Website Logo

This blog is for us true geeks!! (All others will be bored.)

It was announced today that the cryptographic hash function SHA-1 is susceptible to collisions. Although this has been theorized for a number of years, there has been no proof of a collision. Well…until today, that is. Teams from CWI Amsterdam and Google have been working together for the last couple of years, and have demonstrated an actual collision.

What is a cryptographic collision? It’s when two different files have the same hash signature. In other words, if you run a hash function against a file, the resulting hash is a “signature” for that file. Change anything in that file, and the hash result will be very different. However, these teams were able to manipulate two different files and get the same hash signature.  NOT good at all. The security implications for this is HUGE!

SHA-1 has already been deprecated, and is on it’s way out…today’s announcement adds urgency to it. You should move to SHA-256 or SHA-3.

For some really good reading on this, check out the following links…

SHATTERED

At death’s door for years, widely used SHA1 function is now dead

Enjoy!!

The Move to HTTPS…There is Good and Bad

 

Adding one little letter should be easy!!

Adding one little letter should be easy!!

There is a large push for all websites to move to HTTPS, instead of the traditional HTTP. Although there is just one letter difference, it’s a big move…ultimately affecting 10’s of thousands of websites, including the one you are reading now.

Why the big push? Security!!  (Hence the letter “S” in HTTPS.) Is this really necessary? Do readers care if my static website blogs are sent in plain text? Should I have to worry about fixing a BUNCH of links in my website? Ugh…and it begs the question…is it even worth trying to fix?

I could write a large blog on the pros and cons of HTTPS, but I don’t have the time or energy, and I doubt it would be that good. However, Ars Technica already did…today in fact. I would encourage you to read HTTPS is not a magic bullet for Web security, by Scott Gilbertson! He did a great job of detailing out the reasons for the move to HTTPS, as well as reasons not too….it will make you think.

As for me…I have a feeling I will be moving to HTTPS one of these days. Probably sooner rather than later.

And…let’s be kind to one another.

Verizon 2016 Data Breach Investigations Report is Available

Verizon 2016 Data Breach Investigations Report

Verizon 2016 DBIR

Verizon has released their 2016 Data Breach Investigations Report. (You can download it without registering…note the “Download Only” link.) It’s a big read (and getting bigger every year), but there is a lot of good data in there if you take the time to dig through it. And once again, the level of growth and sophistication of nation-state and organized crime players is incredible…and scary.

Why didn’t I become a farmer?? I should have been a farmer…out in the middle of Kansas somewhere…

US-CERT Alert – Ransomware and Recent Variants (Read this!!)

The US-CERT and Homeland Security just released an alert concerning recent ransomware events targeting the medical industry, along with businesses in general…

US-CERT Alert – Ransomware and Recent Variants

This is important information which ALL network engineers should be aware of  and act upon! Please…do not delay!!

PS:  And no, this isn’t an April Fools joke…I sure wish it was!

GLIBC getaddrinfo Vulnerability in Linux Systems

A pair of Google researchers recently released a vulnerability report on the GLIBC function “getaddrinfo”, which if exploited, could crash the system or even give a hacker command line control. (Yikes!!) MANY Linux systems are vulnerable to this so please patch your systems quickly. GLIBC packages affected by this are versions 2.9 and newer…2.9 was released way back in 2008, so you can see that the size of the affected systems is huge! Note…”getaddrinfo” is used by systems in resolving DNS names to an IP address. Talk about important…right??

To see what version of GLIBC you are using, simply run the command:  ldd –version

Here is an example from one of my test Linux systems at work…

Example of affected GLIBC package

Example of affected GLIBC package

As you can see, this system is running version 2.10.1 of GLIBC and needs to be patched. For CentOS (which I’m running), you can obtain a more detailed listing about GLIBC this way…

GLIBC info from my CentOS system

GLIBC info from my CentOS system

Most Linux distributors have patches ready to fix the issue, so running the appropriate update commands should take care of things. For CentOS, just run “yum update” and it will grab the fix and apply it…a reboot of your system will be required.

Related links…
Google announcement
SANS InfoSec Post

1984 Has Arrived, Though a Bit Late

If you want to read a novel that paints a bleak picture of our future, then read Nineteen Eighty-Four. It was written by George Orwell way back in 1949, and basically describes a future society that controls all thought and expression, in favor of the ruling party. Government surveillance of the population runs rampant, with little or no privacy.

I remember when 1984 arrived thinking how glad I was that this vision of the future was wrong. Unfortunately though, it’s starting to look like certain aspects of the novel are in fact becoming real. Just look at the NSA and it’s surveillance program (which it just ended…maybe), or all the talk about installing back-doors into applications so that governments can track “terrorists”. Of course they won’t track us, right??

So today I read an article at ComputerWorld authored by Darlene Storm…

LA’s plan to scan license plates and send Dear Prostitute-seeking John letters

Incredible!! Just driving through the area could trigger this letter. Yes, we need to target the John’s and do what we can to shut down the sex-slave industry, but I’m not sure this is a good solution. Plus, our society is already a lot closer to 1984 than some may care to think…with all of the license plate scanning, facial recognition, and related Internet tracking that is in effect now, our perceived level of privacy is much smaller than we think.

So, we need to ask (if it’s not already too late), where do we draw the line?