Tuesday, December 29, 2015

Bitlocker Derp with Intercept article

A day ago The Intercept came out with an article on bitlocker that had me slowly rolling my eyes. The article in question is right here:
https://theintercept.com/2015/12/28/recently-bought-a-windows-computer-microsoft-probably-has-your-encryption-key/

This article has many correct points although I was shocked that this was news to everyone after seeing a twitter storm again on backdoors against encryption. However there are inaccuracies that really should be corrected.

First incorrect statement:

"In order to generate a new disk encryption key, this time without giving a copy to Microsoft, you need decrypt your whole hard disk and then re-encrypt it, but this time in such a way that you’ll actually get asked how you want to backup your recover key."

Answer:
This statement is not correct. In short.. no.. you do not need to decrypt your entire hard disk. A few things have to be present first if Microsoft does indeed have your encryption key.
1. Are you signed in under a Microsoft account? If the answer is yes... then read step 2.

2. Is my disk encrypted? How do I know if it is encrypted?
Open a command elevated administrator command prompt window and type the following command:
manage -bde -status

As you can see the disk is encrypted with XTS-AES 128. This is Microsoft default in build 10586.

3. Check onedrive to see if my bitlocker backup key exists.
http://go.microsoft.com/fwlink/?LinkId=237614

If you see something like this. Then you will need to delete it. This is what your recovery key looks like.

**Please note this is not my bitlocker recovery key. This was done on a test virtual machine for demonstration purposes.


How to generate a new recovery key without re-encrypting your entire computer.
1. Type in the following command in a elevated administrator command prompt. This will temporarily suspend bitlocker on your pc. This does not decrypt your box. It just suspends the key protectors on your box such as a numerical password or TPM chip,

manage-bde -protectors -disable %systemdrive%

2. Next type the following. This will delete your drives current recovery password.

manage-bde -protectors -delete %systemdrive% -type RecoveryPassword

3. Add a new recovery password. This will regenerate a new one for you.

manage-bde -protectors -add %systemdrive% -RecoveryPassword

Here is a snapshot of this 3 shot flow and where you can clearly see a brand new recovery key has been generated and the old one discarded.


4. Once you store the new key somewhere else. Preferably in encrypted form away from your computer. You need to re-enable bitlocker protection with the following command.

manage-bde -protectors -enable %systemdrive%

Other thoughts:
If you have a modern computer. The worst thing you could do is use an open source product such as veracrypt to utilize full disk encryption on your machine. In order to use something like veracrypt you will have to completely decrypt your hard drive. Actually scratch that. You will have to format your OS. Dump off UEFI mode in the bios. So you will lose boot integrity and validity. Then you will have to format your hard disk partition into a non GPT format. Veracrypt doesn't support that yet.


Warning: All that will separate you from your adversary is a password in this scenario. Make it a damn good one.


I received some other twitter comments...which I won't post... that were completely out of this world. There are alot..... I mean alot of people that have little understanding of how bitlocker works and exactly what Microsoft is backing up to the cloud.

Microsoft backs up recovery keys only.....I repeat recovery keys only. There is no other encryption key that gets backed up or magically generated.

Windows AES128 Default.... change it
A word of warning on default encryption with Microsoft Windows. Microsoft defaults to AES128. On newer Windows 10 builds the default is XTS-AES-128. Everyone should be using at minimum AES256. This is very easy to change with group policy (or local group policy) assuming you have not encrypted your computer yet.

do a search for the following:
GPEDIT.MSC

Navigate to:
Computer Configuration/Administrative Templates/Windows Components/Bitlocker Drive Encryption

Go to the following policy:
"Choose drive encryption method and cipher strength". In this example I am using Windows version 1511 and later. Do the following below.




Attacking Bitlocker Encryption
Attacking encryption is best done by attacking the random number generator. While the RNG for Bitlocker could be in question you are provided with some very good protection if you are using UEFI secure boot and have a TPM chip.

If someone attempts to clone your hard drive. Without these protectors present they would immediately need to know your 48 digit recovery key.

Remember that physical access is needed in order to use a bitlocker recovery key!!!

Choose your encryption snake oil wisely.




Root

Friday, December 25, 2015

Hardening your Microsoft networks from exploitation

A few resources one would want to use for this:

Privileged Access Workstations

Securing Privileged Access Reference Material

Tracking Lateral Movement Part One - Special Groups and Specific Service Accounts

I could write a really.... really long blog about this. This reference material I posted above should get some ideas generated for you.

Don't forget. Set yourself up an isolated Security Compliance Management Box off your network.
https://technet.microsoft.com/en-us/solutionaccelerators/cc835245.aspx

Definitely do the Windows Server 2012R2 Domain Controller Security and Member Server Security compliance from the Solution Accelerator. 

Thanks,
Root :)


Tuesday, November 24, 2015

Root CA from unknown origin on Dell Inspiron 3847

I've found another suspicious rogue CA's sitting on a Dell Inspiron. I currently have one Dell Inspiron 3847.

It's unmodified so that small daily tasks can be performed on it. I've since wiped it clean after this article showed up yesterday. 


The Rogue CA's are a little different than the ones mentioned in the article. 

This is a rogue Root CA that had my machine ID in it with the private key. It's validity occurred right when the machine was purchased and given a name. A little weird.

Encrypting file system has not been installed on this PC. All that was loaded on it was a browser and Office.

Never trust an OEM it's better just to wipe to eliminate these issues. 





Sunday, November 15, 2015

So why was this NYT article pulled?

This NYT article was pulled and some are wondering why.
http://www.nytimes.com/2015/11/16/world/europe/paris-attackers-communicated-with-isis-officials-say.html

A brief clip of how the article started.

I would say the article was pulled or asked to be pulled because the possible briefing in question is a NATSEC issue. 

Some say ISIS terrorists are communicating over PlayStation 4 networks:

I am still convinced that some are passing messages on pastebin such as this screenshot below:


However they are communicating. People tend to get caught.

I am still praying for Paris. I hope everyone responsible for this stupid senseless act is caught.

Update1:
As @krypt3ia pointed out and I can't emphasize this enough. The PS4 article and any other encryption methods are unsubstantiated claims. The public will more than likely not find out the true methods that were used because of surveillance reasons. 

@krypt3ia has an great post on some Daesh Darknet boards that were put up recently. It's worth the read as well as any updates. 

Update 2:
A reporting error linked the Playstation 4 to Paris attacks
http://www.theverge.com/2015/11/16/9745216/playstation-4-paris-attacks-reporting-error

Sunday, November 8, 2015

Friday, October 30, 2015

Cryptowall 3 defense and mitigation tactics

This seems to be a popular subject lately. Especially with the latest report on how cryptowall is possibly tied to one threat actor group. The first defense you need to take on not becoming a victim of cryptowall is understand the methods of infection that leads to the compromise.

Below is one of the most common ways a cryptowall infection starts. It starts with a zip file.
When working with email it's important to understand that you should never open attachments from people you don't know. More importantly you should be cautious opening attachments from people you do know.

Common files attachments you should avoid in email.
.zip
.exe
.scr
.docxm
.xlsm
.scr
.pdf
.docx
.xlsx
.doc
.xls
.ppt
.pptx

If you receive an email from anyone with the following extensions immediately delete it and do not open.

Angler is probably the number one crime kit to distribute cryptowall 3. Angler works by injecting its payload directly in memory and doesn't write malware to the disk. In memory exploits are very tricky in terms of detection but they can also be prevented. If you have a vulnerable browser that is not patched and running third party plugins such as Java, Silverlight, or flash. It can lead to compromise very quickly. Infected ads using flash are a pretty popular method to distribute.

So how should you prevent? If you are running Windows 7, 8 or 10. Uninstall Silverlight and Java. So what about flash? You can uninstall on Win7. Unfortunately Win 8 and 10 it's baked into the OS. However there is an easy setting change to prevent running flash content in IE. It's called Active X filtering and one day it may save you from a serious compromise:

1. Open Internet Explorer by clicking the Start button Picture of the Start button. In the search box, type Internet Explorer, and then, in the list of results, click Internet Explorer.

2. Click the Tools button Tools button, point to Safety, and then click ActiveX Filtering.

What else should you do on top of these simple countermeasures?
Run a Microsoft tool called EMET. You can download it here.

EMET is an enhanced mitigation utility designed to hook into processes and prevent to exploitation. Most of the time the defaults will work out ok for everyone. You may have to manually tweak depending what all types of add-ins you are running in IE.

Another countermeasure to do is limit your browsing activity to an unprivileged account. You should be browsing under an account that does not have administrator privileges.

Always...always make backups of your data. Offsite...... Cloud storage often gets a bad name. Cloud storage is not a bad thing if you know how to protect your data before you send to a cloud storage location. I use Microsoft's One Drive. It's baked into Windows 8.1 and Windows 10. I used pkware product called viivo to encrypt my data before it gets sent to the microsoft cloud. I also two factor my Microsoft account for added protection. I don't really browse to websites or do much with my windows box. I store data and bounce it to the cloud. That's about it.

I do stuff mostly on Linux virtual machines or Chrome OS. Chrome OS on a chromebook has been my go to choice lately for about everything.



Sunday, October 25, 2015

Pass the hash security templates

If you haven't done so and want some quick wins for a Win 8.1 or 7 environment. Head over here to download the Windows 8.1 security baseline zip file and extract the contents.

http://blogs.technet.com/b/secguide/archive/2014/08/13/security-baselines-for-windows-8-1-windows-server-2012-r2-and-internet-explorer-11-final.aspx

After Extracting navigate to the following area. (I extracted the contents to temp)

C:\temp\Desktop\Win81-WS2012R2-IE11-Baselines-FINAL\Win81-WS2012R2-IE11-Baselines\Administrative Template\PolicyDefinitions

Copy the pth.admx and the pth.adm file in the en-US folder to their respective locations in the policy definitions on the domain controller. When you go into your group policy editor on your domain controller you will notice some Pass the hash mitigations available.


Set 'Apply UAC restrictions to local accounts on network logons' to 'Enabled'

This setting controls whether local accounts can be used for remote administration via network logon (e.g., NET USE, connecting to C$, etc.). Local accounts are at high risk for credential theft when the same account and password is configured on multiple systems. Enabling this policy significantly reduces that risk.

Set 'WDigest Authentication' to 'Disabled'

When WDigest authentication is enabled, Lsass.exe retains a copy of the user's plaintext password in memory, where it can be at risk of theft. If this setting is not configured, WDigest authentication is disabled in Windows 8.1 and in Windows Server 2012 R2; it is enabled by default in earlier versions of Windows and Windows Server.

Enjoy.

Saturday, October 24, 2015

Windows 10 Security Baselines

For those that use Microsoft Security Compliance manager as a baseline tool. There is now DRAFT security guidance for Windows 10.

http://blogs.technet.com/b/secguide/archive/2015/10/08/security-baseline-for-windows-10-draft.aspx

Download the zip. Extract it... and you are good to go.


There is also a folder called Local_Script if you want to do this on your computer without the need for a domain controller. Run the script and reboot. Test it with a non admin account.

Enjoy.

Sunday, October 11, 2015

Hardening Windows Virtual Machine OS Clients

This is just a running list of how I harden my Microsoft virtual OS's.

1. Stand up a Windows 2012 R2 domain controller that is on a internal network only vnic. 
2. Stand up a Windows 8.1 OS client on a internal network only vnic. Inside the OS set up Microsoft security compliance manager. Once you download all security baselines. Upload the following baselines to the domain controller or use RSAT and import the baselines in group policy management.

Some important policies to import. 

Windows 8.1 computer security compliance
Windows 8.1 user security compliance
Windows 8.1 bitlocker policies
IE 11 Security policies. 

Change the bitlocker policy around where it supports clients without TPM chips. Since your virtual machine doesn't have a TPM chip it's not necessary to have. All virtual OS's should be encrypted. Even the domain controller you set up. 

3. Encrypt all your virtual OS's with pre-boot authentication. 
4. Setup another Windows 8.1 client and move it to an area in active directory that has your computer and IE 11 policies. 
5. Create a standard user in your domain and give them the user security compliance to Win 8.1. 
6. Your standard user should not have admin rights to your Windows 8.1 client. 
7. Make sure EMET is set up as well. Enable the defaults and test all your applications to ensure they work properly after words. 
8. Disconnect your Windows 8.1 client from the internal network and set it to NAT or Bridge so its gets an IP to the internet. 
9. Fully patch your Windows 8.1 device. 
10. Install an AV client on it. I recommend panda av cloud. It has some excellent ratings in av-test.org website. 

This is pretty much my process when I make a Microsoft based virtual os in my lab environments.

Some may ask why Windows 8.1 and not Windows 10. Until an official security compliance guide is out for that OS I'd avoid hardening one on your own without some guidance. 

Sunday, October 4, 2015

Adding Two factor Auth to Fedora 22

This works with other distro's with a little tweaking. If you are interested in two factor authentication on your Linux login here are the steps. I am going to assume you are using full disk encryption with your Fedora installation. If not... then you really should.

1. Open Terminal with root privileges.
2. yum install google-authenticator

Once installed you will need to configure google authenticator. Run the following command in terminal. This can be run without root privileges. 

google-authenticator

You will be prompted to scan the QR code or you can enter in the secret key into the google authenticator app on your mobile phone. Once you are finished configuring your google app. Make sure you save and encrypt your emergency scratch codes should you ever lose your mobile phone. 

When presented with installation questions. Just choose Y for them unless you have a reason to deviate from the defaults. 

Once you are finished you will need to edit the following. I edited mine with vi. 

/etc/pam.d/gdm-password


Add the following line to gdm-password:

auth required pam_google_authenticator.so


if you are editing the file with vi. After you are finished. Hit the ESC button following by this

:x

This will save your config. Once done reboot your fedora install. With luck you will type in your password to your linux account and then asked for a verification code as shown below. 




Update1:
Good point from a fellow twitter follower. Two factor auth is not present if you do a ctrl + alt + F3 and log in under terminal if you account is compromised. Will put a fix for that up later. Enjoy!

Update2:
Lets say you want to add this for secure shell host. Easy enough to do. I disable SSH on my fedora box since I am using it for desktop functions and not server class functions

Edit in VI:
/etc/pam.d/sshd

Add the following line. 
auth required pam_google_authenticator.so

Edit in VI:
/etc/ssh/sshd_config 

Add the following line.
ChallengeResponseAuthentication yes

Restart the box. 










Trusted CA Security Issues

Some of the more interesting CA's on a 2012 R2 server that has yet to touch an internet for an update.

Versign Class 3 Public Primary Certificate with MD2 hashing and RSA 1024 bit key. Cert is good until 8/2028. It's present even on an up to date Win 10 machine. This is a good example on why CA models are just broken.







Sunday, August 23, 2015

Free Security Books, Training, and Classes

A collection of free security training resources and books. Good places to start.

Classes

Metasploit Unleashed - https://www.offensive-security.com/metasploit-unleashed/

Technet Labs (Do search for PKI) - https://technet.microsoft.com/en-us/virtuallabs/bb467605.aspx

VMware Labs - http://labs.hol.vmware.com/HOL/catalogs/catalog/123
(Concentrate on VMware NSX intro and advanced)

Books

Security Engineering by Ross Anderson - https://www.cl.cam.ac.uk/~rja14/book.html

Learn python the hard way (Use the try it for free) - http://learnpythonthehardway.org/



Coursera Courses
Cybersecurity (All Courses below. Only $49 if you want the specialization cert) - https://www.coursera.org/specialization/cybersecurity/7

Cryptography 1 (Standford Course) - https://www.coursera.org/course/crypto

Software Security - https://www.coursera.org/course/softwaresec

Cybersecurity and its ten domains - https://www.coursera.org/learn/cyber-security-domain

Cryptography (University of Maryland) - https://www.coursera.org/course/cryptography

Hardware Security - https://www.coursera.org/course/hardwaresec

Bitcoin and cryptocurrency technology - https://www.coursera.org/course/bitcointech

Usable Security - https://www.coursera.org/course/usablesec

Cryptography 2 - https://www.coursera.org/course/crypto2

Information Security and Risk management in context - https://www.coursera.org/course/inforiskman

Surveillance Law - https://www.coursera.org/course/surveillance
I highly recommend this one for counterintelligence purposes

Designing and executing information security strategies - https://www.coursera.org/course/infosec

Kahn Academy

Computer Science - https://www.khanacademy.org/computing/computer-science

Collection of Security Defense tactics

Privacy and security conscious browsing - https://gist.github.com/atcuno/3425484ac5cce5298932

Best Practices on securing active directory - https://blogs.microsoft.com/cybertrust/2013/06/03/microsoft-releases-new-mitigation-guidance-for-active-directory/

Better Crypto hardening - https://bettercrypto.org/faq/

Mitigating pass the hash version 1 and 2 - https://www.microsoft.com/en-us/download/details.aspx?id=36036

Getting Started with virtual smart cards - https://technet.microsoft.com/en-us/library/dn579260.aspx










Thursday, August 20, 2015

Best security caution you can take with a chromebook

Getting a chromebook? One of the best precautions you can take.

Sync while using a custom passphrase
Sign in to your Chromebook.
Enter your passphrase.
Click the status area, where your account picture appears.
Click Settings.
In the "People" section, click Advanced sync settings.
In the box that appears, choose what you want to sync:
To sync everything, select Sync everything from the dropdown menu.
To choose specific items to sync, select Choose what to sync from the dropdown menu, then check the items you want to sync.
Click OK.
Note: You'll need to enter the passphrase on each Chromebook you want to sync. If you've forgotten your passphrase, go to Google Dashboard and remove sync information from your Google Account, then set up sync again.

Why Would I do this?
hands-on experience shows that the default is only to encrypt the password and not necessarily the synced user data. If you put in custom password you can select to encrypt all your sync data... with your password.


Tuesday, August 4, 2015

Truecrypt Compromised?

An interesting article today on how the FBI cracked a hidden partition truecrypt volume that had a 30 character password.

http://www.theregister.co.uk/2015/08/04/truecrypt_decrypted_by_fbi/

So what happened and how is this possible? I personally don't think truecrypt has been broken or compromised. I think there are a few possible ways of how this hidden partition was cracked.

Option 1:
The feds more than likely had this guy under surveillance for months and since this could clearly be a national security issue they could have been authorized to compromise his pc using a zero day exploit like the ones recently exposed by the hacking team leak. Keyloggers more thank likely would have played a pivotal role in cracking the 30 character password so quickly.

Option 2:
He was using a password manager to manage all his passwords and had a weak master password and the feds managed to crack it.

Option 3:
To protect user data from compromise he obviously had to plug that hard disk into a system to remove the classified docs from the server that contained it. Users have no right to privacy on these types of systems. Maybe the FBI didn't crack anything at all. It is possible to have DLP software that quitely monitors all metadata transferred to removable mediums that offer no form of encryption to give the users the appearance that no file transfers are monitored when a simple query would be able to tell the feds exactly what was copied into the hidden partition.


Friday, July 31, 2015

I've upgraded to Windows 10...What are my full disk encryption options?

A good question that I've been seeing around twitter lately. What are my FDE options and how do I keep myself secure from getting my bitlocker keys uploaded to OneDrive?

There are a few issues to address here and no it does not involve paying Microsoft an extra $200. That would be a little silly. So lets start from the beginning because this is not new with Windows 10. It was actually introduced in Windows 8.1 with a very specific criteria that has to be met. 

Before Windows 8.1 automatically enables Device Encryption, the following must be true:
  • The Windows device “must support connected standby and meet the Windows Hardware Certification Kit (HCK) requirements for TPM and SecureBoot on ConnectedStandby systems.”  (Source) Older Windows PCs won’t support this feature, while new Windows 8.1 devices you pick up will have this feature enabled by default.
  • When Windows 8.1 installs cleanly and the computer is prepared, device encryption is “initialized” on the system drive and other internal drives. Windows uses a clear key at this point, which is removed later when the recovery key is successfully backed up.
  • The PC’s user must log in with a Microsoft account with administrator privileges or join the PC to a domain. If a Microsoft account is used, a recovery key will be backed up to Microsoft’s servers and encryption will be enabled. If a domain account is used, a recovery key will be backed up to Active Directory Domain Services and encryption will be enabled.

So if your pc does not meet these modern standards and you score and upgrade to Windows 10 home. No it won't self encrypt and you will be using a Windows 10 device that is unencrypted. If it does meet those standards then yes it will automatically encrypt and upload the recovery key to OneDrive assuming you logged into a Microsoft account. 

So lets get real for a second. If you are worried that now your secret "Golden Key" is out on OneDrive. You can easily enough remove it and regenerate a new recovery key. Also mind you the default for Bitlocker is AES128. I don't go less that AES256 on any of my systems. 

1. Go to this Microsoft FAQ and click on the question How can I get my Bitlocker recovery key. It will contain a direct link to take you to your recovery key. Once you are logged in. Just remove it. If you get a page saying no bitlocker key exists then you are good to go. 

2. Verify your computer is even encrypted. Open up a elevated command prompt and type in the following. 

manage-bde -status

This should pull back some info similar to this:

As you can see this drive is not encrypted. There is no bitlocker version and it is running Windows 10 home. I'll get to what I am going to do with my unencrypted laptop in a minute. 

If your drive is encrypted and you did have to do a removal of your key from OneDrive then do step 3. 

3. Regenerate your recovery key. No decryption necessary. 

Assume X: is the BitLocker protected drive you want to change recovery password for.
  1. Open an elevated cmd prompt
  2. Type manage-bde X: -protectors -get -type RecoveryPassword
  3. Locate the protector you want to cycle (probably the only one displayed) and copy its ID field (including the curly braces).
  4. Type manage-bde X: -protectors -delete -id [paste the ID you copied]
  5. Type manage-bde X: -protectors -add -rp [optionally specify the new 48-digit password or enter nothing to have it randomly generated for you]
Save your password somewhere safe. Encrypt the file with a password with a program such as 7zip. My favorite it to encrypt it with my own key. Then upload to OneDrive for backup purposes. 
Now lets talk about running Windows 10 home unencrypted. Microsoft is making the encryption market very narrow with the introduction of Secure Boot UEFI, GPT partitions and TPM chips. If you are running a GPT partition you will have a tough time finding a free FDE solution that supports GPT. Paid products typically do like Symantec PGP Encryption. I would suggest doing container based encryption using Veracrypt. Veracrypt developers seem to be fixing truecrypt audit items. I would stay clear of using truecrypt as it has not been updated in some time. 
Hopefully this will help those that seem to be confused about Windows 10 FDE. 


Friday, July 24, 2015

Suite B Cryptography

I was a little surprised today after downloading the Office 2013 admin GPO templates and moving them into my policy folder on a trash vm I used on occasion to look at some things.

One thing I noticed under the hood was enforcing the use of Suite B for S/MIME operations. Although this isn't unusual I just figured enforcing Suite B was more of a scripting reg hack than a actual Microsoft GPO option.


For those that are not familiar with Suite B Cryptography you can read all about it here.
https://www.nsa.gov/ia/programs/suiteb_cryptography/

A few things if you really want to go the Suite B route.

Suite B curves for Top Secret uses a Curve P-384 with a 256 bit key. So lets demonstrate using XCA. If you want XCA...Download it here >> http://sourceforge.net/projects/xca/

Lets create a Private Key first based on NIST P-384 Standards

Now We need to create a X509 cert that meets suite B top secret standards.

So go over to the certificate tab and do the following





Assign a password to your export. Now you should have a Suite B self signed certificate to do S/mime with.

For the record. I do not suggest you use P384 curves. Their origin's are doubtful. (Meaning I think they have a flaw where comms could be decrypted)

Enjoy the quick lesson on Suite B.





Tuesday, July 21, 2015

Car Hacking Jeeps

I saw this earlier.... Some Car hacking going on


My initial reaction is that this escalated completely in the wrong way. If you never drove in St. Louis then you need to. I can't understand why these researchers chose to do this on what I would consider a very busy public highway. 

Security research is supposed to be done in a safe and ethical manner. I am glad nobody was hurt but this is a really dangerous way to prove a point. For the driver and the other cars around the driver. I'm afraid this might make things worse researchers. Not better. Be safe out there folks and think before you demonstrate. 

Monday, July 20, 2015

Common Sense security is just out the door

Articles in no particular order for the week that really has me thinking that idiocracy is just occurring on multiple levels.

Washington Post Encryption Editorial Article on Encryption
https://www.washingtonpost.com/opinions/putting-the-digital-keys-to-unlock-data-out-of-reach-of-authorities/2015/07/18/d6aa7970-2beb-11e5-a250-42bd812efc09_story.html

DHS used personal email on work computer despite risks
http://www.politico.com/story/2015/07/report-jeh-johnson-used-personal-email-on-work-computer-120384.html

Microsoft releases out of band patch to address a Hacking Team RCE
https://technet.microsoft.com/library/security/MS15-078#ID0EKIAE

Adult site Ashley Madison Database breach compromise
http://www.theverge.com/2015/7/20/9006213/ashley-madisons-data-breach-is-everyones-problem

OPM changes privacy rules to let investigators inside all databases
http://www.nextgov.com/cybersecurity/2015/07/opm-changes-privacy-rules-let-investigators-inside-all-databases/118105/


Friday, July 17, 2015

THE CRYPTOGRAPHY OF ANONYMOUS ELECTRONIC CASH

At first glance.. I thought really old news... then after looking it really was old news.

So Laurie Law, Susan Sabett, Jerry Solinas.... I need to know where your crystal ball is located. Willing to pay it with bitcoin. 

https://groups.csail.mit.edu/mac/classes/6.805/articles/money/nsamint/nsamint.htm

Paper is circa 1996.... I believe I was 15 at the time. Crazy to read now. 

Monday, July 13, 2015

ProxyHam

Something a little odd happened today. A defcon talk has been pulled regarding an online anonymity device called ProxyHam. You can read about it here. 


Multiple theories are going around. My only thought is the FBI issued a gag order under CFA (Computer Fraud and Abuse act)...or it could be used for malicious means. Aside from anonymity I supposed you could use it to hop on a remote network and start sniffing traffic like crazy. 

@erratarob has offered to do the talk and device

I guess we will see what happens. 

Sunday, July 12, 2015

Chromebook Security

I actually bought a Chromebook this weekend. I like to do my research first before buying tech and below was a pretty good analysis from MIT to read on Google Chrome Book security. It was one of my decision factors before purchasing.









Monday, January 5, 2015

Some Port Blockage with UTM

Packet drops


NDMP is a symantec backup exec port. I am sure there are still plenty of companies running this vulnerable version with an impact rating of 10.

http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110526_00

Since I am noticing an uptick in scans. This may suggest a possible known exploitation by an adversary.

Friday, January 2, 2015

GNUPG needs financial help

I rarely visit the gnupg.org page but today I visited since I am very interested in ECC with their modern 2.1 version. I noticed immediately that they are asking for some donations. I understand that some open source projects rely on donation support so developers can get paid for their time and dedication to their products.

It is very important that GNUPG continues their development as this is one of the main free sources of PGP. The developer was originally going to quit development until the Snowden disclosures came along.

"Now, how viable is it to run a company for the development of free security software? Not very good I had to realize: the original plan of selling support contracts did not worked out too well due to the lack of resources for marketing. Larger development projects raised most of the revenues but they are not easy to acquire. In the last years we had problems to get new GnuPG related development contracts which turned the company into a one-person show by fall 2012. I actually planned to shut it down in 2013 and to take a straight coder job somewhere. However, as a side effect of Edward Snowden‘s brave actions, there was more public demand for privacy tools and thus I concluded that it is worth to keep on working on GnuPG. "

PGP is one of the few communication tools that Nation States are having trouble cracking. It's important that Journalists, whistleblowers, activists, and people that live in hostile regime countries have a way communicate securely.

So please consider donating here: https://www.gnupg.org/donate/index.html

Thanks.