Irregular Expressions


October 26, 2011  10:30 PM

NIST Special Publication 800-53

Dan O'Connor Dan O'Connor Profile: Dan O'Connor

This is related to the 20 security controls I previously posted.  While you don’t need to read this to go through the 20 controls, this will be more then useful for general understanding.

http://csrc.nist.gov/publications/nistpubs/800-53-Rev3/sp800-53-rev3-final.pdf

While you are on NIST it’s worth looking at the other publications, I will see if I can post a few of my favorites next month.

October 26, 2011  10:27 PM

20 Critical Security Controls

Dan O'Connor Dan O'Connor Profile: Dan O'Connor

I have wanted to share this for a while;

http://www.sans.org/critical-security-controls/guidelines.php

SANS does an excellent job of listing quick points to each control to help enable you to sell this and start to implement.  This information is great for any organization small or large, you can pull great information from this to make your life better.  Also a bit more fun with Control 17 :)

The largest issue I am sure you will have is finding the time to go through the entire document.  It might also be worth to distill this a little further and get down to a few key wins in things you know you are lacking right now.


October 26, 2011  3:51 PM

Japan cyber attack

Dan O'Connor Dan O'Connor Profile: Dan O'Connor

Hackers have targeted the lower house of parliament and Mitsubishi Heavy Industries (Japans largest def contractor).  It appears that they had access to the lower parliament for an extended period of time.

http://www.reuters.com/article/2011/10/26/us-japan-economy-hackers-idUSTRE79P2VK20111026

These kind of attacks makes me thing we need a different approach to network security for sensitive locations.  Do we need an internet 3, for just trusted hosts? Or maybe be more selective on what machines need to be connected to the wide world and what does not.  In reality you can’t hack what you can’t get to.  If they had a small email system with maybe some sort of BlackBerry system, that could only send out mail to internal users?

Just a rough thought.


October 26, 2011  2:23 PM

Anonymous Expose Police Information

Dan O'Connor Dan O'Connor Profile: Dan O'Connor

It appears the pastbin posting have been removed but I did have this source.

http://thehackernews.com/2011/10/occupy-wall-street-anonymous-hackers.html

Anon has posted personal police officer information including passwords, names, addresses, phone numbers and SSN.  Unlike the attacks against the hosts of CP, I am not thrilled about this.  While the hacker has made the point, depending on what kind of information was released this could put people in serious danger.  Posting the names and addresses of police officers is a good way to get someone hurt.  I am not specifically talking about the the officers, these people have families and kids, it does not take a genius to figure out what someone with a problem with specific police officer will do.  I also don’t except the argument they had it coming, not everyone is an asshole and NO kid should be put at that kind of risk.


October 26, 2011  2:16 PM

French Researchers Expose TOR nodes

Dan O'Connor Dan O'Connor Profile: Dan O'Connor

It does not look like the source documents have been released yet, but a group of researchers have created a complete topography of the TOR network.

Here is the posting from the HNN.

http://thehackernews.com/2011/10/tor-anonymizing-network-compromised-by.html

Using this method they are also able to inspect traffic.  The full set of information is going to be released on Oct 29-30 2011 in Sao Paulo.

Nice tie into the last article on how people try to hide on the darknet.


October 26, 2011  2:12 PM

Darknet

Dan O'Connor Dan O'Connor Profile: Dan O'Connor

You may have seen a story about Anonymous setting their sites on CP sites on Darknet. (I can’t overstate how happen this makes me)

Here is the release from them with the details.

http://pastebin.com/T1LHnzEW

So what is Darknet?

Here is what I know of it, darknet is a collection of sites / DB’s and information that is only accessible on the TOR network.  To call some of this shady is an understatement.  This information is not indexed by any search engine, and is only available to you if you have a direct link.  There is a couple wiki sites that I have seen that collected these links, categorize them and post them.  This is exactly what Anon went after, this is an excellent place for people to go that want to share bad things like CP.

You can access if you know what you are looking for, but I am not comfortable in posting this information.  Once you see something it can’t be unseen.


October 22, 2011  11:06 PM

Smart phone app to read keyboard strokes

Dan O'Connor Dan O'Connor Profile: Dan O'Connor

I have seen this with radio equipment, but this is just awesome.

http://thehackernews.com/2011/10/iphone-can-be-used-as-spy-phone-to-get.html

I have not been able to locate the original paper yet, I would like some more details on how differentiates the different keys.


October 22, 2011  11:01 PM

DuQu Removal

Dan O'Connor Dan O'Connor Profile: Dan O'Connor

Bitdefender now has a removal tool for DuQu that I previously mentioned.

http://www.duquremoval.com/en.html?country=ca

As far as I know there is still not complete detection for this threat, so you should keep that in mind.


October 21, 2011  9:39 PM

US Cyber Attack

Dan O'Connor Dan O'Connor Profile: Dan O'Connor

I found it.

http://news.cnet.com/8301-27080_3-20121681-245/u.s-rejected-cyberattack-on-libya-report-says/

This is also something that will happen soon, and I am not sure it if will be the US on the sending or receiving end.  Critical systems should be on air gap networks, completely cut off no USB keys, laptops, no no no.  Updating may be necessary but that risk needs to be tightly managed.


October 21, 2011  9:35 PM

The precursor to the next Stuxnet

Dan O'Connor Dan O'Connor Profile: Dan O'Connor

Great white paper from Symantec.

http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_duqu_the_precursor_to_the_next_stuxnet.pdf

It’s definitely only matter of time before we see Stuxnet 2.0, I would bet in the next 12 to 18 months something will come up again. I wish I had the source article but I read that the US was looking at launching a wire attack on Libya before the plans came in to disable air defense.


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: