Posted On Saturday, October 1st, 2011 By David Veatch
In an attempt to be a little more friendly in terms of bandwidth to the strapped folk over at Malware Domains, I’ve retooled the script I wrote about in the post To Be Protecting Against the Malware. I’ve added some lines to take advantage of remote zipped files (.zip), which will help them by reducing the number of bits we’re pulling from them. I’ve added some lines to copy the downloaded malware zones file to other servers behind my firewall, which will help them by not making individual connections from each server to pull the files. I just set up a cron job on each internal “slave” server to bounce named every morning timed for after this process is complete. Here’s the updated code. It is, as is my wont, rather verbose. It is considerably more verbose than other examples out there that take care of this same problem, but as I said, such is my wont. The URLS array is filled with fake hosts right now b/c the zipped format is still in testing. When the folk at malwaredomains.com think it’s ready for public consumption, I’ll put the real hosts back in. Also, it’s relatively untested, and I expect more »
Posted On Thursday, May 5th, 2011 By David Veatch
Wherein I ask DiscoverCard why, of all times now, I can’t use more than 11 characters in my password to access my discovercard account.
Posted On Tuesday, May 3rd, 2011 By David Veatch
Last night, my wife called me into the office with an alarming “It says it’s infected with malware!” Needless to say (and yet I’m going to say it anyway) I hurried into the room to see what the hullabaloo was all about. Sure enough, there was a window exclaiming the existence of not one or two, but quite a few malware infections. It fooled her, and damn if that stupid pop-up didn’t nearly fool me too! Truth be told, it did, if only for a second. Those malware serving fake malware pop-up warnings are clever. It got me to thinking. Then Osama bin Laden was shot in the head, and malware peddlers started leveraging our insatiable appetite for news about it (the sick bastards). That got me thinking more. It reminded me of the malware peddlers that took advantage of the quake in Japan recently. Now those are some seriously sick bastards. Those events all in quick succession and all that thinking led me to this. A little ditty that downloads the bind formatted zone file from MalwareDomains.com, moves it to where Named can see it, and reloads Named zone files if the download is complete. I’d verify the file more »
Posted On Tuesday, November 3rd, 2009 By David Veatch
Interesting… Security rule #1 regarding passwords is to not write them down. But we all have too many passwords to possibly remember. Here is a way to safely write down passwords. All that’s needed is a way to make the password you write down NOT be your real password, but be the input to a simple algorithm or mapping you can do in your head. For example, your personal algorithm could be “remove all vowels and tack on the last 4 digits of my parent’s phone number”. When you sign up for a new account on some web site, you would create a password like “Rnbws8004″ but what you write down is “Rainbows”. Or your algorithm could be, “interleave the digits 4 2 0 3 between the consonants, eliminate the vowels, and put x’s on the front and back”, in which case you would set up the real password to be “xR4ain2b0ow3sx”, but (as before) you would write down Rainbows. You can’t memorize 100 passwords, but you can remember one algorithm. If you never write down the algorithm, it is safe to write down the “seed” for the algorithm as if it is the password. The key to doing this more »
Posted On Tuesday, October 6th, 2009 By David Veatch
Microsoft has confirmed that thousands of Windows Live accounts have been compromised with their passwords posted online. Mainstream media such as the BBC are also carrying the story. Some information is posted here. Some password tips for your safety goodness: Change your passwords on a regular basis (every few months at the latest, every couple of months is better) Whenever possible, use long complex passphrases rather than passwords. They’re easy to type, easy to remember, and difficult to crack. If ever you notice anything suspicious with your accounts, change all your passwords immediately… especially those guarding sensitive information such as financial sites, online e’mail, online storage, etc. Learn how to combat identity theft. Use a firewall. Use two firewalls, a software firewall, and a hardware port-forwarding firewall if possible. Never click links in emails. Ever. Try not to use the same password at multiple sites. If you must, then at least use passphrases. Not that you ever must. Never share your password with anyone. Ever. Always ensure that anytime you sign in to a website where sensitive information is stored, that you’re signing into the correct and legitimate website, and that the connection is secure. If you don’t see a more »
Posted On Wednesday, March 11th, 2009 By David Veatch
Last night, I checked the mail and had three Netflix movies waiting for me! Excellent! Except for one small thing… I don’t have a Netflix account. Huh. Immediately suspicious, I decided to dig in and see what I could find out. My first step, having opened the movies to see what they were (nothing worth watching, and no… no pr0n), I sat down at the laptop and brought up netflix.com. I’m not a member… well… I’m not a knowing member, so I had no idea what my username would be, much less my password. Normally, you can have instructions sent to the e’mail address on file, but I was confident that in my case, my own e’mail address wouldn’t be on file. However, they have a method of logging in if you don’t remember, or have access to the e’mail address you signed up with. It asks for the first name, last name and card number used to sign up with. Using my real first and last name, I started going through my credit cards to see which one had fallen into the wrong hands. I didn’t have far to go… I got a hit on the first try. I more »
Posted On Friday, November 21st, 2008 By David Veatch
Today is my last day here in TX. I fly out tonight, and will spend the evening with a friend and a bottle of wine to relax and decompress after a busy and stressful, though not at all unpleasant trip to the Lone Star State. I can, without reservation, say that the people here are some of the friendliest I’ve ever had the pleasure of meeting. In spite of the fact that my job (information security) tends to put people on edge, especially when I’m performing audits of processes and personnel, they were, to the last, cooperative, eager to please, and open to any and all suggestions. They even agreed to install a jacuzzi behind the main branch for my next visit next year. Isn’t that something? Tomorrow looks to be another relatively busy day. I finally get to pick up the Dew Drop at Midwest Cyclery! I cannot wait! It’s going to be so nice to have a completely working bicycle to ride again. The poor Torelli needs a couple of new parts to be 100%, and so I’ve opted to let her rest for the time being. The Fire Mountain is… well, it’s a frame on a nail. more »
Posted On Wednesday, June 11th, 2008 By David Veatch
I knew, once I started reading that I’d be tagged. So… it makes sense that the closest book is the one I’m currently reading. No, it’s not Lord of the Rings. That’s at home, though having one of my half a dozen or so copies here at work isn’t a bad idea… From Beyond Fear by Bruce Schneier… A French army officer asked him what he had learned from Napoleon. His reply was that he faced two problems during the war. One was the rifled musket behind earthworks, and the other was moving huge amounts of men and materiel [sic] by rail, and that Napoleon had nothing to say on either of them. Bruce Schneier is, in my opinion, one of the most reasonable and grounded security minds today. Grounded by uncommon sense, he rarely fails to enlighten. The above passage Ulysses S. Grant’s reply to the French army officer during a visit to France following the US Civil War. It helps illustrate Schneier’s point that dynamic security systems, those which can adapt mid-attack, are more effective than static security systems, those that respond in a specific way every time. Security card readers are static. They deny you or allow more »
Posted On Sunday, April 20th, 2008 By David Veatch
One year ago today, I was fired from a job as the Information Security Analyst at a local third party health plan administrator. This is my story… I was working at a bank that had recently gone through a merger. In that merger, many of my friends and co-workers lost their jobs. It was a trying situation, but all of them eventually landed on their feet. One of them found work at a third party health plan administrator, and was in dire need of help. He set about recruiting me, and for many reasons, I took the bait. When I arrived, I quickly realized how desperately in need of help he was. The situation was dire. The network was a mess. The hosts on the network were in horrific shape. End of life operating systems were still in production, some hidden away in closets. Win 95 (yes… 95) was hanging about. Likewise NT 4.0, of which some were original installs that had never been patched, even when those patches were readily available. Anti-virus installations were spotty at best, and of those installed, many were without up-to-date signatures. The firewalls had any-any-allow rules both for both ingress and egress traffic. The more »
Posted On Tuesday, April 8th, 2008 By David Veatch
Bruce Schneier. I’m a fan. He’s written (what I think is) a very insightful essay about the feeling vs the reality of security. There is considerable value in separating out the two concepts: in explaining how the two are different, and understanding when we’re referring to one and when the other. There is value as well in recognizing when the two converge, understanding why they diverge, and knowing how they can be made to converge again.