Tag Archives: Technology/Internet

Just a quick share on something that made me very happy this week (that’s what happens when the wife is not around): Enabling AirPlay on a non-apple device to stream both music as well as video to my Boxee (on an Xtreamer Ultra Linux box).

Pascal Widdershoven has published a really simple and quick to install script here: Airplayer

Albert Zeyer has the equivalent one for playing audio: Shairport

Installation of both is fairly straightforward (just read the readme/install files) and worked flawlessly on my rig. Have fun!

Intelligence on Ashiyane and the Iranian Cyber Army

One of my favorite OSINT resources internet-haganah have opened up a new thread on their forums that are dedicated to Iran, called Ashiyane.

This is basically the hacker forum that I was researching a couple of years ago (see my DefCon18 talk, and here, and here).

The forum thread is here: http://forum.internet-haganah.com/showthread.php?440-Ashiyane

And an interesting intelligence profile for the group actually quotes my past research (which unlike what it may seem was NOT done as part of my reserve duty tasks in the Israeli AriForce…)

Keep up the great work guys! Truly humbled to have my work mentioned on your site.

Introducing SexyDefence

After a long time of no updates, I’m finally back to a “normal” schedule, but as always – there’s some new project that emerges from just being around extremely smart people and accessibility of alcohol…

So, during an exciting tweeting session at the SecurityZone green room (which is never green BTW), where all of us geeks were relaxing and instead of actually talking to each other (again – we are all in the same room), we were exchanging gestures and an occasional snicker as we “discussed” things on twitter. At one point, the question of “why on earth can’t we make defense as sexy as we managed to make offense?” (in the context of information security of course).

That started what we call “SexyDefence”.Bar Refaeli in soldier uniform

The parties to blame are: James Arlen, Stefan Friedly, Chris Nickerson, David Kennedy, Wim Remes, Dave Marcus, Chris John Riley, Georgia Weidman, and yours truly. We managed (in 30 the 30 minutes we had before we went back to “normal” con business and ran a panel on SexyDefence) to set up a space where this new initiative would be panned out. Here are the main points (just a beginning) of what we consider as the SexyDefence “manifesto” 🙂

0. Rediscover your passion for the job you have instead of whining about the job you don’t have.
1. Wake the fuck up and learn how your company works (for realz – not just the techie stuff)
2. Use everything you have. whatever the “bad” guys use is fair game for u as well. research vulns on attack tools…
3. Intelligence. Gather it. On you, on your threat communities. Now use it. Intelligently.
4. You have more information at your disposal than you think (logs. Lots of them). Figure out a way to use it.
5. Remember that it’s the users (humans) that will screw you up. Make sure your “plans” include dealing with them (not just tech)

Feel free to take a look (and as always contribute – see PTES) here: http://wiki.doinginfosecright.com/index.php?title=Main_Page

Happy hacking!

p.s. – Yes, I figured that a picture of the local model Bar Refaeli in uniform would be better that the one used on James’ blog of RightSaidFred…

 

Career in Information Security

So, here comes the time when I say out loud something about where I work on this blog… My company – Security Art, is at the challenging phase where we are growing rapidly, and as a result are also looking to grow our excellent team.

If you ever ran a small company you know how hard this phase is. Making sure not to outgrow the amount of work you can take, making sure you can still deliver the top-notch services you got your customers used to (and what built your reputation in the first place), managing the growth, having people trained and lined up to the way you do business, the list goes on and on…

Bottom line, It’s one of the more exciting (and scary) phases that a boutique company such as ours goes through, and we are looking for more talents to join our team.

Beyond the “standard” job descriptions you can find on the careers page on our company website, I can only say that:

  1. We work hard. Probably harder than you have worked before. Ask around and people who know us can tell you.
  2. We love what we do. See 1. If we wouldn’t have, we would have burnet out years ago. This is our passion, this is our hobby, and this is what we are good at.
  3. We are all n00bs. Anyone who thinks they are an expert at something and therefore have reached some faux pinnacle of their career is probably not in InfoSec. We learn new things every day. We research new technologies, law systems, politics, people, societies, companies, business, finance and other areas on an ongoing basis. The landscape keeps changing and our job it not only to stay on top of everything, it’s also to plan ahead, and try to predict what’s going to be the next challenge. By definition, 80% of what we look into will not be relevant. It’s the 20% that does that makes it later to presentations in security conferences…

Now that you got a little taste from the “behind the scenes” of what we are looking for, and think you can step up to the plate – please do!

Looking forward to see some new blood whom we can all learn from a few more things and share our passion with.

P.S. No I didn’t forget 4 (and people who know me can attest to the fact that there is a no. 4) – party hard. Just as you need to kick-ass in your work, you are allowedrequired to party just as hard 😉

7 Steps to consider when running a Vulnerability Assessment

Today I’m proud to give this stage to some friends from GFI (have some good friends from the former Sunbelt guys that were acquired by GFI last year). Vanessa is our guest blogger, and she’s got a great post on how to run a more effective Vulnerability Assessment process in your organization.

 

Do you know how your server measures up to potential threats? If you haven’t performed a vulnerability assessment on your servers yet, you may not be aware of issues that may leave you exposed to hackers and web-based attacks. A vulnerability assessment is the process of inventorying systems to check for possible security problems, and is an important part of system management and administration.

Vulnerabilities are weaknesses within a server or network that can be exploited in order to gain unauthorized access to a system, usually with the intention of performing malicious activities. The most common way to address many software-related vulnerabilities is through patches, which will usually be provided by the software manufacturer to correct security weaknesses or other bugs within an program. However, there may be times when a patch is not available to address a possible security hole, and not all vulnerabilities are software-related for which a patch would be offered. This is where the concept of vulnerability assessment comes into play. Minimizing the attack surface and the effect that a potential hacking attempt could have on your system is a proactive way of effectively managing a server network.

While there is no 100% way to protect your servers against vulnerabilities, in performing a vulnerability assessment there are some steps you can take to minimize your risk:

  1. Close unused ports
    Ideally, your server network setup should include at least a network firewall and a server-level firewall to block undesired traffic. Undesired traffic would include traffic to ports that are unused or that correspond with services that shouldn’t be publicly-available. These ports should be blocked in your firewall(s).
  2. Don’t over-share
    If servers on your network are set up to share files with others, or to access network shares (such as file servers and other resources), make sure that those shares are configured to only allow access as appropriate. Hosts that don’t participate in sharing resources should have that capability turned off completely.
  3. Stop unnecessary service
    The more services you have on your server, especially those that listen on network ports, the more avenues a hacker has to get into your system. This is especially true if you have services running that aren’t being monitored or used, and therefore are unmaintained. Stop services that are not in use or necessary, and restrict access to others that are not intended for public access.
  4. Remove unnecessary applications
    Many operating systems come with a wide set of programs that may not be necessary for normal server operations. Find out what software is installed on your system, and then determine which of those applications are not necessary and remove them.
  5. Change your passwords
    Using default vendor passwords is more common than you may think – but since those passwords are usually publicly-known, they are often the first ones used during hacking attempts. Secure passwords should always be used in favor of the vendor defaults, and industry experts recommend changing them every 30-60 days.
  6. Do some research
    When software or new applications are installed, users often neglect to take the time required to review their settings to ensure that everything is up to par with modern security standards. Take some time to research what you are installing and any security implications that it may have, including what features may be enabled that could introduce security problems, and what settings need to be adjusted.
  7. Encrypt when possible
    Many services and network hardware have the capability of encrypting traffic, which decreases the likelihood of information being “sniffed” out of your network. When transmitting sensitive data, such as passwords, always use an encrypted connection.

Regular vulnerability assessment is a vital part of maintaining system security. Not only will it help diminish the success or possible effects of malicious activity against your servers, but it’s also a requirement for many compliance standards such as PCI DSS, HIPAA, SOX, GLB/GLBA, among others.

This guest post was provided by Vanessa Vasile on behalf of GFI Software Ltd. GFI is a leading software developer that provides a single source for network administrators to address their network security, content security and messaging needs. More information on vulnerability assessment

All product and company names herein may be trademarks of their respective owners.