July 2014


Uncategorized29 Jul 2014 04:42 pm

I logged on to the Sun box in my basement this evening, looking to test something on a Solaris box, and decided to look at the log files.  In the messages file I see a bunch of errors: “fatal: padding error: need 168 block 16 mod 8”

Yes, I am forwarding SSH from my Internet IP to the Sun box so I can SSH into the server from the Internet.  And apparently, somebody or multiple somebody’s are trying some type of brute force attack on SSH to get into my machine.

I checked the box, and nobody has managed to hack there way in using SSH, but, its amazing that a bad actor out there found the open SSH connection on my home comcast.net IP address, and they are going to town.

Interesting, to think that if they could get into the server, would that be a launch point to root kit that machine, and the MAC’s on my home network, looking for credit card numbers, account ID’s and passwords, PayPal, etc.

There are so many bad actors out there nowadays.  I’m very excited to be going to Black Hat and Def con next week and learning more about the state of cyber security.

 

Uncategorized20 Jul 2014 06:18 am

I was sitting in a meeting this week with agents from three different three letter agencies to discuss the state of hackers and malware and threats against systemic financial institutions.  There were about 20 members of the various agencies around this giant conference room, and I was sitting there trying to be a fly on the wall.

The agents at the meeting were discussing the various bad actors and the potential threats against our countries in structure when one of the agents asked if we traveled to China.  When somebody in the room said yes.  He then asked if when traveling you brought your technology, e.g. Laptops, iPads, iPods, iPhones, Android devices.  “Well we issue loaner laptops.”  He saws, “well good… when you get back to the states, do not connect your laptop to your company network, burn it, and throw it out.”

A lively discussion began where he explained that if you take your technology to China and use it, it will be compromised.  period.  And once it is compromised there is nothing you can do, including reformatting the device, or resting it to “factory” defaults that will make the unit safe again.  The malware that will be embedded in your machine is so sophisticated that it cannot be removed by any means.

They did have a good recommendation.  If you need to travel to China or Russia, and have an office there, have loaner technology available for you in country, use it while you are there, and leave it in country.  Never bring it back and never run the risk of allowing malware infested technology to get back on to your corporate network.

This will lead so some additional challenges next year as we are opening offices if China and expanding their functionality.  We know that they will not be connected back to our private company network and we have policies in place that only information with a Data Classification Policy label of “public” be allowed on computers in China.  I’m sure this is going to lead to some interesting IT security challenges for later this year.

When the meeting broke one of the agents sitting next to me notice my interest in the “burn the laptops” comment, and said it me… “The same warning holds true for Russia.”

I believe the person who made the initial statement on China was one of the “Agent’s in Charge”, so I respect the warning that was given.

Next month I am going to be out at Black Hat and Defcon.  I put in a request for a loaner laptop for my travels.  I am going to make sure that “bluetooth” is disabled on all of my devices, and WI-FI turned off on my iPhone.  How about my personal Mac?  I am NOT staying at the headquarters hotel for either event because they do have contests called “capture the flag” where they count the number of devices that they can compromise, and they project on the main conference hall a screen called the “wall of sheep” which broadcasts the passwords that they capture from the open access points they set up, and when a device automatically connects to the “free” internet, WHAM, they have compromised your device, installed a root kit on it, display all the passwords from your device, and add one to the count of devices that they have compromised.  I also do not connect to the hotels internet when I am in down for this convention, using my phones Internet for when I want to connect and check email, but, I have been reading that even cell phone Internet has the potential to being compromised.

What do you think about bringing my personal technology to Black Hat and Def Con?  Will it be at risk with the precautions I am taking?  Leave Facebook comments with your opinion.