// API callback
readpostlabels({"version":"1.0","encoding":"UTF-8","feed":{"xmlns":"http://www.w3.org/2005/Atom","xmlns$openSearch":"http://a9.com/-/spec/opensearchrss/1.0/","xmlns$blogger":"http://schemas.google.com/blogger/2008","xmlns$georss":"http://www.georss.org/georss","xmlns$gd":"http://schemas.google.com/g/2005","xmlns$thr":"http://purl.org/syndication/thread/1.0","id":{"$t":"tag:blogger.com,1999:blog-3911105790299130851"},"updated":{"$t":"2021-08-17T22:37:34.909-05:00"},"category":[{"term":"Practical Security"},{"term":"Small Word Security"},{"term":"Digital Forensics"},{"term":"Faith Family \u0026 Fun"},{"term":"Bugs and Vulnerabilities"},{"term":"Cyber Crime"},{"term":"Home Network Security"},{"term":"Internet of Things"},{"term":"Mobile Device Security"},{"term":"Bank and Credit Card Security"},{"term":"Password Management"},{"term":"Hacking"},{"term":"Identity Theft"},{"term":"Financial Fraud"},{"term":"Malware"},{"term":"Privacy"},{"term":"Social Engineering"},{"term":"Parenting"},{"term":"Phishing"},{"term":"Social Networks"},{"term":"Weekend Projects"},{"term":"Encryption"},{"term":"Awana and Kidmin"},{"term":"Asus"},{"term":"CSOonline"},{"term":"Tech Tips"},{"term":"Security Theater"},{"term":"Transportation Authorities"}],"title":{"type":"text","$t":"Security for Real People"},"subtitle":{"type":"html","$t":"A blog by David Longenecker: practical cyber security advice, digital forensics, and parenting in the digital age, with family and faith woven in."},"link":[{"rel":"http://schemas.google.com/g/2005#feed","type":"application/atom+xml","href":"http:\/\/www.securityforrealpeople.com\/feeds\/posts\/default"},{"rel":"self","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/-\/Digital+Forensics?alt=json-in-script\u0026max-results=50"},{"rel":"alternate","type":"text/html","href":"http:\/\/www.securityforrealpeople.com\/search\/label\/Digital%20Forensics"},{"rel":"hub","href":"http://pubsubhubbub.appspot.com/"},{"rel":"next","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/-\/Digital+Forensics\/-\/Digital+Forensics?alt=json-in-script\u0026start-index=51\u0026max-results=50"}],"author":[{"name":{"$t":"David"},"uri":{"$t":"http:\/\/www.blogger.com\/profile\/10169777669998745001"},"email":{"$t":"noreply@blogger.com"},"gd$image":{"rel":"http://schemas.google.com/g/2005#thumbnail","width":"16","height":"16","src":"https:\/\/img1.blogblog.com\/img\/b16-rounded.gif"}}],"generator":{"version":"7.00","uri":"http://www.blogger.com","$t":"Blogger"},"openSearch$totalResults":{"$t":"70"},"openSearch$startIndex":{"$t":"1"},"openSearch$itemsPerPage":{"$t":"50"},"entry":[{"id":{"$t":"tag:blogger.com,1999:blog-3911105790299130851.post-453833040802962523"},"published":{"$t":"2018-02-12T22:19:00.000-06:00"},"updated":{"$t":"2018-02-12T22:19:09.768-06:00"},"category":[{"scheme":"http://www.blogger.com/atom/ns#","term":"Digital Forensics"}],"title":{"type":"text","$t":"Using malware's own behavior against it"},"content":{"type":"html","$t":"\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003EA quick read for a Monday night.\u003C\/span\u003E\u003Cbr \/\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003ELast week while investigating some noisy events in my security monitoring system, I noticed two competing Windows features filling up event logs: link-local multicast name resolution (LLMNR) put lots of name resolution requests onto the local network segment, which Windows firewall promptly blocked.\u003C\/span\u003E\u003Cbr \/\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003ELLMNR is the successor to NetBIOS Name Service. Both serve the same purpose: if a computer cannot resolve a name through \u003Ca href=\"https:\/\/www.securityforrealpeople.com\/2015\/10\/dns-simple-way-to-stop-malicious-web.html\" target=\"_blank\"\u003EDNS\u003C\/a\u003E, it essentially yells out on the local network \"hey, anyone know an address for xyzzy?\"\u0026nbsp;\u003C\/span\u003E\u003Cbr \/\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003EThis sounds like a reasonable solution, but it invites abuse. If an adversary has a foothold on my network, they can either listen for and reply to common typos, or can actively interrupt the legitimate DNS and instead give their own answers. In either case, the adversary can provide fake addresses for servers and websites, \u003Ca href=\"https:\/\/www.sternsecurity.com\/blog\/local-network-attacks-llmnr-and-nbt-ns-poisoning\" target=\"_blank\"\u003Edirecting users to malicious places\u003C\/a\u003E (and possibly stealing usernames and passwords along the way).\u003C\/span\u003E\u003Cbr \/\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003EGenerally speaking, I recommend turning off LLMNR and NBNS, as well as using a \u003Ca href=\"https:\/\/github.com\/codeexpress\/respounder\" target=\"_blank\"\u003Etrusted DNS provider\u003C\/a\u003E that prevents access to known-malicious websites.\u003C\/span\u003E\u003Cbr \/\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003EToday I came across a slick way to use such malware's own behavior against it. LLMNR \"responder\" malware replies to requests with a bogus address, so they generally respond to *any* request. So \u003Ca href=\"https:\/\/github.com\/codeexpress\/respounder\" target=\"_blank\"\u003ERespounder\u003C\/a\u003E spits out bogus name requests and looks for responses.\u003C\/span\u003E"},"link":[{"rel":"edit","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/453833040802962523"},{"rel":"self","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/453833040802962523"},{"rel":"alternate","type":"text/html","href":"http:\/\/www.securityforrealpeople.com\/2018\/02\/using-malwares-own-behavior-against-it.html","title":"Using malware's own behavior against it"}],"author":[{"name":{"$t":"David"},"uri":{"$t":"http:\/\/www.blogger.com\/profile\/10169777669998745001"},"email":{"$t":"noreply@blogger.com"},"gd$image":{"rel":"http://schemas.google.com/g/2005#thumbnail","width":"16","height":"16","src":"https:\/\/img1.blogblog.com\/img\/b16-rounded.gif"}}]},{"id":{"$t":"tag:blogger.com,1999:blog-3911105790299130851.post-2228047809314456853"},"published":{"$t":"2017-11-09T21:14:00.000-06:00"},"updated":{"$t":"2017-11-09T21:14:53.095-06:00"},"category":[{"scheme":"http://www.blogger.com/atom/ns#","term":"Digital Forensics"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Tech Tips"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Weekend Projects"}],"title":{"type":"text","$t":"IR Toolkit"},"content":{"type":"html","$t":"\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003EIn 20 years of systems administration and incident response, there are a handful of tools I find myself coming back to over and over again. Naturally, the SysInternals suite is on the list, along with Wireshark and Didier Stevens PDF tools. I've also included portable installations of Python Some are useful for examining a system, others are useful for examining a suspicious file or attachment. So... I started a GitHub project to document my favorite free and\/or open-source tools.\u003C\/span\u003E\u003Cbr \/\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003EI'll bet my readers have some of their own favorites: by all means, please comment below, or submit a pull request on GitHub, and I'll update the list!\u003C\/span\u003E\u003Cbr \/\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\u003Cdiv style=\"text-align: center;\"\u003E\u003Cb\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif; font-size: large;\"\u003E\u003Ca href=\"https:\/\/github.com\/dnlongen\/IR-Toolkit\"\u003Ehttps:\/\/github.com\/dnlongen\/IR-Toolkit\u003C\/a\u003E\u003C\/span\u003E\u003C\/b\u003E\u003C\/div\u003E"},"link":[{"rel":"edit","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/2228047809314456853"},{"rel":"self","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/2228047809314456853"},{"rel":"alternate","type":"text/html","href":"http:\/\/www.securityforrealpeople.com\/2017\/11\/ir-toolkit.html","title":"IR Toolkit"}],"author":[{"name":{"$t":"David"},"uri":{"$t":"http:\/\/www.blogger.com\/profile\/10169777669998745001"},"email":{"$t":"noreply@blogger.com"},"gd$image":{"rel":"http://schemas.google.com/g/2005#thumbnail","width":"16","height":"16","src":"https:\/\/img1.blogblog.com\/img\/b16-rounded.gif"}}]},{"id":{"$t":"tag:blogger.com,1999:blog-3911105790299130851.post-1218583275466807819"},"published":{"$t":"2017-10-10T16:21:00.000-05:00"},"updated":{"$t":"2017-10-20T15:46:57.001-05:00"},"category":[{"scheme":"http://www.blogger.com/atom/ns#","term":"Bugs and Vulnerabilities"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Digital Forensics"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Malware"}],"title":{"type":"text","$t":"Exploiting Office native functionality: Word DDE edition"},"content":{"type":"html","$t":"\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\u003Cimg alt=\"Sensepost researchers show a way to exploit DDE to run code from Word, without macros or buffer overflows. Here\u0026#39;s how to detect it.\" border=\"0\" data-original-height=\"406\" data-original-width=\"640\" height=\"406\" src=\"https:\/\/2.bp.blogspot.com\/-CwUAVJkU7R4\/Wd03_v9vhCI\/AAAAAAAAUUk\/Ih0BFLdzANIk5bSrJtxoYCJchJRKI9FkACLcBGAs\/s640\/DDE-main.png\" title=\"Sensepost researchers show a way to exploit DDE to run code from Word, without macros or buffer overflows. Here\u0026#39;s how to detect it.\" width=\"640\"\u003E\u003C\/div\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cbr\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Ci\u003E\u003Cb\u003EUpdated 20 October:\u003C\/b\u003E Added a note regarding enabling full command line logging for process creation events; added a note clarifying that \u0026quot;Creator Process Name\u0026quot; is only recorded in Windows 10 and Windows Server 2016. Older versions of Windows record the creator process ID but not the process name; added references to a variety of exploitation techniques found by other researchers or seen in the wild.\u003C\/i\u003E\u003C\/span\u003E\u003Cbr\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Ci\u003E\u003Cbr\u003E\u003C\/i\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Ci\u003E\u003Cb\u003EUpdated 11 October\u003C\/b\u003E: I originally wrote that this exploit technique bypassed both disabled macros, and Protected View. That is incorrect: this technique will work if macros are disabled, but the code does not trigger while in Protected View. Thanks to Matt Nelson (\u003Ca href=\"https:\/\/twitter.com\/enigma0x3\" target=\"_blank\"\u003E@enigma0x3\u003C\/a\u003E) for pointing out my mistake.\u003C\/i\u003E\u003C\/span\u003E\u003Cbr\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cbr\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003EI love reading exploit techniques that rely on native features of the operating system or common applications. As an attacker, I find it diabolically clever to abuse features the target fully expects to be used and cannot turn off without disrupting business. As a defender, I am intrigued by the challenge of detecting malicious use of perfectly legitimate features.\u003C\/span\u003E\u003Cbr\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cbr\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003EResearchers Etienne Stalmans and Saif El-Shereisuch of Sensepost wrote of a slick way to execute code on a target computer using Microsoft Word - but \u003Ca href=\"https:\/\/sensepost.com\/blog\/2017\/macro-less-code-exec-in-msword\/\"\u003Ewithout the macros or buffer overflows\u003C\/a\u003E usually exploited to this end. Instead, they use dynamic data exchange, or DDE - an older technology once used for coding and automation within MS Office applications. This is particularly clever because it works even with macros disabled - because it\u0026#39;s not using the macro subsystem.\u003C\/span\u003E\u003Cbr\u003E\u003Ca href=\"http:\/\/www.securityforrealpeople.com\/2017\/10\/exploiting-office-native-functionality.html#more\"\u003ERead more »\u003C\/a\u003E"},"link":[{"rel":"edit","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/1218583275466807819"},{"rel":"self","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/1218583275466807819"},{"rel":"alternate","type":"text/html","href":"http:\/\/www.securityforrealpeople.com\/2017\/10\/exploiting-office-native-functionality.html","title":"Exploiting Office native functionality: Word DDE edition"}],"author":[{"name":{"$t":"David"},"uri":{"$t":"http:\/\/www.blogger.com\/profile\/10169777669998745001"},"email":{"$t":"noreply@blogger.com"},"gd$image":{"rel":"http://schemas.google.com/g/2005#thumbnail","width":"16","height":"16","src":"https:\/\/img1.blogblog.com\/img\/b16-rounded.gif"}}],"media$thumbnail":{"xmlns$media":"http://search.yahoo.com/mrss/","url":"https:\/\/2.bp.blogspot.com\/-CwUAVJkU7R4\/Wd03_v9vhCI\/AAAAAAAAUUk\/Ih0BFLdzANIk5bSrJtxoYCJchJRKI9FkACLcBGAs\/s72-c\/DDE-main.png","height":"72","width":"72"}},{"id":{"$t":"tag:blogger.com,1999:blog-3911105790299130851.post-5292633237540655617"},"published":{"$t":"2017-05-05T07:08:00.001-05:00"},"updated":{"$t":"2017-05-05T07:08:40.123-05:00"},"category":[{"scheme":"http://www.blogger.com/atom/ns#","term":"Digital Forensics"}],"title":{"type":"text","$t":"Hacking the SIEM"},"content":{"type":"html","$t":"\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003EDay 1 of \u003Ca href=\"https:\/\/bsidesaustin.com\/\" target=\"_blank\"\u003ESecurity B-Sides Austin\u003C\/a\u003E is in the books. One talk in particular stuck with me: \"Hack the SIEM\" by John Griggs of Meta Studios, Inc.\u003C\/span\u003E\u003Cbr \/\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003EYour SIEM is an aggregation of lots of data about your company - it contains information about endpoints, network controls, detective capabilities, and incidents. To an attacker, it is a gold mine of recon.\u003C\/span\u003E\u003Cbr \/\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003EJohn brought up a different point, one I had not considered: your Security Information and Event Management system, or SIEM, may also be the single pane of glass that your SOC relies on. If an attacker doesn't show up in the SIEM, your SOC may not be aware of the incident - even if the originating network control is squawking at the top of its lungs.\u003C\/span\u003E\u003Cbr \/\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003EErgo, an attacker doesn't have to cover all of its tracks - they only need to stop their actions from showing up in the SIEM. Sure, original logs will show the attacker's trail in the post-mortem, but depending on their objectives, avoiding real-time detection may be all the attacker needs.\u003C\/span\u003E\u003Cbr \/\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003EIs your SIEM locked down to prevent it from being used and abused by an attacker?\u003C\/span\u003E"},"link":[{"rel":"edit","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/5292633237540655617"},{"rel":"self","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/5292633237540655617"},{"rel":"alternate","type":"text/html","href":"http:\/\/www.securityforrealpeople.com\/2017\/05\/hacking-siem.html","title":"Hacking the SIEM"}],"author":[{"name":{"$t":"David"},"uri":{"$t":"http:\/\/www.blogger.com\/profile\/10169777669998745001"},"email":{"$t":"noreply@blogger.com"},"gd$image":{"rel":"http://schemas.google.com/g/2005#thumbnail","width":"16","height":"16","src":"https:\/\/img1.blogblog.com\/img\/b16-rounded.gif"}}]},{"id":{"$t":"tag:blogger.com,1999:blog-3911105790299130851.post-7784489203807958191"},"published":{"$t":"2017-03-15T22:51:00.000-05:00"},"updated":{"$t":"2017-03-21T18:08:21.032-05:00"},"category":[{"scheme":"http://www.blogger.com/atom/ns#","term":"Cyber Crime"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Digital Forensics"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Identity Theft"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Malware"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Phishing"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Practical Security"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Small Word Security"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Social Networks"}],"title":{"type":"text","$t":"Facebook Messenger phishing scam"},"content":{"type":"html","$t":"\u003Cdiv\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cimg alt=\"A phishing scam is using Facebook Messenger to spread, by telling your friends a video of them has gone viral.\" border=\"0\" src=\"https:\/\/2.bp.blogspot.com\/-JgkdlP3x-ik\/WMoDSkzf1HI\/AAAAAAAATNg\/7chjwFZk3p4F4-Crv_s10wKeV1foERhDwCK4B\/s1600\/FB_scam_lead.png\" title=\"A phishing scam is using Facebook Messenger to spread, by telling your friends a video of them has gone viral.\"\u003E\u003C\/span\u003E\u003C\/div\u003E\u003Cdiv\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cbr\u003E\u003C\/span\u003E\u003C\/div\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Ci\u003E\u003Cb\u003EUpdated 20-March:\u003C\/b\u003E My initial analysis was limited due to traveling without my laptop, and with unreliable data service. I\u0026#39;ve updated the post with a few additional domains to block, and to show the different behavior on mobile versus PC.\u003C\/i\u003E\u003C\/span\u003E\u003Cbr\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cbr\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003EThere’s a scam making the rounds on Facebook, making use of Facebook Messenger to spread. (Sysadmins, scroll to the bottom for a list of domains to block).\u003Cbr\u003E\u003Cbr\u003EIt starts when you receive a message from a friend, that simply says your name, with your profile picture designed to look like a preview of a video with hundreds of thousands of views. The implication is there is a “Facebook Video” of you that has gone viral.\u003C\/span\u003E\u003Cbr\u003E\u003Ca href=\"http:\/\/www.securityforrealpeople.com\/2017\/03\/facebook-messenger-phishing-scam.html#more\"\u003ERead more »\u003C\/a\u003E"},"link":[{"rel":"edit","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/7784489203807958191"},{"rel":"self","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/7784489203807958191"},{"rel":"alternate","type":"text/html","href":"http:\/\/www.securityforrealpeople.com\/2017\/03\/facebook-messenger-phishing-scam.html","title":"Facebook Messenger phishing scam"}],"author":[{"name":{"$t":"David"},"uri":{"$t":"http:\/\/www.blogger.com\/profile\/10169777669998745001"},"email":{"$t":"noreply@blogger.com"},"gd$image":{"rel":"http://schemas.google.com/g/2005#thumbnail","width":"16","height":"16","src":"https:\/\/img1.blogblog.com\/img\/b16-rounded.gif"}}],"media$thumbnail":{"xmlns$media":"http://search.yahoo.com/mrss/","url":"https:\/\/2.bp.blogspot.com\/-JgkdlP3x-ik\/WMoDSkzf1HI\/AAAAAAAATNg\/7chjwFZk3p4F4-Crv_s10wKeV1foERhDwCK4B\/s72-c\/FB_scam_lead.png","height":"72","width":"72"}},{"id":{"$t":"tag:blogger.com,1999:blog-3911105790299130851.post-4480438676170094689"},"published":{"$t":"2017-02-11T23:22:00.000-06:00"},"updated":{"$t":"2017-02-12T14:16:28.903-06:00"},"category":[{"scheme":"http://www.blogger.com/atom/ns#","term":"Cyber Crime"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Digital Forensics"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Malware"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Phishing"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Practical Security"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Small Word Security"}],"title":{"type":"text","$t":"Quick and dirty malicious PDF analysis"},"content":{"type":"html","$t":"\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cimg alt=\"Analyzing weird things forwarded by friends and family is a great way to keep my DFIR skills sharp.\" border=\"0\" height=\"315\" src=\"https:\/\/3.bp.blogspot.com\/-wBOH-JTS6s8\/WJ1FNiokhvI\/AAAAAAAATJQ\/ajnI4Y55CggMLWRwDvIHQB5BA-cdU2bcgCLcB\/s640\/deceptive%2Bsite%2B2.png\" title=\"Analyzing weird things forwarded by friends and family is a great way to keep my DFIR skills sharp.\" width=\"640\"\u003E\u003C\/span\u003E\u003C\/div\u003E\u003Cbr\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003EFriends and family regularly send me things they find suspicious or weird. Sometimes it turns out to be malicious, and other times perfectly fine, but I\u0026#39;m always glad to know I\u0026#39;ve instilled a proper degree of skepticism in my friends.\u003C\/span\u003E\u003Cbr\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cbr\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003EMy willingness to help has an ulterior motive: aside from the \u0026quot;herd immunity\u0026quot; that comes from helping those around me stay safe, analyzing weird things they see helps me keep my own skills sharp. It also can alert me to new or resurging threats, such as the \u003Ca href=\"https:\/\/www.securityforrealpeople.com\/2015\/10\/free-disney-world-tickets-nah-its.html\" target=\"_blank\"\u003EDisney theme park scams\u003C\/a\u003E so common around customary family travel periods.\u003C\/span\u003E\u003Cbr\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cbr\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003EToday\u0026#39;s story is about a phish. A simple phish, but one with lots of red flags to call out, and that called to my attention some new features Google introduced in Chrome last month. As with many phish, this one begins with an email. Nothing fancy, just a brief memo that a voice message has arrived.\u003C\/span\u003E\u003Cbr\u003E\u003Ca href=\"http:\/\/www.securityforrealpeople.com\/2017\/02\/quick-and-dirty-malicious-pdf-analysis.html#more\"\u003ERead more »\u003C\/a\u003E"},"link":[{"rel":"edit","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/4480438676170094689"},{"rel":"self","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/4480438676170094689"},{"rel":"alternate","type":"text/html","href":"http:\/\/www.securityforrealpeople.com\/2017\/02\/quick-and-dirty-malicious-pdf-analysis.html","title":"Quick and dirty malicious PDF analysis"}],"author":[{"name":{"$t":"David"},"uri":{"$t":"http:\/\/www.blogger.com\/profile\/10169777669998745001"},"email":{"$t":"noreply@blogger.com"},"gd$image":{"rel":"http://schemas.google.com/g/2005#thumbnail","width":"16","height":"16","src":"https:\/\/img1.blogblog.com\/img\/b16-rounded.gif"}}],"media$thumbnail":{"xmlns$media":"http://search.yahoo.com/mrss/","url":"https:\/\/3.bp.blogspot.com\/-wBOH-JTS6s8\/WJ1FNiokhvI\/AAAAAAAATJQ\/ajnI4Y55CggMLWRwDvIHQB5BA-cdU2bcgCLcB\/s72-c\/deceptive%2Bsite%2B2.png","height":"72","width":"72"}},{"id":{"$t":"tag:blogger.com,1999:blog-3911105790299130851.post-8694927679357614350"},"published":{"$t":"2017-01-17T19:02:00.000-06:00"},"updated":{"$t":"2017-01-17T19:32:50.758-06:00"},"category":[{"scheme":"http://www.blogger.com/atom/ns#","term":"Digital Forensics"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Tech Tips"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Weekend Projects"}],"title":{"type":"text","$t":"How to be your daughter's hero, DFIR edition"},"content":{"type":"html","$t":"\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\u003Cimg alt=\"Not only is digital forensics useful in cybersecurity, it can make you a hero in your daughter\u0026#39;s eyes!\" border=\"0\" src=\"https:\/\/2.bp.blogspot.com\/-Fc8IaZNBEbo\/WH62eU2bKZI\/AAAAAAAAS8A\/FCF0d5Q36VQFzlJsX2ZJ0d7oMtAoxT6_gCLcB\/s1600\/close-up-1684960_1920.jpg\" title=\"Not only is digital forensics useful in cybersecurity, it can make you a hero in your daughter\u0026#39;s eyes!\"\u003E\u003C\/div\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003C\/span\u003E\u003Cbr\u003E\u003Cdiv\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot;, arial, helvetica, sans-serif;\"\u003EEvery now and then, my day job pays dividends at home. Shortly before Christmas was one such occasion.\u003C\/span\u003E\u003C\/div\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cbr\u003EMy daughter (a foreign exchange student my family is hosting, but she quickly became a daughter to us) had just spent a weekend with a friend. The friend too was a foreign exchange student from the same country as my daughter, but was near the end of her exchange, and was soon to return to her their home country. My daughter had taken many pictures of their weekend together, and had uploaded them to the friend\u0026#39;s computer.\u003Cbr\u003E\u003Cbr\u003EAs is commonly the default, uploading the photos to the computer also deleted them from her camera.\u003Cbr\u003E\u003Cbr\u003EBy the time she discovered that, the friend had already begun her trek home. Several gigabytes of photos are not hard to transfer over WiFi or with a flash drive ... it\u0026#39;s a different story when all you have is a cellphone hotspot with a limited data plan, or a costly and rate-limited airport wireless service. \u003Cbr\u003E\u003Cbr\u003EMuch to my wife\u0026#39;s chagrin I am a sucker for my daughters\u0026#39; pleas for help. That holds true whether from the daughters born to my family or the daughter we are hosting. Just about any dad would say the same. Fortunately, one doesn\u0026#39;t spend twenty years in technology and digital forensics without learning a few tricks.\u003C\/span\u003E\u003Cbr\u003E\u003Ca href=\"http:\/\/www.securityforrealpeople.com\/2017\/01\/how-to-be-your-daughters-hero-dfir.html#more\"\u003ERead more »\u003C\/a\u003E"},"link":[{"rel":"edit","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/8694927679357614350"},{"rel":"self","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/8694927679357614350"},{"rel":"alternate","type":"text/html","href":"http:\/\/www.securityforrealpeople.com\/2017\/01\/how-to-be-your-daughters-hero-dfir.html","title":"How to be your daughter's hero, DFIR edition"}],"author":[{"name":{"$t":"David"},"uri":{"$t":"http:\/\/www.blogger.com\/profile\/10169777669998745001"},"email":{"$t":"noreply@blogger.com"},"gd$image":{"rel":"http://schemas.google.com/g/2005#thumbnail","width":"16","height":"16","src":"https:\/\/img1.blogblog.com\/img\/b16-rounded.gif"}}],"media$thumbnail":{"xmlns$media":"http://search.yahoo.com/mrss/","url":"https:\/\/2.bp.blogspot.com\/-Fc8IaZNBEbo\/WH62eU2bKZI\/AAAAAAAAS8A\/FCF0d5Q36VQFzlJsX2ZJ0d7oMtAoxT6_gCLcB\/s72-c\/close-up-1684960_1920.jpg","height":"72","width":"72"}},{"id":{"$t":"tag:blogger.com,1999:blog-3911105790299130851.post-504146438587945412"},"published":{"$t":"2016-08-25T12:49:00.001-05:00"},"updated":{"$t":"2016-09-02T10:40:08.798-05:00"},"category":[{"scheme":"http://www.blogger.com/atom/ns#","term":"Bugs and Vulnerabilities"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Cyber Crime"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Digital Forensics"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Practical Security"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Privacy"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Small Word Security"}],"title":{"type":"text","$t":"Apple releases iOS 9.3.5 to block a sophisticated iPhone spy technique"},"content":{"type":"html","$t":"\u003Ci\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cb\u003EUpdated 2 September:\u003C\/b\u003E\u0026nbsp;It turns out that the same vulnerabilities exist in OS X for MacBooks and iMacs, and can be used to run malicious programs with kernel (i.e. the highest level)\u0026nbsp;\u003C\/span\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003Eprivileges. Apple released updates for OS X Yosemite and OS X El Capital on September 1.\u0026nbsp;\u003C\/span\u003E\u003C\/i\u003E\u003Cbr \/\u003E\u003Ci\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\u003C\/i\u003E\u003Ci\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003EFor El Capitan, the fix is Security Update 2016-001.\u003C\/span\u003E\u003C\/i\u003E\u003Cbr \/\u003E\u003Ci\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003EFor Yosemite, the fix is Security Update 2016-005.\u003C\/span\u003E\u003C\/i\u003E\u003Cbr \/\u003E\u003Ci\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\u003C\/i\u003E\u003Ci\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003ETo check for Mac software updates, open the App Store app on your Mac, then click Updates in the toolbar. If updates are available, click the Update button to download and install them. If you don't have the App Store on your Mac, get OS X updates by choosing Software Update from the Apple menu.\u003C\/span\u003E\u003C\/i\u003E\u003Cbr \/\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Ci\u003E\u003Cb\u003E\u003Cbr \/\u003E\u003C\/b\u003E\u003C\/i\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Ci\u003E\u003Cb\u003EUpdated 26 August: \u003C\/b\u003EBrief update - here is a link to the original (and in-depth) \u003Ca href=\"https:\/\/citizenlab.org\/2016\/08\/million-dollar-dissident-iphone-zero-day-nso-group-uae\/\" target=\"_blank\"\u003Ereport by Citizen Lab\u003C\/a\u003E, the firm that identified the vulnerabilities and ferreted out the origin of the attack.\u003C\/i\u003E\u003C\/span\u003E\u003Cbr \/\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003EWhen a mobile phone provider sends you an update for your phone, it's usually a good idea to install it. Sometimes it's a better idea than others.\u003Cbr \/\u003E\u003Cbr \/\u003EThis is one of those times: Apple just released an update for iPhones, fixing three very serious bugs that together have been exploited in secret to spy on apparent Middle Eastern targets. Through the flaws, merely clicking on a link can \"jailbreak\" an iPhone - defeating the security measures Apple has built in and giving the attacker complete control of the device (and any private information on the device).\u003Cbr \/\u003E\u003Cbr \/\u003EYour iPhone will prompt you to update to iOS 9.3.5 very shortly. Do it.\u003Cbr \/\u003E\u003Cbr \/\u003EMotherboard has an article describing how the flaw was discovered and how it was being \u003Ca href=\"https:\/\/motherboard.vice.com\/read\/government-hackers-iphone-hacking-jailbreak-nso-group\" target=\"_blank\"\u003Eused to spy on individuals\u003C\/a\u003E.\u003C\/span\u003E\u003Cbr \/\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003EThe SANS Internet Storm Center has a \u003Ca href=\"https:\/\/isc.sans.edu\/forums\/diary\/OutofBand+iOS+Patch+Fixes+0Day+Vulnerabilities\/21409\/\" target=\"_blank\"\u003Econcise description of the three flaws\u003C\/a\u003E and how they work together to compromise a device.\u003Cbr \/\u003E\u003Cbr \/\u003EHere is Apple's\u0026nbsp;\u003Ca href=\"https:\/\/support.apple.com\/en-us\/HT207107\" target=\"_blank\"\u003Erelease bulletin for iOS\u003C\/a\u003E,\u0026nbsp;and Apple's \u003Ca href=\"https:\/\/support.apple.com\/en-us\/HT207130\" target=\"_blank\"\u003Erelease bulletin for OS X\u003C\/a\u003E.\u003C\/span\u003E\u003Cbr \/\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\u003Cbr \/\u003E\u003Ch4\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003EWhat do you need to do?\u003C\/span\u003E\u003C\/h4\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003EOpen your iPhone or iPad's Settings tool and go to General -\u0026gt; Software Update in your device's Settings app, or connect to iTunes on your Mac or PC. If you are running \u003Cb\u003EiOS 9.3.5\u003C\/b\u003E (the latest update as of this writing), your device will show that it is up-to-date. If you are running an older version, your device will show an update is available. Install it!\u003C\/span\u003E"},"link":[{"rel":"edit","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/504146438587945412"},{"rel":"self","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/504146438587945412"},{"rel":"alternate","type":"text/html","href":"http:\/\/www.securityforrealpeople.com\/2016\/08\/ios-935-install-it-now-to-block.html","title":"Apple releases iOS 9.3.5 to block a sophisticated iPhone spy technique"}],"author":[{"name":{"$t":"David"},"uri":{"$t":"http:\/\/www.blogger.com\/profile\/10169777669998745001"},"email":{"$t":"noreply@blogger.com"},"gd$image":{"rel":"http://schemas.google.com/g/2005#thumbnail","width":"16","height":"16","src":"https:\/\/img1.blogblog.com\/img\/b16-rounded.gif"}}]},{"id":{"$t":"tag:blogger.com,1999:blog-3911105790299130851.post-1444477584330633956"},"published":{"$t":"2016-05-03T09:07:00.001-05:00"},"updated":{"$t":"2017-01-18T22:37:39.771-06:00"},"category":[{"scheme":"http://www.blogger.com/atom/ns#","term":"Digital Forensics"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Password Management"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Phishing"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Practical Security"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Social Engineering"}],"title":{"type":"text","$t":"A devilishly simple phish"},"content":{"type":"html","$t":"\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cimg alt=\"A diabolically simple phish, the message claims an error prevented from the message from loading, and you must click the link to see the real message.\" border=\"0\" src=\"https:\/\/4.bp.blogspot.com\/-s16pbf1x7OA\/Vs9q_GlH5zI\/AAAAAAAAOEU\/9WArfiTy4Nc\/s1600\/Keep-This-Secret.jpg\" title=\"A diabolically simple phish, the message claims an error prevented from the message from loading, and you must click the link to see the real message.\"\u003E\u003C\/span\u003E\u003C\/div\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cbr\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Ci\u003EI\u0026#39;ve had this post half-written for a couple of months, and in the interim received two more phishing emails following the same pattern. Over the weekend, a peer in the security industry mentioned he had received a phishing scam that followed this pattern but in a more carefully-crafted package tailored to look like an important message from the president of his actual homeowners\u0026#39; association. \u003Ca href=\"https:\/\/twitter.com\/GRC_Ninja\" target=\"_blank\"\u003E@GRC_Ninja\u003C\/a\u003E has a \u003Ca href=\"http:\/\/www.osint.fail\/2016\/05\/01\/howd-they-know-privatedetails\/\" target=\"_blank\"\u003Egreat write-up of that particular event\u003C\/a\u003E, with some sage advice from an employer\u0026#39;s perspective. What follows is my advice from a consumer perspective, and then a dive into the weeds.\u003C\/i\u003E\u003C\/span\u003E\u003Cbr\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cbr\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003ESome phishing approaches are \u003Ca href=\"https:\/\/www.securityforrealpeople.com\/2014\/05\/anatomy-of-phish.html\" target=\"_blank\"\u003Ecarefully crafted\u003C\/a\u003E, highly targeted, and nigh impossible to recognize as evil. Some phishing approaches are ridiculously lame and \u003Ca href=\"https:\/\/www.securityforrealpeople.com\/2011\/08\/lame-social-engineering-attempt-i.html\" target=\"_blank\"\u003Edownright silly\u003C\/a\u003E. And then there is this, from the email account of someone I do know and correspond with. Devilishly simple, and yet entirely believable, who wouldn\u0026#39;t click on the link to see what the actual message is?\u003C\/span\u003E\u003Cbr\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cbr\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003EThe email appears to be something that Yahoo! Mail could not display in the normal reader window, and which you must open into its own window in order to read. The \u0026quot;error message\u0026quot; at the bottom lends credibility to the scam. Those with digital rights management on their business email might even be used to messages that cannot render in the standard email reader.\u003C\/span\u003E\u003Cbr\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cbr\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003EDespite appearances though, this is a fake, a fake for which the three best defenses are \u003C\/span\u003E\u003Cbr\u003E\u003Cbr\u003E\u003Col\u003E\u003Cli\u003E\u003Cspan style=\"font-family: \u0026#39;helvetica neue\u0026#39;, arial, helvetica, sans-serif;\"\u003EA password manager such as \u003C\/span\u003E\u003Ca href=\"https:\/\/lastpass.com\/\" style=\"font-family: \u0026#39;helvetica neue\u0026#39;, arial, helvetica, sans-serif;\" target=\"_blank\"\u003ELastPass\u003C\/a\u003E\u003Cspan style=\"font-family: \u0026#39;helvetica neue\u0026#39;, arial, helvetica, sans-serif;\"\u003E or \u003C\/span\u003E\u003Ca href=\"https:\/\/1password.com\/\" style=\"font-family: \u0026#39;helvetica neue\u0026#39;, arial, helvetica, sans-serif;\" target=\"_blank\"\u003E1Password\u003C\/a\u003E\u003Cspan style=\"font-family: \u0026#39;helvetica neue\u0026#39;, arial, helvetica, sans-serif;\"\u003E that recognizes website domains and will not enter your password into a fake login screen; \u003C\/span\u003E\u003C\/li\u003E\u003Cli\u003E\u003Ca href=\"https:\/\/www.securityforrealpeople.com\/2015\/10\/grog-and-narg-teach-two-factor.html\" style=\"font-family: \u0026#39;helvetica neue\u0026#39;, arial, helvetica, sans-serif;\" target=\"_blank\"\u003ETwo-factor authentication\u003C\/a\u003E\u003Cspan style=\"font-family: \u0026#39;helvetica neue\u0026#39;, arial, helvetica, sans-serif;\"\u003E such that if a scammer does get your password, they still cannot log in without also having your device; and\u003C\/span\u003E\u003C\/li\u003E\u003Cli\u003E\u003Cspan style=\"font-family: \u0026#39;helvetica neue\u0026#39;, arial, helvetica, sans-serif;\"\u003EA \u003C\/span\u003E\u003Ca href=\"https:\/\/www.securityforrealpeople.com\/2015\/10\/dns-simple-way-to-stop-malicious-web.html\" style=\"font-family: \u0026#39;helvetica neue\u0026#39;, arial, helvetica, sans-serif;\" target=\"_blank\"\u003EDNS resolver such as OpenDNS\u003C\/a\u003E\u003Cspan style=\"font-family: \u0026#39;helvetica neue\u0026#39;, arial, helvetica, sans-serif;\"\u003E, that recognizes scam domains and prevents your browser from going there.\u003C\/span\u003E\u003C\/li\u003E\u003C\/ol\u003E\u003Ca href=\"http:\/\/www.securityforrealpeople.com\/2016\/05\/a-devilishly-simple-phish.html#more\"\u003ERead more »\u003C\/a\u003E"},"link":[{"rel":"edit","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/1444477584330633956"},{"rel":"self","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/1444477584330633956"},{"rel":"alternate","type":"text/html","href":"http:\/\/www.securityforrealpeople.com\/2016\/05\/a-devilishly-simple-phish.html","title":"A devilishly simple phish"}],"author":[{"name":{"$t":"David"},"uri":{"$t":"http:\/\/www.blogger.com\/profile\/10169777669998745001"},"email":{"$t":"noreply@blogger.com"},"gd$image":{"rel":"http://schemas.google.com/g/2005#thumbnail","width":"16","height":"16","src":"https:\/\/img1.blogblog.com\/img\/b16-rounded.gif"}}],"media$thumbnail":{"xmlns$media":"http://search.yahoo.com/mrss/","url":"https:\/\/4.bp.blogspot.com\/-s16pbf1x7OA\/Vs9q_GlH5zI\/AAAAAAAAOEU\/9WArfiTy4Nc\/s72-c\/Keep-This-Secret.jpg","height":"72","width":"72"}},{"id":{"$t":"tag:blogger.com,1999:blog-3911105790299130851.post-8959096609636373946"},"published":{"$t":"2016-02-07T21:28:00.000-06:00"},"updated":{"$t":"2017-01-13T22:38:41.728-06:00"},"category":[{"scheme":"http://www.blogger.com/atom/ns#","term":"Asus"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Bugs and Vulnerabilities"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Digital Forensics"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Home Network Security"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Practical Security"}],"title":{"type":"text","$t":"Poor UX leads to poorly secured SoHo routers"},"content":{"type":"html","$t":"\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\u003Cimg border=\"0\" src=\"https:\/\/4.bp.blogspot.com\/-jYDVYHKs6VI\/VrFdxn7qigI\/AAAAAAAANwg\/5eA6kLGtLQM\/s1600\/shodan-banner.jpg\"\u003E\u003C\/div\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cbr\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Ci\u003EI typically do not disclose vulnerabilities when I know the vendor is working on a solution. In this case however, there is a very easy and reliable workaround available: enable the firewall \u003Cu\u003Ein addition to\u003C\/u\u003E disabling web access from the WAN.\u003C\/i\u003E\u003C\/span\u003E\u003Cbr\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cbr\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003EAsus makes consumer wireless routers - so-called \u0026quot;SoHo\u0026quot; or Small Office \/ Home Office devices. The intended purchasers are homeowners and small businesses that don\u0026#39;t want to invest in commercial-grade equipment or the professional IT staff to manage it, but still want higher-end features and reasonable security.\u003C\/span\u003E\u003Cbr\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cbr\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003EAlas Asus goofed in their design, making it easy for owners to think they have properly secured their router and yet still be vulnerable to an Internet attacker. In fact, over 135,000 Asus wireless routers can be logged into from the Internet - over 15,000 of which the owners took the time to secure properly (or so they thought).\u003C\/span\u003E\u003Cbr\u003E\u003Ca href=\"http:\/\/www.securityforrealpeople.com\/2016\/02\/poor-ux-leads-to-poorly-secured-soho.html#more\"\u003ERead more »\u003C\/a\u003E"},"link":[{"rel":"edit","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/8959096609636373946"},{"rel":"self","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/8959096609636373946"},{"rel":"alternate","type":"text/html","href":"http:\/\/www.securityforrealpeople.com\/2016\/02\/poor-ux-leads-to-poorly-secured-soho.html","title":"Poor UX leads to poorly secured SoHo routers"}],"author":[{"name":{"$t":"David"},"uri":{"$t":"http:\/\/www.blogger.com\/profile\/10169777669998745001"},"email":{"$t":"noreply@blogger.com"},"gd$image":{"rel":"http://schemas.google.com/g/2005#thumbnail","width":"16","height":"16","src":"https:\/\/img1.blogblog.com\/img\/b16-rounded.gif"}}],"media$thumbnail":{"xmlns$media":"http://search.yahoo.com/mrss/","url":"https:\/\/4.bp.blogspot.com\/-jYDVYHKs6VI\/VrFdxn7qigI\/AAAAAAAANwg\/5eA6kLGtLQM\/s72-c\/shodan-banner.jpg","height":"72","width":"72"}},{"id":{"$t":"tag:blogger.com,1999:blog-3911105790299130851.post-5661391961711621503"},"published":{"$t":"2016-01-19T08:04:00.001-06:00"},"updated":{"$t":"2017-01-14T19:45:45.186-06:00"},"category":[{"scheme":"http://www.blogger.com/atom/ns#","term":"Asus"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Digital Forensics"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Home Network Security"}],"title":{"type":"text","$t":"Administrator logout flaw in ASUS wireless routers"},"content":{"type":"html","$t":"\u003Cdiv\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003EASUS wireless routers have an optional feature to log the administrator out after a period of time. That feature was implemented in April 2014, in firmware 3.0.0.4.374_5656, in response to input I gave to their engineering team while correcting a \u003Ca href=\"https:\/\/www.securityforrealpeople.com\/2014\/04\/CVE-2014-2719-Asus-RT-Password-Disclosure.html\" target=\"_blank\"\u003Epreviously reported flaw\u003C\/a\u003E. Prior to then, if you logged into the router administration UI and did not explicitly log out, your session remained active forever.\u003C\/span\u003E\u003C\/div\u003E\u003Cdiv\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Cbr\u003E\u003C\/span\u003E\u003C\/div\u003E\u003Cdiv\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003EWhile there are scenarios where you might want to keep a logged in session, remaining logged in makes it possible for a malicious hacker to use that session by tricking you into clicking a link. Researcher Bogdan Calin \u003Ca href=\"http:\/\/www.acunetix.com\/blog\/web-security-zone\/the-email-that-hacks-you\/\" target=\"_blank\"\u003Edescribes this sort of attack\u003C\/a\u003E in a post he wrote a few years ago. His demo relies on guessing the admin password, but that is not necessary if you are already logged in.\u003C\/span\u003E\u003C\/div\u003E\u003Cdiv style=\"font-family: \u0026#39;Helvetica Neue\u0026#39;, Arial, Helvetica, sans-serif;\"\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Cbr\u003E\u003C\/span\u003E\u003C\/div\u003E\u003Cdiv style=\"font-family: \u0026#39;Helvetica Neue\u0026#39;, Arial, Helvetica, sans-serif;\"\u003EThe aforementioned firmware added an optional auto logout feature, so problem solved, right?\u003C\/div\u003E\u003Cdiv style=\"font-family: \u0026#39;Helvetica Neue\u0026#39;, Arial, Helvetica, sans-serif;\"\u003E\u003Cbr\u003E\u003C\/div\u003E\u003Cdiv style=\"font-family: \u0026#39;Helvetica Neue\u0026#39;, Arial, Helvetica, sans-serif;\"\u003EWell, not entirely.\u003Cbr\u003E\u003C\/div\u003E\u003Ca href=\"http:\/\/www.securityforrealpeople.com\/2016\/01\/administrator-logout-flaw-in-asus.html#more\"\u003ERead more »\u003C\/a\u003E"},"link":[{"rel":"edit","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/5661391961711621503"},{"rel":"self","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/5661391961711621503"},{"rel":"alternate","type":"text/html","href":"http:\/\/www.securityforrealpeople.com\/2016\/01\/administrator-logout-flaw-in-asus.html","title":"Administrator logout flaw in ASUS wireless routers"}],"author":[{"name":{"$t":"David"},"uri":{"$t":"http:\/\/www.blogger.com\/profile\/10169777669998745001"},"email":{"$t":"noreply@blogger.com"},"gd$image":{"rel":"http://schemas.google.com/g/2005#thumbnail","width":"16","height":"16","src":"https:\/\/img1.blogblog.com\/img\/b16-rounded.gif"}}],"media$thumbnail":{"xmlns$media":"http://search.yahoo.com/mrss/","url":"https:\/\/1.bp.blogspot.com\/-dh0fxjxF1oY\/VplSDZCD-bI\/AAAAAAAANKA\/z5sqHSHbdbY\/s72-c\/asus-autologout.jpg","height":"72","width":"72"}},{"id":{"$t":"tag:blogger.com,1999:blog-3911105790299130851.post-1908187931386688317"},"published":{"$t":"2016-01-12T08:09:00.000-06:00"},"updated":{"$t":"2017-01-16T20:33:50.034-06:00"},"category":[{"scheme":"http://www.blogger.com/atom/ns#","term":"Bugs and Vulnerabilities"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Digital Forensics"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Faith Family \u0026 Fun"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Hacking"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Internet of Things"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Weekend Projects"}],"title":{"type":"text","$t":"Gnome in Your Home Conclusion: Meet the Villain"},"content":{"type":"html","$t":"\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\u003Ca href=\"https:\/\/1.bp.blogspot.com\/-OTrGRM31PtA\/VoWcfGCDohI\/AAAAAAAANCY\/ZiQpUx0U4y8\/s1600\/logo7.png\" imageanchor=\"1\" style=\"margin-left: 1em; margin-right: 1em;\"\u003E\u003Cimg alt=\"Pwning each of the SuperGnomes in the 2015 SANS Holiday Hack challenge.\" border=\"0\" height=\"309\" src=\"https:\/\/1.bp.blogspot.com\/-OTrGRM31PtA\/VoWcfGCDohI\/AAAAAAAANCY\/ZiQpUx0U4y8\/s640\/logo7.png\" title=\"Pwning each of the SuperGnomes in the 2015 SANS Holiday Hack challenge.\" width=\"640\"\u003E\u003C\/a\u003E\u003C\/div\u003E\u003Cdiv\u003E\u003Cbr\u003E\u003C\/div\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif; font-size: x-small;\"\u003E\u003Ci\u003EThis is the last of a multi-part series describing my approach to solving the 2015 SANS Holiday Hacking Challenge. After reading, try your hand at the challenges at \u003Ca href=\"https:\/\/holidayhackchallenge.com\/\"\u003EHolidayHackChallenge.com\u003C\/a\u003E!\u003C\/i\u003E\u003C\/span\u003E\u003Cbr\u003E\u003Cul\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif; font-size: x-small;\"\u003E\u003Ci\u003E\u003Cli\u003E\u003Ca href=\"https:\/\/www.securityforrealpeople.com\/2016\/01\/gnome-in-your-home-prelude-quest.html\"\u003EPrelude: The Quest\u003C\/a\u003E\u003C\/li\u003E\u003Cli\u003E\u003Ca href=\"https:\/\/www.securityforrealpeople.com\/2016\/01\/gnome-in-your-home-part-one-wireless.html\" target=\"_blank\"\u003EPart One: Wireless Packet Analysis\u003C\/a\u003E\u003C\/li\u003E\u003Cli\u003E\u003Ca href=\"https:\/\/www.securityforrealpeople.com\/2016\/01\/gnome-in-your-home-part-two-firmware.html\" target=\"_blank\"\u003EPart Two: Firmware Analysis\u003C\/a\u003E\u003C\/li\u003E\u003Cli\u003E\u003Ca href=\"https:\/\/www.securityforrealpeople.com\/2016\/01\/gnome-in-your-home-part-three-hunting.html\" target=\"_blank\"\u003EPart Three: Hunting Gnomes with Shodan\u003C\/a\u003E\u003C\/li\u003E\u003Cli\u003E\u003Ca href=\"https:\/\/www.securityforrealpeople.com\/2016\/01\/gnome-in-your-home-part-four-pwning.html\" target=\"_blank\"\u003EPart Four: Global Pwnage\u003C\/a\u003E\u003C\/li\u003E\u003Cul\u003E\u003Cli\u003ESuperGnome 1: Password Reuse\u003C\/li\u003E\u003Cli\u003ESuperGnome 2: Local File Inclusion, Path Traversal\u003C\/li\u003E\u003Cli\u003ESuperGnome 3: NoSQL Injection\u003C\/li\u003E\u003Cli\u003ESuperGnome 4: Server-Side JavaScript Injection\u003C\/li\u003E\u003Cli\u003ESuperGnome 5: \u003C\/li\u003E\u003C\/ul\u003E\u003Cli\u003E\u003Cb\u003EPart Five: Meet the Villain\u003C\/b\u003E\u003C\/li\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif; font-size: x-small;\"\u003E\u003Ci\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif; font-size: x-small;\"\u003E\u003Ci\u003E\u003Cli\u003E\u003Ca href=\"https:\/\/www.securityforrealpeople.com\/p\/gnome-in-your-home-complete-solution.html\" target=\"_blank\"\u003EOr read the entire solution in one LONG page\u003C\/a\u003E\u003C\/li\u003E\u003C\/i\u003E\u003C\/span\u003E\u003C\/i\u003E\u003C\/span\u003E\u003C\/i\u003E\u003C\/span\u003E\u003C\/ul\u003E\u003Cbr\u003E\u003Cdiv\u003E\u003Cdiv\u003E\u003Cbr\u003E\u003Ch3\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif; font-size: small;\"\u003EPart Five: Sinister Plot and Attribution\u003C\/span\u003E\u003C\/h3\u003E\u003C\/div\u003E\u003Col start=\"9\"\u003E\u003Cli\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003EBased on evidence you recover from the SuperGnomes’ packet capture ZIP files and any staticky images you find, what is the nefarious plot of ATNAS Corporation?\u003Cbr\u003E\u003Cbr\u003E\u003C\/span\u003E\u003C\/li\u003E\u003Cli\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003EWho is the villain behind the nefarious plot.\u003C\/span\u003E\u003C\/li\u003E\u003C\/ol\u003E\u003Cdiv\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003EPrior to launching the challenge in early December, the website showed a clue: \u0026quot;1957 was only the beginning.\u0026quot; This being a Christmas-themed event, something immediately came to mind. Dr. Seuss wrote \u0026quot;How the Grinch Stole Christmas\u0026quot; in 1957, so through the first couple of SuperGnomes, I was pretty sure the villain was The Grinch. Upon cracking SuperGnome 04 though, I busted up laughing when the real villain appeared.\u003C\/span\u003E\u003Cbr\u003E\u003C\/div\u003E\u003C\/div\u003E\u003Ca href=\"http:\/\/www.securityforrealpeople.com\/2016\/01\/gnome-in-your-home-conclusion-meet.html#more\"\u003ERead more »\u003C\/a\u003E"},"link":[{"rel":"edit","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/1908187931386688317"},{"rel":"self","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/1908187931386688317"},{"rel":"alternate","type":"text/html","href":"http:\/\/www.securityforrealpeople.com\/2016\/01\/gnome-in-your-home-conclusion-meet.html","title":"Gnome in Your Home Conclusion: Meet the Villain"}],"author":[{"name":{"$t":"David"},"uri":{"$t":"http:\/\/www.blogger.com\/profile\/10169777669998745001"},"email":{"$t":"noreply@blogger.com"},"gd$image":{"rel":"http://schemas.google.com/g/2005#thumbnail","width":"16","height":"16","src":"https:\/\/img1.blogblog.com\/img\/b16-rounded.gif"}}],"media$thumbnail":{"xmlns$media":"http://search.yahoo.com/mrss/","url":"https:\/\/1.bp.blogspot.com\/-OTrGRM31PtA\/VoWcfGCDohI\/AAAAAAAANCY\/ZiQpUx0U4y8\/s72-c\/logo7.png","height":"72","width":"72"}},{"id":{"$t":"tag:blogger.com,1999:blog-3911105790299130851.post-8719223089515334098"},"published":{"$t":"2016-01-11T07:23:00.000-06:00"},"updated":{"$t":"2017-01-16T20:31:01.467-06:00"},"category":[{"scheme":"http://www.blogger.com/atom/ns#","term":"Bugs and Vulnerabilities"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Digital Forensics"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Faith Family \u0026 Fun"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Hacking"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Internet of Things"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Weekend Projects"}],"title":{"type":"text","$t":"Gnome in Your Home Part Four: Pwning the SuperGnomes"},"content":{"type":"html","$t":"\u003Cdiv\u003E\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\u003Ca href=\"https:\/\/1.bp.blogspot.com\/-OTrGRM31PtA\/VoWcfGCDohI\/AAAAAAAANCY\/ZiQpUx0U4y8\/s1600\/logo7.png\" imageanchor=\"1\" style=\"margin-left: 1em; margin-right: 1em;\"\u003E\u003Cimg alt=\"Pwning each of the SuperGnomes in the 2015 SANS Holiday Hack challenge.\" border=\"0\" height=\"309\" src=\"https:\/\/1.bp.blogspot.com\/-OTrGRM31PtA\/VoWcfGCDohI\/AAAAAAAANCY\/ZiQpUx0U4y8\/s640\/logo7.png\" title=\"Pwning each of the SuperGnomes in the 2015 SANS Holiday Hack challenge.\" width=\"640\"\u003E\u003C\/a\u003E\u003C\/div\u003E\u003Cdiv\u003E\u003Cbr\u003E\u003C\/div\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif; font-size: x-small;\"\u003E\u003Ci\u003EThis is one of a multi-part series describing my approach to solving the 2015 SANS Holiday Hacking Challenge; watch \u003Ca href=\"https:\/\/securityforrealpeople.com\/\"\u003ESecurityForRealPeople.com\u003C\/a\u003E over the next few days as solutions for each challenge are published. After reading, try your hand at the challenges at \u003Ca href=\"https:\/\/holidayhackchallenge.com\/\"\u003EHolidayHackChallenge.com\u003C\/a\u003E!\u003C\/i\u003E\u003C\/span\u003E\u003Cbr\u003E\u003Cul\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif; font-size: x-small;\"\u003E\u003Ci\u003E\u003Cli\u003E\u003Ca href=\"https:\/\/www.securityforrealpeople.com\/2016\/01\/gnome-in-your-home-prelude-quest.html\"\u003EPrelude: The Quest\u003C\/a\u003E\u003C\/li\u003E\u003Cli\u003E\u003Ca href=\"https:\/\/www.securityforrealpeople.com\/2016\/01\/gnome-in-your-home-part-one-wireless.html\" target=\"_blank\"\u003EPart One: Wireless Packet Analysis\u003C\/a\u003E\u003C\/li\u003E\u003Cli\u003E\u003Ca href=\"https:\/\/www.securityforrealpeople.com\/2016\/01\/gnome-in-your-home-part-two-firmware.html\" target=\"_blank\"\u003EPart Two: Firmware Analysis\u003C\/a\u003E\u003C\/li\u003E\u003Cli\u003E\u003Ca href=\"https:\/\/www.securityforrealpeople.com\/2016\/01\/gnome-in-your-home-part-three-hunting.html\" target=\"_blank\"\u003EPart Three: Hunting Gnomes with Shodan\u003C\/a\u003E\u003C\/li\u003E\u003Cli\u003E\u003Cb\u003EPart Four: Global Pwnage\u003C\/b\u003E\u003C\/li\u003E\u003Cul\u003E\u003Cli\u003ESuperGnome 1: Password Reuse\u003C\/li\u003E\u003Cli\u003ESuperGnome 2: Local File Inclusion, Path Traversal\u003C\/li\u003E\u003Cli\u003ESuperGnome 3: NoSQL Injection\u003C\/li\u003E\u003Cli\u003ESuperGnome 4: Server-Side JavaScript Injection\u003C\/li\u003E\u003Cli\u003ESuperGnome 5:\u003C\/li\u003E\u003C\/ul\u003E\u003Cli\u003E\u003Ca href=\"https:\/\/www.securityforrealpeople.com\/2016\/01\/gnome-in-your-home-conclusion-meet.html\" target=\"_blank\"\u003EPart Five: Meet the Villain\u003C\/a\u003E\u003C\/li\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif; font-size: x-small;\"\u003E\u003Ci\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif; font-size: x-small;\"\u003E\u003Ci\u003E\u003Cli\u003E\u003Ca href=\"https:\/\/www.securityforrealpeople.com\/p\/gnome-in-your-home-complete-solution.html\" target=\"_blank\"\u003EOr read the entire solution in one LONG page\u003C\/a\u003E\u003C\/li\u003E\u003C\/i\u003E\u003C\/span\u003E\u003C\/i\u003E\u003C\/span\u003E\u003C\/i\u003E\u003C\/span\u003E\u003C\/ul\u003E\u003Ch3\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif; font-size: small;\"\u003E\u003Cbr\u003E\u003C\/span\u003E\u003C\/h3\u003E\u003Ch3\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif; font-size: small;\"\u003EPart Four: Gnomage Pwnage\u003C\/span\u003E\u003C\/h3\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Cbr\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003EChallenges:\u003C\/span\u003E\u003Cbr\u003E\u003Col start=\"7\"\u003E\u003Cli\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003EPlease describe the vulnerabilities you discovered in the Gnome firmware.\u003C\/span\u003E\u003C\/li\u003E\u003Cli\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003EAttempt to remotely exploit each of the SuperGnomes. Describe the technique you used to gain access to each SuperGnome’s gnome.conf file.\u003C\/span\u003E\u003C\/li\u003E\u003C\/ol\u003E\u003Cdiv\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003EUseful tools: \u003Ca href=\"https:\/\/portswigger.net\/burp\/\" target=\"_blank\"\u003EBurp Suite\u003C\/a\u003E, \u003Ca href=\"https:\/\/www.wireshark.org\/\" target=\"_blank\"\u003EWireshark\u003C\/a\u003E\u003C\/span\u003E\u003C\/div\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Cbr\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003EEach superGnome had a different vulnerability to exploit, and a different way to obtain the gnome.conf flag file. The first four required manipulating web form inputs to make use of foolish design decisions in the web interface. The last one took a different sort of expertise.\u003C\/span\u003E\u003Cbr\u003E\u003C\/div\u003E\u003Ca href=\"http:\/\/www.securityforrealpeople.com\/2016\/01\/gnome-in-your-home-part-four-pwning.html#more\"\u003ERead more »\u003C\/a\u003E"},"link":[{"rel":"edit","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/8719223089515334098"},{"rel":"self","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/8719223089515334098"},{"rel":"alternate","type":"text/html","href":"http:\/\/www.securityforrealpeople.com\/2016\/01\/gnome-in-your-home-part-four-pwning.html","title":"Gnome in Your Home Part Four: Pwning the SuperGnomes"}],"author":[{"name":{"$t":"David"},"uri":{"$t":"http:\/\/www.blogger.com\/profile\/10169777669998745001"},"email":{"$t":"noreply@blogger.com"},"gd$image":{"rel":"http://schemas.google.com/g/2005#thumbnail","width":"16","height":"16","src":"https:\/\/img1.blogblog.com\/img\/b16-rounded.gif"}}],"media$thumbnail":{"xmlns$media":"http://search.yahoo.com/mrss/","url":"https:\/\/1.bp.blogspot.com\/-OTrGRM31PtA\/VoWcfGCDohI\/AAAAAAAANCY\/ZiQpUx0U4y8\/s72-c\/logo7.png","height":"72","width":"72"}},{"id":{"$t":"tag:blogger.com,1999:blog-3911105790299130851.post-188984184277829678"},"published":{"$t":"2016-01-08T08:10:00.000-06:00"},"updated":{"$t":"2017-01-16T20:23:55.335-06:00"},"category":[{"scheme":"http://www.blogger.com/atom/ns#","term":"Bugs and Vulnerabilities"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Digital Forensics"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Faith Family \u0026 Fun"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Hacking"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Internet of Things"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Weekend Projects"}],"title":{"type":"text","$t":"Gnome in Your Home Part Three: Hunting Gnomes with Shodan"},"content":{"type":"html","$t":"\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\u003Ca href=\"https:\/\/1.bp.blogspot.com\/-OTrGRM31PtA\/VoWcfGCDohI\/AAAAAAAANCY\/ZiQpUx0U4y8\/s1600\/logo7.png\" imageanchor=\"1\" style=\"margin-left: 1em; margin-right: 1em;\"\u003E\u003Cimg alt=\"Part Three of the SANS Holiday Hack challenges is best solved using Shodan: a search engine for Internet-connected devices.\" border=\"0\" height=\"309\" src=\"https:\/\/1.bp.blogspot.com\/-OTrGRM31PtA\/VoWcfGCDohI\/AAAAAAAANCY\/ZiQpUx0U4y8\/s640\/logo7.png\" title=\"Part Three of the SANS Holiday Hack challenges is best solved using Shodan: a search engine for Internet-connected devices.\" width=\"640\"\u003E\u003C\/a\u003E\u003C\/div\u003E\u003Cdiv\u003E\u003Cbr\u003E\u003C\/div\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif; font-size: x-small;\"\u003E\u003Ci\u003EThis is one of a multi-part series describing my approach to solving the 2015 SANS Holiday Hacking Challenge; watch \u003Ca href=\"https:\/\/securityforrealpeople.com\/\"\u003ESecurityForRealPeople.com\u003C\/a\u003E over the next few days as solutions for each challenge are published. After reading, try your hand at the challenges at \u003Ca href=\"https:\/\/holidayhackchallenge.com\/\"\u003EHolidayHackChallenge.com\u003C\/a\u003E!\u003Cbr\u003E\u003C\/i\u003E\u003C\/span\u003E\u003Cbr\u003E\u003Cul\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif; font-size: x-small;\"\u003E\u003Ci\u003E\u003Cli\u003E\u003Ca href=\"https:\/\/www.securityforrealpeople.com\/2016\/01\/gnome-in-your-home-prelude-quest.html\"\u003EPrelude: The Quest\u003C\/a\u003E\u003C\/li\u003E\u003Cli\u003E\u003Ca href=\"https:\/\/www.securityforrealpeople.com\/2016\/01\/gnome-in-your-home-part-one-wireless.html\" target=\"_blank\"\u003EPart One: Wireless Packet Analysis\u003C\/a\u003E\u003C\/li\u003E\u003Cli\u003E\u003Ca href=\"https:\/\/www.securityforrealpeople.com\/2016\/01\/gnome-in-your-home-part-two-firmware.html\" target=\"_blank\"\u003EPart Two: Firmware Analysis\u003C\/a\u003E\u003C\/li\u003E\u003Cli\u003E\u003Cb\u003EPart Three: Hunting Gnomes with Shodan\u003C\/b\u003E\u003C\/li\u003E\u003Cli\u003E\u003Ca href=\"https:\/\/www.securityforrealpeople.com\/2016\/01\/gnome-in-your-home-part-four-pwning.html\" target=\"_blank\"\u003EPart Four: Global Pwnage\u003C\/a\u003E\u003C\/li\u003E\u003Cul\u003E\u003Cli\u003ESuperGnome 1: Password Reuse\u003C\/li\u003E\u003Cli\u003ESuperGnome 2: Local File Inclusion, Path Traversal\u003C\/li\u003E\u003Cli\u003ESuperGnome 3: NoSQL Injection\u003C\/li\u003E\u003Cli\u003ESuperGnome 4: Server-Side JavaScript Injection\u003C\/li\u003E\u003Cli\u003ESuperGnome 5:\u003C\/li\u003E\u003C\/ul\u003E\u003Cli\u003E\u003Ca href=\"https:\/\/www.securityforrealpeople.com\/2016\/01\/gnome-in-your-home-conclusion-meet.html\" target=\"_blank\"\u003EPart Five: Meet the Villain\u003C\/a\u003E\u003C\/li\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif; font-size: x-small;\"\u003E\u003Ci\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif; font-size: x-small;\"\u003E\u003Ci\u003E\u003Cli\u003E\u003Ca href=\"https:\/\/www.securityforrealpeople.com\/p\/gnome-in-your-home-complete-solution.html\" target=\"_blank\"\u003EOr read the entire solution in one LONG page\u003C\/a\u003E\u003C\/li\u003E\u003C\/i\u003E\u003C\/span\u003E\u003C\/i\u003E\u003C\/span\u003E\u003C\/i\u003E\u003C\/span\u003E\u003C\/ul\u003E\u003Cbr\u003E\u003Cdiv\u003E\u003Ch3\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif; font-size: small;\"\u003EPart Three: Internet-Wide Scavenger Hunt\u003C\/span\u003E\u003C\/h3\u003E\u003C\/div\u003E\u003Cdiv\u003E\u003Cbr\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003EChallenges:\u003C\/span\u003E\u003C\/div\u003E\u003Cdiv\u003E\u003Cdiv\u003E\u003Col start=\"5\"\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cli\u003EWhat are the IP addresses of the five SuperGnomes scattered around the world, as verified by Tom Hessman in the Dosis neighborhood?\u003C\/li\u003E\u003Cli\u003EWhere is each SuperGnome located geographically?\u003C\/li\u003E\u003C\/span\u003E\u003C\/ol\u003E\u003C\/div\u003E\u003Cdiv\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003EUseful tools: \u003Ca href=\"https:\/\/shodan.io\/\" target=\"_blank\"\u003EShodan\u003C\/a\u003E, \u003Ca href=\"https:\/\/portswigger.net\/burp\/\" target=\"_blank\"\u003EBurp Proxy\u003C\/a\u003E\u003C\/span\u003E\u003Cbr\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cbr\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003ESummary: Using Shodan and a unique HTTP header found on the first SuperGnome, finding all five is a snap.\u003C\/span\u003E\u003C\/div\u003E\u003C\/div\u003E\u003Ca href=\"http:\/\/www.securityforrealpeople.com\/2016\/01\/gnome-in-your-home-part-three-hunting.html#more\"\u003ERead more »\u003C\/a\u003E"},"link":[{"rel":"edit","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/188984184277829678"},{"rel":"self","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/188984184277829678"},{"rel":"alternate","type":"text/html","href":"http:\/\/www.securityforrealpeople.com\/2016\/01\/gnome-in-your-home-part-three-hunting.html","title":"Gnome in Your Home Part Three: Hunting Gnomes with Shodan"}],"author":[{"name":{"$t":"David"},"uri":{"$t":"http:\/\/www.blogger.com\/profile\/10169777669998745001"},"email":{"$t":"noreply@blogger.com"},"gd$image":{"rel":"http://schemas.google.com/g/2005#thumbnail","width":"16","height":"16","src":"https:\/\/img1.blogblog.com\/img\/b16-rounded.gif"}}],"media$thumbnail":{"xmlns$media":"http://search.yahoo.com/mrss/","url":"https:\/\/1.bp.blogspot.com\/-OTrGRM31PtA\/VoWcfGCDohI\/AAAAAAAANCY\/ZiQpUx0U4y8\/s72-c\/logo7.png","height":"72","width":"72"}},{"id":{"$t":"tag:blogger.com,1999:blog-3911105790299130851.post-3970077656731780246"},"published":{"$t":"2016-01-07T07:13:00.002-06:00"},"updated":{"$t":"2019-01-26T16:43:31.593-06:00"},"category":[{"scheme":"http://www.blogger.com/atom/ns#","term":"Bugs and Vulnerabilities"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Digital Forensics"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Faith Family \u0026 Fun"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Hacking"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Internet of Things"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Weekend Projects"}],"title":{"type":"text","$t":"Gnome in Your Home Part Two: Firmware Analysis"},"content":{"type":"html","$t":"\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\u003Ca href=\"https:\/\/1.bp.blogspot.com\/-OTrGRM31PtA\/VoWcfGCDohI\/AAAAAAAANCY\/ZiQpUx0U4y8\/s1600\/logo7.png\" imageanchor=\"1\" style=\"margin-left: 1em; margin-right: 1em;\"\u003E\u003Cimg alt=\"The first challenges in the 2015 SANS Holiday Hack involve network packet analysis to discover a botnet communicating over DNS.\" border=\"0\" height=\"309\" src=\"https:\/\/1.bp.blogspot.com\/-OTrGRM31PtA\/VoWcfGCDohI\/AAAAAAAANCY\/ZiQpUx0U4y8\/s640\/logo7.png\" title=\"The first challenges in the 2015 SANS Holiday Hack involve network packet analysis to discover a botnet communicating over DNS.\" width=\"640\"\u003E\u003C\/a\u003E\u003C\/div\u003E\u003Cdiv\u003E\u003Cbr\u003E\u003C\/div\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif; font-size: x-small;\"\u003E\u003Ci\u003EThis is one of a multi-part series describing my approach to solving the 2015 SANS Holiday Hacking Challenge; watch \u003Ca href=\"https:\/\/securityforrealpeople.com\/\"\u003ESecurityForRealPeople.com\u003C\/a\u003E over the next few days as solutions for each challenge are published. After reading, try your hand at the challenges at \u003Ca href=\"https:\/\/holidayhackchallenge.com\/\"\u003EHolidayHackChallenge.com\u003C\/a\u003E!\u003Cbr\u003E\u003C\/i\u003E\u003C\/span\u003E\u003Cbr\u003E\u003Cul\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif; font-size: x-small;\"\u003E\u003Ci\u003E\u003Cli\u003E\u003Ca href=\"https:\/\/www.securityforrealpeople.com\/2016\/01\/gnome-in-your-home-prelude-quest.html\"\u003EPrelude: The Quest\u003C\/a\u003E\u003C\/li\u003E\u003Cli\u003E\u003Ca href=\"https:\/\/www.securityforrealpeople.com\/2016\/01\/gnome-in-your-home-part-one-wireless.html\" target=\"_blank\"\u003EPart One: Wireless Packet Analysis\u003C\/a\u003E\u003C\/li\u003E\u003Cli\u003E\u003Cb\u003EPart Two: Firmware Analysis\u003C\/b\u003E\u003C\/li\u003E\u003Cli\u003E\u003Ca href=\"https:\/\/www.securityforrealpeople.com\/2016\/01\/gnome-in-your-home-part-three-hunting.html\" target=\"_blank\"\u003EPart Three: Hunting Gnomes with Shodan\u003C\/a\u003E\u003C\/li\u003E\u003Cli\u003E\u003Ca href=\"https:\/\/www.securityforrealpeople.com\/2016\/01\/gnome-in-your-home-part-four-pwning.html\" target=\"_blank\"\u003EPart Four: Global Pwnage\u003C\/a\u003E\u003C\/li\u003E\u003Cul\u003E\u003Cli\u003ESuperGnome 1: Password Reuse\u003C\/li\u003E\u003Cli\u003ESuperGnome 2: Local File Inclusion, Path Traversal\u003C\/li\u003E\u003Cli\u003ESuperGnome 3: NoSQL Injection\u003C\/li\u003E\u003Cli\u003ESuperGnome 4: Server-Side JavaScript Injection\u003C\/li\u003E\u003Cli\u003ESuperGnome 5:\u003C\/li\u003E\u003C\/ul\u003E\u003Cli\u003E\u003Ca href=\"https:\/\/www.securityforrealpeople.com\/2016\/01\/gnome-in-your-home-conclusion-meet.html\" target=\"_blank\"\u003EPart Five: Meet the Villain\u003C\/a\u003E\u003C\/li\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif; font-size: x-small;\"\u003E\u003Ci\u003E\u003Cli\u003E\u003Ca href=\"https:\/\/www.securityforrealpeople.com\/p\/gnome-in-your-home-complete-solution.html\" target=\"_blank\"\u003EOr read the entire solution in one LONG page\u003C\/a\u003E\u003C\/li\u003E\u003C\/i\u003E\u003C\/span\u003E\u003C\/i\u003E\u003C\/span\u003E\u003C\/ul\u003E\u003Cbr\u003E\u003Cdiv\u003E\u003Ch3\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif; font-size: small;\"\u003EPart Two: Firmware Analysis for Fun and Profit\u003C\/span\u003E\u003C\/h3\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003EChallenges:\u003C\/span\u003E\u003Cbr\u003E\u003Col start=\"3\"\u003E\u003Cli\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003EWhat operating system and CPU type are used in the Gnome? What type of web framework is the Gnome web interface built in?\u003C\/span\u003E\u003C\/li\u003E\u003Cli\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003EWhat kind of a database engine is used to support the Gnome web interface? What is the plaintext password stored in the Gnome database?\u003C\/span\u003E\u003C\/li\u003E\u003C\/ol\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003EFirmware image: \u003Ca href=\"https:\/\/www.holidayhackchallenge.com\/2015\/giyh-firmware-dump.bin\"\u003Egiyh-firmware-dump.bin\u003C\/a\u003E\u003C\/span\u003E\u003Cbr\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003EUseful tool: \u003Ca href=\"https:\/\/github.com\/ReFirmLabs\/binwalk\"\u003Ebinwalk\u003C\/a\u003E\u003C\/span\u003E\u003Cbr\u003E\u003Cbr\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003ESummary: Use binwalk to extract the filesystem from a firmware image, explore the web interface, and view the contents of a NoSQL database, which includes a table with cleartext usernames and passwords.\u003C\/span\u003E\u003Cbr\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003C\/span\u003E\u003Cbr\u003E\u003C\/div\u003E\u003Ca href=\"http:\/\/www.securityforrealpeople.com\/2016\/01\/gnome-in-your-home-part-two-firmware.html#more\"\u003ERead more »\u003C\/a\u003E"},"link":[{"rel":"edit","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/3970077656731780246"},{"rel":"self","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/3970077656731780246"},{"rel":"alternate","type":"text/html","href":"http:\/\/www.securityforrealpeople.com\/2016\/01\/gnome-in-your-home-part-two-firmware.html","title":"Gnome in Your Home Part Two: Firmware Analysis"}],"author":[{"name":{"$t":"David"},"uri":{"$t":"http:\/\/www.blogger.com\/profile\/10169777669998745001"},"email":{"$t":"noreply@blogger.com"},"gd$image":{"rel":"http://schemas.google.com/g/2005#thumbnail","width":"16","height":"16","src":"https:\/\/img1.blogblog.com\/img\/b16-rounded.gif"}}],"media$thumbnail":{"xmlns$media":"http://search.yahoo.com/mrss/","url":"https:\/\/1.bp.blogspot.com\/-OTrGRM31PtA\/VoWcfGCDohI\/AAAAAAAANCY\/ZiQpUx0U4y8\/s72-c\/logo7.png","height":"72","width":"72"}},{"id":{"$t":"tag:blogger.com,1999:blog-3911105790299130851.post-4565227744552751929"},"published":{"$t":"2016-01-06T07:05:00.000-06:00"},"updated":{"$t":"2017-01-16T20:15:43.396-06:00"},"category":[{"scheme":"http://www.blogger.com/atom/ns#","term":"Bugs and Vulnerabilities"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Digital Forensics"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Faith Family \u0026 Fun"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Hacking"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Internet of Things"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Weekend Projects"}],"title":{"type":"text","$t":"Gnome in Your Home Part One: Wireless Packet Analysis"},"content":{"type":"html","$t":"\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\u003Ca href=\"https:\/\/1.bp.blogspot.com\/-OTrGRM31PtA\/VoWcfGCDohI\/AAAAAAAANCY\/ZiQpUx0U4y8\/s1600\/logo7.png\" imageanchor=\"1\" style=\"margin-left: 1em; margin-right: 1em;\"\u003E\u003Cimg alt=\"The first challenges in the 2015 SANS Holiday Hack involve network packet analysis to discover a botnet communicating over DNS.\" border=\"0\" height=\"309\" src=\"https:\/\/1.bp.blogspot.com\/-OTrGRM31PtA\/VoWcfGCDohI\/AAAAAAAANCY\/ZiQpUx0U4y8\/s640\/logo7.png\" title=\"The first challenges in the 2015 SANS Holiday Hack involve network packet analysis to discover a botnet communicating over DNS.\" width=\"640\"\u003E\u003C\/a\u003E\u003C\/div\u003E\u003Cdiv\u003E\u003Cbr\u003E\u003C\/div\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif; font-size: x-small;\"\u003E\u003Ci\u003EThis is one of a multi-part series describing my approach to solving the 2015 SANS Holiday Hacking Challenge; watch \u003Ca href=\"https:\/\/securityforrealpeople.com\/\"\u003ESecurityForRealPeople.com\u003C\/a\u003E over the next few days as solutions for each challenge are published. After reading, try your hand at the challenges at \u003Ca href=\"https:\/\/holidayhackchallenge.com\/\"\u003EHolidayHackChallenge.com\u003C\/a\u003E!\u003Cbr\u003E\u003C\/i\u003E\u003C\/span\u003E\u003Cbr\u003E\u003Cul\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif; font-size: x-small;\"\u003E\u003Ci\u003E\u003Cli\u003E\u003Ca href=\"https:\/\/www.securityforrealpeople.com\/2016\/01\/gnome-in-your-home-prelude-quest.html\"\u003EPrelude: The Quest\u003C\/a\u003E\u003C\/li\u003E\u003Cli\u003E\u003Cb\u003EPart One: Wireless Packet Analysis\u003C\/b\u003E\u003C\/li\u003E\u003Cli\u003E\u003Ca href=\"https:\/\/www.securityforrealpeople.com\/2016\/01\/gnome-in-your-home-part-two-firmware.html\" target=\"_blank\"\u003EPart Two: Firmware Analysis\u003C\/a\u003E\u003C\/li\u003E\u003Cli\u003E\u003Ca href=\"https:\/\/www.securityforrealpeople.com\/2016\/01\/gnome-in-your-home-part-three-hunting.html\" target=\"_blank\"\u003EPart Three: Hunting Gnomes with Shodan\u003C\/a\u003E\u003C\/li\u003E\u003Cli\u003EPart Four: Global Pwnage\u003C\/li\u003E\u003Cul\u003E\u003Cli\u003ESuperGnome 1: Password Reuse\u003C\/li\u003E\u003Cli\u003ESuperGnome 2: Local File Inclusion, Path Traversal\u003C\/li\u003E\u003Cli\u003ESuperGnome 3: NoSQL Injection\u003C\/li\u003E\u003Cli\u003ESuperGnome 4: Server-Side JavaScript Injection\u003C\/li\u003E\u003Cli\u003ESuperGnome 5:\u003C\/li\u003E\u003C\/ul\u003E\u003Cli\u003E\u003Ca href=\"https:\/\/www.securityforrealpeople.com\/2016\/01\/gnome-in-your-home-conclusion-meet.html\" target=\"_blank\"\u003EPart Five: Meet the Villain\u003C\/a\u003E\u003C\/li\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif; font-size: x-small;\"\u003E\u003Ci\u003E\u003Cli\u003E\u003Ca href=\"https:\/\/www.securityforrealpeople.com\/p\/gnome-in-your-home-complete-solution.html\" target=\"_blank\"\u003EOr read the entire solution in one LONG page\u003C\/a\u003E\u003C\/li\u003E\u003C\/i\u003E\u003C\/span\u003E\u003C\/i\u003E\u003C\/span\u003E\u003C\/ul\u003E\u003Cbr\u003E\u003Ch3\u003E\u003Cspan style=\"font-family: \u0026#39;helvetica neue\u0026#39;, arial, helvetica, sans-serif;\"\u003EPart One Challenges:\u003C\/span\u003E\u003C\/h3\u003E\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\u003C\/div\u003E\u003Cdiv\u003E\u003Col\u003E\u003Cli\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003EWhich commands are sent across the Gnome’s command-and-control channel?\u003C\/span\u003E\u003C\/li\u003E\u003Cli\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003EWhat image appears in the photo the Gnome sent across the channel from the Dosis home?\u003C\/span\u003E\u003C\/li\u003E\u003C\/ol\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003EPacket capture file: \u003Ca href=\"https:\/\/www.holidayhackchallenge.com\/2015\/giyh-capture.pcap\"\u003Egiyh-capture.pcap\u003C\/a\u003E\u003C\/span\u003E\u003Cbr\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003EUseful tools: \u003Ca href=\"http:\/\/www.secdev.org\/projects\/scapy\/\" target=\"_blank\"\u003EScapy\u003C\/a\u003E, \u003Ca href=\"https:\/\/www.wireshark.org\/\" target=\"_blank\"\u003EWireshark\u003C\/a\u003E\u003C\/span\u003E\u003Cbr\u003E\u003Cbr\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003ESummary: The gnomes communicate with a Command and Control server using covert DNS traffic; the DNS traffic contains base64-encoded commands from the server to the gnome, and a base64-encoded JPG image is sent from the gnome to the server.\u003C\/span\u003E\u003Cbr\u003E\u003C\/div\u003E\u003Ca href=\"http:\/\/www.securityforrealpeople.com\/2016\/01\/gnome-in-your-home-part-one-wireless.html#more\"\u003ERead more »\u003C\/a\u003E"},"link":[{"rel":"edit","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/4565227744552751929"},{"rel":"self","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/4565227744552751929"},{"rel":"alternate","type":"text/html","href":"http:\/\/www.securityforrealpeople.com\/2016\/01\/gnome-in-your-home-part-one-wireless.html","title":"Gnome in Your Home Part One: Wireless Packet Analysis"}],"author":[{"name":{"$t":"David"},"uri":{"$t":"http:\/\/www.blogger.com\/profile\/10169777669998745001"},"email":{"$t":"noreply@blogger.com"},"gd$image":{"rel":"http://schemas.google.com/g/2005#thumbnail","width":"16","height":"16","src":"https:\/\/img1.blogblog.com\/img\/b16-rounded.gif"}}],"media$thumbnail":{"xmlns$media":"http://search.yahoo.com/mrss/","url":"https:\/\/1.bp.blogspot.com\/-OTrGRM31PtA\/VoWcfGCDohI\/AAAAAAAANCY\/ZiQpUx0U4y8\/s72-c\/logo7.png","height":"72","width":"72"}},{"id":{"$t":"tag:blogger.com,1999:blog-3911105790299130851.post-3917979318768939942"},"published":{"$t":"2016-01-05T07:13:00.000-06:00"},"updated":{"$t":"2017-01-16T19:20:39.676-06:00"},"category":[{"scheme":"http://www.blogger.com/atom/ns#","term":"Bugs and Vulnerabilities"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Digital Forensics"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Faith Family \u0026 Fun"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Internet of Things"}],"title":{"type":"text","$t":"Gnome in Your Home Prelude: The Quest"},"content":{"type":"html","$t":"\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\u003Ca href=\"https:\/\/1.bp.blogspot.com\/-OTrGRM31PtA\/VoWcfGCDohI\/AAAAAAAANCY\/ZiQpUx0U4y8\/s1600\/logo7.png\" imageanchor=\"1\" style=\"margin-left: 1em; margin-right: 1em;\"\u003E\u003Cimg border=\"0\" height=\"309\" src=\"https:\/\/1.bp.blogspot.com\/-OTrGRM31PtA\/VoWcfGCDohI\/AAAAAAAANCY\/ZiQpUx0U4y8\/s640\/logo7.png\" width=\"640\"\u003E\u003C\/a\u003E\u003C\/div\u003E\u003Cbr\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif; font-size: x-small;\"\u003E\u003Ci\u003EThis is one of a multi-part series describing my approach to solving the 2015 SANS Holiday Hacking Challenge; watch \u003Ca href=\"https:\/\/securityforrealpeople.com\/\"\u003ESecurity For Real People.com\u003C\/a\u003E over the next few days as solutions for each challenge are published. After reading, try your hand at the challenges at \u003Ca href=\"https:\/\/holidayhackchallenge.com\/\"\u003EHolidayHackChallenge.com\u003C\/a\u003E!\u003Cbr\u003E\u003C\/i\u003E\u003C\/span\u003E\u003Cbr\u003E\u003Cul\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif; font-size: x-small;\"\u003E\u003Ci\u003E\u003Cli style=\"display: inline !important;\"\u003E\u003Ci\u003E\u003Cb\u003EPrelude: The Quest\u003C\/b\u003E\u003C\/i\u003E\u003C\/li\u003E\u003Cli\u003E\u003Ca href=\"https:\/\/www.securityforrealpeople.com\/2016\/01\/gnome-in-your-home-part-one-wireless.html\"\u003EPart One: Wireless Packet Analysis\u003C\/a\u003E\u003C\/li\u003E\u003Cli\u003E\u003Ca href=\"https:\/\/www.securityforrealpeople.com\/2016\/01\/gnome-in-your-home-part-two-firmware.html\" target=\"_blank\"\u003EPart Two: Firmware Analysis\u003C\/a\u003E\u003C\/li\u003E\u003Cli\u003E\u003Ca href=\"https:\/\/www.securityforrealpeople.com\/2016\/01\/gnome-in-your-home-part-three-hunting.html\" target=\"_blank\"\u003EPart Three: Hunting Gnomes with Shodan\u003C\/a\u003E\u003C\/li\u003E\u003Cli\u003E\u003Ca href=\"https:\/\/www.securityforrealpeople.com\/2016\/01\/gnome-in-your-home-part-four-pwning.html\" target=\"_blank\"\u003EPart Four: Global Pwnage\u003C\/a\u003E\u003C\/li\u003E\u003Cul\u003E\u003Cli\u003ESuperGnome 1: Password Reuse\u003C\/li\u003E\u003Cli\u003ESuperGnome 2: Local File Inclusion, Path Traversal\u003C\/li\u003E\u003Cli\u003ESuperGnome 3: NoSQL Injection\u003C\/li\u003E\u003Cli\u003ESuperGnome 4: Server-Side JavaScript Injection\u003C\/li\u003E\u003Cli\u003ESuperGnome 5:\u003C\/li\u003E\u003C\/ul\u003E\u003Cli\u003E\u003Ca href=\"https:\/\/www.securityforrealpeople.com\/2016\/01\/gnome-in-your-home-conclusion-meet.html\" target=\"_blank\"\u003EPart Five: Meet the Villain\u003C\/a\u003E\u003C\/li\u003E\u003Cli\u003E\u003Ca href=\"https:\/\/www.securityforrealpeople.com\/p\/gnome-in-your-home-complete-solution.html\" target=\"_blank\"\u003EOr read the entire solution in one LONG page\u003C\/a\u003E\u003C\/li\u003E\u003C\/i\u003E\u003C\/span\u003E\u003C\/ul\u003E\u003Cbr\u003E\u003Cspan style=\"font-family: \u0026#39;helvetica neue\u0026#39;, arial, helvetica, sans-serif;\"\u003EEach December, security training and certification company SANS puts together a highly anticipated hacking challenge. These challenges are a variation on Capture the Flag – digital puzzles designed to test our skills (and in many cases, excuses to learn new techniques). In addition to being a fun way to compete with peers, learning new attack techniques is a great first step toward learning how to detect and defend against the same attacks.\u003C\/span\u003E\u003Cbr\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cbr\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003EThis was very much a learning experience for me. By trade, I am skilled in defensive arts - network controls, incident response, forensic analysis and malware analysis. While I am by nature a hacker (in the puzzle-solving tinkerer sense of the word) with a few CVEs to my credit, attack techniques are a very small part of my repertoire. But thanks to challenges such as these, they are a growing part of my toolkit.\u003C\/span\u003E\u003Cbr\u003E\u003Cdiv\u003E\u003Cbr\u003E\u003C\/div\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003EThe \u003Ca href=\"https:\/\/www.holidayhackchallenge.com\/\" target=\"_blank\"\u003E2015 SANS Holiday Hack Challenge\u003C\/a\u003E begins with a throwback quest-style video game, complete with awesomely cheesy 8-bit Christmas music. Themed “Gnome in Your Home,” the premise is a play on “elf on the shelf,” Santa’s diminutive spy with the impish grin.\u003C\/span\u003E\u003Cbr\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cbr\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003EThe Gnomes are wildly popular electronic toys that just happen to be spying on the families (oddly reminiscent of a Washington Post story suggesting that Elf on the Shelf teaches kids to \u003Ca href=\"https:\/\/www.washingtonpost.com\/news\/arts-and-entertainment\/wp\/2014\/12\/16\/the-elf-on-the-shelf-is-preparing-your-child-to-live-in-a-future-police-state-professor-says\/\" target=\"_blank\"\u003Eexpect a world of constant surveillance\u003C\/a\u003E). I am sure it is no coincidence that the gnomes evoke thoughts of Hello Barbie, Mattel\u0026#39;s Internet-connected talking doll that has \u003Ca href=\"https:\/\/www.securityforrealpeople.com\/2015\/12\/your-childs-privacy-is-eroding.html\" target=\"_blank\"\u003Esparked considerable privacy worries\u003C\/a\u003E this year.\u003C\/span\u003E\u003Cbr\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cbr\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003EThe quest takes place in the imaginary neighborhood of Josh and Jessica Dosis, tech-savvy kids that did what any good hacker would do: they hacked their new Internet-connected toy to see what it was really doing. In the course of the quest, players talk to Josh and Jessica, as well as numerous SANS experts who offer tips on how to help the Dosis kids interpret what they find.\u003C\/span\u003E\u003Cbr\u003E\u003Ca href=\"http:\/\/www.securityforrealpeople.com\/2016\/01\/gnome-in-your-home-prelude-quest.html#more\"\u003ERead more »\u003C\/a\u003E"},"link":[{"rel":"edit","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/3917979318768939942"},{"rel":"self","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/3917979318768939942"},{"rel":"alternate","type":"text/html","href":"http:\/\/www.securityforrealpeople.com\/2016\/01\/gnome-in-your-home-prelude-quest.html","title":"Gnome in Your Home Prelude: The Quest"}],"author":[{"name":{"$t":"David"},"uri":{"$t":"http:\/\/www.blogger.com\/profile\/10169777669998745001"},"email":{"$t":"noreply@blogger.com"},"gd$image":{"rel":"http://schemas.google.com/g/2005#thumbnail","width":"16","height":"16","src":"https:\/\/img1.blogblog.com\/img\/b16-rounded.gif"}}],"media$thumbnail":{"xmlns$media":"http://search.yahoo.com/mrss/","url":"https:\/\/1.bp.blogspot.com\/-OTrGRM31PtA\/VoWcfGCDohI\/AAAAAAAANCY\/ZiQpUx0U4y8\/s72-c\/logo7.png","height":"72","width":"72"}},{"id":{"$t":"tag:blogger.com,1999:blog-3911105790299130851.post-6079897283884479826"},"published":{"$t":"2015-12-22T10:43:00.002-06:00"},"updated":{"$t":"2017-01-13T22:48:26.648-06:00"},"category":[{"scheme":"http://www.blogger.com/atom/ns#","term":"Digital Forensics"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Home Network Security"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Tech Tips"}],"title":{"type":"text","$t":"An introduction to network packet analysis"},"content":{"type":"html","$t":"\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003EI love that even more than most CTFs, the \u003Ca href=\"https:\/\/holidayhackchallenge.com\/\"\u003E2015 SANS Holiday Hack\u003C\/a\u003E is designed to appeal to kids. My 12-year-old daughter has shown an interest in cybersecurity, so this turned into a great way to teach her a few things. Even better, most of the lessons were in response to her own questions.\u003C\/span\u003E\u003Cbr\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cbr\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: \u0026#39;helvetica neue\u0026#39;, arial, helvetica, sans-serif;\"\u003EI will publish a write-up of the entire challenge (or at least as far as I am able to complete it) in January once the contest concludes; in the meantime, the early challenge goals involve some network packet analysis. My tool of choice for packet analysis is \u003C\/span\u003E\u003Ca href=\"https:\/\/wireshark.org\/\" style=\"font-family: \u0026#39;helvetica neue\u0026#39;, arial, helvetica, sans-serif;\" target=\"_blank\"\u003EWireshark\u003C\/a\u003E\u003Cspan style=\"font-family: \u0026#39;helvetica neue\u0026#39;, arial, helvetica, sans-serif;\"\u003E. To understand packet analysis though, it is useful to understand a little bit about how networks work.\u003C\/span\u003E\u003Cbr\u003E\u003Cspan style=\"font-family: \u0026#39;helvetica neue\u0026#39;, arial, helvetica, sans-serif;\"\u003E\u003Cbr\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: \u0026#39;helvetica neue\u0026#39;, arial, helvetica, sans-serif;\"\u003ETraditionally, network concepts are defined in terms of \u0026quot;layers.\u0026quot; At each layer, one device talks to another, and each layer does not care what is happening at the other layers. Keep in mind that w\u003C\/span\u003E\u003Cspan style=\"font-family: \u0026#39;helvetica neue\u0026#39;, arial, helvetica, sans-serif;\"\u003Ehat follows is the simplified explanation I gave to my 12 year old; Microsoft \u003Ca href=\"https:\/\/support.microsoft.com\/en-us\/kb\/103884\"\u003Edescribes things in more detail\u003C\/a\u003E in a knowledge base article, and for even more education, Cisco has \u003Ca href=\"http:\/\/docwiki.cisco.com\/wiki\/Internetworking_Technology_Handbook\"\u003Emountains of training\u003C\/a\u003E and certifications available.\u003C\/span\u003E\u003Cbr\u003E\u003Cspan style=\"font-family: \u0026#39;helvetica neue\u0026#39;, arial, helvetica, sans-serif;\"\u003E\u003Cbr\u003E\u003C\/span\u003E\u003Ctable align=\"center\" cellpadding=\"0\" cellspacing=\"0\" class=\"tr-caption-container\" style=\"margin-left: auto; margin-right: auto; text-align: center;\"\u003E\u003Ctbody\u003E\u003Ctr\u003E\u003Ctd\u003E\u003Cspan style=\"margin-left: auto; margin-right: auto;\"\u003E\u003Ca href=\"https:\/\/commons.wikimedia.org\/wiki\/File:Physical_interconnection_OSI.svg\"\u003E\u003Cimg border=\"0\" height=\"320\" src=\"https:\/\/2.bp.blogspot.com\/-PZFg0-4jVa0\/VnXx2i5qVOI\/AAAAAAAAM5A\/axZ4eRmWKIQ\/s640\/OSI_7_x650.jpg\" width=\"640\"\u003E\u003C\/a\u003E\u003C\/span\u003E\u003C\/td\u003E\u003C\/tr\u003E\u003Ctr\u003E\u003Ctd class=\"tr-caption\" style=\"font-size: 12.8px;\"\u003E\u003Ca href=\"https:\/\/commons.wikimedia.org\/wiki\/File:Physical_interconnection_OSI.svg\"\u003EPhoto credit: Luca Ghio\u003C\/a\u003E (Wikimedia Commons)\u003C\/td\u003E\u003C\/tr\u003E\u003C\/tbody\u003E\u003C\/table\u003E\u003Ca href=\"http:\/\/www.securityforrealpeople.com\/2015\/12\/an-introduction-to-network-packet.html#more\"\u003ERead more »\u003C\/a\u003E"},"link":[{"rel":"edit","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/6079897283884479826"},{"rel":"self","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/6079897283884479826"},{"rel":"alternate","type":"text/html","href":"http:\/\/www.securityforrealpeople.com\/2015\/12\/an-introduction-to-network-packet.html","title":"An introduction to network packet analysis"}],"author":[{"name":{"$t":"David"},"uri":{"$t":"http:\/\/www.blogger.com\/profile\/10169777669998745001"},"email":{"$t":"noreply@blogger.com"},"gd$image":{"rel":"http://schemas.google.com/g/2005#thumbnail","width":"16","height":"16","src":"https:\/\/img1.blogblog.com\/img\/b16-rounded.gif"}}],"media$thumbnail":{"xmlns$media":"http://search.yahoo.com/mrss/","url":"https:\/\/2.bp.blogspot.com\/-PZFg0-4jVa0\/VnXx2i5qVOI\/AAAAAAAAM5A\/axZ4eRmWKIQ\/s72-c\/OSI_7_x650.jpg","height":"72","width":"72"}},{"id":{"$t":"tag:blogger.com,1999:blog-3911105790299130851.post-444119721507050667"},"published":{"$t":"2015-12-11T16:04:00.000-06:00"},"updated":{"$t":"2017-01-20T20:19:35.894-06:00"},"category":[{"scheme":"http://www.blogger.com/atom/ns#","term":"Digital Forensics"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Encryption"}],"title":{"type":"text","$t":"Why did the Doubleclick ad network need client certificates?"},"content":{"type":"html","$t":"\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\u003Ca href=\"https:\/\/1.bp.blogspot.com\/-gZ5SJiZgRSM\/VmtIDCso4yI\/AAAAAAAAMuA\/p1X-PklQds0\/s1600\/doubleclick-cert.png\" imageanchor=\"1\" style=\"margin-left: 1em; margin-right: 1em;\"\u003E\u003Cimg alt=\"Why did ad network Doubleclick ask for digital client authentication certificates?\" border=\"0\" src=\"https:\/\/1.bp.blogspot.com\/-gZ5SJiZgRSM\/VmtIDCso4yI\/AAAAAAAAMuA\/p1X-PklQds0\/s1600\/doubleclick-cert.png\" title=\"Why did ad network Doubleclick ask for digital client authentication certificates?\"\u003E\u003C\/a\u003E\u003C\/div\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cbr\u003EFor several hours December 8, Google\u0026#39;s Doubleclick ad network requested client authentication certificates when browsing to web properties that contained Doubleclick advertising.\u003C\/span\u003E\u003Cbr\u003E\u003Cdiv\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cbr\u003E\u003C\/span\u003E\u003C\/div\u003E\u003Cdiv\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003EIn the physical world, you often conduct business with others face-to-face. If you do not personally know someone, you might rely on a trusted third party to vouch for the person\u0026#39;s identity. That trusted third party might be a mutual friend, or it might be a government office that issues identification documents (passports, driver\u0026#39;s licenses, state identification cards, school IDs, and the like).\u003C\/span\u003E\u003C\/div\u003E\u003Cdiv\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cbr\u003E\u003C\/span\u003E\u003C\/div\u003E\u003Cdiv\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Ca href=\"https:\/\/www.securityforrealpeople.com\/2014\/07\/improper-digital-certificates-mitm.html\" target=\"_blank\"\u003EDigital authentication certificates\u003C\/a\u003E are the online equivalent of an identification card, using mathematical encryption algorithms to ensure that only the proper owner of a certificate is able to use it.\u003C\/span\u003E\u003C\/div\u003E\u003Cdiv\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cbr\u003E\u003C\/span\u003E\u003C\/div\u003E\u003Cdiv\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003EGenerally, digital certificates are associated with a web server: you want to know that you are buying from amazon.com and not from fake-amazon.com. You don\u0026#39;t have to provide your own certificate, because the web server (much like a brick-and-mortar store) is open to all visitors. In this case however, Doubleclick asked your browser for a digital certificate anyway.\u003C\/span\u003E\u003Cbr\u003E\u003C\/div\u003E\u003Ca href=\"http:\/\/www.securityforrealpeople.com\/2015\/12\/why-did-doubleclick-ad-network-need.html#more\"\u003ERead more »\u003C\/a\u003E"},"link":[{"rel":"edit","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/444119721507050667"},{"rel":"self","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/444119721507050667"},{"rel":"alternate","type":"text/html","href":"http:\/\/www.securityforrealpeople.com\/2015\/12\/why-did-doubleclick-ad-network-need.html","title":"Why did the Doubleclick ad network need client certificates?"}],"author":[{"name":{"$t":"David"},"uri":{"$t":"http:\/\/www.blogger.com\/profile\/10169777669998745001"},"email":{"$t":"noreply@blogger.com"},"gd$image":{"rel":"http://schemas.google.com/g/2005#thumbnail","width":"16","height":"16","src":"https:\/\/img1.blogblog.com\/img\/b16-rounded.gif"}}],"media$thumbnail":{"xmlns$media":"http://search.yahoo.com/mrss/","url":"https:\/\/1.bp.blogspot.com\/-gZ5SJiZgRSM\/VmtIDCso4yI\/AAAAAAAAMuA\/p1X-PklQds0\/s72-c\/doubleclick-cert.png","height":"72","width":"72"}},{"id":{"$t":"tag:blogger.com,1999:blog-3911105790299130851.post-4806376162251487341"},"published":{"$t":"2015-12-07T12:45:00.001-06:00"},"updated":{"$t":"2017-01-20T20:30:09.536-06:00"},"category":[{"scheme":"http://www.blogger.com/atom/ns#","term":"Digital Forensics"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Malware"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Phishing"}],"title":{"type":"text","$t":"Malware freeloading on security pros' good name?"},"content":{"type":"html","$t":"\u003Ci\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003EThe following are notes about something I am investigating, and for which I don\u0026#39;t yet have a conclusion. I am sharing in the hopes that perhaps some of my readers have seen this as well and might have some insight into the purpose or delivery mechanism. Of note, each example hosts the malicious download link on *.appspot.com\u003C\/span\u003E\u003C\/i\u003E\u003Cbr\u003E\u003Ci\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cbr\u003E\u003C\/span\u003E\u003C\/i\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003EI have a variety of Google Alerts queries set up to alert me to mentions of my blog or my name on the Internet. I frequently get notices for news articles about a David Longenecker who happens to be the fire chief in Lancaster, Pennsylvania, but that\u0026#39;s not my point today.\u003C\/span\u003E\u003Cbr\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cbr\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003EDecember 7, Alerts informed me of three documents on Google Docs. These documents contain a long list of excerpts and headlines from various security writers, including some from my own blog. They also contain links to a likely-malicious website.\u003C\/span\u003E\u003Cbr\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cbr\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003EThe first two documents contain headlines and excerpts about security flaws in Adobe Flash Player, along with a link to download an \u0026quot;update\u0026quot; for Flash; the third document is similar, but refers to Asus wireless router firmware instead of Adobe Flash. Below is a screenshot of one document:\u003C\/span\u003E\u003Cbr\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cbr\u003E\u003C\/span\u003E\u003Cbr\u003E\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\u003Ca href=\"https:\/\/4.bp.blogspot.com\/-_j1_hVetK_w\/VmXP1G3VsvI\/AAAAAAAAMpo\/99S7Lm1rUZA\/s1600\/mal-word-flash.png\" imageanchor=\"1\" style=\"margin-left: 1em; margin-right: 1em;\"\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cimg border=\"0\" height=\"634\" src=\"https:\/\/4.bp.blogspot.com\/-_j1_hVetK_w\/VmXP1G3VsvI\/AAAAAAAAMpo\/99S7Lm1rUZA\/s640\/mal-word-flash.png\" width=\"640\"\u003E\u003C\/span\u003E\u003C\/a\u003E\u003C\/div\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cbr\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003C\/span\u003E\u003Cbr\u003E\u003Ca href=\"http:\/\/www.securityforrealpeople.com\/2015\/12\/malware-freeloading-on-security-pros.html#more\"\u003ERead more »\u003C\/a\u003E"},"link":[{"rel":"edit","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/4806376162251487341"},{"rel":"self","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/4806376162251487341"},{"rel":"alternate","type":"text/html","href":"http:\/\/www.securityforrealpeople.com\/2015\/12\/malware-freeloading-on-security-pros.html","title":"Malware freeloading on security pros' good name?"}],"author":[{"name":{"$t":"David"},"uri":{"$t":"http:\/\/www.blogger.com\/profile\/10169777669998745001"},"email":{"$t":"noreply@blogger.com"},"gd$image":{"rel":"http://schemas.google.com/g/2005#thumbnail","width":"16","height":"16","src":"https:\/\/img1.blogblog.com\/img\/b16-rounded.gif"}}],"media$thumbnail":{"xmlns$media":"http://search.yahoo.com/mrss/","url":"https:\/\/4.bp.blogspot.com\/-_j1_hVetK_w\/VmXP1G3VsvI\/AAAAAAAAMpo\/99S7Lm1rUZA\/s72-c\/mal-word-flash.png","height":"72","width":"72"}},{"id":{"$t":"tag:blogger.com,1999:blog-3911105790299130851.post-431742003619708723"},"published":{"$t":"2015-09-28T09:28:00.001-05:00"},"updated":{"$t":"2017-01-15T15:37:56.453-06:00"},"category":[{"scheme":"http://www.blogger.com/atom/ns#","term":"Digital Forensics"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Social Networks"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Weekend Projects"}],"title":{"type":"text","$t":"Who is stealing your tweets?"},"content":{"type":"html","$t":"\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\u003Ca href=\"https:\/\/3.bp.blogspot.com\/--gB8W8bfQh4\/VglFEKuAZgI\/AAAAAAAAIPc\/puRtbRXduo8\/s1600\/Twitter_logo_shadow.jpg\" imageanchor=\"1\" style=\"margin-left: 1em; margin-right: 1em;\"\u003E\u003Cimg border=\"0\" height=\"394\" src=\"https:\/\/3.bp.blogspot.com\/--gB8W8bfQh4\/VglFEKuAZgI\/AAAAAAAAIPc\/puRtbRXduo8\/s640\/Twitter_logo_shadow.jpg\" width=\"640\"\u003E\u003C\/a\u003E\u003C\/div\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Ci\u003E\u003Cbr\u003ETL;DR: skip the reading and download \u003Ca href=\"https:\/\/github.com\/dnlongen\/TweetThief\"\u003ETweetThief\u003C\/a\u003E from GitHub to search for uncredited copies of your tweets.\u003C\/i\u003E\u003Cbr\u003E\u003Cbr\u003EOver the last year, I\u0026#39;ve participated in a number of Twitter chats. The National Cyber Security Alliance hosts Twitter conversations every couple of months, under the hashtags #ChatSTC (Stop. Think. Connect., their cyber awareness campaign slogan) and #ChatDPD (Digital Privacy Day). It\u0026#39;s a great way to share information with people interested in security advice, as well as to learn from like-minded professionals. \u003Cbr\u003E\u003Cbr\u003E During several of these chats, I\u0026#39;ve noticed an oddity: most of the participants contribute original thoughts to the conversation, or retweet pertinent comments to their own audiences. A couple of participants though appear to copy and paste the comments of others verbatim, with no credit given. They aren\u0026#39;t retweeting someone else\u0026#39;s thoughts, but are instead claiming them for their own. \u003C\/span\u003E\u003Cbr\u003E\u003Ca href=\"http:\/\/www.securityforrealpeople.com\/2015\/09\/who-is-stealing-your-tweets.html#more\"\u003ERead more »\u003C\/a\u003E"},"link":[{"rel":"edit","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/431742003619708723"},{"rel":"self","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/431742003619708723"},{"rel":"alternate","type":"text/html","href":"http:\/\/www.securityforrealpeople.com\/2015\/09\/who-is-stealing-your-tweets.html","title":"Who is stealing your tweets?"}],"author":[{"name":{"$t":"David"},"uri":{"$t":"http:\/\/www.blogger.com\/profile\/10169777669998745001"},"email":{"$t":"noreply@blogger.com"},"gd$image":{"rel":"http://schemas.google.com/g/2005#thumbnail","width":"16","height":"16","src":"https:\/\/img1.blogblog.com\/img\/b16-rounded.gif"}}],"media$thumbnail":{"xmlns$media":"http://search.yahoo.com/mrss/","url":"https:\/\/3.bp.blogspot.com\/--gB8W8bfQh4\/VglFEKuAZgI\/AAAAAAAAIPc\/puRtbRXduo8\/s72-c\/Twitter_logo_shadow.jpg","height":"72","width":"72"}},{"id":{"$t":"tag:blogger.com,1999:blog-3911105790299130851.post-5355218592865482498"},"published":{"$t":"2015-09-10T06:39:00.001-05:00"},"updated":{"$t":"2016-09-08T19:24:50.372-05:00"},"category":[{"scheme":"http://www.blogger.com/atom/ns#","term":"Digital Forensics"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Faith Family \u0026 Fun"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Mobile Device Security"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Parenting"}],"title":{"type":"text","$t":"What's hiding in your child's Calculator%?"},"content":{"type":"html","$t":"\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\u003Ca href=\"https:\/\/4.bp.blogspot.com\/-Lu7FRFofuDg\/Ve5IEKlXHlI\/AAAAAAAAILA\/FZgK9LDvSw8\/s1600\/Calculator%2525.jpg\" imageanchor=\"1\" style=\"clear: right; float: right; margin-bottom: 1em; margin-left: 1em;\"\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cimg alt=\"An iOS \u0026quot;Calculator%\u0026quot; app designed to hide photos: here\u0026#39;s how to retrieve hidden images without the passcode.\" border=\"0\" height=\"200\" src=\"https:\/\/4.bp.blogspot.com\/-Lu7FRFofuDg\/Ve5IEKlXHlI\/AAAAAAAAILA\/FZgK9LDvSw8\/s200\/Calculator%2525.jpg\" title=\"An iOS \u0026quot;Calculator%\u0026quot; app designed to hide photos: here\u0026#39;s how to retrieve hidden images without the passcode.\" width=\"199\"\u003E\u003C\/span\u003E\u003C\/a\u003E\u003C\/div\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003EThis is one of those rare times when I get to write about two of my favorite subjects at the same time: parenting in a digital age, and digital forensics. In the past week, two people have brought an unusual iOS calculator app to my attention, each coming from a different perspective. One is a high school teacher I have known for years, mentioning it from the perspective of a teacher or parent that might want to know of its hidden features. The other is a Twitter persona that I know only by his (?) alias \u003Ca href=\"https:\/\/twitter.com\/munin\" target=\"_blank\"\u003E@munin\u003C\/a\u003E, asking a question from the perspective of digital forensics.\u003C\/span\u003E\u003Cbr\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cbr\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003EBetween the two, my curiosity was piqued.\u003C\/span\u003E\u003Cbr\u003E\u003Ca href=\"http:\/\/www.securityforrealpeople.com\/2015\/09\/whats-hiding-in-your-childs-calculator.html#more\"\u003ERead more »\u003C\/a\u003E"},"link":[{"rel":"edit","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/5355218592865482498"},{"rel":"self","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/5355218592865482498"},{"rel":"alternate","type":"text/html","href":"http:\/\/www.securityforrealpeople.com\/2015\/09\/whats-hiding-in-your-childs-calculator.html","title":"What's hiding in your child's Calculator%?"}],"author":[{"name":{"$t":"David"},"uri":{"$t":"http:\/\/www.blogger.com\/profile\/10169777669998745001"},"email":{"$t":"noreply@blogger.com"},"gd$image":{"rel":"http://schemas.google.com/g/2005#thumbnail","width":"16","height":"16","src":"https:\/\/img1.blogblog.com\/img\/b16-rounded.gif"}}],"media$thumbnail":{"xmlns$media":"http://search.yahoo.com/mrss/","url":"https:\/\/4.bp.blogspot.com\/-Lu7FRFofuDg\/Ve5IEKlXHlI\/AAAAAAAAILA\/FZgK9LDvSw8\/s72-c\/Calculator%2525.jpg","height":"72","width":"72"}},{"id":{"$t":"tag:blogger.com,1999:blog-3911105790299130851.post-5235006785056598743"},"published":{"$t":"2015-09-02T22:18:00.000-05:00"},"updated":{"$t":"2017-01-20T21:01:05.703-06:00"},"category":[{"scheme":"http://www.blogger.com/atom/ns#","term":"Digital Forensics"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Home Network Security"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Internet of Things"}],"title":{"type":"text","$t":"Comments on proposed FCC rules regarding wireless devices"},"content":{"type":"html","$t":"\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\u003Ca href=\"https:\/\/4.bp.blogspot.com\/-9BB-em5M-zw\/Vee7L-MT39I\/AAAAAAAAIJc\/7Hy9dS8-2Ik\/s1600\/FCC-logo.jpg\" imageanchor=\"1\" style=\"clear: right; float: right; margin-bottom: 1em; margin-left: 1em;\"\u003E\u003Cimg alt=\"The FCC proposes new regulations on wireless devices that could severely restrict innovation and security improvements.\" border=\"0\" height=\"200\" src=\"https:\/\/4.bp.blogspot.com\/-9BB-em5M-zw\/Vee7L-MT39I\/AAAAAAAAIJc\/7Hy9dS8-2Ik\/s200\/FCC-logo.jpg\" title=\"The FCC proposes new regulations on wireless devices that could severely restrict innovation and security improvements.\" width=\"200\"\u003E\u003C\/a\u003E\u003C\/div\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003EThe Federal Communications Commission, or FCC is the government agency that regulates radio, television, satellite, and other forms of communication in the United States. Within its scope are regulating radio frequency (RF)-emitting devices to ensure one person\u0026#39;s devices do not interfere with another\u0026#39;s.\u003C\/span\u003E\u003Cbr\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cbr\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003EIt is in this capacity that the FCC \u003Ca href=\"https:\/\/www.federalregister.gov\/articles\/2015\/08\/06\/2015-18402\/equipment-authorization-and-electronic-labeling-for-wireless-devices\" target=\"_blank\"\u003Eproposed new rules in August\u003C\/a\u003E, rules that could have significant unintended consequences for end users and security researchers. In particular, the rules could put an end to highly popular aftermarket firmware such as OpenWRT and Tomato for wireless routers, and CyanogenMod for Android phones.\u003C\/span\u003E\u003Cbr\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cbr\u003E\u003C\/span\u003E\u003Cb\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003EThe comment period during which the FCC will accept public comment \u003Cstrike\u003Eends on September 8\u003C\/strike\u003E has been extended to October 9. Please take a moment to \u003Ca href=\"https:\/\/www.federalregister.gov\/articles\/2015\/09\/01\/2015-21634\/extension-of-time-for-comments-on-equipment-authorization\" target=\"_blank\"\u003Esubmit your comments to the FCC here\u003C\/a\u003E.\u003C\/span\u003E\u003C\/b\u003E\u003Cbr\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cbr\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003EAccording to the proposal, the FCC last reviewed its equipment review and authorization process over 15 years ago, during which time the RF environment has grown dramatically (to wit, the explosion of the Internet of Things). It is sensible to review regulations periodically and to ensure the rules still make sense. For the most part, the proposed rules do make sense - but with a few significant caveats. \u003C\/span\u003E\u003Cbr\u003E\u003Ca href=\"http:\/\/www.securityforrealpeople.com\/2015\/09\/comments-on-proposed-fcc-rules.html#more\"\u003ERead more »\u003C\/a\u003E"},"link":[{"rel":"edit","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/5235006785056598743"},{"rel":"self","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/5235006785056598743"},{"rel":"alternate","type":"text/html","href":"http:\/\/www.securityforrealpeople.com\/2015\/09\/comments-on-proposed-fcc-rules.html","title":"Comments on proposed FCC rules regarding wireless devices"}],"author":[{"name":{"$t":"David"},"uri":{"$t":"http:\/\/www.blogger.com\/profile\/10169777669998745001"},"email":{"$t":"noreply@blogger.com"},"gd$image":{"rel":"http://schemas.google.com/g/2005#thumbnail","width":"16","height":"16","src":"https:\/\/img1.blogblog.com\/img\/b16-rounded.gif"}}],"media$thumbnail":{"xmlns$media":"http://search.yahoo.com/mrss/","url":"https:\/\/4.bp.blogspot.com\/-9BB-em5M-zw\/Vee7L-MT39I\/AAAAAAAAIJc\/7Hy9dS8-2Ik\/s72-c\/FCC-logo.jpg","height":"72","width":"72"}},{"id":{"$t":"tag:blogger.com,1999:blog-3911105790299130851.post-2682014368213167356"},"published":{"$t":"2015-08-25T08:33:00.001-05:00"},"updated":{"$t":"2017-01-19T11:39:56.519-06:00"},"category":[{"scheme":"http://www.blogger.com/atom/ns#","term":"Digital Forensics"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Hacking"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Weekend Projects"}],"title":{"type":"text","$t":"Cracking a CTF [Part 1]"},"content":{"type":"html","$t":"\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\u003Ca href=\"https:\/\/3.bp.blogspot.com\/-WbNL18zlBEk\/Vb6WK_buGkI\/AAAAAAAAH8U\/Cgoi95W2MZo\/s1600\/P0tat0heads_logox250.jpg\" imageanchor=\"1\" style=\"clear: right; float: right; margin-bottom: 1em; margin-left: 1em;\"\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003C\/span\u003E\u003C\/a\u003E\u003C\/div\u003E\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif; margin-left: 1em; margin-right: 1em;\"\u003E\u003Cimg alt=\"Capture the Flag, hacker style: walking through the first four puzzles in the 2015 Hou.Sec.Con pre-conference CTF.\" border=\"0\" src=\"https:\/\/1.bp.blogspot.com\/-lfNna3KvPq0\/VdxjBM2RwmI\/AAAAAAAAIHw\/pI65DtPoVf4\/s640\/wargames_x650.jpg\" title=\"Capture the Flag, hacker style: walking through the first four puzzles in the 2015 Hou.Sec.Con pre-conference CTF. Image via WarGames.\"\u003E\u003C\/span\u003E\u003C\/div\u003E\u003Cbr\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Cbr\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003EI grew up playing Capture the Flag in my backyard. Now with kids of my own and a couple acres of mostly undisturbed woods to call my own, my family enjoys the occasional evening of Capture the Flag.\u003C\/span\u003E\u003Cbr\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Cbr\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003EIn hacker culture, a different sort of Capture the Flag (or CTF) is a common way to hone our skills and compete against peers. In hacking CTFs, the flags are digital rather than physical, and the field is bits and bytes rather than grass and trees, but there are still similarities. In both cases, winning requires a combination of skills: sheer speed is rarely enough, but at the same time my carefully-planned strategy has many times been derailed by a quicker opponent.\u003C\/span\u003E\u003Cbr\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Cbr\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003EMost hacker and security conferences include some sort of a CTF challenge. I wrote a couple years ago of winning a trophy by \u003Ca href=\"https:\/\/www.securityforrealpeople.com\/2013\/04\/capture-flag-social-engineering-style.html\"\u003E\u0026quot;cheating\u0026quot; at a social engineering CTF\u003C\/a\u003E (in fairness, I was upfront about my approach, and the rules of engagement did not prohibit reverse engineering the scoring portal to steal the flags!).\u003C\/span\u003E\u003Cbr\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Cbr\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003EThis time, I am participating in an online CTF ahead of Hou.Sec.Con, the Houston Security Conference. And since the event is online, it is a chance for me to not only compete, but let my 11 year old daughter shoulder surf and give her own ideas while learning.\u003C\/span\u003E\u003Cbr\u003E\u003Ca href=\"http:\/\/www.securityforrealpeople.com\/2015\/08\/cracking-ctf-part-1.html#more\"\u003ERead more »\u003C\/a\u003E"},"link":[{"rel":"edit","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/2682014368213167356"},{"rel":"self","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/2682014368213167356"},{"rel":"alternate","type":"text/html","href":"http:\/\/www.securityforrealpeople.com\/2015\/08\/cracking-ctf-part-1.html","title":"Cracking a CTF [Part 1]"}],"author":[{"name":{"$t":"David"},"uri":{"$t":"http:\/\/www.blogger.com\/profile\/10169777669998745001"},"email":{"$t":"noreply@blogger.com"},"gd$image":{"rel":"http://schemas.google.com/g/2005#thumbnail","width":"16","height":"16","src":"https:\/\/img1.blogblog.com\/img\/b16-rounded.gif"}}],"media$thumbnail":{"xmlns$media":"http://search.yahoo.com/mrss/","url":"https:\/\/1.bp.blogspot.com\/-lfNna3KvPq0\/VdxjBM2RwmI\/AAAAAAAAIHw\/pI65DtPoVf4\/s72-c\/wargames_x650.jpg","height":"72","width":"72"}},{"id":{"$t":"tag:blogger.com,1999:blog-3911105790299130851.post-5682992155428563581"},"published":{"$t":"2015-08-17T22:51:00.002-05:00"},"updated":{"$t":"2017-01-15T15:40:14.464-06:00"},"category":[{"scheme":"http://www.blogger.com/atom/ns#","term":"Digital Forensics"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Tech Tips"}],"title":{"type":"text","$t":"Introducing a new forensics tool: RegLister"},"content":{"type":"html","$t":"\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Ci\u003ETL;DR: Hop over to GitHub to \u003Ca href=\"https:\/\/github.com\/dnlongen\/RegLister\" target=\"_blank\"\u003Edownload RegLister\u003C\/a\u003E, a new command line digital forensics tool for scanning the Windows registry to identify unusually large data entries that could be indications of malware hiding.\u003C\/i\u003E\u003C\/span\u003E\u003Cbr\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Cbr\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003EFellow Austin security pro \u003Ca href=\"https:\/\/twitter.com\/HackerHurricane\" target=\"_blank\"\u003EMichael Gough\u003C\/a\u003E first introduced me to the idea of malware hiding in the Windows registry a couple of years ago. It\u0026#39;s sneaky but it makes sense: most antivirus products depend on a malicious file existing on the hard drive. They scan the disk periodically for malicious programs, and will scan files written to or read from the disk when that read or write occurs.\u003C\/span\u003E\u003Cbr\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Cbr\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003EIf malware files never touch the disk, then when will antivirus scan them?\u003C\/span\u003E\u003Cbr\u003E\u003Ca href=\"http:\/\/www.securityforrealpeople.com\/2015\/08\/introducing-new-forensics-tool-reglister.html#more\"\u003ERead more »\u003C\/a\u003E"},"link":[{"rel":"edit","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/5682992155428563581"},{"rel":"self","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/5682992155428563581"},{"rel":"alternate","type":"text/html","href":"http:\/\/www.securityforrealpeople.com\/2015\/08\/introducing-new-forensics-tool-reglister.html","title":"Introducing a new forensics tool: RegLister"}],"author":[{"name":{"$t":"David"},"uri":{"$t":"http:\/\/www.blogger.com\/profile\/10169777669998745001"},"email":{"$t":"noreply@blogger.com"},"gd$image":{"rel":"http://schemas.google.com/g/2005#thumbnail","width":"16","height":"16","src":"https:\/\/img1.blogblog.com\/img\/b16-rounded.gif"}}],"media$thumbnail":{"xmlns$media":"http://search.yahoo.com/mrss/","url":"https:\/\/4.bp.blogspot.com\/-jZXKQ7auJTs\/Vc5Z7B6BUiI\/AAAAAAAAIB4\/870024hWTdI\/s72-c\/registry.jpg","height":"72","width":"72"}},{"id":{"$t":"tag:blogger.com,1999:blog-3911105790299130851.post-1408390015209409033"},"published":{"$t":"2015-08-04T08:22:00.000-05:00"},"updated":{"$t":"2017-01-14T19:54:36.379-06:00"},"category":[{"scheme":"http://www.blogger.com/atom/ns#","term":"Digital Forensics"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Faith Family \u0026 Fun"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Home Network Security"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Tech Tips"}],"title":{"type":"text","$t":"How to schedule cron jobs on an ASUS wireless router"},"content":{"type":"html","$t":"\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\u003Ca href=\"https:\/\/2.bp.blogspot.com\/-bA3mDgBmSWM\/VcAwWf_1AEI\/AAAAAAAAH9o\/Dpo9_E41yIQ\/s1600\/clock-160336_250.jpg\" imageanchor=\"1\" style=\"clear: right; float: right; margin-bottom: 1em; margin-left: 1em;\"\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Cimg border=\"0\" height=\"198\" src=\"https:\/\/2.bp.blogspot.com\/-bA3mDgBmSWM\/VcAwWf_1AEI\/AAAAAAAAH9o\/Dpo9_E41yIQ\/s200\/clock-160336_250.jpg\" width=\"200\"\u003E\u003C\/span\u003E\u003C\/a\u003E\u003C\/div\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003EWant to run a task on a regular schedule on your ASUS wireless router? Well, you\u0026#39;re out of luck.\u003C\/span\u003E\u003Cbr\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Cbr\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003EOr are you?\u003C\/span\u003E\u003Cbr\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Cbr\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003ECron is the well-known method of scheduling tasks for Unix, the equivalent of \u0026quot;at\u0026quot; on Windows. My purpose is not to document the \u003Ca href=\"https:\/\/en.wikipedia.org\/wiki\/Cron\" target=\"_blank\"\u003Euse of cron\u003C\/a\u003E - it is well documented elsewhere. Alas, ASUS does not include the crontab utility for creating and editing jobs in its firmware, but the cron daemon (crond) is installed and running. If a jobs file can be loaded into the daemon, crond will happily run the jobs.\u003C\/span\u003E\u003Cbr\u003E\u003Ca href=\"http:\/\/www.securityforrealpeople.com\/2015\/08\/cron-on-asus.html#more\"\u003ERead more »\u003C\/a\u003E"},"link":[{"rel":"edit","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/1408390015209409033"},{"rel":"self","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/1408390015209409033"},{"rel":"alternate","type":"text/html","href":"http:\/\/www.securityforrealpeople.com\/2015\/08\/cron-on-asus.html","title":"How to schedule cron jobs on an ASUS wireless router"}],"author":[{"name":{"$t":"David"},"uri":{"$t":"http:\/\/www.blogger.com\/profile\/10169777669998745001"},"email":{"$t":"noreply@blogger.com"},"gd$image":{"rel":"http://schemas.google.com/g/2005#thumbnail","width":"16","height":"16","src":"https:\/\/img1.blogblog.com\/img\/b16-rounded.gif"}}],"media$thumbnail":{"xmlns$media":"http://search.yahoo.com/mrss/","url":"https:\/\/2.bp.blogspot.com\/-bA3mDgBmSWM\/VcAwWf_1AEI\/AAAAAAAAH9o\/Dpo9_E41yIQ\/s72-c\/clock-160336_250.jpg","height":"72","width":"72"}},{"id":{"$t":"tag:blogger.com,1999:blog-3911105790299130851.post-4870292533065020888"},"published":{"$t":"2015-07-20T21:53:00.000-05:00"},"updated":{"$t":"2017-01-21T15:13:11.558-06:00"},"category":[{"scheme":"http://www.blogger.com/atom/ns#","term":"Bugs and Vulnerabilities"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Digital Forensics"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Encryption"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Home Network Security"}],"title":{"type":"text","$t":"Commentary on the BIS proposal regarding the Wassenaar Arrangement"},"content":{"type":"html","$t":"\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003EThe Bureau of Industry and Security (BIS) has proposed rules related to the Wassenaar Arrangement, a set of agreements intended to limit the exchange of weapons and related research. As Cyber security gains attention, the WA has been expanded to cover cyber research. Specifically, the BIS proposes to require export licenses for products and documentation related to network and software vulnerabilities. These rules have the potential to severely restrict the sort of work I and my peers in the industry do. The BIS is taking public comment through today. Below are my comments to the BIS taken in large part from a previous post on \u003Ca href=\"https:\/\/www.securityforrealpeople.com\/2015\/02\/shades-of-grey.html\" target=\"_blank\"\u003ESecurity Shades of Grey\u003C\/a\u003E.\u003C\/span\u003E\u003Cbr\u003E\u003Ca href=\"http:\/\/www.securityforrealpeople.com\/2015\/07\/commentary-on-bis-proposal-regarding.html#more\"\u003ERead more »\u003C\/a\u003E"},"link":[{"rel":"edit","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/4870292533065020888"},{"rel":"self","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/4870292533065020888"},{"rel":"alternate","type":"text/html","href":"http:\/\/www.securityforrealpeople.com\/2015\/07\/commentary-on-bis-proposal-regarding.html","title":"Commentary on the BIS proposal regarding the Wassenaar Arrangement"}],"author":[{"name":{"$t":"David"},"uri":{"$t":"http:\/\/www.blogger.com\/profile\/10169777669998745001"},"email":{"$t":"noreply@blogger.com"},"gd$image":{"rel":"http://schemas.google.com/g/2005#thumbnail","width":"16","height":"16","src":"https:\/\/img1.blogblog.com\/img\/b16-rounded.gif"}}]},{"id":{"$t":"tag:blogger.com,1999:blog-3911105790299130851.post-5118591454340343399"},"published":{"$t":"2015-07-08T11:06:00.003-05:00"},"updated":{"$t":"2017-01-20T21:13:40.595-06:00"},"category":[{"scheme":"http://www.blogger.com/atom/ns#","term":"Bugs and Vulnerabilities"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Digital Forensics"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Home Network Security"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Practical Security"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Small Word Security"}],"title":{"type":"text","$t":"Time to patch Adobe Flash Player. Now."},"content":{"type":"html","$t":"\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\u003Ca href=\"https:\/\/3.bp.blogspot.com\/-VfJbWz0z8mY\/VZ1MDCHkkGI\/AAAAAAAAH3Y\/p-qLniH5IJw\/s1600\/adobe-flash-logo-250.jpg\" imageanchor=\"1\" style=\"clear: right; float: right; margin-bottom: 1em; margin-left: 1em;\"\u003E\u003Cimg alt=\"An exploit for Adobe Flash Player is being actively used to infect computers with ransomware. Here is action you need to take NOW.\" border=\"0\" src=\"https:\/\/3.bp.blogspot.com\/-VfJbWz0z8mY\/VZ1MDCHkkGI\/AAAAAAAAH3Y\/p-qLniH5IJw\/s1600\/adobe-flash-logo-250.jpg\" title=\"An exploit for Adobe Flash Player is being actively used to infect computers with ransomware. Here is action you need to take NOW.\"\u003E\u003C\/a\u003E\u003C\/div\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Ci\u003EThis article was written about a specific incident the first week of July 2015, but the instructions are what I have recommended for at least a year - and will continue to be appropriate into the future. Also of note, the recommendation to make browser plug-ins \u0026quot;Click to Play\u0026quot; is effective against exploits in all sorts of plug-ins, including Flash, Java, Silverlight, Adobe Reader, Windows Media Player, and more.\u003C\/i\u003E\u003C\/span\u003E\u003Cbr\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cbr\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Ci\u003ELast updated \u003Cb\u003EDecember 8, 2016\u003C\/b\u003E. Current latest version is \u003Cb\u003E23.0.0.207.\u003C\/b\u003E\u003C\/i\u003E\u003C\/span\u003E\u003Cbr\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cbr\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003EEarly this week, the security firm Hacking Team was the victim of a massive network breach in which a large amount of company data was stolen and made public. This data included among other things a previously-unknown exploit against Adobe Flash Player. \u003C\/span\u003E\u003Cbr\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cbr\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003EThis exploit was quickly added to popular crimeware exploit kits (products that make it easy for an amateur criminal to create and deploy malware). It is actively being used to deliver \u0026quot;Cryptolocker,\u0026quot; a form of malware known as ransomware - malicious software that encrypts all your files and then demands a ransom payment to return the files to you.\u003C\/span\u003E\u003Cbr\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cbr\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003EIn short, a fully-patched PC could be completely owned simply by browsing to a web site carrying a malicious Flash object. Since Flash videos are a common type of advertisement, you do not even need to browse anywhere unusual - a malicious ad slipped into the rotation at your favorite news site would be enough.\u003C\/span\u003E\u003Cbr\u003E\u003Cdiv\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cbr\u003E\u003C\/span\u003E\u003C\/div\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003EAdobe released an update this morning to fix the vulnerability. Here is what you need to do.\u003C\/span\u003E\u003Cbr\u003E\u003Ca href=\"http:\/\/www.securityforrealpeople.com\/2015\/07\/time-to-patch-adobe-flash-player-now.html#more\"\u003ERead more »\u003C\/a\u003E"},"link":[{"rel":"edit","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/5118591454340343399"},{"rel":"self","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/5118591454340343399"},{"rel":"alternate","type":"text/html","href":"http:\/\/www.securityforrealpeople.com\/2015\/07\/time-to-patch-adobe-flash-player-now.html","title":"Time to patch Adobe Flash Player. Now."}],"author":[{"name":{"$t":"David"},"uri":{"$t":"http:\/\/www.blogger.com\/profile\/10169777669998745001"},"email":{"$t":"noreply@blogger.com"},"gd$image":{"rel":"http://schemas.google.com/g/2005#thumbnail","width":"16","height":"16","src":"https:\/\/img1.blogblog.com\/img\/b16-rounded.gif"}}],"media$thumbnail":{"xmlns$media":"http://search.yahoo.com/mrss/","url":"https:\/\/3.bp.blogspot.com\/-VfJbWz0z8mY\/VZ1MDCHkkGI\/AAAAAAAAH3Y\/p-qLniH5IJw\/s72-c\/adobe-flash-logo-250.jpg","height":"72","width":"72"}},{"id":{"$t":"tag:blogger.com,1999:blog-3911105790299130851.post-6237068675261586074"},"published":{"$t":"2015-06-22T08:38:00.001-05:00"},"updated":{"$t":"2016-10-29T18:07:05.637-05:00"},"category":[{"scheme":"http://www.blogger.com/atom/ns#","term":"Bank and Credit Card Security"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Digital Forensics"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Financial Fraud"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Identity Theft"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Phishing"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Practical Security"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Privacy"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Social Engineering"}],"title":{"type":"text","$t":"Please, oh please, won't you phish me?"},"content":{"type":"html","$t":"\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\u003C\/div\u003E\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\u003Ca href=\"https:\/\/3.bp.blogspot.com\/-mifwfbEEcJw\/VXtNuzDDFvI\/AAAAAAAAHxg\/gBFm_zUZlJQ\/s1600\/apple-phish-leader.jpg\" imageanchor=\"1\" style=\"clear: left; float: left; margin-bottom: 1em; margin-right: 1em;\"\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cimg alt=\"Sign in to iTunes Connect\" border=\"0\" height=\"200\" src=\"https:\/\/3.bp.blogspot.com\/-mifwfbEEcJw\/VXtNuzDDFvI\/AAAAAAAAHxg\/gBFm_zUZlJQ\/s200\/apple-phish-leader.jpg\" title=\"Time for a phishing lesson\" width=\"199\"\u003E\u003C\/span\u003E\u003C\/a\u003E\u003C\/div\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Ci\u003EUpdate: I have received a couple of variations on this; scroll to the bottom to see a running list of subjects and phishing URLs.\u003C\/i\u003E\u003C\/span\u003E\u003Cbr\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cbr\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003ETime for another phishing lesson. \u003C\/span\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003EToday\u0026#39;s lesson involves a fake email pretending to be from Apple, which tries to steal not only your Apple ID login information, but everything else necessary to fully impersonate your identity: a credit card number with expiration and security code; mailing address; date of birth; social security number; and oh yes, your favorite security question. \u003C\/span\u003E\u003Cbr\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cbr\u003EUnlike many phishing attempts, this scam is quite professionally done. Other than the obscene amount of personal information it collects to \u0026quot;verify\u0026quot; your account, there is not much to indicate it is fraudulent once you have clicked the link.\u003C\/span\u003E\u003Cbr\u003E\u003Ca href=\"http:\/\/www.securityforrealpeople.com\/2015\/06\/please-oh-please-wont-you-phish-me.html#more\"\u003ERead more »\u003C\/a\u003E"},"link":[{"rel":"edit","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/6237068675261586074"},{"rel":"self","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/6237068675261586074"},{"rel":"alternate","type":"text/html","href":"http:\/\/www.securityforrealpeople.com\/2015\/06\/please-oh-please-wont-you-phish-me.html","title":"Please, oh please, won't you phish me?"}],"author":[{"name":{"$t":"David"},"uri":{"$t":"http:\/\/www.blogger.com\/profile\/10169777669998745001"},"email":{"$t":"noreply@blogger.com"},"gd$image":{"rel":"http://schemas.google.com/g/2005#thumbnail","width":"16","height":"16","src":"https:\/\/img1.blogblog.com\/img\/b16-rounded.gif"}}],"media$thumbnail":{"xmlns$media":"http://search.yahoo.com/mrss/","url":"https:\/\/3.bp.blogspot.com\/-mifwfbEEcJw\/VXtNuzDDFvI\/AAAAAAAAHxg\/gBFm_zUZlJQ\/s72-c\/apple-phish-leader.jpg","height":"72","width":"72"}},{"id":{"$t":"tag:blogger.com,1999:blog-3911105790299130851.post-5980416792168605766"},"published":{"$t":"2015-04-07T08:33:00.002-05:00"},"updated":{"$t":"2017-01-13T22:05:13.390-06:00"},"category":[{"scheme":"http://www.blogger.com/atom/ns#","term":"Bank and Credit Card Security"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Digital Forensics"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Practical Security"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Privacy"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Small Word Security"}],"title":{"type":"text","$t":"Don't get pwned by a former service provider"},"content":{"type":"html","$t":"\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\u003Ca href=\"https:\/\/2.bp.blogspot.com\/-_czY1Kk9Jwo\/VJ4kWOprK3I\/AAAAAAAAF3I\/EsMKvo5xW7g\/s1600\/hosting1.jpg\" imageanchor=\"1\" style=\"clear: left; float: left; margin-bottom: 1em; margin-right: 1em;\"\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Cimg alt=\"When establishing a business - to - business relationship, don\u0026#39;t forget to specify what happens to information when the business relationship ends.\" border=\"0\" src=\"https:\/\/2.bp.blogspot.com\/-_czY1Kk9Jwo\/VJ4kWOprK3I\/AAAAAAAAF3I\/EsMKvo5xW7g\/s1600\/hosting1_sm.jpg\" title=\"When establishing a business - to - business relationship, don\u0026#39;t forget to specify what happens to information when the business relationship ends.\"\u003E\u003C\/span\u003E\u003C\/a\u003E\u003C\/div\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003EThe growth of the Internet from a novel idea into a business necessity created a new market for online service providers. Large corporations have the resources to run their own web servers and to hire professional staff to keep them running well and (hopefully) secure. When you run a small business though - and in particular, a business that is not in a computer technology field - more often than not you are dependent on third parties to provide such services. If your company is in the business of collecting and disposing of garbage, you might expect to invest heavily in trucks and landfill property. A company web site through which to offer online bill payment may not be at the top of your in-house priority list.\u003C\/span\u003E\u003Cbr\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Cbr\u003EThere\u0026#39;s absolutely nothing wrong with that.Why try to be something you are not? Doing what you do, well, and paying someone else to do the rest can be an effective business model. Alas, outsourcing isn\u0026#39;t (or at least shouldn\u0026#39;t be) a \u0026quot;choose someone and forget about it\u0026quot; decision.\u003C\/span\u003E\u003Cbr\u003E\u003Ca href=\"http:\/\/www.securityforrealpeople.com\/2015\/04\/dont-get-pwned-by-former-service.html#more\"\u003ERead more »\u003C\/a\u003E"},"link":[{"rel":"edit","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/5980416792168605766"},{"rel":"self","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/5980416792168605766"},{"rel":"alternate","type":"text/html","href":"http:\/\/www.securityforrealpeople.com\/2015\/04\/dont-get-pwned-by-former-service.html","title":"Don't get pwned by a former service provider"}],"author":[{"name":{"$t":"David"},"uri":{"$t":"http:\/\/www.blogger.com\/profile\/10169777669998745001"},"email":{"$t":"noreply@blogger.com"},"gd$image":{"rel":"http://schemas.google.com/g/2005#thumbnail","width":"16","height":"16","src":"https:\/\/img1.blogblog.com\/img\/b16-rounded.gif"}}],"media$thumbnail":{"xmlns$media":"http://search.yahoo.com/mrss/","url":"https:\/\/2.bp.blogspot.com\/-_czY1Kk9Jwo\/VJ4kWOprK3I\/AAAAAAAAF3I\/EsMKvo5xW7g\/s72-c\/hosting1_sm.jpg","height":"72","width":"72"}},{"id":{"$t":"tag:blogger.com,1999:blog-3911105790299130851.post-659153898752632303"},"published":{"$t":"2015-03-31T09:41:00.000-05:00"},"updated":{"$t":"2017-01-21T09:59:03.507-06:00"},"category":[{"scheme":"http://www.blogger.com/atom/ns#","term":"Digital Forensics"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Malware"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Tech Tips"}],"title":{"type":"text","$t":"Needle in a haystack: searching from the Windows command line"},"content":{"type":"html","$t":"\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\u003Ca href=\"https:\/\/2.bp.blogspot.com\/-pW7xl6EaKi8\/VRqxFmRHF2I\/AAAAAAAAHK4\/nY8ZpTx4L40\/s1600\/haystack.jpg\" imageanchor=\"1\" style=\"clear: left; float: left; margin-bottom: 1em; margin-right: 1em;\"\u003E\u003Cimg alt=\"A key part of security involves basic command line skills. Read on for some tips for command-line searches on Windows.\" border=\"0\" height=\"132\" src=\"https:\/\/2.bp.blogspot.com\/-pW7xl6EaKi8\/VRqxFmRHF2I\/AAAAAAAAHK4\/nY8ZpTx4L40\/s1600\/haystack.jpg\" title=\"A key part of security involves basic command line skills. Read on for some tips for command-line searches on Windows.\" width=\"200\"\u003E\u003C\/a\u003E\u003C\/div\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003EPart of network security involves fancy technology, specialized devices, and ever-advancing techniques. The crooks are constantly improving their craft, and so must the defenders. But an equally important part of security involves mundane and boring tasks, tasks such as looking through log files for indications that something undesirable happened or that someone has gained unauthorized access - i.e. Forensics 101.\u003C\/span\u003E\u003Cbr\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Cbr\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003EThere are a myriad tools available for searching, whether on Windows, Linux, or Mac. I am of the opinion that a security expert (or system administrator) needs to understand the command line and built-in tools first. There are times when you don\u0026#39;t have the luxury of installing or using custom tools and have to make do with what comes on the operating system. If that system is Windows, you get Find and Findstr.\u003C\/span\u003E\u003Cbr\u003E\u003Ca href=\"http:\/\/www.securityforrealpeople.com\/2015\/03\/a-needle-in-haystack-searching-from.html#more\"\u003ERead more »\u003C\/a\u003E"},"link":[{"rel":"edit","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/659153898752632303"},{"rel":"self","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/659153898752632303"},{"rel":"alternate","type":"text/html","href":"http:\/\/www.securityforrealpeople.com\/2015\/03\/a-needle-in-haystack-searching-from.html","title":"Needle in a haystack: searching from the Windows command line"}],"author":[{"name":{"$t":"David"},"uri":{"$t":"http:\/\/www.blogger.com\/profile\/10169777669998745001"},"email":{"$t":"noreply@blogger.com"},"gd$image":{"rel":"http://schemas.google.com/g/2005#thumbnail","width":"16","height":"16","src":"https:\/\/img1.blogblog.com\/img\/b16-rounded.gif"}}],"media$thumbnail":{"xmlns$media":"http://search.yahoo.com/mrss/","url":"https:\/\/2.bp.blogspot.com\/-pW7xl6EaKi8\/VRqxFmRHF2I\/AAAAAAAAHK4\/nY8ZpTx4L40\/s72-c\/haystack.jpg","height":"72","width":"72"}},{"id":{"$t":"tag:blogger.com,1999:blog-3911105790299130851.post-827402368495315790"},"published":{"$t":"2015-03-17T23:29:00.000-05:00"},"updated":{"$t":"2017-01-21T10:03:55.988-06:00"},"category":[{"scheme":"http://www.blogger.com/atom/ns#","term":"Bank and Credit Card Security"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Cyber Crime"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Digital Forensics"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Encryption"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Hacking"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Identity Theft"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Internet of Things"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Mobile Device Security"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Password Management"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Practical Security"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Social Engineering"}],"title":{"type":"text","$t":"Security B-Sides Austin: Recapping a hacker conference "},"content":{"type":"html","$t":"\u003Ca href=\"https:\/\/1.bp.blogspot.com\/-EQWc-EKLMnk\/VQb1TrE7jeI\/AAAAAAAAHAo\/XmcADZjn5Nc\/s1600\/BSides%2BAustin%2BLogo%2BWhite%2Bback.jpg\" imageanchor=\"1\" style=\"clear: left; float: left; margin-bottom: 1em; margin-right: 1em;\"\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003C\/span\u003E\u003C\/a\u003E \u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\u003Ca href=\"https:\/\/3.bp.blogspot.com\/-whX_MqPfyzY\/VQuDgE6IY_I\/AAAAAAAAHCY\/7oH1m45YV1k\/s1600\/badge.jpg\" imageanchor=\"1\" style=\"clear: left; float: left; margin-bottom: 1em; margin-right: 1em;\"\u003E\u003Cimg alt=\"A recap of the 2015 Austin B-Sides security conference, with links to speakers and slides where available\" border=\"0\" height=\"190\" src=\"https:\/\/3.bp.blogspot.com\/-whX_MqPfyzY\/VQuDgE6IY_I\/AAAAAAAAHCY\/7oH1m45YV1k\/s1600\/badge.jpg\" title=\"A recap of the 2015 Austin B-Sides security conference, with links to speakers and slides where available\" width=\"200\"\u003E\u003C\/a\u003E\u003C\/div\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003EMarch 12 and 13, about 250 hackers and security practitioners from around Texas (and as far away as Canada) descended upon Round Rock, a suburb of Austin, for two days of training and research presentations. Security B-Sides sprung up in 2009, as an alternative to the major (and highly-attended) conferences such as Blackhat and RSA: there\u0026#39;s not much opportunity to talk one-on-one with a researcher at a conference attended by 10,000. In 2009,the inaugural B-Sides was held in Las Vegas; a year later, B-Sides Austin launched, timed to coincide with the annual Spring Break phenomenon known as SXSW (South by Southwest). For 2015, over 30 events in North and South America and Europe are scheduled, with more in the planning stages.\u003C\/span\u003E\u003Cbr\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cbr\u003EI refer to B-Sides as a hacker conference. Some readers may take offense. I use hacker in its original (and to many, \u0026quot;real\u0026quot;) sense: one that knows a topic well and can modify something to do his or her will, rather than what the creator intended. That culture has nothing to do with malicious use of computers - it is the culture that lead to automotive performance shops, or the motorcycle customization industry glamorized by West Coast Choppers for two examples. A hacker could be known less controversially as a maker, or a tinkerer, or a modder - or an engineer. In that sense, I am proud to wear the label of hacker.\u003C\/span\u003E\u003Cbr\u003E\u003Ca href=\"http:\/\/www.securityforrealpeople.com\/2015\/03\/security-b-sides-austin-recapping.html#more\"\u003ERead more »\u003C\/a\u003E"},"link":[{"rel":"edit","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/827402368495315790"},{"rel":"self","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/827402368495315790"},{"rel":"alternate","type":"text/html","href":"http:\/\/www.securityforrealpeople.com\/2015\/03\/security-b-sides-austin-recapping.html","title":"Security B-Sides Austin: Recapping a hacker conference "}],"author":[{"name":{"$t":"David"},"uri":{"$t":"http:\/\/www.blogger.com\/profile\/10169777669998745001"},"email":{"$t":"noreply@blogger.com"},"gd$image":{"rel":"http://schemas.google.com/g/2005#thumbnail","width":"16","height":"16","src":"https:\/\/img1.blogblog.com\/img\/b16-rounded.gif"}}],"media$thumbnail":{"xmlns$media":"http://search.yahoo.com/mrss/","url":"https:\/\/3.bp.blogspot.com\/-whX_MqPfyzY\/VQuDgE6IY_I\/AAAAAAAAHCY\/7oH1m45YV1k\/s72-c\/badge.jpg","height":"72","width":"72"}},{"id":{"$t":"tag:blogger.com,1999:blog-3911105790299130851.post-5885659431650353000"},"published":{"$t":"2015-02-24T20:33:00.000-06:00"},"updated":{"$t":"2015-08-25T17:32:53.754-05:00"},"category":[{"scheme":"http://www.blogger.com/atom/ns#","term":"Digital Forensics"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Hacking"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Practical Security"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Small Word Security"}],"title":{"type":"text","$t":"These are a few of my favorite blogs"},"content":{"type":"html","$t":"\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003EIn no particular order, a list of security bloggers and information sources I find useful:\u003C\/span\u003E\u003Cbr \/\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\u003Cbr \/\u003E\u003Cul\u003E\u003Cli\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E[\u003Ca href=\"http:\/\/krebsonsecurity.com\/\" target=\"_blank\"\u003Eweb\u003C\/a\u003E] [\u003Ca href=\"http:\/\/krebsonsecurity.com\/feed\/\"\u003Erss\u003C\/a\u003E] Krebs on Security (Brian Krebs)\u003C\/span\u003E\u003C\/li\u003E\u003Cli\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E[\u003Ca href=\"http:\/\/grahamcluley.com\/\" target=\"_blank\"\u003Eweb\u003C\/a\u003E] [\u003Ca href=\"http:\/\/grahamcluley.com\/feed\"\u003Erss\u003C\/a\u003E]\u0026nbsp;Graham Cluley\u003C\/span\u003E\u003C\/li\u003E\u003Cli\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E[\u003Ca href=\"http:\/\/www.hotforsecurity.com\/\" target=\"_blank\"\u003Eweb\u003C\/a\u003E] [\u003Ca href=\"http:\/\/feeds.feedburner.com\/HOTforSecurity\"\u003Erss\u003C\/a\u003E]\u0026nbsp;Hot for Security\u003C\/span\u003E\u003C\/li\u003E\u003Cli\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E[\u003Ca href=\"http:\/\/lcamtuf.blogspot.com\/\" target=\"_blank\"\u003Eweb\u003C\/a\u003E] [\u003Ca href=\"http:\/\/lcamtuf.blogspot.com\/feeds\/posts\/default\"\u003Erss\u003C\/a\u003E]\u0026nbsp;lcamtuf (Michal Zalewski)\u003C\/span\u003E\u003C\/li\u003E\u003Cli\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E[\u003Ca href=\"http:\/\/www.troyhunt.com\/\" target=\"_blank\"\u003Eweb\u003C\/a\u003E] [\u003Ca href=\"http:\/\/feeds.feedburner.com\/TroyHunt\"\u003Erss\u003C\/a\u003E]\u0026nbsp;Troy Hunt\u003C\/span\u003E\u003C\/li\u003E\u003Cli\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E[\u003Ca href=\"http:\/\/seclists.org\/fulldisclosure\/\" target=\"_blank\"\u003Eweb\u003C\/a\u003E] [\u003Ca href=\"http:\/\/seclists.org\/rss\/fulldisclosure.rss\"\u003Erss\u003C\/a\u003E]\u0026nbsp;Full Disclosure (mostly vulnerability disclosures)\u003C\/span\u003E\u003C\/li\u003E\u003Cli\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E[\u003Ca href=\"https:\/\/www.f-secure.com\/weblog\/\" target=\"_blank\"\u003Eweb\u003C\/a\u003E] [\u003Ca href=\"http:\/\/www.f-secure.com\/weblog\/weblog.rss\"\u003Erss\u003C\/a\u003E]\u0026nbsp;F-Secure Labs\u003C\/span\u003E\u003C\/li\u003E\u003Cli\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E[\u003Ca href=\"https:\/\/isc.sans.edu\/\" target=\"_blank\"\u003Eweb\u003C\/a\u003E] [\u003Ca href=\"https:\/\/isc.sans.edu\/rssfeed_full.xml\"\u003Erss\u003C\/a\u003E]\u0026nbsp;SANS Internet Storm Center\u003C\/span\u003E\u003C\/li\u003E\u003Cli\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E[\u003Ca href=\"https:\/\/isc.sans.edu\/newssummary.html\" target=\"_blank\"\u003Eweb\u003C\/a\u003E] [\u003Ca href=\"https:\/\/isc.sans.edu\/newssummary.xml\"\u003Erss\u003C\/a\u003E]\u0026nbsp;SANS Curated News\u003C\/span\u003E\u003C\/li\u003E\u003Cli\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E[\u003Ca href=\"http:\/\/ics.sans.org\/blog\" target=\"_blank\"\u003Eweb\u003C\/a\u003E] [\u003Ca href=\"http:\/\/ics.sans.org\/blog\/feed\/\" target=\"_blank\"\u003Erss\u003C\/a\u003E] SANS Industrial Control Systems Blog\u003C\/span\u003E\u003C\/li\u003E\u003Cli\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E[\u003Ca href=\"http:\/\/digital-forensics.sans.org\/blog\" target=\"_blank\"\u003Eweb\u003C\/a\u003E] [\u003Ca href=\"http:\/\/digital-forensics.sans.org\/blog\/feed\/\" target=\"_blank\"\u003Erss\u003C\/a\u003E]\u0026nbsp;SANS Digital Forensics and Incident Response Blog\u003C\/span\u003E\u003C\/li\u003E\u003Cli\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E[\u003Ca href=\"http:\/\/www.exploit-db.com\/\" target=\"_blank\"\u003Eweb\u003C\/a\u003E] [\u003Ca href=\"http:\/\/www.exploit-db.com\/rss.xml\"\u003Erss\u003C\/a\u003E]\u0026nbsp;Exploit DB\u003C\/span\u003E\u003C\/li\u003E\u003Cli\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E[\u003Ca href=\"http:\/\/blogs.technet.com\/b\/msrc\/\" target=\"_blank\"\u003Eweb\u003C\/a\u003E] [\u003Ca href=\"http:\/\/blogs.technet.com\/b\/msrc\/rss.aspx\"\u003Erss\u003C\/a\u003E]\u0026nbsp;Microsoft Security Response Center\u003C\/span\u003E\u003C\/li\u003E\u003Cli\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E[\u003Ca href=\"http:\/\/daveshackleford.com\/\" target=\"_blank\"\u003Eweb\u003C\/a\u003E] [\u003Ca href=\"http:\/\/daveshackleford.com\/?feed=rss2\"\u003Erss\u003C\/a\u003E]\u0026nbsp;Dave Shackleford\u003C\/span\u003E\u003C\/li\u003E\u003Cli\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E[\u003Ca href=\"https:\/\/code.google.com\/p\/google-security-research\/issues\/list\" target=\"_blank\"\u003Eweb\u003C\/a\u003E] [\u003Ca href=\"https:\/\/code.google.com\/feeds\/p\/google-security-research\/issueupdates\/basic\" target=\"_blank\"\u003Erss\u003C\/a\u003E]\u0026nbsp;Google Project Zero issue tracker\u003C\/span\u003E\u003C\/li\u003E\u003Cli\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E[\u003Ca href=\"http:\/\/googleprojectzero.blogspot.com\/\" target=\"_blank\"\u003Eweb\u003C\/a\u003E] [\u003Ca href=\"http:\/\/googleprojectzero.blogspot.com\/feeds\/posts\/default\" target=\"_blank\"\u003Erss\u003C\/a\u003E]\u0026nbsp;Google Project Zero blog\u003C\/span\u003E\u003C\/li\u003E\u003Cli\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E[\u003Ca href=\"http:\/\/googleonlinesecurity.blogspot.com\/\" target=\"_blank\"\u003Eweb\u003C\/a\u003E] [\u003Ca href=\"http:\/\/googleonlinesecurity.blogspot.com\/atom.xml\" target=\"_blank\"\u003Erss\u003C\/a\u003E]\u0026nbsp;Google Online Security Blog\u003C\/span\u003E\u003C\/li\u003E\u003Cli\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E[\u003Ca href=\"http:\/\/carnal0wnage.attackresearch.com\/\" target=\"_blank\"\u003Eweb\u003C\/a\u003E] [\u003Ca href=\"http:\/\/carnal0wnage.attackresearch.com\/feeds\/posts\/default\" target=\"_blank\"\u003Erss\u003C\/a\u003E]\u0026nbsp;Carnal0wnage (Chris Gates)\u003C\/span\u003E\u003C\/li\u003E\u003Cli\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E[\u003Ca href=\"https:\/\/labs.opendns.com\/blog\/\" target=\"_blank\"\u003Eweb\u003C\/a\u003E] [\u003Ca href=\"https:\/\/labs.opendns.com\/feed\/\" target=\"_blank\"\u003Erss\u003C\/a\u003E]\u0026nbsp;OpenDNS Labs\u003C\/span\u003E\u003C\/li\u003E\u003Cli\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E[\u003Ca href=\"http:\/\/www.darkreading.com\/\" target=\"_blank\"\u003Eweb\u003C\/a\u003E] [\u003Ca href=\"http:\/\/www.darkreading.com\/rss_feeds.asp\" target=\"_blank\"\u003Erss\u003C\/a\u003E]\u0026nbsp;Dark Reading\u003C\/span\u003E\u003C\/li\u003E\u003Cli\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E[\u003Ca href=\"http:\/\/www.net-security.org\/\" target=\"_blank\"\u003Eweb\u003C\/a\u003E] [\u003Ca href=\"http:\/\/feeds2.feedburner.com\/HelpNetSecurity\" target=\"_blank\"\u003Erss\u003C\/a\u003E]\u0026nbsp;Help Net Security\u003C\/span\u003E\u003C\/li\u003E\u003Cli\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E[\u003Ca href=\"https:\/\/securityblog.verizonenterprise.com\/\" target=\"_blank\"\u003Eweb\u003C\/a\u003E] [\u003Ca href=\"http:\/\/securityblog.verizonenterprise.com\/?feed=rss\" target=\"_blank\"\u003Erss\u003C\/a\u003E]\u0026nbsp;Verizon Security Blog\u003C\/span\u003E\u003C\/li\u003E\u003Cli\u003E\u003Cspan style=\"font-family: 'Helvetica Neue', Arial, Helvetica, sans-serif;\"\u003E[\u003Ca href=\"http:\/\/blog.erratasec.com\/\" target=\"_blank\"\u003Eweb\u003C\/a\u003E] [\u003Ca href=\"http:\/\/blog.erratasec.com\/feeds\/posts\/default\" target=\"_blank\"\u003Erss\u003C\/a\u003E]\u0026nbsp;Errata Rob (Robert Graham)\u003C\/span\u003E\u003C\/li\u003E\u003Cli\u003E\u003Cspan style=\"font-family: 'Helvetica Neue', Arial, Helvetica, sans-serif;\"\u003E[\u003Ca href=\"http:\/\/blog.wh1t3rabbit.net\/\" target=\"_blank\"\u003Eweb\u003C\/a\u003E] [\u003Ca href=\"http:\/\/blog.wh1t3rabbit.net\/feeds\/posts\/default\" target=\"_blank\"\u003Erss\u003C\/a\u003E] Wh1t3 Rabbit (Rafal Los)\u003C\/span\u003E\u003C\/li\u003E\u003Cli\u003E\u003Cspan style=\"font-family: 'Helvetica Neue', Arial, Helvetica, sans-serif;\"\u003E[\u003Ca href=\"https:\/\/www.schneier.com\/\" target=\"_blank\"\u003Eweb\u003C\/a\u003E] [\u003Ca href=\"https:\/\/www.schneier.com\/blog\/atom.xml\" target=\"_blank\"\u003Erss\u003C\/a\u003E] Schneier on Security (Bruce Schneier)\u003C\/span\u003E\u003C\/li\u003E\u003Cli\u003E\u003Cspan style=\"font-family: 'Helvetica Neue', Arial, Helvetica, sans-serif;\"\u003E[\u003Ca href=\"http:\/\/www.social-engineer.org\/blog\/\" target=\"_blank\"\u003Eweb\u003C\/a\u003E] [\u003Ca href=\"http:\/\/www.social-engineer.org\/feed\" target=\"_blank\"\u003Erss\u003C\/a\u003E] Social-Engineer\u003C\/span\u003E\u003C\/li\u003E\u003Cli\u003E\u003Cspan style=\"font-family: 'Helvetica Neue', Arial, Helvetica, sans-serif;\"\u003E[\u003Ca href=\"http:\/\/www.commonexploits.com\/\" target=\"_blank\"\u003Eweb\u003C\/a\u003E] [\u003Ca href=\"http:\/\/www.commonexploits.com\/feed\/\" target=\"_blank\"\u003Erss\u003C\/a\u003E] Common Exploits (Daniel Compton)\u0026nbsp;\u003C\/span\u003E\u003C\/li\u003E\u003Cli\u003E\u003Cspan style=\"font-family: 'Helvetica Neue', Arial, Helvetica, sans-serif;\"\u003E[\u003Ca href=\"https:\/\/blogs.mcafee.com\/mcafee-labs\" target=\"_blank\"\u003Eweb\u003C\/a\u003E] [\u003Ca href=\"https:\/\/blogs.mcafee.com\/mcafee-labs?feed=rss2\u0026amp;cat=442\" target=\"_blank\"\u003Erss\u003C\/a\u003E] McAfee Labs\u003C\/span\u003E\u003C\/li\u003E\u003Cli\u003E\u003Cspan style=\"font-family: 'Helvetica Neue', Arial, Helvetica, sans-serif;\"\u003E[\u003Ca href=\"http:\/\/dashboard.csoonline.com\/\" target=\"_blank\"\u003Eweb\u003C\/a\u003E] [\u003Ca href=\"http:\/\/www.csoonline.com\/news\/index.rss\" target=\"_blank\"\u003Erss\u003C\/a\u003E] CSO Online Dashboard \/ Security News\u003C\/span\u003E\u003C\/li\u003E\u003Cli\u003E\u003Cspan style=\"font-family: 'Helvetica Neue', Arial, Helvetica, sans-serif;\"\u003E[\u003Ca href=\"http:\/\/blog.uncommonsensesecurity.com\/\" target=\"_blank\"\u003Eweb\u003C\/a\u003E] [\u003Ca href=\"http:\/\/blog.uncommonsensesecurity.com\/feeds\/posts\/default\" target=\"_blank\"\u003Erss\u003C\/a\u003E] Uncommon Sense Security (Jack Daniel)\u003C\/span\u003E\u003C\/li\u003E\u003C\/ul\u003E\u003Cdiv\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\u003C\/div\u003E\u003Cdiv\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003EPodcasts\u003C\/span\u003E\u003Cbr \/\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\u003Cbr \/\u003E\u003Cul\u003E\u003Cli\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Ca href=\"https:\/\/isc.sans.edu\/podcast.html\" target=\"_blank\"\u003ESANS Internet Storm Center\u003C\/a\u003E\u003C\/span\u003E\u003C\/li\u003E\u003Cli\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Ca href=\"https:\/\/nakedsecurity.sophos.com\/tag\/chet-chat\/\" target=\"_blank\"\u003EChet Chat\u003C\/a\u003E\u0026nbsp;(Sophos Security)\u003C\/span\u003E\u003C\/li\u003E\u003Cli\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Ca href=\"http:\/\/www.southernfriedsecurity.com\/\" target=\"_blank\"\u003ESouthern Fried Security\u003C\/a\u003E\u003C\/span\u003E\u003C\/li\u003E\u003Cli\u003E\u003Ca href=\"http:\/\/brakeingsecurity.blogspot.com\/\" target=\"_blank\"\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003EBrakeing Down Security\u003C\/span\u003E\u003C\/a\u003E\u003C\/li\u003E\u003Cli\u003E\u003Ca href=\"http:\/\/www.defensivesecurity.org\/\" target=\"_blank\"\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003EDefensive Security\u003C\/span\u003E\u003C\/a\u003E\u003C\/li\u003E\u003Cli\u003E\u003Ca href=\"http:\/\/securityweekly.com\/\" target=\"_blank\"\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003EPaul's Security Weekly\u003C\/span\u003E\u003C\/a\u003E\u003C\/li\u003E\u003Cli\u003E\u003Ca href=\"http:\/\/www.social-engineer.org\/category\/podcast\/\" target=\"_blank\"\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003ESocial-Engineer\u003C\/span\u003E\u003C\/a\u003E\u003C\/li\u003E\u003Cli\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Ca href=\"http:\/\/podcast.wh1t3rabbit.net\/\" target=\"_blank\"\u003EDown the Security Rabbithole\u003C\/a\u003E\u0026nbsp;(Wh1t3 Rabbit's DtSR)\u003C\/span\u003E\u003C\/li\u003E\u003C\/ul\u003E\u003Cbr \/\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E...and a few not necessarily security-related:\u003C\/span\u003E\u003C\/div\u003E\u003Cdiv\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\u003C\/div\u003E\u003Cdiv\u003E\u003Cul\u003E\u003Cli\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Ca href=\"http:\/\/www.cyberciti.biz\/\"\u003Enixcraft\u003C\/a\u003E\u0026nbsp;(\u003Ca href=\"http:\/\/www.cyberciti.biz\/nixcraft-rss-feed-syndication\/\"\u003Erss\u003C\/a\u003E) - knowledge of all things *nix\u003C\/span\u003E\u003C\/li\u003E\u003Cli\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Ca href=\"http:\/\/blog.commandlinekungfu.com\/\"\u003ECommand Line Kung Fu\u003C\/a\u003E\u0026nbsp;(\u003Ca href=\"http:\/\/blog.commandlinekungfu.com\/feeds\/posts\/default\"\u003Erss\u003C\/a\u003E) - just what it says, for Windows, *nix, and Powershell\u003C\/span\u003E\u003C\/li\u003E\u003Cli\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Ca href=\"https:\/\/www.frozentux.net\/iptables-tutorial\/chunkyhtml\/c962.html\"\u003Eiptables tutorial\u003C\/a\u003E\u0026nbsp;- great primer on the *nix iptables firewall\u003C\/span\u003E\u003C\/li\u003E\u003C\/ul\u003E\u003Cdiv\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\u003C\/div\u003E\u003C\/div\u003E\u003Cdiv\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003EAlong with some useful finds:\u003C\/span\u003E\u003C\/div\u003E\u003Cdiv\u003E\u003Cul\u003E\u003Cli\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Ca href=\"http:\/\/www.omriher.com\/2015\/01\/captipper-malicious-http-traffic.html\" target=\"_blank\"\u003ECapTipper\u003C\/a\u003E: Malicious HTTP traffic explorer tool. Point it at a PCAP or live traffic and easily pull out hosts, conversations, downloaded files, etc.\u003C\/span\u003E\u003C\/li\u003E\u003Cli\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Ca href=\"http:\/\/www.vxsecurity.sg\/2015\/02\/18\/technical-analysis-scoop-apk\/\" target=\"_blank\"\u003EBit.ly to track malware outbreaks\u003C\/a\u003E: A short piece using bit.ly's click analysis to view geographic distribution and infection rates.\u003C\/span\u003E\u003C\/li\u003E\u003Cli\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Ca href=\"https:\/\/github.com\/robertdavidgraham\/pemcrack\" target=\"_blank\"\u003EPemcrack\u003C\/a\u003E: ErrataRob's tool to crack SSL PEM files that hold encrypted private keys (first authored to crack the Superfish cert)\u003C\/span\u003E\u003C\/li\u003E\u003Cli\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Ca href=\"https:\/\/www.reddit.com\/r\/computerforensics\/wiki\/faq#wiki_recommended_forensics_books.2Fresources.3F\" target=\"_blank\"\u003ERecommended forensic reading\u003C\/a\u003E: a list of books\u003C\/span\u003E\u003C\/li\u003E\u003Cli\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Ca href=\"https:\/\/github.com\/kbandla\/APTnotes\" target=\"_blank\"\u003EAPTNotes\u003C\/a\u003E: Github repository of whitepapers, docs and articles related to APT campaigns\u003C\/span\u003E\u003C\/li\u003E\u003Cli\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Ca href=\"http:\/\/www.telerik.com\/fiddler\" target=\"_blank\"\u003ETelerik Fiddler\u003C\/a\u003E: web debugging proxy\u003C\/span\u003E\u003C\/li\u003E\u003C\/ul\u003E\u003Cdiv\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\u003C\/div\u003E\u003C\/div\u003E\u003Cdiv\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Ci\u003EPlease reply in the comments below if you have a favorite that I overlooked!\u003C\/i\u003E\u003C\/span\u003E\u003C\/div\u003E"},"link":[{"rel":"edit","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/5885659431650353000"},{"rel":"self","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/5885659431650353000"},{"rel":"alternate","type":"text/html","href":"http:\/\/www.securityforrealpeople.com\/2015\/02\/favorite-blogs.html","title":"These are a few of my favorite blogs"}],"author":[{"name":{"$t":"David"},"uri":{"$t":"http:\/\/www.blogger.com\/profile\/10169777669998745001"},"email":{"$t":"noreply@blogger.com"},"gd$image":{"rel":"http://schemas.google.com/g/2005#thumbnail","width":"16","height":"16","src":"https:\/\/img1.blogblog.com\/img\/b16-rounded.gif"}}]},{"id":{"$t":"tag:blogger.com,1999:blog-3911105790299130851.post-5232123349923048844"},"published":{"$t":"2015-01-20T21:50:00.000-06:00"},"updated":{"$t":"2017-01-17T19:06:31.959-06:00"},"category":[{"scheme":"http://www.blogger.com/atom/ns#","term":"Bugs and Vulnerabilities"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Digital Forensics"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Mobile Device Security"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Practical Security"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Privacy"}],"title":{"type":"text","$t":"(CVE-2015-1314) USAA mobile app gives away your account numbers and balances"},"content":{"type":"html","$t":"\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\u003Ca href=\"https:\/\/1.bp.blogspot.com\/-lCSF6HFSlPI\/VL8g8zAkKKI\/AAAAAAAAGEk\/AMf_wKJOdTQ\/s1600\/USAA-banking3.jpg\" imageanchor=\"1\" style=\"clear: left; float: left; margin-bottom: 1em; margin-right: 1em;\"\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Cimg alt=\"If you use the USAA Mobile Banking app for Android, take a moment to ensure it automatically updated to version 7.10.1, released January 19.\" border=\"0\" src=\"https:\/\/1.bp.blogspot.com\/-lCSF6HFSlPI\/VL8g8zAkKKI\/AAAAAAAAGEk\/AMf_wKJOdTQ\/s1600\/USAA-banking3.jpg\" title=\"If you use the USAA Mobile Banking app for Android, take a moment to ensure it automatically updated to version 7.10.1, released January 19.\"\u003E\u003C\/span\u003E\u003C\/a\u003E\u003C\/div\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003EIf you use the USAA Mobile Banking app for Android, take a moment to ensure it automatically updated to version 7.10.1, released January 19.\u003C\/span\u003E\u003Cbr\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Cbr\u003EUSAA typically shines when it comes to security. A considerable proportion of their membership are active duty military and their families - a clientele that certain malicious actors might find great value in distracting from their sworn duties. Financial fraud can be a very effective distraction, and USAA is well aware of this. Generally they do a great job in both providing members with advanced security features as well as education.\u003C\/span\u003E\u003Cbr\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Cbr\u003EEven the best make mistakes though. In using the app recently, I noticed something unusual: at times I would launch the app and briefly see private information \u003Ci\u003Ebefore\u003C\/i\u003E I was prompted to log in.\u003C\/span\u003E\u003Cbr\u003E\u003Ca href=\"http:\/\/www.securityforrealpeople.com\/2015\/01\/usaa-mobile-app-gives-away-your-account.html#more\"\u003ERead more »\u003C\/a\u003E"},"link":[{"rel":"edit","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/5232123349923048844"},{"rel":"self","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/5232123349923048844"},{"rel":"alternate","type":"text/html","href":"http:\/\/www.securityforrealpeople.com\/2015\/01\/usaa-mobile-app-gives-away-your-account.html","title":"(CVE-2015-1314) USAA mobile app gives away your account numbers and balances"}],"author":[{"name":{"$t":"David"},"uri":{"$t":"http:\/\/www.blogger.com\/profile\/10169777669998745001"},"email":{"$t":"noreply@blogger.com"},"gd$image":{"rel":"http://schemas.google.com/g/2005#thumbnail","width":"16","height":"16","src":"https:\/\/img1.blogblog.com\/img\/b16-rounded.gif"}}],"media$thumbnail":{"xmlns$media":"http://search.yahoo.com/mrss/","url":"https:\/\/1.bp.blogspot.com\/-lCSF6HFSlPI\/VL8g8zAkKKI\/AAAAAAAAGEk\/AMf_wKJOdTQ\/s72-c\/USAA-banking3.jpg","height":"72","width":"72"}},{"id":{"$t":"tag:blogger.com,1999:blog-3911105790299130851.post-52045826567599884"},"published":{"$t":"2015-01-12T08:53:00.000-06:00"},"updated":{"$t":"2015-08-25T17:27:03.173-05:00"},"category":[{"scheme":"http://www.blogger.com/atom/ns#","term":"Digital Forensics"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Hacking"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Practical Security"}],"title":{"type":"text","$t":"A new year, a new job..."},"content":{"type":"html","$t":"\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003EToday I start a new chapter, one that I am very excited about.\u003C\/span\u003E\u003Cbr\u003E\u003Ca href=\"http:\/\/www.securityforrealpeople.com\/2015\/01\/a-new-year-new-job.html#more\"\u003ERead more »\u003C\/a\u003E"},"link":[{"rel":"edit","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/52045826567599884"},{"rel":"self","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/52045826567599884"},{"rel":"alternate","type":"text/html","href":"http:\/\/www.securityforrealpeople.com\/2015\/01\/a-new-year-new-job.html","title":"A new year, a new job..."}],"author":[{"name":{"$t":"David"},"uri":{"$t":"http:\/\/www.blogger.com\/profile\/10169777669998745001"},"email":{"$t":"noreply@blogger.com"},"gd$image":{"rel":"http://schemas.google.com/g/2005#thumbnail","width":"16","height":"16","src":"https:\/\/img1.blogblog.com\/img\/b16-rounded.gif"}}]},{"id":{"$t":"tag:blogger.com,1999:blog-3911105790299130851.post-1472141309549843226"},"published":{"$t":"2015-01-08T22:22:00.002-06:00"},"updated":{"$t":"2016-01-05T22:30:13.871-06:00"},"category":[{"scheme":"http://www.blogger.com/atom/ns#","term":"Asus"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Bugs and Vulnerabilities"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Digital Forensics"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Home Network Security"}],"title":{"type":"text","$t":"ASUS bug lets those on your local network own your wireless router"},"content":{"type":"html","$t":"\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003EA few months ago, researcher Joshua Drake (better known as jduck) \u003Ca href=\"https:\/\/github.com\/jduck\/asus-cmd\"\u003Efound a flaw\u003C\/a\u003E in his ASUS RT-N66U. The flaw is documented as CVE-2014-9583. This week, proof of concept code (i.e. working example code) to exploit this flaw was published.\u003C\/span\u003E\u003Cbr\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Cbr\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003EBy sending a specially-crafted packet to udp port 9999, he was able to execute any commands (well, almost any ... the exploit is limited to 237 characters or it will overrun a buffer, likely crashing the router). This does not require being logged into the router - no need for an attacker to learn the administrator password\u003C\/span\u003E\u003Cspan style=\"background-color: white; color: #292f33; font-family: Arial, sans-serif; font-size: 16px; line-height: 22px; white-space: pre-wrap;\"\u003E.\u003C\/span\u003E\u003Cbr\u003E\u003Cbr\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003EJoshua found this on the RT-N66U, with firmware 3.0.0.376.2524-g0013f52 (current as of October); \u003Ci\u003EI\u0026#39;ve confirmed it also on the newest model RT-AC87U, running the latest 3.0.0.4.378_3754 firmware (released December 31).\u003C\/i\u003E\u003C\/span\u003E\u003Cbr\u003E\u003Ca href=\"http:\/\/www.securityforrealpeople.com\/2015\/01\/asus-bug-lets-those-on-your-local.html#more\"\u003ERead more »\u003C\/a\u003E"},"link":[{"rel":"edit","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/1472141309549843226"},{"rel":"self","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/1472141309549843226"},{"rel":"alternate","type":"text/html","href":"http:\/\/www.securityforrealpeople.com\/2015\/01\/asus-bug-lets-those-on-your-local.html","title":"ASUS bug lets those on your local network own your wireless router"}],"author":[{"name":{"$t":"David"},"uri":{"$t":"http:\/\/www.blogger.com\/profile\/10169777669998745001"},"email":{"$t":"noreply@blogger.com"},"gd$image":{"rel":"http://schemas.google.com/g/2005#thumbnail","width":"16","height":"16","src":"https:\/\/img1.blogblog.com\/img\/b16-rounded.gif"}}]},{"id":{"$t":"tag:blogger.com,1999:blog-3911105790299130851.post-728901545363154241"},"published":{"$t":"2015-01-02T13:36:00.000-06:00"},"updated":{"$t":"2017-01-15T15:54:55.579-06:00"},"category":[{"scheme":"http://www.blogger.com/atom/ns#","term":"Digital Forensics"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Faith Family \u0026 Fun"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Home Network Security"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Malware"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Practical Security"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Weekend Projects"}],"title":{"type":"text","$t":"Detecting malware through DNS queries: a Kali Pi \/ Snort project"},"content":{"type":"html","$t":"\u003Cdiv class=\"separator\" style=\"clear: left; float: left; margin-bottom: 1em; margin-right: 1em; text-align: center;\"\u003E\u003Cimg alt=\"With Kali and Snort running on a Raspberry Pi, and using OpenDNS for name resolution, we can set up simple malware detection alerts.\" border=\"0\" height=\"136\" src=\"https:\/\/4.bp.blogspot.com\/-6Q1xt4wikX8\/VJNUzhXUezI\/AAAAAAAAFxs\/4jucpE6-xec\/s1600\/pi_top_sm.jpg\" title=\"With Kali and Snort running on a Raspberry Pi, and using OpenDNS for name resolution, we can set up simple malware detection alerts.\" width=\"200\"\u003E\u003C\/div\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003EEarlier this year I wrote about building a minuscule hacking computer by installing \u003C\/span\u003E\u003Ca href=\"https:\/\/www.securityforrealpeople.com\/2014\/09\/installing-kali-linux-and-snort-on.html\" style=\"font-family: \u0026#39;Helvetica Neue\u0026#39;, Arial, Helvetica, sans-serif;\"\u003EKali and Snort onto a Raspberry Pi\u003C\/a\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E. I also wrote about building a \u003C\/span\u003E\u003Ca href=\"https:\/\/www.securityforrealpeople.com\/2014\/09\/how-to-build-10-network-tap.html\" style=\"font-family: \u0026#39;Helvetica Neue\u0026#39;, Arial, Helvetica, sans-serif;\"\u003Ehomemade passive network tap\u003C\/a\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E out of $10 in spare parts. Having a piece of equipment to capture network traffic is nice, but what good does it do? Today I am going to take you on a winding path through a variety of topics, putting these projects to good practical use. My ultimate goal is to detect possibly-infected computers on a network.\u003C\/span\u003E\u003Cbr\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cbr\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003Etl;dr: download local.rules from \u003Ca href=\"https:\/\/github.com\/dnlongen\/Snort-DNS\" target=\"_blank\"\u003Ehttps:\/\/github.com\/dnlongen\/Snort-DNS\u003C\/a\u003E and add to your Snort installation; this will trigger an alert on DNS responses from OpenDNS that indicate likely malware, phishing, or adult content.\u003C\/span\u003E\u003Cbr\u003E\u003Ca href=\"http:\/\/www.securityforrealpeople.com\/2015\/01\/detecting-malware-through-dns-queries.html#more\"\u003ERead more »\u003C\/a\u003E"},"link":[{"rel":"edit","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/728901545363154241"},{"rel":"self","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/728901545363154241"},{"rel":"alternate","type":"text/html","href":"http:\/\/www.securityforrealpeople.com\/2015\/01\/detecting-malware-through-dns-queries.html","title":"Detecting malware through DNS queries: a Kali Pi \/ Snort project"}],"author":[{"name":{"$t":"David"},"uri":{"$t":"http:\/\/www.blogger.com\/profile\/10169777669998745001"},"email":{"$t":"noreply@blogger.com"},"gd$image":{"rel":"http://schemas.google.com/g/2005#thumbnail","width":"16","height":"16","src":"https:\/\/img1.blogblog.com\/img\/b16-rounded.gif"}}],"media$thumbnail":{"xmlns$media":"http://search.yahoo.com/mrss/","url":"https:\/\/4.bp.blogspot.com\/-6Q1xt4wikX8\/VJNUzhXUezI\/AAAAAAAAFxs\/4jucpE6-xec\/s72-c\/pi_top_sm.jpg","height":"72","width":"72"}},{"id":{"$t":"tag:blogger.com,1999:blog-3911105790299130851.post-6512814411683683500"},"published":{"$t":"2014-12-23T09:27:00.000-06:00"},"updated":{"$t":"2016-09-08T19:27:35.036-05:00"},"category":[{"scheme":"http://www.blogger.com/atom/ns#","term":"Asus"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Digital Forensics"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Faith Family \u0026 Fun"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Weekend Projects"}],"title":{"type":"text","$t":"Customizing Samba on an ASUSWRT wireless router"},"content":{"type":"html","$t":"\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003EOut of the box, the Asus RT-AC87 router has some handy, but limited, file and media sharing capabilities. Connect a USB hard drive to one of its USB ports, and the router can share data from that drive with anyone on your network - or optionally, with the outside world. The firmware implements Samba (a Linux-based program for sharing files similar to Windows file shares), but through the web interface you have only two options: allow everyone complete and anonymous access, or require a username and password for every connection. Samba can be configured far more granularly, but you cannot get there from the RT-AC87 web interface.\u003C\/span\u003E\u003Cbr\u003E\u003Ca href=\"http:\/\/www.securityforrealpeople.com\/2014\/12\/customizing-samba-on-asuswrt-wireless.html#more\"\u003ERead more »\u003C\/a\u003E"},"link":[{"rel":"edit","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/6512814411683683500"},{"rel":"self","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/6512814411683683500"},{"rel":"alternate","type":"text/html","href":"http:\/\/www.securityforrealpeople.com\/2014\/12\/customizing-samba-on-asuswrt-wireless.html","title":"Customizing Samba on an ASUSWRT wireless router"}],"author":[{"name":{"$t":"David"},"uri":{"$t":"http:\/\/www.blogger.com\/profile\/10169777669998745001"},"email":{"$t":"noreply@blogger.com"},"gd$image":{"rel":"http://schemas.google.com/g/2005#thumbnail","width":"16","height":"16","src":"https:\/\/img1.blogblog.com\/img\/b16-rounded.gif"}}],"media$thumbnail":{"xmlns$media":"http://search.yahoo.com/mrss/","url":"https:\/\/4.bp.blogspot.com\/-CahVfb_MZ2U\/VJSP-KO_jlI\/AAAAAAAAFyY\/7wnmKloyF2c\/s72-c\/asus_samba1.jpg","height":"72","width":"72"}},{"id":{"$t":"tag:blogger.com,1999:blog-3911105790299130851.post-3087866515124010266"},"published":{"$t":"2014-12-19T16:05:00.000-06:00"},"updated":{"$t":"2017-01-17T22:05:59.629-06:00"},"category":[{"scheme":"http://www.blogger.com/atom/ns#","term":"Bugs and Vulnerabilities"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Digital Forensics"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Practical Security"}],"title":{"type":"text","$t":"Time to patch again. This time it's ntpd"},"content":{"type":"html","$t":"\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\u003Ca href=\"https:\/\/4.bp.blogspot.com\/-KFGDxXnODGI\/VJSaj3x_AZI\/AAAAAAAAFyw\/bSDuVvkOLdI\/s1600\/ntp_clock.jpg\" imageanchor=\"1\" style=\"clear: left; float: left; margin-bottom: 1em; margin-right: 1em;\"\u003E\u003Cimg alt=\"Ntpd, the network time protocol service, has a flaw that can be used to compromise a server or network router\" border=\"0\" src=\"https:\/\/4.bp.blogspot.com\/-KFGDxXnODGI\/VJSaj3x_AZI\/AAAAAAAAFyw\/bSDuVvkOLdI\/s1600\/ntp_clock.jpg\" title=\"Ntpd, the network time protocol service, has a flaw that can be used to compromise a server or network router\"\u003E\u003C\/a\u003E\u003C\/div\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003EIt\u0026#39;s late on a Friday, coming up on a holiday week. In other words, the perfect time to drop a major bug announcement, right? Someone seemed to think so. Alas this will mean much churn over the next few days for a great many IT shops.\u003C\/span\u003E\u003Cbr\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Cbr\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003EThe theme this year has been big vulnerabilities in common services or shared libraries - places where one bug might affect lots and lots of programs and devices. First it was a \u003Ca href=\"https:\/\/securityforrealpeople.com\/2014\/04\/openssl-heartbleed-what-does-broken.html\"\u003Eflaw in OpenSSL\u003C\/a\u003E, the library that enables secure communication with websites around the world. Next came a \u003Ca href=\"https:\/\/securityforrealpeople.com\/2014\/09\/a-shell-of-bash-shellshock-in-lay-terms.html\"\u003Eflaw in Bash shell\u003C\/a\u003E, a widely used Unix shell much like the Windows command line. Now it\u0026#39;s ntpd, the Network Time Protocol service.\u003C\/span\u003E\u003Cbr\u003E\u003Ca href=\"http:\/\/www.securityforrealpeople.com\/2014\/12\/time-to-patch-again-this-time-its-ntpd.html#more\"\u003ERead more »\u003C\/a\u003E"},"link":[{"rel":"edit","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/3087866515124010266"},{"rel":"self","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/3087866515124010266"},{"rel":"alternate","type":"text/html","href":"http:\/\/www.securityforrealpeople.com\/2014\/12\/time-to-patch-again-this-time-its-ntpd.html","title":"Time to patch again. This time it's ntpd"}],"author":[{"name":{"$t":"David"},"uri":{"$t":"http:\/\/www.blogger.com\/profile\/10169777669998745001"},"email":{"$t":"noreply@blogger.com"},"gd$image":{"rel":"http://schemas.google.com/g/2005#thumbnail","width":"16","height":"16","src":"https:\/\/img1.blogblog.com\/img\/b16-rounded.gif"}}],"media$thumbnail":{"xmlns$media":"http://search.yahoo.com/mrss/","url":"https:\/\/4.bp.blogspot.com\/-KFGDxXnODGI\/VJSaj3x_AZI\/AAAAAAAAFyw\/bSDuVvkOLdI\/s72-c\/ntp_clock.jpg","height":"72","width":"72"}},{"id":{"$t":"tag:blogger.com,1999:blog-3911105790299130851.post-6132328139928643581"},"published":{"$t":"2014-12-18T07:46:00.000-06:00"},"updated":{"$t":"2017-01-17T19:12:59.806-06:00"},"category":[{"scheme":"http://www.blogger.com/atom/ns#","term":"Asus"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Awana and Kidmin"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Bank and Credit Card Security"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Digital Forensics"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Faith Family \u0026 Fun"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Home Network Security"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Identity Theft"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Malware"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Parenting"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Password Management"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Phishing"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Practical Security"}],"title":{"type":"text","$t":"A look back: 4 years, 100 posts"},"content":{"type":"html","$t":"\u003Cdiv\u003E\u003Cspan style=\"clear: left; float: left; font-family: Helvetica Neue, Arial, Helvetica, sans-serif; margin-bottom: 1em; margin-right: 1em;\"\u003E\u003Cimg alt=\"\" border=\"0\" height=\"200\" src=\"https:\/\/3.bp.blogspot.com\/-VlwrqBMn2F0\/VJH38Klts2I\/AAAAAAAAFtc\/5doHVgiLRAo\/s1600\/100posts.jpg\" title=\"A look back at 4 years and 100 stories on (mostly) security topics\" width=\"139\"\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003EOver the last 4 years, this blog has covered a lot of ground. We\u0026#39;ve looked at safe surfing practices when using the Internet in a public location. We\u0026#39;ve looked at how to set up a home network to be reasonably secure. We\u0026#39;ve talked about password practices, and the value of two-factor authentication to secure more valuable accounts. We\u0026#39;ve discussed a rash of credit card thefts at major retailers. We\u0026#39;ve seen several severe flaws in services used widely on the Internet. This blog has even published several vulnerabilities and website flaws discovered by yours truly.\u003C\/span\u003E\u003C\/div\u003E\u003Cdiv\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Cbr\u003EMy goal in writing is two-fold: I write technical content in the hopes that other professionals will find value, but I also endeavor to educate those that have not made a career out of information security. To that end, if there is a topic you would like to know more about, or a topic I have not explained as clearly as you would like, I invite you to comment on this or any post, or send me a message at david (at) securityforrealpeople (dot) com.\u003C\/span\u003E\u003Cbr\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Cbr\u003EWithout further ado, a highly biased revue of top topics:\u003C\/span\u003E\u003Cbr\u003E\u003C\/div\u003E\u003Ca href=\"http:\/\/www.securityforrealpeople.com\/2014\/12\/a-look-back-4-years-100-posts.html#more\"\u003ERead more »\u003C\/a\u003E"},"link":[{"rel":"edit","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/6132328139928643581"},{"rel":"self","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/6132328139928643581"},{"rel":"alternate","type":"text/html","href":"http:\/\/www.securityforrealpeople.com\/2014\/12\/a-look-back-4-years-100-posts.html","title":"A look back: 4 years, 100 posts"}],"author":[{"name":{"$t":"David"},"uri":{"$t":"http:\/\/www.blogger.com\/profile\/10169777669998745001"},"email":{"$t":"noreply@blogger.com"},"gd$image":{"rel":"http://schemas.google.com/g/2005#thumbnail","width":"16","height":"16","src":"https:\/\/img1.blogblog.com\/img\/b16-rounded.gif"}}],"media$thumbnail":{"xmlns$media":"http://search.yahoo.com/mrss/","url":"https:\/\/3.bp.blogspot.com\/-VlwrqBMn2F0\/VJH38Klts2I\/AAAAAAAAFtc\/5doHVgiLRAo\/s72-c\/100posts.jpg","height":"72","width":"72"}},{"id":{"$t":"tag:blogger.com,1999:blog-3911105790299130851.post-1616554169806493739"},"published":{"$t":"2014-12-08T06:00:00.000-06:00"},"updated":{"$t":"2017-01-17T19:15:07.518-06:00"},"category":[{"scheme":"http://www.blogger.com/atom/ns#","term":"Digital Forensics"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Encryption"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Faith Family \u0026 Fun"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Parenting"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Weekend Projects"}],"title":{"type":"text","$t":"Solving a crypto puzzle with Python"},"content":{"type":"html","$t":"\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\u003Ca href=\"https:\/\/2.bp.blogspot.com\/-SNzmTrSTZpc\/VIO0rXfjteI\/AAAAAAAAFrA\/YRgERnd8u4A\/s1600\/python-logo.png\" imageanchor=\"1\" style=\"clear: left; float: left; margin-bottom: 1em; margin-right: 1em;\"\u003E\u003Cimg alt=\"A beginners guide to Python programming, to solve a Caesar cipher.\" border=\"0\" src=\"https:\/\/2.bp.blogspot.com\/-SNzmTrSTZpc\/VIO0rXfjteI\/AAAAAAAAFrA\/YRgERnd8u4A\/s1600\/python-logo.png\" title=\"A beginners guide to Python programming, to solve a Caesar cipher.\"\u003E\u003C\/a\u003E\u003C\/div\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003EThis December, computer security firm Sophos has been running a \u0026quot;\u003Ca href=\"https:\/\/nakedsecurity.sophos.com\/2014\/12\/01\/12-days-of-naked-security-win-prizes-in-our-december-quiz\/\"\u003E12 Days of Christmas\u003C\/a\u003E\u0026quot; contest, with cyber-related quizzes each day. So far the quizzes have ranged from hoaxes to malware authors to abandoned operating systems. Each of the questions have touched on topics relevant to hackers (using the traditional, inquisitive sense of the word ... hacking is not in and of itself evil!), and each have required skills useful to a cyber security pro - often, simply paying attention to detail and noticing clues.\u003C\/span\u003E\u003Cbr\u003E\u003Ca href=\"http:\/\/www.securityforrealpeople.com\/2014\/12\/a-little-python-in-morning.html#more\"\u003ERead more »\u003C\/a\u003E"},"link":[{"rel":"edit","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/1616554169806493739"},{"rel":"self","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/1616554169806493739"},{"rel":"alternate","type":"text/html","href":"http:\/\/www.securityforrealpeople.com\/2014\/12\/a-little-python-in-morning.html","title":"Solving a crypto puzzle with Python"}],"author":[{"name":{"$t":"David"},"uri":{"$t":"http:\/\/www.blogger.com\/profile\/10169777669998745001"},"email":{"$t":"noreply@blogger.com"},"gd$image":{"rel":"http://schemas.google.com/g/2005#thumbnail","width":"16","height":"16","src":"https:\/\/img1.blogblog.com\/img\/b16-rounded.gif"}}],"media$thumbnail":{"xmlns$media":"http://search.yahoo.com/mrss/","url":"https:\/\/2.bp.blogspot.com\/-SNzmTrSTZpc\/VIO0rXfjteI\/AAAAAAAAFrA\/YRgERnd8u4A\/s72-c\/python-logo.png","height":"72","width":"72"}},{"id":{"$t":"tag:blogger.com,1999:blog-3911105790299130851.post-5451879207332575224"},"published":{"$t":"2014-11-26T00:00:00.000-06:00"},"updated":{"$t":"2017-01-21T10:31:41.966-06:00"},"category":[{"scheme":"http://www.blogger.com/atom/ns#","term":"Bank and Credit Card Security"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Digital Forensics"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Financial Fraud"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Practical Security"}],"title":{"type":"text","$t":"Cheap Rolex Knockoffs from the Russians in Korea"},"content":{"type":"html","$t":"\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\u003Ca href=\"https:\/\/1.bp.blogspot.com\/-Rlx2ym9OAq0\/VHVhJkEq59I\/AAAAAAAAFhw\/8noc0OlMd68\/s1600\/rolex_leader.png\" imageanchor=\"1\" style=\"clear: left; float: left; margin-bottom: 1em; margin-right: 1em;\"\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cimg alt=\"\" border=\"0\" height=\"186\" src=\"https:\/\/1.bp.blogspot.com\/-Rlx2ym9OAq0\/VHVhJkEq59I\/AAAAAAAAFhw\/8noc0OlMd68\/s1600\/rolex_leader.png\" title=\"With Black Friday and Cyber Monday right around the corner, now is a good time for a few common-sense reminders.\" width=\"200\"\u003E\u003C\/span\u003E\u003C\/a\u003E\u003C\/div\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Ci\u003EJust in case it is not clear, the below is an \u003Cu\u003Eexplanation of a scam\u003C\/u\u003E selling unauthorized replicas of high-end goods, not an offer to sell the same.\u003C\/i\u003E\u003C\/span\u003E\u003Cbr\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cbr\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003EJust in time for Black Friday and Cyber Monday, I received a spam offering \u0026quot;Limited time ROLEX replicas and Louis Vuitton handbags\u0026quot; at unbeatable prices. These aren\u0026#39;t run of the mill knock-offs, no. These are \u0026quot;High Quality Luxury Replicas That Are An EXACT Replica. Even a Jewler [sic] Can\u0026#39;t Tell Our Replicas apart from the real thing.\u0026quot; Wow, right? Who wouldn\u0026#39;t want high class fake luxury to go along with the annual post-Thanksgiving ritual of waiting in line for hours to save a few bucks on a TV? And surely an email from Sbgrmogq@wgyxfez (dot) com suggests a legitimate retailer, right?\u003C\/span\u003E\u003Cbr\u003E\u003Ca href=\"http:\/\/www.securityforrealpeople.com\/2014\/11\/cheap-rolex-knockoffs-from-russians-in.html#more\"\u003ERead more »\u003C\/a\u003E"},"link":[{"rel":"edit","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/5451879207332575224"},{"rel":"self","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/5451879207332575224"},{"rel":"alternate","type":"text/html","href":"http:\/\/www.securityforrealpeople.com\/2014\/11\/cheap-rolex-knockoffs-from-russians-in.html","title":"Cheap Rolex Knockoffs from the Russians in Korea"}],"author":[{"name":{"$t":"David"},"uri":{"$t":"http:\/\/www.blogger.com\/profile\/10169777669998745001"},"email":{"$t":"noreply@blogger.com"},"gd$image":{"rel":"http://schemas.google.com/g/2005#thumbnail","width":"16","height":"16","src":"https:\/\/img1.blogblog.com\/img\/b16-rounded.gif"}}],"media$thumbnail":{"xmlns$media":"http://search.yahoo.com/mrss/","url":"https:\/\/1.bp.blogspot.com\/-Rlx2ym9OAq0\/VHVhJkEq59I\/AAAAAAAAFhw\/8noc0OlMd68\/s72-c\/rolex_leader.png","height":"72","width":"72"}},{"id":{"$t":"tag:blogger.com,1999:blog-3911105790299130851.post-1010621430185809359"},"published":{"$t":"2014-11-04T22:26:00.000-06:00"},"updated":{"$t":"2017-01-21T14:41:10.378-06:00"},"category":[{"scheme":"http://www.blogger.com/atom/ns#","term":"Digital Forensics"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Practical Security"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Privacy"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Social Networks"}],"title":{"type":"text","$t":"Facebook now has a Tor site: oxymoron or not?"},"content":{"type":"html","$t":"\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\u003Ca href=\"https:\/\/3.bp.blogspot.com\/-uGsbmcg9DzU\/VFmliP30r-I\/AAAAAAAAFUM\/UIyQmeKtwpw\/s1600\/onion.png\" imageanchor=\"1\" style=\"clear: left; float: left; margin-bottom: 1em; margin-right: 1em;\"\u003E\u003Cimg alt=\"An onion\" border=\"0\" height=\"186\" src=\"https:\/\/3.bp.blogspot.com\/-uGsbmcg9DzU\/VFmliP30r-I\/AAAAAAAAFUM\/UIyQmeKtwpw\/s1600\/onion.png\" title=\"Facebook is well-known for using information about its users in sometimes-awkward ways. Privacy and Facebook (or for that matter, privacy and any social media network) are not usually associated with one another. So why was Facebook in the news recently for providing a Tor-enabled means to connect to the social media giant? Why would users go to the trouble of hiding their tracks through onion routing, only to connect with a service whose express purpose is to share personal information with others?\" width=\"200\"\u003E\u003C\/a\u003E\u003C\/div\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003EFacebook is well-known for using information about its users in \u003Ca href=\"https:\/\/securityforrealpeople.com\/2014\/07\/for-one-week-in-early-2012-facebook-ran.html\" target=\"_blank\"\u003Esometimes-awkward\u003C\/a\u003E ways. Privacy and Facebook (or for that matter, privacy and any social media network) are not usually associated with one another. So why was Facebook in the news recently for \u003Ca href=\"https:\/\/www.facebook.com\/notes\/protect-the-graph\/making-connections-to-facebook-more-secure\/1526085754298237\" target=\"_blank\"\u003Eproviding a Tor-enabled\u003C\/a\u003E means to connect to the social media giant? Why would users go to the trouble of hiding their tracks through onion routing, only to connect with a service whose express purpose is to share personal information with others?\u003C\/span\u003E\u003Cbr\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Cbr\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003EBefore answering that question, let’s talk a little bit \u003Ca href=\"https:\/\/www.torproject.org\/about\/overview.html.en\" target=\"_blank\"\u003Eabout Tor\u003C\/a\u003E.\u003C\/span\u003E\u003Cbr\u003E\u003Ca href=\"http:\/\/www.securityforrealpeople.com\/2014\/11\/anonymous-facebook-oxymoron-or-not.html#more\"\u003ERead more »\u003C\/a\u003E"},"link":[{"rel":"edit","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/1010621430185809359"},{"rel":"self","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/1010621430185809359"},{"rel":"alternate","type":"text/html","href":"http:\/\/www.securityforrealpeople.com\/2014\/11\/anonymous-facebook-oxymoron-or-not.html","title":"Facebook now has a Tor site: oxymoron or not?"}],"author":[{"name":{"$t":"David"},"uri":{"$t":"http:\/\/www.blogger.com\/profile\/10169777669998745001"},"email":{"$t":"noreply@blogger.com"},"gd$image":{"rel":"http://schemas.google.com/g/2005#thumbnail","width":"16","height":"16","src":"https:\/\/img1.blogblog.com\/img\/b16-rounded.gif"}}],"media$thumbnail":{"xmlns$media":"http://search.yahoo.com/mrss/","url":"https:\/\/3.bp.blogspot.com\/-uGsbmcg9DzU\/VFmliP30r-I\/AAAAAAAAFUM\/UIyQmeKtwpw\/s72-c\/onion.png","height":"72","width":"72"}},{"id":{"$t":"tag:blogger.com,1999:blog-3911105790299130851.post-5767648973724468385"},"published":{"$t":"2014-10-28T06:00:00.000-05:00"},"updated":{"$t":"2017-01-15T17:44:41.663-06:00"},"category":[{"scheme":"http://www.blogger.com/atom/ns#","term":"Asus"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Bugs and Vulnerabilities"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Digital Forensics"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Home Network Security"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Internet of Things"}],"title":{"type":"text","$t":"(CVE-2014-2718) ASUS wireless router updates vulnerable to a Man in the Middle attack"},"content":{"type":"html","$t":"\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\u003Ca href=\"https:\/\/4.bp.blogspot.com\/-3Y9QE4MkRgU\/VE-N8orNrFI\/AAAAAAAAFM4\/f5SIPoaFRJQ\/s1600\/RT-AC68.jpg\" imageanchor=\"1\" style=\"clear: left; float: left; margin-bottom: 1em; margin-right: 1em;\"\u003E\u003Cimg alt=\"\" border=\"0\" height=\"200\" src=\"https:\/\/4.bp.blogspot.com\/-3Y9QE4MkRgU\/VE-N8orNrFI\/AAAAAAAAFM4\/f5SIPoaFRJQ\/s1600\/RT-AC68.jpg\" title=\"The ASUS RT- series of routers rely on an easily manipulated process to determine if an update is needed, and to retrieve the necessary update file. An attacker can exploit this to provide a fraudulent firmware update. ASUS included an undocumented fix in firmware 3.0.0.4.376.1123 to resolve this.\" width=\"192\"\u003E\u003C\/a\u003E\u003C\/div\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003EOver the past few months I have come across a couple of significant issues with ASUS wireless routers (which to their credit the company has been quick to resolve).\u003C\/span\u003E\u003Cbr\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Cbr\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003EIn mid February, I wrote that a substantial portion of ASUS wireless routers would \u003Ca href=\"https:\/\/www.securityforrealpeople.com\/2014\/02\/breaking-down-asus-router-bug.html\"\u003Efail to update their firmware\u003C\/a\u003E. In fact, the \u0026quot;check for update\u0026quot; function would inform the administrator that the router was fully up-to-date, even though it was not. The timing could not have been worse, coming right on the heels of an exploit for a bug in which USB hard drives connected to the router could be accessed from the public Internet, with no login required.\u003C\/span\u003E\u003Cbr\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Cbr\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003EIn April I wrote that the same line of routers \u003Ca href=\"https:\/\/www.securityforrealpeople.com\/2014\/04\/CVE-2014-2719-Asus-RT-Password-Disclosure.html\"\u003Eexposed the administrator username and password\u003C\/a\u003E in clear text. Anyone that could access a PC that had logged into the router could retrieve the admin credentials. Since the admin session would never time out, this could be exploited even without the administrator having a window open on the router.\u003C\/span\u003E\u003Cbr\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Cbr\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003EToday I am disclosing one additional vulnerability, submitted as \u003C\/span\u003E\u003Ca href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2014-2718\" style=\"font-family: \u0026#39;Helvetica Neue\u0026#39;, Arial, Helvetica, sans-serif;\" target=\"_blank\"\u003ECVE-2014-2718\u003C\/a\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E. The ASUS RT- series of routers \u003C\/span\u003E\u003Cspan style=\"font-family: \u0026#39;Helvetica Neue\u0026#39;, Arial, Helvetica, sans-serif;\"\u003Erely on an easily manipulated process to determine if an update is needed, and to retrieve the necessary update file. In short, the router downloads via clear-text a file from http:\/\/dlcdnet.asus.com, parses it to determine the latest firmware version, then downloads (again in the clear) a binary file matching that version number from the same web site.\u003C\/span\u003E\u003Cbr\u003E\u003Ca href=\"http:\/\/www.securityforrealpeople.com\/2014\/10\/CVE-2014-2718-Asus-RT-MITM.html#more\"\u003ERead more »\u003C\/a\u003E"},"link":[{"rel":"edit","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/5767648973724468385"},{"rel":"self","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/5767648973724468385"},{"rel":"alternate","type":"text/html","href":"http:\/\/www.securityforrealpeople.com\/2014\/10\/CVE-2014-2718-Asus-RT-MITM.html","title":"(CVE-2014-2718) ASUS wireless router updates vulnerable to a Man in the Middle attack"}],"author":[{"name":{"$t":"David"},"uri":{"$t":"http:\/\/www.blogger.com\/profile\/10169777669998745001"},"email":{"$t":"noreply@blogger.com"},"gd$image":{"rel":"http://schemas.google.com/g/2005#thumbnail","width":"16","height":"16","src":"https:\/\/img1.blogblog.com\/img\/b16-rounded.gif"}}],"media$thumbnail":{"xmlns$media":"http://search.yahoo.com/mrss/","url":"https:\/\/4.bp.blogspot.com\/-3Y9QE4MkRgU\/VE-N8orNrFI\/AAAAAAAAFM4\/f5SIPoaFRJQ\/s72-c\/RT-AC68.jpg","height":"72","width":"72"}},{"id":{"$t":"tag:blogger.com,1999:blog-3911105790299130851.post-3032251180905151235"},"published":{"$t":"2014-10-24T20:13:00.000-05:00"},"updated":{"$t":"2017-01-22T19:21:05.292-06:00"},"category":[{"scheme":"http://www.blogger.com/atom/ns#","term":"Bugs and Vulnerabilities"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Digital Forensics"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Malware"}],"title":{"type":"text","$t":"Would you know if your email server were attacked?"},"content":{"type":"html","$t":"\u003Cspan style=\"font-family: \u0026#39;Helvetica Neue\u0026#39;, Arial, Helvetica, sans-serif;\"\u003E\u003Ci\u003E\u003Cspan style=\"font-size: x-small;\"\u003EThis is a continuation of a series investigating a piece of malware.\u003C\/span\u003E\u003C\/i\u003E\u003C\/span\u003E\u003Cbr\u003E\u003Cul\u003E\u003Cli\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif; font-size: x-small;\"\u003E\u003Ci\u003E\u003Ca href=\"https:\/\/securityforrealpeople.com\/2014\/10\/from-click-to-pwned.html\" target=\"_blank\"\u003EPart 1\u003C\/a\u003E looks at how the malware is delivered. It and part 2 were originally a single post, later separated since they look at distinct phases in the attack.\u003C\/i\u003E\u003C\/span\u003E\u003C\/li\u003E\u003Cli\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif; font-size: x-small;\"\u003E\u003Ci\u003E\u003Ca href=\"https:\/\/securityforrealpeople.com\/2014\/10\/an-introduction-to-malware-forensics.html\" target=\"_blank\"\u003EPart 2\u003C\/a\u003E analyzes the bot - the agent which turns your computer into a remotely-controlled robot doing the attacker\u0026#39;s bidding.\u003C\/i\u003E\u003C\/span\u003E\u003C\/li\u003E\u003Cli\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif; font-size: x-small;\"\u003E\u003Ci\u003E\u003Ca href=\"https:\/\/securityforrealpeople.com\/2014\/10\/where-does-all-spam-come-from.html\" target=\"_blank\"\u003EPart 3\u003C\/a\u003E dives into the first payload: code to test 30,000 addresses at 5,000 domains, to see if they could be used to send additional spam.\u003C\/i\u003E\u003C\/span\u003E\u003C\/li\u003E\u003C\/ul\u003E\u003Cdiv\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003EI had thought part 3 was the end of the story, but there is now more to tell. Last week I received a relatively typical spam message containing a link to view an \u0026quot;invoice\u0026quot; for something I had supposedly purchased. The link instead downloaded a botnet agent - software that would turn my PC into a bot that an attacker could remotely control to do his bidding. Nothing unusual about that approach. The attacker then gave my bot instructions to probe 5,000 domains, looking for mail servers that could be used to relay yet more spam.\u003C\/span\u003E\u003C\/div\u003E\u003Cdiv\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Cbr\u003E\u003C\/span\u003E\u003C\/div\u003E\u003Cdiv\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003EDiscovering and writing about criminal mischief is great, but if that\u0026#39;s where I stopped, I\u0026#39;m just one more source of noise on the Internet. I research with two purposes: to teach, and to fix. Writing this blog series was the teaching part; as for the fixing part, that is where today\u0026#39;s story picks up.\u003C\/span\u003E\u003Cbr\u003E\u003C\/div\u003E\u003Ca href=\"http:\/\/www.securityforrealpeople.com\/2014\/10\/would-you-know-if-your-email-server.html#more\"\u003ERead more »\u003C\/a\u003E"},"link":[{"rel":"edit","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/3032251180905151235"},{"rel":"self","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/3032251180905151235"},{"rel":"alternate","type":"text/html","href":"http:\/\/www.securityforrealpeople.com\/2014\/10\/would-you-know-if-your-email-server.html","title":"Would you know if your email server were attacked?"}],"author":[{"name":{"$t":"David"},"uri":{"$t":"http:\/\/www.blogger.com\/profile\/10169777669998745001"},"email":{"$t":"noreply@blogger.com"},"gd$image":{"rel":"http://schemas.google.com/g/2005#thumbnail","width":"16","height":"16","src":"https:\/\/img1.blogblog.com\/img\/b16-rounded.gif"}}]},{"id":{"$t":"tag:blogger.com,1999:blog-3911105790299130851.post-4391296812546818692"},"published":{"$t":"2014-10-23T09:11:00.001-05:00"},"updated":{"$t":"2017-01-21T14:46:15.852-06:00"},"category":[{"scheme":"http://www.blogger.com/atom/ns#","term":"Cyber Crime"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Digital Forensics"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Home Network Security"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Malware"}],"title":{"type":"text","$t":"Where does all the spam come from?"},"content":{"type":"html","$t":"\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\u003Ca href=\"https:\/\/4.bp.blogspot.com\/-2dhH535xnWw\/VEbAtKBqBaI\/AAAAAAAAFH8\/06vu82t0Ius\/s1600\/Package_FLLG.PDF_.scr_0000.png\" imageanchor=\"1\" style=\"clear: right; float: right; margin-bottom: 1em; margin-left: 1em;\"\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Cimg alt=\"\" border=\"0\" height=\"200\" src=\"https:\/\/4.bp.blogspot.com\/-2dhH535xnWw\/VEbAtKBqBaI\/AAAAAAAAFH8\/06vu82t0Ius\/s1600\/Package_FLLG.PDF_.scr_0000.png\" title=\"This is part three in a series dissecting the Gamarue botnet agent. This post describes a payload delivered to the infected bot, which systematically probes 5,000 domains to determine which have open SMTP relays that could be abused to send yet more spam.\" width=\"200\"\u003E\u003C\/span\u003E\u003C\/a\u003E\u003C\/div\u003E\u003Cspan style=\"font-family: \u0026#39;Helvetica Neue\u0026#39;, Arial, Helvetica, sans-serif;\"\u003E\u003Ci\u003E\u003Cspan style=\"font-size: x-small;\"\u003EThis is part 3 in a series investigating a particular piece of malware.\u003C\/span\u003E\u003C\/i\u003E\u003C\/span\u003E\u003Cbr\u003E\u003Cul\u003E\u003Cli\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif; font-size: x-small;\"\u003E\u003Ci\u003E\u003Ca href=\"https:\/\/securityforrealpeople.com\/2014\/10\/from-click-to-pwned.html\" target=\"_blank\"\u003EPart 1\u003C\/a\u003E looks at how the malware is delivered. It and part 2 were originally a single post, later separated since they look at distinct phases in the attack.\u003C\/i\u003E\u003C\/span\u003E\u003C\/li\u003E\u003Cli\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif; font-size: x-small;\"\u003E\u003Ci\u003E\u003Ca href=\"https:\/\/securityforrealpeople.com\/2014\/10\/an-introduction-to-malware-forensics.html\" target=\"_blank\"\u003EPart 2\u003C\/a\u003E analyzes the bot - the agent which turns your computer into a remotely-controlled robot doing the attacker\u0026#39;s bidding.\u003C\/i\u003E\u003C\/span\u003E\u003C\/li\u003E\u003Cli\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif; font-size: x-small;\"\u003E\u003Ci\u003EPart 3 dives into the first payload: code to test 30,000 addresses at 5,000 domains, to see if they could be used to send additional spam.\u003C\/i\u003E\u003C\/span\u003E\u003C\/li\u003E\u003C\/ul\u003E\u003Cspan style=\"font-family: \u0026#39;Helvetica Neue\u0026#39;, Arial, Helvetica, sans-serif;\"\u003EEver wondered how spam ends up in your inbox, or how spammers come up with the email addresses from which to send spam? The spammer needs a few things in order to send messages: obviously he needs a list of target email addresses to send messages to; those can be bought on the dark market at very little cost. Unless he wants to send email from his own server though, he also needs an abuseable email relay server and spoofed source address. Why? Two reasons – not every Internet provider would turn a blind eye to a spammer sending millions of malicious email; and he can gain far more capacity by sending mail through thousands of open relays.\u003C\/span\u003E\u003Cbr\u003E\u003Ca href=\"http:\/\/www.securityforrealpeople.com\/2014\/10\/where-does-all-spam-come-from.html#more\"\u003ERead more »\u003C\/a\u003E"},"link":[{"rel":"edit","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/4391296812546818692"},{"rel":"self","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/4391296812546818692"},{"rel":"alternate","type":"text/html","href":"http:\/\/www.securityforrealpeople.com\/2014\/10\/where-does-all-spam-come-from.html","title":"Where does all the spam come from?"}],"author":[{"name":{"$t":"David"},"uri":{"$t":"http:\/\/www.blogger.com\/profile\/10169777669998745001"},"email":{"$t":"noreply@blogger.com"},"gd$image":{"rel":"http://schemas.google.com/g/2005#thumbnail","width":"16","height":"16","src":"https:\/\/img1.blogblog.com\/img\/b16-rounded.gif"}}],"media$thumbnail":{"xmlns$media":"http://search.yahoo.com/mrss/","url":"https:\/\/4.bp.blogspot.com\/-2dhH535xnWw\/VEbAtKBqBaI\/AAAAAAAAFH8\/06vu82t0Ius\/s72-c\/Package_FLLG.PDF_.scr_0000.png","height":"72","width":"72"}},{"id":{"$t":"tag:blogger.com,1999:blog-3911105790299130851.post-3152565268021252999"},"published":{"$t":"2014-10-23T08:31:00.000-05:00"},"updated":{"$t":"2017-01-17T19:18:10.146-06:00"},"category":[{"scheme":"http://www.blogger.com/atom/ns#","term":"Digital Forensics"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Home Network Security"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Malware"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Social Engineering"}],"title":{"type":"text","$t":"From click to pwned"},"content":{"type":"html","$t":"\u003Ca href=\"https:\/\/4.bp.blogspot.com\/-2dhH535xnWw\/VEbAtKBqBaI\/AAAAAAAAFH8\/06vu82t0Ius\/s1600\/Package_FLLG.PDF_.scr_0000.png\" imageanchor=\"1\" style=\"clear: right; float: right; margin-bottom: 1em; margin-left: 1em;\"\u003E\u003Cimg alt=\"\" border=\"0\" height=\"200\" src=\"https:\/\/4.bp.blogspot.com\/-2dhH535xnWw\/VEbAtKBqBaI\/AAAAAAAAFH8\/06vu82t0Ius\/s1600\/Package_FLLG.PDF_.scr_0000.png\" title=\"Part 1 in a series dissecting a particular botnet, this article discusses some of the tactics malware uses to infect new systems. One of the most popular approaches is tricking the end user into clicking a malicious link.\" width=\"200\"\u003E\u003C\/a\u003E\u003Cspan style=\"font-family: \u0026#39;Helvetica Neue\u0026#39;, Arial, Helvetica, sans-serif;\"\u003E\u003Ci\u003E\u003Cspan style=\"font-size: x-small;\"\u003EThis is part 1 in a series investigating a particular piece of malware.\u003C\/span\u003E\u003C\/i\u003E\u003C\/span\u003E\u003Cbr\u003E\u003Cul\u003E\u003Cli\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif; font-size: x-small;\"\u003E\u003Ci\u003EPart 1 looks at how the malware is delivered. It and part 2 were originally a single post, later separated since they look at distinct phases in the attack.\u003C\/i\u003E\u003C\/span\u003E\u003C\/li\u003E\u003Cli\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif; font-size: x-small;\"\u003E\u003Ci\u003E\u003Ca href=\"https:\/\/securityforrealpeople.com\/2014\/10\/an-introduction-to-malware-forensics.html\" target=\"_blank\"\u003EPart 2\u003C\/a\u003E analyzes the bot - the agent which turns your computer into a remotely-controlled robot doing the attacker\u0026#39;s bidding.\u003C\/i\u003E\u003C\/span\u003E\u003C\/li\u003E\u003Cli\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif; font-size: x-small;\"\u003E\u003Ci\u003E\u003Ca href=\"https:\/\/securityforrealpeople.com\/2014\/10\/where-does-all-spam-come-from.html\" target=\"_blank\"\u003EPart 3\u003C\/a\u003E dives into the first payload: code to test 30,000 addresses at 5,000 domains, to see if they could be used to send additional spam.\u003C\/i\u003E\u003C\/span\u003E\u003C\/li\u003E\u003C\/ul\u003E\u003Cbr\u003E\u003Cspan style=\"font-family: \u0026#39;Helvetica Neue\u0026#39;, Arial, Helvetica, sans-serif;\"\u003EMalware writers and scammers have a number of tricks up their sleeves, all with the goal of making your computer become their computer. Some tactics involve technology, some involve sleight-of-hand (sleight-of-mouse?), some involve social engineering, and some involve a combination of factors. I received an email scam that slipped past my spam filters and that exhibited a combination of old and new tactics, so took some time to break it apart.\u003C\/span\u003E\u003Cbr\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Cbr\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003EIf you don\u0026#39;t want to read through the technical details, here\u0026#39;s the short version: don\u0026#39;t click links or open attachments in unexpected email, don\u0026#39;t trust email from an unknown or uncertain source, and be aware that there are lots of ways to make a malicious link look legitimate. In short, \u003Cb\u003E\u003Cspan style=\"color: red;\"\u003Edon\u0026#39;t click the link.\u003C\/span\u003E\u003C\/b\u003E\u003C\/span\u003E\u003Cbr\u003E\u003Ca href=\"http:\/\/www.securityforrealpeople.com\/2014\/10\/from-click-to-pwned.html#more\"\u003ERead more »\u003C\/a\u003E"},"link":[{"rel":"edit","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/3152565268021252999"},{"rel":"self","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/3152565268021252999"},{"rel":"alternate","type":"text/html","href":"http:\/\/www.securityforrealpeople.com\/2014\/10\/from-click-to-pwned.html","title":"From click to pwned"}],"author":[{"name":{"$t":"David"},"uri":{"$t":"http:\/\/www.blogger.com\/profile\/10169777669998745001"},"email":{"$t":"noreply@blogger.com"},"gd$image":{"rel":"http://schemas.google.com/g/2005#thumbnail","width":"16","height":"16","src":"https:\/\/img1.blogblog.com\/img\/b16-rounded.gif"}}],"media$thumbnail":{"xmlns$media":"http://search.yahoo.com/mrss/","url":"https:\/\/4.bp.blogspot.com\/-2dhH535xnWw\/VEbAtKBqBaI\/AAAAAAAAFH8\/06vu82t0Ius\/s72-c\/Package_FLLG.PDF_.scr_0000.png","height":"72","width":"72"}},{"id":{"$t":"tag:blogger.com,1999:blog-3911105790299130851.post-4812753036862215057"},"published":{"$t":"2014-10-22T07:51:00.000-05:00"},"updated":{"$t":"2017-01-21T14:50:40.541-06:00"},"category":[{"scheme":"http://www.blogger.com/atom/ns#","term":"Digital Forensics"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Home Network Security"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Malware"}],"title":{"type":"text","$t":"An introduction to malware forensics"},"content":{"type":"html","$t":"\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\u003Ca href=\"https:\/\/4.bp.blogspot.com\/-2dhH535xnWw\/VEbAtKBqBaI\/AAAAAAAAFH8\/06vu82t0Ius\/s1600\/Package_FLLG.PDF_.scr_0000.png\" imageanchor=\"1\" style=\"clear: right; float: right; margin-bottom: 1em; margin-left: 1em;\"\u003E\u003Cimg alt=\"\" border=\"0\" height=\"200\" src=\"https:\/\/4.bp.blogspot.com\/-2dhH535xnWw\/VEbAtKBqBaI\/AAAAAAAAFH8\/06vu82t0Ius\/s1600\/Package_FLLG.PDF_.scr_0000.png\" title=\"Part 2 in a series dissecting a particular botnet agent, this post begins a forensic analysis of the downloaded malicious agent, looking at what it does to the computer, and what it does on the network.\" width=\"200\"\u003E\u003C\/a\u003E\u003C\/div\u003E\u003Cspan style=\"font-family: \u0026#39;Helvetica Neue\u0026#39;, Arial, Helvetica, sans-serif;\"\u003E\u003Ci\u003E\u003Cspan style=\"font-size: x-small;\"\u003EThis is part 2 in a series investigating a particular piece of malware.\u003C\/span\u003E\u003C\/i\u003E\u003C\/span\u003E\u003Cbr\u003E\u003Cul\u003E\u003Cli\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif; font-size: x-small;\"\u003E\u003Ci\u003E\u003Ca href=\"https:\/\/securityforrealpeople.com\/2014\/10\/from-click-to-pwned.html\" target=\"_blank\"\u003EPart 1\u003C\/a\u003E looks at how the malware is delivered. It and part 2 were originally a single post, later separated since they look at distinct phases in the attack.\u003C\/i\u003E\u003C\/span\u003E\u003C\/li\u003E\u003Cli\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif; font-size: x-small;\"\u003E\u003Ci\u003EPart 2 analyzes the bot - the agent which turns your computer into a remotely-controlled robot doing the attacker\u0026#39;s bidding.\u003C\/i\u003E\u003C\/span\u003E\u003C\/li\u003E\u003Cli\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif; font-size: x-small;\"\u003E\u003Ci\u003E\u003Ca href=\"https:\/\/securityforrealpeople.com\/2014\/10\/where-does-all-spam-come-from.html\" target=\"_blank\"\u003EPart 3\u003C\/a\u003E dives into the first payload: code to test 30,000 addresses at 5,000 domains, to see if they could be used to send additional spam.\u003C\/i\u003E\u003C\/span\u003E\u003C\/li\u003E\u003C\/ul\u003E\u003Cbr\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003EIn my last post, we looked at a fairly typical spam message used to deliver malware to unsuspecting users. This message played on psychology (aka social engineering) to trick the reader - a confirmation message for an expensive purchase (in this case, about $1,600), with a link to retrieve the \u0026quot;invoice\u0026quot; (actually the malware). It used Google redirectors to avoid a suspicious-looking link to DropBox or some random web site.\u003C\/span\u003E\u003Cbr\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Cbr\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003EOnce the reader clicks the link and allows it to download and run, their computer becomes infected with a botnet agent. In this post, I downloaded the malware into a virtual environment to do some analysis.\u003C\/span\u003E\u003Cbr\u003E\u003Ca href=\"http:\/\/www.securityforrealpeople.com\/2014\/10\/an-introduction-to-malware-forensics.html#more\"\u003ERead more »\u003C\/a\u003E"},"link":[{"rel":"edit","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/4812753036862215057"},{"rel":"self","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/4812753036862215057"},{"rel":"alternate","type":"text/html","href":"http:\/\/www.securityforrealpeople.com\/2014\/10\/an-introduction-to-malware-forensics.html","title":"An introduction to malware forensics"}],"author":[{"name":{"$t":"David"},"uri":{"$t":"http:\/\/www.blogger.com\/profile\/10169777669998745001"},"email":{"$t":"noreply@blogger.com"},"gd$image":{"rel":"http://schemas.google.com/g/2005#thumbnail","width":"16","height":"16","src":"https:\/\/img1.blogblog.com\/img\/b16-rounded.gif"}}],"media$thumbnail":{"xmlns$media":"http://search.yahoo.com/mrss/","url":"https:\/\/4.bp.blogspot.com\/-2dhH535xnWw\/VEbAtKBqBaI\/AAAAAAAAFH8\/06vu82t0Ius\/s72-c\/Package_FLLG.PDF_.scr_0000.png","height":"72","width":"72"}},{"id":{"$t":"tag:blogger.com,1999:blog-3911105790299130851.post-7336261719051391748"},"published":{"$t":"2014-09-25T22:42:00.000-05:00"},"updated":{"$t":"2017-01-21T15:02:57.242-06:00"},"category":[{"scheme":"http://www.blogger.com/atom/ns#","term":"Bugs and Vulnerabilities"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Digital Forensics"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Home Network Security"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Internet of Things"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Practical Security"}],"title":{"type":"text","$t":"Shellshocked: what is the bug in Bash?"},"content":{"type":"html","$t":"\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003EThe Internet has been awash with information and misinformation about a bug in GNU bash, a common system shell in many Unix variants. Here are some initial thoughts about what it is, and what it is not.\u003C\/span\u003E\u003Cbr\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Cbr\u003EA shell is a way of giving a computer commands, that it in turn executes. The Windows CMD shell (aka \u0026quot;DOS Prompt\u0026quot;) is one example of a shell. Unix has many different shells, but a common one is bash, or \u0026quot;Bourne Again SHell.\u0026quot; It is common in Unix and Linux variants ... which happen to be the operating system of choice for a great many non-PC Internet devices. Think wireless routers, Blu-Ray players, network hard drives, printers, Internet TVs, etc. Not all run bash - as I said there are a number of different shells - but many do.\u003C\/span\u003E\u003Cbr\u003E\u003Ca href=\"http:\/\/www.securityforrealpeople.com\/2014\/09\/shellshocked-what-is-bug-in-bash.html#more\"\u003ERead more »\u003C\/a\u003E"},"link":[{"rel":"edit","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/7336261719051391748"},{"rel":"self","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/7336261719051391748"},{"rel":"alternate","type":"text/html","href":"http:\/\/www.securityforrealpeople.com\/2014\/09\/shellshocked-what-is-bug-in-bash.html","title":"Shellshocked: what is the bug in Bash?"}],"author":[{"name":{"$t":"David"},"uri":{"$t":"http:\/\/www.blogger.com\/profile\/10169777669998745001"},"email":{"$t":"noreply@blogger.com"},"gd$image":{"rel":"http://schemas.google.com/g/2005#thumbnail","width":"16","height":"16","src":"https:\/\/img1.blogblog.com\/img\/b16-rounded.gif"}}],"media$thumbnail":{"xmlns$media":"http://search.yahoo.com/mrss/","url":"https:\/\/4.bp.blogspot.com\/-rB8zjHRxDHU\/VCWKl4bMMbI\/AAAAAAAAEys\/B0IG2j55u2I\/s72-c\/shellshocked.png","height":"72","width":"72"}},{"id":{"$t":"tag:blogger.com,1999:blog-3911105790299130851.post-6031763739287975645"},"published":{"$t":"2014-09-23T06:00:00.000-05:00"},"updated":{"$t":"2017-01-21T15:11:40.840-06:00"},"category":[{"scheme":"http://www.blogger.com/atom/ns#","term":"Digital Forensics"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Faith Family \u0026 Fun"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Home Network Security"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Internet of Things"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Weekend Projects"}],"title":{"type":"text","$t":"Installing Kali Linux and Snort on a Raspberry Pi"},"content":{"type":"html","$t":"\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\u003Ca href=\"https:\/\/4.bp.blogspot.com\/-p8ehavluiGo\/UzoLCaQ1-oI\/AAAAAAAACFI\/wGpBxz3AymE\/s1600\/pi_top.jpg\" imageanchor=\"1\" style=\"clear: left; float: left; margin-bottom: 1em; margin-right: 1em;\"\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Cimg alt=\"\" border=\"0\" height=\"137\" src=\"https:\/\/1.bp.blogspot.com\/-6Q1xt4wikX8\/VJNUzhXUezI\/AAAAAAAAFxo\/4jvl78pXAY4\/s1600\/pi_top_sm.jpg\" title=\"Building a network tap is a nice little project, but useless without a way to capture and analyze packets. Enter Kali Linux for the Raspberry Pi. Here is a step-by-step tutorial for turning $50 worth of Pi and parts into a bona fide hacking tool.\" width=\"200\"\u003E\u003C\/span\u003E\u003C\/a\u003E\u003C\/div\u003E\u003Cspan style=\"font-family: \u0026#39;Helvetica Neue\u0026#39;, Arial, Helvetica, sans-serif;\"\u003ELast week I wrote about \u003C\/span\u003E\u003Ca href=\"https:\/\/securityforrealpeople.com\/2014\/09\/how-to-build-10-network-tap.html\" style=\"font-family: \u0026#39;Helvetica Neue\u0026#39;, Arial, Helvetica, sans-serif;\" target=\"_blank\"\u003Ebuilding a passive network tap\u003C\/a\u003E\u003Cspan style=\"font-family: \u0026#39;Helvetica Neue\u0026#39;, Arial, Helvetica, sans-serif;\"\u003E with about $10 in off-the-shelf parts. Building a tap is a nice little project, but what do you do with it? A simple first step is to install Wireshark on a laptop and capture some packets. I wanted something a little more elegant though. Earlier this year I posted an \u003C\/span\u003E\u003Ca href=\"https:\/\/securityforrealpeople.com\/2014\/04\/raspberry-pi-35-computer-that-does.html\" style=\"font-family: \u0026#39;Helvetica Neue\u0026#39;, Arial, Helvetica, sans-serif;\" target=\"_blank\"\u003EApril Fools gag\u003C\/a\u003E\u003Cspan style=\"font-family: \u0026#39;Helvetica Neue\u0026#39;, Arial, Helvetica, sans-serif;\"\u003E on various uses for a Raspberry Pi ... this time I am putting it to legitimate use.\u003C\/span\u003E\u003Cbr\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Cbr\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003EThe Raspberry Pi is a minimalist computer: a processor; a bit of memory; ports for network, video, and sound; an SD card slot for data and operating system storage; a few USB ports to attach additional components; and a micro-USB port to supply power. Altogether a bare-bones Pi costs about $35. You can buy a Pi with a protective case, an SD card, and a power supply for around $50 to $60. I picked up bundle with the Raspberry Pi model B, clear case, and wireless adapter for $49.95, plus a 16 GB SD card for another $10. In truth, I could have gotten by with a smaller SD card, but the software tools I had in mind to use take up some space, and network captures can quickly fill up a drive.\u003C\/span\u003E\u003Cbr\u003E\u003Ca href=\"http:\/\/www.securityforrealpeople.com\/2014\/09\/installing-kali-linux-and-snort-on.html#more\"\u003ERead more »\u003C\/a\u003E"},"link":[{"rel":"edit","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/6031763739287975645"},{"rel":"self","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/6031763739287975645"},{"rel":"alternate","type":"text/html","href":"http:\/\/www.securityforrealpeople.com\/2014\/09\/installing-kali-linux-and-snort-on.html","title":"Installing Kali Linux and Snort on a Raspberry Pi"}],"author":[{"name":{"$t":"David"},"uri":{"$t":"http:\/\/www.blogger.com\/profile\/10169777669998745001"},"email":{"$t":"noreply@blogger.com"},"gd$image":{"rel":"http://schemas.google.com/g/2005#thumbnail","width":"16","height":"16","src":"https:\/\/img1.blogblog.com\/img\/b16-rounded.gif"}}],"media$thumbnail":{"xmlns$media":"http://search.yahoo.com/mrss/","url":"https:\/\/1.bp.blogspot.com\/-6Q1xt4wikX8\/VJNUzhXUezI\/AAAAAAAAFxo\/4jvl78pXAY4\/s72-c\/pi_top_sm.jpg","height":"72","width":"72"}}]}});