Tuesday, February 24, 2015

These are a few of my favorite blogs

In no particular order, a list of security bloggers and information sources I find useful:

  • [web] [rss] Krebs on Security (Brian Krebs)
  • [web] [rss] Graham Cluley
  • [web] [rss] Hot for Security
  • [web] [rss] lcamtuf (Michal Zalewski)
  • [web] [rss] Troy Hunt
  • [web] [rss] Full Disclosure (mostly vulnerability disclosures)
  • [web] [rss] F-Secure Labs
  • [web] [rss] SANS Internet Storm Center
  • [web] [rss] SANS Curated News
  • [web] [rss] SANS Industrial Control Systems Blog
  • [web] [rss] SANS Digital Forensics and Incident Response Blog
  • [web] [rss] Exploit DB
  • [web] [rss] Microsoft Security Response Center
  • [web] [rss] Dave Shackleford
  • [web] [rss] Google Project Zero issue tracker
  • [web] [rss] Google Project Zero blog
  • [web] [rss] Google Online Security Blog
  • [web] [rss] Carnal0wnage (Chris Gates)
  • [web] [rss] OpenDNS Labs
  • [web] [rss] Dark Reading
  • [web] [rss] Help Net Security
  • [web] [rss] Verizon Security Blog
  • [web] [rss] Errata Rob (Robert Graham)
  • [web] [rss] Wh1t3 Rabbit (Rafal Los)
  • [web] [rss] Schneier on Security (Bruce Schneier)
  • [web] [rss] Social-Engineer
  • [web] [rss] Common Exploits (Daniel Compton) 
  • [web] [rss] McAfee Labs
  • [web] [rss] CSO Online Dashboard / Security News
  • [web] [rss] Uncommon Sense Security (Jack Daniel)



Along with some useful finds:
  • CapTipper: Malicious HTTP traffic explorer tool. Point it at a PCAP or live traffic and easily pull out hosts, conversations, downloaded files, etc.
  • Bit.ly to track malware outbreaks: A short piece using bit.ly's click analysis to view geographic distribution and infection rates.
  • Pemcrack: ErrataRob's tool to crack SSL PEM files that hold encrypted private keys (first authored to crack the Superfish cert)
  • Recommended forensic reading: a list of books
  • APTNotes: Github repository of whitepapers, docs and articles related to APT campaigns
  • Telerik Fiddler: web debugging proxy

Please reply in the comments below if you have a favorite that I overlooked!

Thursday, February 19, 2015

Lenovo PCs preloaded with "Superfish" malware that breaks security

Technology and security are rife with shades of grey. Even in this field though, some lines are so indistinguishable from black that they should never be crossed. Laptop maker Lenovo crossed one of these lines with recent models, by pre-installing Superfish adware that breaks otherwise secure HTTPS website connections.
Technology and security are rife with shades of grey. Even in this field though, some lines are so indistinguishable from black that they should never be crossed. Laptop maker Lenovo crossed one of these lines with recent models, by pre-installing adware that breaks otherwise secure HTTPS website connections. 

Recent Lenovo laptops include what can only be described as malware, malware that intercepts all web traffic whether secured or not. The "VisualDiscovery" adware from a company called Superfish reads all web traffic and injects advertisements into web pages. In doing so it completely breaks HTTPS security.

Thursday, February 12, 2015

Shades of Grey

It may seem as though there is an easy distinction between the legitimate and the malicious. The reality is, the world of online security is not always black and white. More often, it is filled with shades of grey.
 I frequently write about malware, spam, credit card fraud, and various computer crimes. In my and others' writing it may seem as though there is an easy distinction between the legitimate and the malicious. The reality is, the world of online security is not always black and white. More often, it is filled with shades of grey. 

Thursday, February 5, 2015

Data stolen from Anthem could be an identity thief's dream

Wednesday night, insurance provider Anthem Inc. revealed that they had been the target of a cyber attack in which considerable personal identity information was taken. Ordinarily my response to the major breach notices in the news is "meh." When credit card information is stolen, it's easy enough to get a card replaced and watch for fraudulent charges. The media tends to over-hype such breaches because they affect a large number of people and make for good headlines, but in the end, the real effect on people like you and me is little more than the inconvenience of replacing a card and perhaps disputing a few easily-noticed fraudulent charges.

This is different.

Sunday, February 1, 2015

Don't get flashed by Flash

Flash Player is a common browser plug-in for rich content, but is also a common method of "drive-by" infection. Here are some security tips.
Adobe Flash Player is a common browser enhancement that enables so-called "rich web content" - animations, video, in-browser games, interactive advertisements, and more. It's also a top target for malicious hacks - a bogus Flash program that automatically launches when you open a web page can take over your computer. Over the last few weeks, there have been a series of malware outbreaks exploiting vulnerabilities in Flash to infect unsuspecting people's computers. 

With Flash installed, all it takes is browsing to a compromised website to become infected yourself. There's no way of knowing in advance if a site is compromised: in fact, a common infection method lately is to insert a malicious Flash file into an advertising network, which may be used by hundreds if not thousands of otherwise benign websites. Visit a normally-safe site whose ad network has been compromised, and your PC can become infected as soon as the page loads.

Tuesday, January 27, 2015

Secure your device (the uncomplicated way)

There are lots of things you might do to protect your computers and Internet-connected devices, but basic, sane security doesn't have to be be a brain twister.
There are lots of things you might do to protect your computers and Internet-connected devices, but basic, sane security doesn't have to be be a brain twister. Below are a handful of simple steps anyone can take, whether you use a PC or a Mac, an Android or an iPhone, or any other form of computing device.

Tuesday, January 20, 2015

(CVE-2015-1314) USAA mobile app gives away your account numbers and balances

If you use the USAA Mobile Banking app for Android, take a moment to ensure it automatically updated to version 7.10.1, released January 19.
If you use the USAA Mobile Banking app for Android, take a moment to ensure it automatically updated to version 7.10.1, released January 19.

USAA typically shines when it comes to security. A considerable proportion of their membership are active duty military and their families - a clientele that certain malicious actors might find great value in distracting from their sworn duties. Financial fraud can be a very effective distraction, and USAA is well aware of this. Generally they do a great job in both providing members with advanced security features as well as education.


Even the best make mistakes though. In using the app recently, I noticed something unusual: at times I would launch the app and briefly see private information before I was prompted to log in.

Whois David?

My Photo

I have spent the better part of two decades in information technology and security, with roots in appdev support, system administration, and network security. My specialty is cyber threat intelligence - software vulnerabilities and patching, malware, social networking risks, etc. When not at work, I spend my time raising five rambunctious kids - twins age 15, a 13-year-old, and twins age 11. Amongst that, I am the Commander for a Wednesday night Awana club at my church, teaching some 60+ preschool through 6th grade kids. Follow @DSTX_Awana or Like FBC Dripping Springs Kids to see what is going on in our club.