Tuesday, March 31, 2015

Needle in a haystack: searching from the Windows command line

A key part of security involves basic command line skills. Read on for some tips for command-line searches on Windows.
Part of network security involves fancy technology, specialized devices, and ever-advancing techniques. The crooks are constantly improving their craft, and so must the defenders. But an equally important part of security involves mundane and boring tasks, tasks such as looking through log files for indications that something undesirable happened or that someone has gained unauthorized access - i.e. Forensics 101.

There are a myriad tools available for searching, whether on Windows, Linux, or Mac. I am of the opinion that a security expert (or system administrator) needs to understand the command line and built-in tools first. There are times when you don't have the luxury of installing or using custom tools and have to make do with what comes on the operating system. If that system is Windows, you get Find and Findstr.

Tuesday, March 24, 2015

Social media risks and rewards

Social media are great for keeping in touch with friends, but be mindful of what you share and with whom. Simply planning a strategy for how each social network will be used can make all the difference.
Do you know with whom you share, and what you share, on social networks? I've had around a dozen conversations about social media in the last few months. Conversations with friends and family, with colleagues, and with professional peers. Conversations about differences in uses and privacy implications, as well as conversations about examples of ill-advised sharing. Over the weekend I had a brief Twitter conversation with Rafal Los (aka Wh1t3rabbit) bemoaning recent LinkedIn changes that make it difficult to introduce ourselves when requesting a connection.

On top of that, there have been a couple of widely-publicized news stories recently about direct consequences of social sharing: a Dallas teenager accepted a job with a pizzeria, and proceeded to badmouth the job to friends on Twitter. Word got back to the shop owner, who fired her before she started. Then the New York Times ran a story of a senior director of communications who's poorly-conceived tweet cost her a high-ranking job.

Tuesday, March 17, 2015

Security B-Sides Austin: Recapping a hacker conference

A recap of the 2015 Austin B-Sides security conference, with links to speakers and slides where available
March 12 and 13, about 250 hackers and security practitioners from around Texas (and as far away as Canada) descended upon Round Rock, a suburb of Austin, for two days of training and research presentations. Security B-Sides sprung up in 2009, as an alternative to the major (and highly-attended) conferences such as Blackhat and RSA: there's not much opportunity to talk one-on-one with a researcher at a conference attended by 10,000. In 2009,the inaugural B-Sides was held in Las Vegas; a year later, B-Sides Austin launched, timed to coincide with the annual Spring Break phenomenon known as SXSW (South by Southwest). For 2015, over 30 events in North and South America and Europe are scheduled, with more in the planning stages.

I refer to B-Sides as a hacker conference. Some readers may take offense. I use hacker in its original (and to many, "real") sense: one that knows a topic well and can modify something to do his or her will, rather than what the creator intended. That culture has nothing to do with malicious use of computers - it is the culture that lead to automotive performance shops, or the motorcycle customization industry glamorized by West Coast Choppers for two examples. A hacker could be known less controversially as a maker, or a tinkerer, or a modder - or an engineer. In that sense, I am proud to wear the label of hacker.

Tuesday, March 10, 2015

The week in tech news

Monday seemed to be "the day" for big technology and security news. Several big stories broke yesterday, so rather than dive deep into a topic this week, I am going to summarize what you need to know: Rowhammer, FREAK, IOS 8.2, Apple Watch, and [added Tuesday] Microsoft's massive Patch Tuesday.

Wednesday, March 4, 2015

The closed account that wasn't

This morning I received an unexpected message to my mailbox. Wells Fargo was informing me that my account had been locked due to three attempts to log in with an incorrect password. This is pretty good security: an attacker cannot keep trying passwords forever since the account is locked after the third try, and the bank alerted me via the email they had on record for the rightful owner of the account. Locking the account is a common way to prevent an attacker from discovering a password randomly (though it does nothing to protect against an actual password that is stolen). Alerting the account owner means I can change my password and look for any unexpected transactions or other changes to the account.