Tuesday, September 16, 2014

The naked truth about scandalous celebrity photos

We all have secrets. They may be intimate photos. They may be financial documents. Perhaps they are records indicating a medical condition. For some they are invention prototypes, or business plans. For others they might be battle plans or defense strategies. Some secrets are scandalous, but most are simply things we would like to keep private. In my line of work, occasionally I discover security flaws that could be damaging if details leaked before the affected party has a chance to fix things. The nature of secrets varies as widely as the nature of those that hold these secrets. My point though is that we all (with the possible exception of Jim Carrey’s Fletcher Reede character) have things we would prefer not be seen by others.

Tuesday, September 9, 2014

How to build a $10 passive network tap

When one's profession involves network security, sometimes it helps to capture network communication to analyze. Often the simplest way to do this is to install packet capture software such as tcpdump or Wireshark on the system in question. This has the advantage of being easy (tcpdump may even already be installed - it is common on Linux systems), and by running on the target system there can be less unrelated traffic to wade through.

The downside, of course, is sometimes I don't have access to the target system ... or do have access but do not wish for the user of the system to know it is being investigated. If it is malware I am investigating, the malware might tamper with software running on the same system. In any of these cases, it is to my benefit to capture the network traffic from somewhere other than the target system.

Tuesday, September 2, 2014

Change the phone book: what is this "DNS" thing?

If you are reading this, chances are you made use of a Domain Name System, or DNS. Don't panic! After a brief lesson on a fundamental piece of modern networks, I will explain a very simple step you can take that dramatically reduces the risk of encountering malicious software or scam / phishing traps.

Putting aside for a moment the possibility that you are reading a printout, you are more than likely using a web browser. Perhaps you clicked a link in search results, or on another web site, or in an email from a friend. Maybe this blog is syndicated to your RSS feed. Or maybe you typed the URL in directly or used a bookmark. Regardless of the source, your browser did not just yell out on the Internet, "show me David Longenecker's blog." Instead, it referred to a DNS, a phone book of sorts, to translate the human-readable web site name or URL into an address it could travel to.

Wednesday, August 27, 2014

Phishing for Men (and Women)

Those that know me well know there are three things I put most of my energy into: my faith, my family, and security. When something comes along that involves two of those interests, so much the better.

For the last year and a half, I have been involved in an organization known as HackFormers. HackFormers was founded by several Austinites who shared two passions: a passion for hacking (in the sense of finding, fixing, and defending against security flaws), and a passion for Jesus Christ. Its vision is to teach security principles, and then to show faith principles that go hand-in-hand with security. I gave a presentation at the August chapter meeting. It is in that context that I write today.

Tuesday, August 26, 2014

11 cyber security tips for back to school

The end of summer is here. That means the end of swimming, watermelon, ice cream ... wait a minute, this is Texas. We still have 8 more weeks of warm weather! What is does mean though is the end of summer vacation and a return to the school-year routine for millions of students. Some students that 3 months ago were graduating seniors are now adjusting to life on their own as either newly-inducted members of the adult workforce or as beginning college or vocational school students. For others this may be their first taste of primary education. They share one thing in common though: they are growing up (or have grown up) in a world where connectedness is a given.

Saturday, July 26, 2014

Securing a home network with the RT-AC87 wireless router

Let's say you want a wireless network in your home or small office. Maybe it's a new home, or maybe you're upgrading to something faster / more reliable / with better range. So you run down to the nearest big box retailer or online electronics shop, purchase something that looks good, unbox it, plug it in, and you are good to go, right?

Not quite. As nice as it would be if setting up a secure wireless network were just a matter of unboxing and plugging in a new router, it takes a few more steps to properly set things up. The good news is basic home network security is not terribly complicated - and the better news is newer wireless routers make it easier than ever to set things up safely. In this post I use the new ASUS RT-AC87U (aka RT-AC87R) to demonstrate basic secure installation.

TL;DR: see the brief checklist at the end for simple steps to secure a home wireless network.

Sunday, July 20, 2014

ASUS RT-AC87U / RT-AC87R first look

I've spent some time digging around the software on a few ASUS wireless router models this year, after finding a flaw that prevented the routers from recognizing new firmware was available in February. Along the way I found a modest bug in which the routers revealed the administrator password in clear text anytime the administrator was logged in (which was essentially always, since the routers did not automatically log you out). This week I had the privilege of exploring a pre-release unit of the brand new RT-AC87U, which uses multiple bands and multiple antennae to achieve what ASUS dubs “AC2400.” I'll write more in a few days, but here are my first impressions.

Whois David?

My Photo

I have spent the better part of two decades in information technology and security, with roots in appdev support, system administration, and network security. My specialty is cyber threat intelligence - software vulnerabilities and patching, malware, social networking risks, etc. When not at work, I spend my time raising five rambunctious kids - twins age 14, a 12-year-old, and twins age 10. Amongst that, I am the Commander for a Wednesday night Awana club at my church, teaching some 60+ preschool through 6th grade kids. Follow @DSTX_Awana or Like FBC Dripping Springs Kids to see what is going on in our club.