Saturday, November 7, 2015

Like PCAPs, PCREs?

Yeah, I like PCAPs and PCREs! Gotta a really cool one waiting for the SANS Boston 2016 webpage to be posted. You will have to read to the bottom to get to the joke. Yes, this is real. Name of the company has been changed to protect.

• Responsibility for information cyber security analysis & response with the mission of protecting ACME from internet attacks / threat actors.
• Technical lead for IPS solutions
• Lead initiatives and the implementation of capabilities in order to advance the Cyber Threat program
• Automate threat intelligence gathering and attacker profiles to direct hypothesis-driven searches for indicators of compromise
• Enhance and distribute security incident response and escalation procedures to ensure timely and effective handling of security events and alerts.
• Enhance ACME’s Cyber Security program and strategy to expand threat management services across all business units.
• Maintain industry affiliations that provide ACME with the necessary intelligence to proactively respond to threats. Such affiliations may include NH-ISAC (National Heath Information Sharing and Advisory Center), HiTrust, DHS (Department of Homeland Security), FBI, etc.
• Apply knowledge of technical, analytical skills to ensure the confidentiality, integrity, and availability of all information systems assets and ensure compliance with company policies, procedures, contractual, and regulatory requirements.

Skills and Experience
• Experience building cyber security toolsets and solutions across non-integrated business units.
• Experience with architecture, design, and management of NIPS technologies and best practices 
• Experience with SEIM technologies and best practices, and experience implementing a more robust advanced security data analytics capability.
• Malware detection, analysis, exploitation, containment, and eradication techniques experience (Not just commercial tools)
• A solid understanding of Threat Vector Analysis, Intrusion Detection and Prevention, Incident Management and Response, Risk Assessment and Mitigation methodologies, and Counter Threat Operations.
• Experience monitoring and managing network and host-based intrusion prevention systems actively in-line, Full Packet Capture (with analytics), Sandboxing, data loss prevention, malware prevention systems, vulnerability scanning solutions, DDOS protection, Security Event/Information Management, host-based integrity checking, end-point security and AV. 
• Proficiency in OS platforms, including Linux, Unix, Windows and AIX. Capable of building and maintaining an organization with expert knowledge of information technology functions, practices and business units. Has strong expertise in multiple systems and in the functions and business units supported.
• Knowledge of scripting languages, including python, perl, php, Ruby, and JS. 
• Knowledge of toolsets and frameworks like elasticsearch, splunk, OpenSOC, OpenIOC, STIX, TAXII, CybOX
• Knowledge of information security concepts and theory, and the application of such through technical and non-technical methods.
• Solid understanding of cyber security threats, risks, vulnerabilities and attacks, to include threat actor motives, capabilities, and techniques, with the ability to analyze intelligence data and provide indicators and warnings to healthcare and financial services business functions.
• Demonstrating an ability to work under stress/pressure to meet deliverables, timetables and deadlines.
• Demonstrating personal integrity and high ethical behavior at all times to inspire confidence in clients, peers, partners and employees.
• 5+ years' industry experience in a mission-critical environment.
• Knowledgeable of current and emerging security and information technology standards and practices. 
• Understanding of key InfoSec regulation & frameworks (PCI, GLBA, HIPAA, ISO 27001, HITrust, EHNAC) is a plus.
• Bachelor’s degree required – preferably Computer Science or MIS.

• Must possess an active industry InfoSec related certification (i.e.- CISSP, CEH, CISM).

I am reminded of a scene in the movie Independence Day when Will Smith asks can you really do all that stuff you just said. The CISSP, CEH and CISM are all fine certs, however they aren't going to even start to prepare someone for this list of requirements. The GSE comes close, but this is tailor made for an STI graduate

Monday, September 14, 2015

Ebony Cousins - Cybersecurity expert - TS/SCI CI Poly

Ebony Cousins
Cyber Security Professional

Hephzibah, GA
Transitioning Chief Warrant Officer with 20+ years of Cyber Security Operations, Information Assurance and IT solutions technical leadership and management experience. Extensive proficiency in leading military IT initiatives; strong working knowledge of complex IT networks and related security concerns.

SECURITY CLEARANCE
Top Secret Clearance/SCI with CI Polygraph

WORK EXPERIENCE
Cyber Network Warfare Planner
United States Army - Augusta, GA
August 2013 to February 2014, August 2015 to Present
US Army Cyber Protection Brigade, Augusta, GA, USA. Supervisor Melissa Williams, 706-791-2222. Hours per week: 60
Cyber Network Warfare Planner (8/2013 to 2/2014, 8/2015 to Present)
Key Skills: Cyber Security, Information Assurance, Management, Training & Development, Evaluation & Improvement
Responsibilities: Serves as the Cyber Protection Team (CPT), Cyber Network Warfare Planner for the US Army Cyber Protection Brigade (CPB). Apply comprehensive technical knowledge to Army and Joint planning processes in order to effectively deploy and conduct full spectrum cyber operations. Identify, track and eradicate cyber threats and vulnerabilities directed against DoDIN and Army systems and networks. Coordinate cyber inspections, threat emulation, information systems training and protection for DoDIN and Army organizations as directed. Ensures synchronization and de-confliction of assigned missions between USSCYBERCOM, ARCYBER, and the USA CPB. Mentor, train and evaluate the work performance of subordinates. Interface with Subject Matter Experts (SMEs), both military and civilian; providing consulting expertise on Defense Cyber Operations (DCO).
 
Selected Accomplishments:
·       Recognized by the 780th Military Intelligence Brigade Commander for superior incident response support to the National Cyber Protection Team during Joint Cyber Flag Exercise.

Senior Watch Officer
National Security Agency - Augusta, GA
February 2014 to August 2015
Tailored Access Operations (TAO), National Security Agency – Georgia (NSA-G), Augusta, GA, USA. Supervisor Cleo Lamkin, 762-206-3375. Hours per week: 60
Senior Watch Officer (2/2014 to 8/2015) 
Key Skills: Compliance Management, Risk Management, Training & Development, Presentations, Communication, Technology, Multimedia Instruction, Microsoft Office Suite 2010 Proficient
Responsibilities: Direct representative of National Security Agency-Georgia (NSA-G), Tailored Access Operations (TAO). Supervised 24/7 Computer Network Operations (CNO) activities conducted by joint services military and civilian personnel. Identified, developed, and enforced policies related to conducting and supervising CNO activities; provided technical guidance, ensured legal compliance, conducted risk management analysis, and managed tasking and welfare of vital TAO operational support systems. Coordinated with analyst, software developers, infrastructure engineers, and operators to ensure optimal tactical and strategic-level customer response. Maintained awareness of ongoing events and dynamic requirements, adjusted priorities to assist team members as needed, and prioritized troubleshooting procedures to ensure efficient operations.

Enterprise Cyber Security Operations Officer
United States Army - Kuwait
August 2012 to July 2013
160th Signal Brigade, Southwest Asia Cyber Center, Camp Arifjan, Kuwait. Supervisor: MAJ Christopher Lowrance, […] Hours per week: 60.
Enterprise Cyber Security Operations Officer (8/2012 to 7/2013)

Key Skills: Cyber Security, Information Assurance, Management, Training & Development, Program Evaluation & Improvement, Planning, Communication, Technical

Responsibilities: Planned and conducted 24/7 network security operations and defense across seven countries to include Iraq and Afghanistan, ensuring US and coalition freedom of action within cyberspace. Facilitated and supervised the HP ArcSight installation, upgrade, and training for nineteen remote sites throughout Kuwait and Afghanistan. Enforced Host Based Security System (HBSS) Device Control Module (DCM), Host Intrusion Prevention System (HIPS) and antivirus policies on servers and over 200,000 workstations in Kuwait and Afghanistan. Provided technical expertise and assistance in data collection, correlation and analysis for incident handling through HBSS and HP ArcSight Security Information & Event Management (SIEM). Created global security policies, standards and procedures to help detect, categorize and respond to cyber security threats. Coordinated with external organizations to identify
risky operational practices, develop and implement more effective network defense security solutions and strategies; enhancing the cyber security posture throughout theater.

Selected Accomplishments:
·       Identified requirements for and designed the DoD NIPRNET DMZ Extension plan for the Camp Arifjan, Kuwait Main Control Facility (MCF) per Defense Information Systems Agency (DISA) Security Technical Implementation Guide (STIGs).
·        Implemented a Deny All Permit by Exception (DAPE) policy on eight-teen high-side and low-side network firewalls across Kuwait and Iraq.
·       Co-creator of the first Defensive Cyber Operations (DCO) working for the Southwest Asia Cyber Center (SWACC).
·       Provided technical input and supervised team that developed and deployed Rouge System Detector (RSD) coverage plan using a spanning port solution that was commended by DISA inspectors as a module the entire Department of Defense (DoD) could emulate.

Information Assurance Manager
Technology Management
July 2009 to July 2012
513th Military Intelligence Brigade, Augusta, GA. Supervisor: Simon McKenzie, […] Hours per week: 60
Key Skills: Information Assurance, Certification and Accreditation, Vulnerability Management, Business Continuity, Disaster Recovery, Incident Response, Staff Management, Technology Management, Documentation, Communication, Process Redesign, Training & Development
Responsibilities: Served as the Information Assurance Manager (IAM) for a deployable theater-level Military Intelligence Brigade that conducted multi-disciplined intelligence tasking, exploitation, collection and processing of data for Army Central Command (ARCENT). Ensured system interoperability and performed system administration of tactical and garrison systems. Conducted annual business continuity and disaster recovery exercises to evaluate the unit’s ability to respond to a disaster. Ensured Information Assurance Vulnerability Management (IAVM) compliance for over 2,200 workstations and servers on a weekly basis. Designed and implemented initial DoD 8570 IA compliance training and certification program. Managed development of personnel through job related training programs to ensure preparedness to install operate and maintain organic communication systems and Commercial of the Shelf (COTS) equipment.
Selected Accomplishments:
·       Led technical and administrative efforts accrediting three networks under Defense Information Assurance Certification and Accreditation Program (DIACAP), resulting in one receiving a full three year accreditation and the other two receiving Interim Approval to Operate (IATO).
·       Lead technician to test a TS/SCI tunneling package with the Fort Gordon Signal Center to be routed through the Joint Network Node (JNN) to support units without an organic Trojan Spirit.
·       Developed and implemented the Brigade’s first Incident Response Plan for handling investigation and remediation procedures.
·       Designed and implemented initial DoD 8570 IA compliance training and certification program.
·       Ensured Information Assurance Vulnerability Management (IAVM) compliance for over 2,200 workstations and servers.

Network Technician / Computer Network Defense Team Supervisor
Network Management
March 2006 to June 2009
US Army Europe, 44th Expeditionary Signal Battalion, Mannheim, Baden-Wurttemberg, Germany/ Baghdad Iraq. Supervisor: Paul Howard, […] Hours per week: 60
Key Skills: Leadership, Team Building, Communication, Performance Evaluation, Coaching, Mentoring, Technology Proficiency, Logistics, Problem Solving, Documentation & Reporting

Responsibilities:
Planned, established and maintained multiple network links utilizing satellite, radio, and line of site forms of transmission. Played key role in overall health of network, server deployments and security by ensuring network connectivity throughout LAN/WAN infrastructure, providing Tier 2 and Tire 3 support. Trained personnel in communication Data Packages and Joint Network Node operations before and during combat operations in Iraq. Facilitated DIACAP network accreditation transition for both tactical and strategic networks, creating better controls for addressing, accessing, and correcting system vulnerabilities. Created, modified, and maintained network topology diagrams. Published Information Assurance / Computer Network Defense Policy for the 44th Expeditionary Signal Battalion Joint Network Node operators. Maintained command control of all assets by installing SolarWinds monitoring tools.

Selected Accomplishments:
·       Simultaneously managed and maintained six separate Local Area Networks (LAN) separated by over 250 miles in Iraq, supporting users with commercial, non-secure and secure tactical voice and data services.
·       Managed the technical redesign and virtualization of two Technical Control Facilitates (TCF’s) providing services for over 3,000 customers.

Instructor/ Writer/ Operations Officer
United States Army – Augusta, GA
September 2001 to March 2006
447th Signal Battalion, Augusta, GA. Supervisor: SFC Clyde Hudgins, […] Hours per week: 60.
Instructor/ Writer/ Operations Officer (9/2001 to 3/2006)

Key Skills: Training Management, Training & Development, Curriculum Development, Facilitation, Program Evaluation & Improvement, Planning, Presentations, Communication, Technology, Multimedia Instruction, Student Relations, Performance Optimization, Logistics

Responsibilities: Successfully educated and graduated 4000+ highly qualified, hard-working personnel; prepared all graduates for rigorous IT roles annually. Planned and oversaw technical training to improve the capabilities and knowledge base of personnel and students. Provided one-on-one training to students exhibiting difficulty learning and researched and developed training specialized to address specific student shortcomings.  Evaluated training needs and oversaw development and assessment of Program of Instruction (POI) for MOS 25Q (Multi-Channel Transmission Operator/Maintainer). Wrote, revised and continuously fine-tuned courses, lesson plans, lectures, seminars, conferences and teaching materials to capture attention and provide exceptional-quality education while complying with POI and current policies. Developed and implemented intensive hands-on evaluation procedures for radio operations. Served as Battalion Training Officer responsible for comprising and publishing training schedules, coordinating quarterly training briefs, and scheduling personnel for Professional Military Education (PME) training and courses for advancement. In addition served as the Battalion Equal Opportunity (EO) representative; responsible for generating quarterly reports, providing quarterly training and planning ethnic observance programs. Managed facilities, training devices, instructors, and supply requirements needed to ensure student success.

EDUCATION
Bachelor of Science Information Systems Management
University of Maryland University College - Adelphia, MD, 2015

Associate of Science in General Studies
Georgia Military College – Milledgeville, GA, 2008

ADDITIONAL INFORMATION
JOB-RELATED TRAINING
GIAC Certified Enterprise Defender (GCED), 2015 
Joint Network Attack Course, 2013 
Information Protection Technician Course, 2012 
Computer Network Operations Planners Course, 2012 
• Host-Based Security System (HBSS) Administrator
Course, 2012
JNN Network Operations Course, 2007 
• Network Management Technician Course, 2005
• Warrant Officer Candidate School, 2005 
• Joint Network Transport Capabilities – Spiral (JNTC-S) Manager Course, 2005
• Information Assurance Security Officer Course, 2002  


CERTIFICATIONS/LICENSURE:
• Certified Military Instructor
• ITILv3 Foundation Certification in IT Service Management
• CompTIA Security+ Certification,
Global Information Assurance Certification Certified Forensic Analyst (GCFA)
Global Information Assurance Certification Penetration Tester (GPEN)
Global Information Assurance Certification Certified Incident Handler (GCIH)
Global Information Assurance Certification Certified Intrusion Analyst (GCIA)
Global Information Assurance Certification Systems and Network Auditor (GSNA)
Global Information Assurance Certification Security Essentials (GSEC)
Certified Information Systems Security Professional (CISSP)  
Certified Ethical Hacker (CEH)


HONORS & AWARDS:
• Bronze Star Medal
• Meritorious Service Medal (3)
• Army Commendation Medal (6)
• Joint Service Achievement Medal
• Army Achievement Medal (7) 

Friday, September 4, 2015

A personal flamethrower - What could possibly go wrong?

I have no clue how I managed to get down this particular rabbit path, but here I am on a conference call, (sorry David), am a bit bored, (still managed to reply every time my name was called), and ended up with this web page on screen.

For a bit under $1k, you, I, your neighbor, a stranger,  can own a personal, hand held flame thrower with a range of 25'. For a bit more, you can get a 50' range with interchangeable wands for various applications.

All in all a bit strange. If I can offer one tip, this is probably not a good choice for home defense unless your home is very, very flame resistant.

Tuesday, September 1, 2015

Hands on skills, Nicolas Mumaw, GPEN, looking for an opportunity

Nicholas M. Mumaw, GPEN
Digital Forensic Science
Nmumaw001@defiance.edu
www.linkedin.com/in/nmumaw/
Cell (330)703-9419


Education

Bachelor of Science, Defiance College, May 2014
¬Major: Digital Forensic Science       Minor: Criminal Justice
¬
¬Post-Secondary, The University of Akron, May 2010
¬CCNA Networking
Networking Basics
Router and routing Basics

Related Coursework

¬¬Comp TIA Exam Prep ¬Digital Forensics ¬Network Fundamentals
¬¬A+ Practical Applications ¬Computer Security ¬Routing Protocols and Concepts
¬¬Operating Systems ¬Seizure and Forensics Examination ¬Switch Basics and Wireless
¬¬Computer Forensics/Security Ethics ¬Advance Data Recovery ¬WAN Technologies
¬¬Network Forensics ¬Intrusion Detection ¬Mobile Forensics
¬ ¬ ¬
Technical Skills

Advanced program knowledge includes: Windows XP, Windows Vista, Windows 7, Windows 8, Linux, Android, IOS, Word, PowerPoint, Mediashout, FrontPage, Dreamweaver, FTK, FTK Imager, PRTK, Registry Viewer, Winhex, SIFT, Sleuthkit, Helix, Backtrack, VMware, THC-Hydra, Wireshark, TCPDump, Cain and Abel, John the Ripper, Psexec, Metasploit, Nmap, Ophcrack, Nessus, Enum, Netcat, and CoWPAtty.

Basic program knowledge includes: Windows Server 2003, Windows Server 2008, Windws Server 2012, HTML, Python, Excel, Burpe Suite, Zed Attack Proxy, IBM AppScan, Amap, Scapy, Netstumbler, Nikto, and Snort.

Other advanced skills include:
¬Configure routers, switches, access points
Design and build a network according to specifications
Build, upgrade, repair and troubleshoot PCs
¬
¬Work Experience

Sonit Systems LLC  Archbold, OH September 2014 - Present
Helpdesk Technician
Assist in the day to day Network Administration of customers network needs and problems over the phone
Go to customer locations in order to do consulting, setup networks, computer/server repair, and printer service
Work closely with the President and Owner of the organization to help establish a Network Security position
Come up with ideas, implementations, and services which could be provided to customers such as vulnerability assessments, network mapping, compliance checks, and network security sensors

Metalink Technologies  Defiance, OH May 2013 – September 2014
Technical Support
Conducted wireless internet, computer, and home network technical support over the phone and remotely
Joined projects and work with teams to create forms and test programs to verify solution accuracy
¬
Sherwin Williams  Defiance, OH November 2012 - August 2013
Store Associate
¬Worked closely with management to rearrange and organize the entire store according to corporate specifications and plans to increase sales by drawing customer’s eyes
Became a key holder just three months after starting allowing me to open and close the store
Used store systems to perform cycle counts, fulfill orders, and stock inventory
Using verbal skills, helped customers in their projects and any difficulties that they were facing
¬
Travel Centers of America  Lodi, OH September 2009 - August 2012
Lead Cashier
¬As a manager, completed daily paperwork and records as well as creating weekly orders for merchandise
Managed cashiers and porters, delegating tasks as needed within the store
Trained new cashiers, trainees, and porters along with managing productivity by assigning tasks to clean, organize, and restock the store according to planograms to ensure maximum sales
Provided customer service and remediate any customer issues
¬
Defiance College  Defiance, OH September 2011 - May 2012
Computer Technician
Troubleshot and repaired computers across the campus
¬
Internships

Medical Mutual of Ohio  Strongsville, OH July 2013 - August 2013
Security Temp Agent
¬Completed a 160 hour Internship
Ran security scans on web applications to identify vulnerabilities and perform tests to confirm the vulnerabilities
Reported scan results to owners of web applications, coordinated resolution priorities with them, and completed final scans to approve the security correction
¬
Habitat for Humanity  Defiance, OH September 2012 - May 2013
Financial Auditor
¬Created checks and balances for Financials while organizing the statements and tax forms

Bryan Municipal Court Probation Office  Bryan, OH April 2012
Court Probate Assistant
¬Conducted a 10-hour Service Learning project observing court proceedings and probation hearings.

Related Work

Detectives of Defiance: Got Clue?  Defiance, OH January 2012 – May 2014
Executive Board
¬Work with a group of college students and professors to create a real life crime scene to educate high school students attending the “Got Clue?” summer camp where they would learn about the three forms of Criminal Justice Majors: Digital Forensics Science, Forensic Science, and Criminal Justice
Teach a class of high school students about Criminal Justice and Digital Forensics and aid with their investigations of the mock crime scene

DC PC Solutions  Defiance, OH January 2011 – May 2014
President and Project Manager
Aided in the creation of the organization while working with the original project managers
Conduct cost-free technology consulting and repair on networks, computers, printers, and tablets for low-income clients
Conduct executive board meetings as well as organization meetings to discuss projects and project development to collectively identify new opportunities and engage members
HTCIA International Conference  Hersey, PA September 2012
Project Presenter
Selected to present the “Got Clue?” summer camp concept the Detectives of Defiance group to educate adult members of the HTCIA on creative ideas to engage high school and college students

Barberton City Schools  Barberton, OH July 2009
Networking Technician
Design and build the VOIP phone system contained within the new football stadium

Certifications And Awards

GIAC Penetration Tester, June 2014
Analyst ID#8797
Certified American Heart Association First Aid, October 2013
Service Leader Award, April 2011

Volunteer Work

Service Leadership - Student Member, December 2010 - August 2011
Church Service Leader - Audio/Visual Administrator, June 2007 - August 2010
Youth Group Leader - Audio/Visual Administrator, June 2002 - June 2010
Youth Football - Assistant Coach, August 2003 - October 2009
¬
Professional Organizations

SANS/GIAC Advisory Board
Member, June 2014 - Present
High Tech Criminal Investigation Association (HTCIA)
Member, September 2010 – January 2013
Treasurer, January 2013 – January 2014
Member, January 2014 - Present
Infraguard Toledo Alliance
Member, December 2013 - Present
Midwest Criminal Justice Society
Student Member, September 2010 – May 2014

Tuesday, August 25, 2015

DDOS Arbor Style

NOTE: I have zero financial relationship with Arbor, don't even hold their stock. However, I have seen them in the field for 20 years, they must be doing something right. DDoS is becoming a significant issue and it is a thorny problem. Worse, it takes money and outside resources to deal with it. Worse again, if you ignore it and they come down on your organization so that customers cannot interact with you, your organization may be seriously damaged in terms of revenue and customer relationship; and that is sugar coating it. So, it is time to go to school to get your arms around the problem. I found this easy to watch set of videos. As you watch them, think about how to take the key points and share them with management at your organization.

History of DDoS. How did we get in such a mess?

One size does not fit all with DDoS, what are the basic forms and their implications?

DDoS has been around for at least 30 years, how could it possibly be an advanced attack?

Can you give me an example of a potential solution that does not require solely counting on a cloud provider?

Monday, August 24, 2015

Draft Course Layout - SANS Boston 2016 - Feedback requested

This is subject to change, but this is what the program committee is leaning towards for the courses. I am still trying to channel the evening program. Please tell me what you think.

We are getting close to a solid course line up for Boston 2016 August 1 - 7 at the Omni Parker House. We are a bit conflicted about SEC 575. We have limited qualified instructors and the course is popular, but it is early still. There is still time to make a substitution for 575 as needed. If you think there is a course that would be a better fit for the needs of the New England area please leave me a comment and I will try to get back with you.

Day course matrix




Evening program

Don't miss the Tea Party, no not politics, tea.

We have 3 rooms that can seat over 200 if they are set theater style. Obviously many of the SANS faculty have their own keynotes and evening talks, but I would like to find some local cybersecurity thought leaders that are "outside of the SANS family".

Saturday, August 22, 2015

White Paper: Using Network Based Security Systems to Search for STIX and TAXII Based Indicators of Compromise


 This paper does a pretty good of highlighting tools to detect that an organization has been breached and hopefully that will be caught very early in the process.

First we meet Mandiant led, Common Indicators of Compromise, (IOCs). Not rocket science, but really helpful:  hashes  of  known malicious  files,  IP  addresses  or  DNS  names, and much more. The next piece of the puzzle are Uber competitors, STIX and TAXII. Well actually, they are an NIST standard that looks like they will stick. Mostly you read some high level mumbo jumbo about them, but this is your chance for a deep dive, or at least a 3 atm free dive. These are real, concrete examples.

If you are a senior cybersecurity manager, you eyes will glaze over when you get to the good stuff. But before you close the paper, scan down, find an example or two you are comfortable with. Copy them off and keep them in a folder. When you are part of a job interview for a senior security engineer position, the kind of person that commands a $140k salary, bring out the folder and ask them to tell you about it.

I encourage you, your employer encourages you, to at least speed read the paper which is available here.



Wednesday, August 5, 2015

David Longnecker's post on reducing the risk of StageFright

The content below was written by David Longnecker, who graciously gave me permission to post:

Zimperium just released details and POC code for the StageFright
vulnerabilities:

https://blog.zimperium.com/stagefright-vulnerability-details-stagefright-detector-tool-released/

I've put together a quick how-to for "friends and family" to disable
auto-retrieve of multimedia messages in the native Android Messages app,
and in Google Hangouts, here:

http://www.securityforrealpeople.com/2015/08/avoid-stagefright-by-turning-off-auto.html

It doesn't cover every scenario, but it at least protects against the 100%
unaided attack.

Regards,
David Longenecker

Connect: Blog <http://securityforrealpeople.com> | @dnlongen
<https://www.twitter.com/dnlongen> | LinkedIn
<https://www.linkedin.com/in/dnlongen/>
PGP key: https://keybase.io/dnlongen

Tuesday, June 16, 2015

The Florentine Deception by Symantec's Carey Nachenberg

Carey Nachenberg is the chief engineer at Symantec Corporation  (one of the original inventors of Norton Antivirus) and the author of a new cyber-security-themed thriller entitled The Florentine Deception.  Carey is using the novel as the basis of a charity effort to support charities benefitting underserved students and veterans (including KIPP.org, Success Academy, and NPower.org, among others). As such, he is looking for partner organizations to help get the word out. He has already pledged $4,300 from sales, but am trying to reach a target of $10,000. So any exposure from the security community will go a long way toward helping his charities.

So what is the novel about? The Florentine Deception is, at its heart, an edge-of-your-seat cyber-security adventure that combines the action elements of Da Vinci Code with the technology elements of CSI: Cyber. It follows twenty-something Alex Fife has he hunts for an elusive object known as the "Florentine," and inadvertently stumbles upon an Iranian effort to decimate the US's computing infrastructure. The cyber-security aspects of the story are actually feasible, and in fact the book’s foreword was written by Dr. Eugene Spafford, PhD of Purdue’s CERIAS, (and one of my role models), who corroborates the technical elements of the story.


For background on Carey's book, his biography, his charities, etc., please see: www.florentinedeception.com


Tuesday, May 12, 2015

If you are in Virginia consider Mach 37

I received the following by email:


Mentors and Friends of MACH37,

We could use your support in spreading the word to startups working on promising new security products (or technologies that you'd like to see in the market) that MACH37 is preparing for the Fall 2015 (F15) cohort . Please let them know about MACH37 or feel free to introduce us to them. 

The soft application deadline for the upcoming F15 Cohort (September 8 - December 8) is June 1st... just around the corner!

Please let anyone you know that we are excited to chat with them about MACH37 or feel free to introduce us to them and recommend they reach out to us and apply for the F-15 program... soon.

Below are some details about the MACH37 F15 cohort and the application link that you can cut and paste.

Thank you for helping to make MACH37's F15 cohort a great success.

----------------------------------
Apply Here

Soft Deadline
June 1, 2015
*** We highly encourage all interested entrepreneurs  to apply by this date.  The MACH37 team will start reviewing and extending invitations to interview in June and will be extending offers to accepted applicants, to the F15 Cohort, in July. 

Fall 2015 Start and End Date
September 8th - December 8th

Basic Deal
$50K for 8% and active (full) participation in the 90 day on-site program at the MACH37 facilities in Herndon, VA.

Website

About MACH37
Twice a year, MACH37 invests in a class of 5-8 security startups, each of which participates in an intensive 3-month (90 day) program that allows entrepreneurs to validate their disruptive cybersecurity concepts and prepare their companies for investment. The program brings together domain experts, successful cybersecurity entrepreneurs, as well as focused mentorship from our extensive network of visionaries, practitioners, and successful security entrepreneurs as well as investors familiar with the security market. The MACH37  program is designed to propel graduating companies into the marketplace, equipped with the skills to grow and compete for funding and market share.  At the end of 3 months there is a Demo Day presentation to an ever growing investor community.

Please Contact Us With Questions
Ledger West - ledger.west@mach37.com
Rick Gordon - rick.gordon@mach37.com
Bob Stratton - bob.stratton@mach37.com
Dan Woolley - dan.woolley@mach37.com
----------------------------------
Copyright © 2015 MACH37, All rights reserved. 
You are receiving this email because you are a friend of Mach37. 

Our mailing address is: 
MACH37
2214 Rock Hill Road, Herndon, VA, United States
Suite 270
Herndon, VA 20170

Wednesday, May 6, 2015

Whoops, (Little Snitch, Mac, Safari, infoRisk TODAY)

Yesterday, I was teaching using GoToTraining. I run an outbound firewall called Little Snitch. You would not believe how many outbound connections that product requires and worse many of them to not resolve.

Fortunately I started preparing almost an hour before the training and finally realized allowing each connection wasn't going to work. So, I finally decided to disable outbound filtering.

This morning, I had an email from a group called infoRisk TODAY. Not sure how I got it, guessing they bought a mailing list. One of the articles, an interview with the CEO of BB&T looked interesting. So I clicked on that link. Ghostery showed the usual suspects, so these people do want to track you.

After a minute the screen darkened and a little box popped up. I killed the tab. And realized outbound filtering was still disabled. Whoops. I used Safari Preferences to clear cookies and website data, (I have Safari set to always block cookies, but some stuff gets in anyway). Then I killed Safari and ran CCleaner to get the stuff Safari doesn't take care of.

Then I went back. The popup still got through everything. Time for me to revisit how I harden my general purpose browsing. Screenshot with partially successful popup is below.


Then it was time to unsubscribe from infoRisk TODAY. That took me to a screen that said my first name was Suzy, funny, I thought it was Stephen. Sigh, it is sad when you can't tell the good guys from the bad guys.