Hurry up and Wait!

This week was all about Confiker. I'm actually pretty appreciative of the attention this worm commanded. The best of both worlds for Information Security practitioners; widespread publicity grabbing the attention of company executives, sysadmins, and the average Joe, but not actually bring down the universe. But what now, nobody knows. What I do know is this event educated many people who otherwise had no idea of the implications of unpatched systems, lack of antivirus and the power of worms and Botnets. Hopefully everyone will be more prepared for whats next.

Phishing for USE Credit Union Members

As promised here is my next post already. Couldn't have been 30 minutes ago when I promised that I would keep them coming. This post involves cell phone phishing scams. lately I've received text messages from what appears to be USE Credit Union.

The text message alerts the recipient of Unauthorized Identity Access then directs them to visit a fraudulent website which requires entry of credit/debit card information. Text book lack of an SSL Connection,privacy warnings displayed in the browser,etc.
Viewing the source of the page revealed a well comment application for customized credit card theft...

This time it was phishing next time could easily be a targeted attack with malicious code dropping a back door.

Its been a whole year

I've got to post more often.. It was never my intention to do a post a year, LoL. Its been an interesting year and I have encountered many new exciting challenges in my career in Information Security. I have added the interest & responsibilities of managing enterprise level security to my daily concerns. Just a year ago, exploits, malware, firewall rule sets and IPS tunning dominated my duties. Now I've added Metrics, Dashboards, Average Loss Expectancies, Risk Assessments and regulatory requirements. I guess I'll count it as gaining maturity as a security professional. With that said, there is no excuse... Not only do I need to post more often, it now seems to be psychological necessity..


More to come

Testing your IDS

Is that SPAN still up? Am I seeing the traffic that I need to? IDSwakeup from Herve Schauer Consultants, is a small script the is worth a try. You will have to have hping2 installed as a prereq.

Usage: ./IDSwakeup src_addr dst_addr [nb] [ttl]

IDSwakeup should light the average sensor up like an Xmas Tree.

Sans New Orleans 2008

Last week, I attended the latest Sans Institute conference in New Orleans. All in all it was a great experience. It seems like the city is on its way back. I sat through SEC-504 Advanced Hacker Techniques and Incident Handling, and yes I'll be taking the exam for the Cert. The course was originally scheduled to be taught by the one and only Ed Skoudis; known for books he has authored including "Counterhack" and "Counterhack Reloaded". Upon arrival, I was disappointed to find out that Ed would not be teaching, but a guy by the name of John Strand; Ed was in the lab working on what has become the new Sans Penetration Testing / Ethical Hacking course. Well, no need to worry, John did not disappoint,I listened to him vomit knowledge for 6 days, eight hours each day, non-stop. My hat is off to all of the Sans instructors they are hands down the most professional and knowledgeable in the field. Check out John Strand's website he has some pretty good video tutorials on it.

Thank you New Orleans
Love that City!