Folks, I am a bit sick of hearing “cloud” used as the latest buzzword to describe anything from a simple website hosted on a shared server sitting in a datacenter somewhere to the ability to create virtual servers on demand. (By the Way, it is the latter definition that I would consider a cloud, but that is my own opinion.)

Remote server storage has been around for years. We just are not use to it being as easily accessible as it is today with services like Microsoft’s SkyDrive or Google Docs. Never before has it been so easy to copy a couple gigabytes of data up to a server somewhere and then be able to access it from anywhere. Prior to the technologies behind the services of Microsoft SkyDrive, you needed to have FTP software (hopefully your remote server supported SFTP or other similar secure transfer protocol) to connect to a server somewhere and dump a bunch of files. You also needed to ensure you had enough disk space and that the remote server directory was somewhat secure so the whole world could not easily view those files.

Read more »

Admin Note: This post is in response to a recent posting I made regarding Google’s wireless collection activities. This “Security Short” provides some brief information on improving the security of PRIVATE wireless systems and is not intended to be used where public access is allowed (i.e. coffee shops, libraries, etc.) unless of course you want to cause havoc for your users and your helpdesk. Consult your operator’s manual for particulars on how to implement these tips, as there are hundreds of manufacturers of wireless equipment. These security tips will not stop a determined attacker. They are meant only to reduce your risk, not eliminate it. A truly secure network is a network powered off. You assume any risk by following the information contained here. Your Mileage May Vary (YMMV), Void Where Prohibited.

One of the things that was mentioned in the Google Wi-Fi incident was the fact that emails and passwords were inadvertently captured. This has me a bit concerned and upset, not at Google, but at the folks who manufacture these wireless access points. I do not want to throw the manufactures under the bus entirely; I also want to pass the blame on to the end consumer too.

Folks, you need to read the manual and want to secure your data. If you do not want to secure your data and do not take the apporiate measures to do so, you have no right to complain. YOU are the one broadcasting your data to the world, YOU are the one responsible for your actions…although many will claim they are not, but that is a discussion for another day.

Many manufactures have made it rather simple to deploy encryption on a wireless network. From hand-holding in the instructions through “press this button” on the routers to enable security. I am not quite sure what more they can do short of sending a tech to your house to configure these things when you buy them.

This incident would not have even made it to page 6 of your favorite newspaper had everyone encrypted their wireless networks. Ok, enough of my soapbox speech. Let me chat a bit about wireless encryption.

Read more »

Enterprises develop policies for protecting all kinds of assets, both physical and virtual. Some of these policies cover Operations Security or OPSEC. Examples of OPSEC include not displaying your company badge in public or shredding sensitive information. Some of these same policies can be applied at home to protect yourself and family. Let’s take a look at a few OPSEC items.

1. Shred everything that contains information about you. This includes everything with your name and address on it (Personally Identifiable Information or PII). Call me paranoid, but to keep thieves and fraudsters away, you need to protect your information. Purchase and use a good cross-cut shredder as they provide a good level of security. Strip cut shredders make it too easy for the criminally minded to reassemble the pieces and view the original document. Confetti shredders are the ultimate in security. In addition, if you are permitted to burn where you live, shred your documents then burn the scrap. Never send your scraps to a recycler as a determined thief could reassemble the documents if you are a high value target. Throw the scraps in the garbage as a last resort, but make the scraps undesirable to someone wanting to go through them. You could mix them in with used pet litter, old food, or anything else. If you are creative, perhaps using the scraps as mulch would be good as well. Be careful again as scraps in a mulch bed may be a target unless made undesirable.

2. Protect your automatic garage door code while entering it. Be careful of who is around when you openly key your code into the garage door opener. This may sound strange, but “shoulder surfers” could observe your code and use it or give to someone else to use whenever they please. Whenever I am around someone entering a PIN, password, or other sensitive information, I always step back and turn away from the person. That way they know you are not observing their sensitive information. This is just courteous and should be practiced at ATMs as well. I hate it when someone is just a foot or two away when entering your PIN.

3. Keep your valuables locked up and out of site. This sounds obvious, but I could not tell you how many times I have seen things sitting in the open or even the safe sitting in some observable spot. We all like to show off, but this just tempts those who can’t help themselves. Keep your coins, watches, jewelry, and other valuables locked in a safe and keep the safe in a low traffic area, especially if you hold frequent parties or entertain. I know, this is a common sense OPSEC issue, but people forget.

These are just a few things to keep you safe. More to come in a future post.

Admin Note: This post is in response to a recent posting I made regarding Google’s wireless collection activities. This “Security Short” provides some brief information on improving the security of PRIVATE wireless systems and is not intended to be used where public access is allowed (i.e. coffee shops, libraries, etc.) unless of course you want to cause havoc for your users and your helpdesk. Consult your operators manual for particulars on how to implement these tips as there are hundreds of manufacturers of wireless equipment. These security tips will not stop a determined attacker. They are meant only to reduce your risk. A truly secure network is a network powered off. You assume any risk by following the information contained here. Your Mileage May Vary (YMMV), Void Where Prohibited.

Much of the data that was collected by Google involved the Service Set Identifier (SSID) and Media Access Control (MAC) address. The SSID is essentially the unique name of your wireless access point or hotspot. You can set it to be anything you want. It is advisable to change the default name of your access point. However, there are certain things you should not set your SSID to. For example, do not set your SSID to your last name or business name, address, or any other identifying information. Doing so allows an attacker to know exactly what their target is and the general location of their target.

After you change the SSID to something other than the default, you should disable the broadcast of the SSID. This will prevent the access point from transmitting a beacon essentially saying, “Hey, here I am and my name is…” Just ensure that you remember your SSID should Microsoft Windows or any other operating system for that matter conveniently forgets it. It should be noted that I have experienced cases where disabling the SSID causes havoc on the network and certain network devices will not find each other (including computers and access points), so use with caution. If your network comes to a grinding halt after implementing this, you may need to restart all wireless equipment and/or enable SSID broadcasting  (make sure you do not do this during production hours, otherwise you will have some users very angry with you.) YMMV.

While disabling the broadcast of the SSID does not make your system immune from the determined wardriver it will at least prevent the casual person from finding the access point. (Please note, that disabling the SSID broadcast does not make your network invisible to certain tools / software packages.)

For detailed instructions on securing your wireless router by make / model, please check out this awesome site: http://portforward.com Click the OTHER GUIDES tab at the top then scroll down and find the link on the right labeled “Wireless Network Security Guides” or click here:

http://portforward.com/english/routers/wireless/routerindex.htm

Folks, the Internet and media have run amuck about Google capturing data while roaming the streets in order to provide you, the Google Maps user, with Street View data. Google’s intentions were only to collect Access Point names or Service Set Identifier (SSID) and perhaps the encryption status, but recent claims state that Google also collected additional information, such as user names and passwords. I would like to discuss these events in detail and keep in mind, I am by no means an attorney, so your mileage will vary, void where prohibited.

Read more »

I stumbled across a Wall Street Journal article the other day about Iran blocking Gmail services. For those of you who live under a rock, Gmail is a free email system operated by Google. The article mentions that Iran is going to roll out their own government operated email system in an effort to build trust amongst Iran’s citizens and their government.

I’m calling “BS” on this one. Iran is not blocking Gmail to promote trust. They are doing this to spy on their citizens. Why else would a government want to burden themselves with supporting an email service that runs near perfectly when operated by a large company? Why would the Iranian government want to burden themselves with supporting e-mail? I can only think of one reason: to spy on it’s citizens. I know I would not trust a government that censors its people and restricts access to certain websites. This doesn’t just go for Iran either. China blocks access to certain websites as well. I do not trust them as far as I could throw them. Ever since attention has been drawn onto China over the “recent” Google hacking (along with numerous other companies) trust has started to go downhill for China.

With that said, how can a citizen of a country trust what they are seeing on the Internet if a government represses certain sites? Folks, this is why I am proud to live in America where we have freedom of speech and our Internet access is not controlled by the government (it may be controlled by ISPs, but that is another story) and we have access to just about any information we could possibly want.

I only imagine it is just a matter of time before Iran blocks access to other free email services. We shall wait and see. This should just highlight some of the freedoms we take for granted.

Folks, I am sick and tired of these time wasting post we have all seen and perhaps reposted on profiles. As a public service, I would like to start debunking these here on this blog. I will provide links to supporting articles where appropiate. As a colleague of mine said, ” ‘I am an Information Systems Security Professional’ ” I always thought that statement was prefaced with don’t try this at home…” well, I preface all these debunkings with that. Oh, and Your Mileage May Vary, void where prohibited, taxed, or restricted. Unauthorized duplication is a violation of federal law. See dealer for details. Coupon has no cash value.

Automation Labs has NOT hacked your profile

Read more »

The following IP addresses were caught in one of my honeypots uploading malicious software. Often times they attacked the server several times with the same sample. Below are the IP addresses logged by the honeypot uploading malicious code. These IPs should be blocked by your firewall and perhaps your DMZ. You should also search your logs for these addresses:

Reporting Period Covered: 2010-01-23 to 2010-02-01:

Read more here: http://www.msiaguy.com/projects/project-black-water/

Project Black Water

I have started a new project that I am refering to as “Project Black Water.” This project aims to discover malicious IP addresses. These IP addresses are known attackers as reported by a sensor I have deployed on the web. The IP addresses will be posted so that security professionals, firewall admins, etc. can monitor for malicious activity from these addresses and take appropiate action. A list of known attacker IPs is coming soon.

Please note, you will need to be a registered member of this site to obtain access to this content once released. An announcement will be posted on the main site one a list is available.

Please Note: I am only one person with limited resources, so this project will start small with the intention of growing as need and when time, volunteers, and funds permit.

Here is a list of the malware that has been received by my honeypot:

14a09a48ad23fe0ea5a180bee8cb750a: Trojan.SdBot-9861 FOUND
5ae700c1dffb00cef492844a4db6cd69: Worm.Blaster.A FOUND
93094c5ea5a47e5c5f3e020f2c434c35: Trojan.SdBot-9861 FOUND
833cda5b5bef5989deb6bf57c557ce30: Trojan.SdBot-9861 FOUND
f8815cdca238ad5ab566f05f5a6335a4: Trojan.SdBot-9861 FOUND
cf263991bb889c28e6185ac4dd24668f: Trojan.SdBot-9861 FOUND
1d419d615dbe5a238bbaa569b3829a23: Trojan.SdBot-9861 FOUND
e269d0462eb2b0b70d5e64dcd7c676cd: Trojan.SdBot-9861 FOUND