Main Menu

My Certifications

LPI

Comptia A+
BB Training
Certified Ethical Hacker


Tags

This will be shown to users with no Flash or Javascript.

Security? That's Obscure!

blog Rant security

Is it me? or has information security completely changed? Give you a bit of a background - I live, breath, eat and sleep computer security. I'm not one of those"masturbating monkeys" as Linus puts it (I was gonna write this blog post, before Marcel told me about his rant about security guys).

I do; Intrusion Detection, Protocol Analysis, Threat and Risk Management - I also do digital forensics etc. I get my hands dirty where ever I can. I'm not one to point out an issue, and say fix it - I prefer to get in there and work with the people in the know to fix the issue as well.

I commend Dan Kaminsky for the epic work done on the DNS flaw - I only wish I had of sent that email to him the 2nd day after the biggest co-ordinated patch release in history. I had almost nailed the issue.

But, that's not what this rant is about. I remember a day when security people were feared - if someone from IS was coming, it probably meant something you were doing was wrong - and you hoped they passed your desk onto someone else's. Now a days it almost seems as tho security is a joke. No back swing for me - I can just sit there and yell - "Somethings wrong!" till I'm blue in the face.. or say "hey, I gotta do this to make sure your safe". Even if there is no impact, no requirements, no nothing - We still get hassled about what we need to do.

Then - it seems as tho, it must be the next big carer boom - the market is flooded with these so called CISSP certified IS professionals. I can't stand them - I'm sure most of them can't even tell the difference between TCP and UDP. Let alone the fact that IPSec is a protocol just like tcp/upd/icmp/gre etc etc etc.

I'd like to see them figure out a routing issue that causes information leakage - or why an IDS can only see half a conversation. Arg.

Don't get me wrong - security needs to change from the police and fire to an EMS type job. Don't be there to police and put out fires. But be there before things happen making sure everyone is safe -- and when something does happen know how to deal with that, and the cleanup afterwards.

For those of you in IT - listen to you security people - not all of them want to stop you from doing things - just keep you safe. A good security person will not only tell you it's not safe - but help solve and make it safe - or at least explain why it's not safe and why there is no alternative.

Good luck, and don't play in the street - try the back yard as an alternative ;)

Add your comment

The boy who cried wolf - with a twist

blog security twist wolf
In a time not so long ago, in a place not so far away, there was a boy. Part of this boys job included watching the fences around his fathers farm. This farm had a large number of chickens. Lots and lots of chickens. Some where bigger, some smaller. Some where so big they couldn't leave the farm even if they wanted too. 

On one particular day, it was identified that there was a hole in one of the fences. Not a big hole, but enough that a small wolf could get in if it so choosed. The boy ran to his father and yelled come quick - there is a hole! The father came out, looked at the hole and proclamed that it wasn't a big deal. The father sent all the workers home for the weekend and told them to fix the hole when they could. 

Time past. No wolfs entered the farm where the hole was but they saw that it was there. 

A few weeks later, the boy came running to his father again - there's a hole! This time is a was a bigger hole. The father came out and looked at it - said yes, its a hole. But at most, only a few chickens would be lost or hurt. He had a second person look at the hole and he said that he knew about the hole! He then went on to say that for this hole, it would require a wolf to get close enough to the hole, and a chicken to be close to the hole before any damnage would happen. So they desided to fix it later. 

The boy started to get upset. He wondered what was the point of looking for holes, when his father desided that the hole didn't matter. 

-- To be continued -- 


Add your comment

Wardriving -- IN MY NEIGHBOURHOOD?

access point hacking neighborhood security wardriving wifi
I can't believe it. Someone is actually wardriving around my neighborhood!

Arg - A My wife just informed me that this guy has been out side our house across the street for the past 3 days at the same time. This time, she noticed that he's on his laptop. I know there are about 6 APs here. 4 Of them are mine ;) I have two secured networks, one to my internal network, and a second directly connected to the internet - for testing. I have 2 more, one is a public wifi AP that hasn't been up in a while. And my fourth, I was playing with trying to setup a mesh network.

He wasn't on any of those.

I know that across the street there is a AP, I don't know anything about it though. And I've scene one other secured.

I'm going to grab some gear from work to track down the unknown unsecured wireless AP and get that secured - that way, I can control what this guy connects too. I'll take down my public AP for maintenance ;) Then, I'll setup my spare to my direct internet connection and leave it open for him. Of course, I'm not THAT nice - I'll ensure to log all traffic to see what I can see and if I'm around when he is, see if I can snag some details ;)

I'll be nice and post a sign on my window identifying that connecting to any public AP on my network is subject to my packet inspection and some other legalize. Not my fault he didn't take the time to read my AUP ;)

I'll post any updates later.
Add your comment

MS Security Alert - OCT 2008

Alert CVE-2008-4250 Microsoft MS08-67 security

** MS Security ALERT **


Please note a critical security patch has been released out-of-cycle for Microsoft Products. 

Please patch ASAP.


** UPDATE 10/24/08 11:00 EST **

Reports of 7 Variantes at this time: http://blogs.authentium.com/virusblog/?p=284

Ensure you block the following at your Web Gateways:

  • hxxp://summertime.1gokurimu.com
  • hxxp://perlbody.t35.com
  • hxxp://doradora.atzend.com
** UPDATE 10/24/08 14:30 EST **

Details relating to the Microsoft Code that is effected by the worm: http://www.phreedom.org/blog/2008/decompiling-ms08-067/

** UPDATE 10/27/08 09:30 EST **

Details on the Milw0rm POC: http://www.dontstuffbeansupyournose.com/?p=35


Regards,
Jason

Add your comment