Hello Echo Hello

Echo is an interactive internet stereo that has access to your Amazon music cloud. The sound quality is quite good. It has other features that are accessible by voice, and these other features is where the future of third party developers are pivotal to its future.

Amazon has learned well from Apple. The package and design on the product is excellent. The packaging displays the product well, and presents it in an Apple-like manner. One obvious difference is that Amazon uses a black theme while Apple a white one.

[Read more…]

Prevention Products versus Processes & People

Do today’s threats succeed because we don’t have the right technology or are they succeeding because we are really bad at fundamentals?  There are four basic things that a security operation center must do. These are detect, review (scope), respond and track.  Of these, the majority of new products focus on detection with automated response.  The result is that organizations lack the skills to review, scope and track security events.  They lack these because their investments aim at prevention over security  fundamentals.  Fundamentals may not be as sexy as the latest prevention device, but where is the best investment?

Security marketing blitz sells by fear, uncertainty and doubt. We, as consumers, lose focus on basic truths. There is a media push that would like us to believe that what we have is old and therefore incapable of handling new threats. Yet systems that are patched are less likely to get compromised. Systems that run antivirus are less likely to be infected. Networks with gateways and firewalls are more secure. Reviewing and responding to alerts is required to fill the gaps. [Read more…]



Recap on Crimeware

BustedI’m working on a series of posts about Crimeware on the SecurityDo site.  I just finished the first section, which is on the overall structure of crimeware, and the technical approach to how exploit kits redirect users towards the exploit (landing) page.
These posts are:

In the coming weeks, I plan to cover the exploits used in the kits.

Is Apple Mistaken about the Severity of Shellshock?

Apple released an email statement that the vast majority of Mac OS users are not vulnerable to the Shellshock Bash vulnerability (CVE-2014-7169).  Hours later Hendrik Adrian tweets that there is a live exploit of this occurring against Mac users:

Screenshot 2014-09-28 09.30.12

Apple has not released any test to validate that their version of bash is secure.  They could have tested the releases by using a script developed by Red Hat to check to see if a system is vulnerable:

env x='() { :;}; echo vulnerable’ bash -c “echo this is a test”

It seems unlikely that they are using this test.  If they used this test, they would find that this test fails when checking it with a fully patched Apple OS X Version 10.9.5:

Screenshot 2014-09-28 09.10.33

This leaves a strange question, who is correct?  Is the Red Hat test for checking correct, or is Apple’s statement of being secure correct.  Unfortunately, the answer may not be known anytime soon.  Like previous virus issues with Macs, users tend not to run antivirus, and so are unaware of their system being infected.

How to get your Point Across in 2,442 Pages

In a day where we know that designing products to be user friendly is key to their success, Cisco produces a SourceFire 3D System User Guide that is 2,442 pages long.  The first thirty eight (38) pages is just the table of contents.   Cisco is hauntingly like the early days of computing.  Where the manuals became barriers of entry.  It reminds me of an early IBM/Mac commercial where they show the differences in manuals.

With Less Users, IE has become Insecure

As Microsoft Internet Explorer (IE) has become less popular to users, it has become a vulnerability.  It appears that IE quality is consistent with its popularity.  There are a number of factors to IE decline.  Microsoft is one of the rare browsers that is not HTML5 compliant.  Mobile devices Android/iPhone continue to make up more of the browser space.  It is apparent that IE’s insecurity is related to its popularity and importance to Microsoft.

Rise of IE vulns

Chart 1: Percentile of Users By Browser

[Read more…]

Decrypting Cryptolocker Files

For those organizations that were hit by Cryptolocker, there is a means to recover your files now.  FireEye and Fox IT are hosting a site to help decrypt those files.   The site asks for an encrypted file to be sent, and then it will return the key to decrypt it.  I am often a skeptical person, but this is truly a cool thing to do.  The information was there, but making a bridge for the layman was needed.

Screenshot 2014-08-20 08.11.11

[Read more…]

Your Mobile Data is 5.5 Billion Dollar Industry

Snowden keeps trying to tell us that Government is scary. What is scary is that the data the Government is trying to gather has been available for purchase for years.

[Read more…]

McAfee Now Highlighting Snort Signature Integration

McAfee is aiming towards bridging the Snort barrier by fully integrating with Snort signatures in order to get better community signatures.  The marketing campaign can be found on a special site.  For years McAfee Network Security Platform, formerly IntruShield, boasted that it was above Snort and its commercial implementation, Sourcefire.  The product team refused to integrate Snort signatures and only did so by the request of their Government customers.

[Read more…]

%d bloggers like this: