Malos Ojos Security Blog

Archive for May, 2012

Cyber Security Experts?

by on May.17, 2012, under General

Reading an article on nbcchicago.com titled “Experts Warn Laptops Could Be Targeted During NATO Summit” made me laugh…specifically this quote, “The chief technology officer at SRV Network Inc. in Chicago told the Sun-Times computer users should make sure their anti-virus software is updated”.  Really?  Sure, if you want to protect yourself against commodity malware that has been floating around for some time…it still amazes me that so-called security experts make this recommendation.  Don’t get me wrong, it is a very safe recommendation to make and I don’t mean to imply that you shouldn’t run updated antivirus.  What I don’t think this statement conveys is that there is malware that can be built, easily and inexpensively, that bypasses your antivirus control regardless of how “up-to-date” the signatures may be.  I hate that these statements give many people a false sense of security…”Oh, nothing can happen to me, I have antivirus enabled and it is up-to-date”.  Maybe it was the brevity of the article in this case that got to me, but I’d probably make some better recommendations here, including:

  1. Update both the operating system you use as well as any applications and browser plug-ins from a known good internet connection (from a connection you own).
  2. Harden the system, disable unnecessary services and remove unnecessary applications.
  3. Consider disabling scripts in your browser, using the No-Script plug-in for Firefox as an example.
  4. Disable services with listening ports where possible.  For example, in Windows, there is no need to run file and printer sharing on a laptop, so turn it off.
  5. Consider using a host-based firewall which will limit network borne attacks against your system.
  6. Connecting to “known” wireless networks is a start, but nothing guarantees that you’re actually connecting to a “good” access point.  It is fairly trivial to run a fake access point and proxy connections, so on that note:
    1. Turn off beaconing so your system isn’t actively looking for and connecting to access points on your behalf.  As an attacker I can use these beacons to then setup a fake access point you’ll automatically connect to.
    2. If you own the WiFi access point you’re connect to it is trivial to verify the MAC address of the AP you’re connecting to, do it.
    3. If you do connect to an “open” access point you should consider using a VPN connection to encrypt the wireless traffic.  Using SSL/TLS is no longer a guarantee given side jacking tools like Firesheep.
    4. Don’t assume a WiFi network you setup for a bunch of people to use is “unhackable”.  Many tools exist to break WPA-PSK and it gets worse if you’re running a router that is vulnerable to WPS pin attacks.  if you’re running WPA-Enterprise then I’m impressed.
    5. If you’re really paranoid, you can throw a VPN, VPS and ToR into the mix as well and run the traffic destined for the internet securely through another system in another country.  Ever see that big data center someone is building in Utah?  How about orange doors at AT&T?  Paranoid yet?
    6. All this talk of WiFi, why not just bust out a 4G hotspot instead…protected of course.
    7. If you’re extremely paranoid how about running a throw-away system or a something off of a live disk like BT5?
    8. Finally, practice restraint in your browsing…don’t click yes to everything without reading, take certificate errors seriously, and try not to get caught up in the excitement.

I do realize some of my recommendations above may be over the average user’s head, but we need to do better than making a blanket “update your antivirus” statements if we really want to empower users or assist them in protecting themselves.  I also think if you search there is probably a guide, better than what I typed up in 10 minutes, posted somewhere online that you could use.

All of the above makes no mention of “why” someone would want to break into users laptops.  Sure, there will be a lot of people around using WiFi and mobile data networks and such to connect, share, post images, video, stories, etc.  I’m just not seeing how this is any different from any other situation, such as travelling and connecting to a hotel’s WiFi network, or at the airport, or even as I sit here on my own network at home.  Point is, you’re being attacked every day regardless of where you are, so I just don’t get why we are making a big deal out of this because we added NATO to the title.

I’m cranky and need more coffee…

Leave a Comment more...

2012 North American CACS Conference

by on May.06, 2012, under General

I’ll be speaking at the North American CACS Conference for ISACA in Orlando, FL on May 7th. I’m on a panel discussing Emerging IT Risks @ 10:15am and @ 3:30pm I’m presenting on Auditing Mobile Computing.

Leave a Comment more...

Update on Ethically Teaching Ethical Hacking

by on May.04, 2012, under General

I have to give DePaul University some kudos on this topic. They came around and added my course to the regular course catalog for the Computer, Information, and Network security program as CNS388/488 – Security Testing and Assessment. It is a foundational level course on ethical hacking, the methodology, and the tools used in these types of assessments. I’m happy to see that some schools are coming around and it will be available in the coming Fall quarter.

Leave a Comment more...

RSA/EMC Webinar on Security Resilience

by on May.04, 2012, under General, Incident Response

I also presented on a RSA/EMC webinar on security threats and building the right controls back in January that I never posted. The link to the event is Here.

Leave a Comment more...

Looking for something?

Use the form below to search the site:

Still not finding what you're looking for? Drop a comment on a post or contact us so we can take care of it!

Visit our friends!

Links for tools and such...