Apologises for the break in regular postings, I was caught by surprise when I realised that it had been over a month since the last InfoSanity post. Unfortunately I haven’t won the lottery and been living in the lap of luxury, just real life and work getting in the way of extra curricula activities.
Normal service should now be resuming shortly.
– Andrew Waite
I want to say thank you to everyone who has supported this site and blog, but it is closing down as I am now rich thanks to the Central Bank of Nigeria. No, seriously, they sent me an email and everything….
Okay, maybe not, but it’s a while since I’ve seen a 419 (advance fee fraud) slip through to my inbox so thought I’d share. Originally I hand planned to critique different parts of the email, but I still can’t believe people fall for these so instead I’ll just share the ‘wealth’ for all.
This is to congratulate you for scaling through the hurdles of screening by the board of directors of this payment task force. Your payment file was approved and the instruction was given us to release your payment and activate your ATM card for use.
The first batch of your card which contains 1,000.000.00 MILLION U.S. DOLLARS has been activated and is the total fund loaded inside the card. Your fund which is in total 10,000.000.00 MILLION U.S. DOLLARS will come in batches of 1,000.000.00 MILLION U.S. DOLLARS and this is the first batch.
Your payment would be sent to you via UPS or FedEx, Because we have signed a contract with them which should expired by MARCH 30th 2010 Below are few list of tracking numbers you can track from UPS website(www.ups.com) to confirm people like you who have received their payment successfully.
JOHNNY ALMANTE ==============1Z2X59394198080570
CAROL R BUCZYNSKI ==============1Z2X59394197862530
KARIMA EMELIA TAYLOR ==============1Z2X59394198591527
LISA LAIRD ==============1Z2X59394196641913
POLLY SHAYKIN ==============1Z2X59394198817702Good news, We wish to let you know that everything concerning your ATM CARD payment despatch is ready in this office and we have a meeting with the house (Federal government of Nigeria) we informed them that your fund should not cost you any thing because is your money (Your Crad). Moreover, we have an agreement with them that you should pay only delivering of your card which is 82 U.S. DOLLARS by FedEx or UPS Delivering Company.
However, you have only three working days to send this 82 U.S. DOLLARS for the delivering of your card, if we don’t hear from you with the payment information; the Federal Government will cancel the card.
This is the paying information that you will use and send the fee through western union money transfer.
Name: IKE NWANFOR
Address: Lagos-Nigeria
Question: 82
Answer: yesI wait the payment information to enable us proceed for the delivering of your card.
Tunde.
Do I really need to suggest anyone ignore similar opportunities that they may reach their inbox?
Additionally if you want to find out more, or a good laugh at the expense of these ‘con-men’ take a trip over to the excellent 419Eater site, these guys (and gals) do great work.
–Andrew Waite
Yesterday I got curious:
My initial count was five, but released I missed some with the responses that I received. In a ‘general’ sorting of most common to least from my (admittedly small) sample set, the available contact methods are:
Which seems to be a lot, and from the responses I seem to be behind the curve in contactability. All this makes me wonder, in a world where outdated and not updated client applications are a growing intrusion vector do we really need all these ways for people and systems to communicate with us?
While you’re thinking, are they any of your communication tools that you could do without? If you stopped signing into MSN (for example) would you lose contact with anyone who couldn’t contact you via a different communication channel?
I’m not sure if there is a purpose to these thoughts or the very unscientific findings, but I’ve been thinking about this for a while so thought I’d share.
</ramblings>
– Andrew Waite
P.S. thanks to those who participated, you know who you are.
The first episode of EuroTrash Security has been released this week. The stated goal is to create an infomation security podcast focused on happenings within Europe. Which provides one of the best taglines for a podcast I’ve heard: Security with funny accents.
EuroTrashSec is made up of a four-man team; Wim, Chris, Dale and Craig. With intro and outro music provided by c64 and Int Eighty of DualCore Music. The first episode can be found at the episode listings page.
The first episode was good, in my mind hitting the target perfectly. Focusing on the UK’s attempt at a infosec ‘talent show‘, UK-based conferences and a review of the recent security bloggers meet-up, which was organised by Dale.
Keep up the good work guys, I’m looking forward to the next episode.
When I first heard about Jayson’s book, Dissecting the Hack: The F0rb1dd3n Network I was really looking forward to getting my hands on a copy. Without going through the backstory, getting a copy could now be difficult.
The community response to the situation has been outstanding, I don’t think any other industry would pull together to completely re-write some of a books material with original content. A new security community has been created to facilitate taking Dissecting the Hack forward, so head over to the forums and help out if you can. (And don’t forget to say ‘Hi’ if you do)
Props to Jayson for keeping positive and still being productive throughout.
Being the other side of the pond I wasn’t able to attend Black Hat, but I have been keeping a keen eye on the posted conference materials and talk recordings being released after the conference’ close. As I’ve recently been researching the latest buzz of Cloud Computing, naturally I was initially drawn to the talks with Cloud computing as a topic.
First up is Kostya Kortchinsky’s Cloudburst: Hacking 3D (and Breaking Out of VMware. This presentation details an exploit vector for breaking out of the guest environment and allowing arbitrary code execution on the underlying host. Kortchinsky clearly knows his stuff, but I’ll admit most of his talk goes well above my head. For reasons touched on below I think this is a virtualisation issue not a Cloud issue, which was likely added to title to cash in on the current buzz, but either way the bottom line is guest escape is rapidly moving from theoretical threat to practical attack vector and something that should be considered when designing any system, network or architecture.
Secondly, the Sensepost team do a great job of explaining security issues new or prevelant to Cloud architecture with Clobbering the Cloud! and include some great (read humorous) images to help illustrate they points. I especially like the idea of building and sharing trojaned/backdoored machine images and waiting for the unsuspecting to take advantage of your generousity 
The videos used within the actual presentation are available direct from the Sensepost site, here.
Taking away the award for longest talk title related to Cloud Computing is: Cloud Computing Models and Vulnerabilities: Raining on the Trendy New Parade. This talk discusses the three components of the cloud ‘stack’; Software as a Service (SaaS), Platform as a Service (PaaS) and Infrastructure as a Service (Iaas).
I love the definition used for cloud computing or more accurately the statement that Cloud Computing is NOT:
From my previous research into Cloud Computing I feel that a lot of the security concerns often raised are not new or unique to the Cloud, and that well established and basic best practice will defend against the issues. The speakers of this presentation seem to be of a similar mind, but suggest that the early big players in this market are not necessarily doing all in their power, the example is that something as basic as logging and audit trails aren’t fully available within the current on market solutions.
Likewise depending on Cloud providers contracts and EULA clients of cloud services may not be able to fully control the security testing of ‘their’ environment as some providers forbid ‘malicious’ traffic being targetted at their architecture and platforms, which could limit and/or remove the ability to perform fully comprehensive penetration testing, which depending on location, market and data may be a legal or regulatory requirement.
Whilst not related to the Black Hat conference I read an article from datacentreknowledge.com from RackSpace, claiming that the Cloud is going spell the end of shared hosting as we know it. In my view this can only be a PR fluff piece, as anyone that understands hosted services, even those selling Cloud services themselves, agree that regardless of how you rate the benefits of Cloud architecture it is not, and cannot be, a silver bullet to solve all the world’s IT problems, leaving a market for traditional architectures.
If the Cloud is here to stay, so is everything else. Regardless of an individual IT professional’s personal opinion of Cloud computing it must be fully understood and measured on technical merits alongside existing solutions to be able to provide best value and ROI, implementing any solution based on ‘religious’ arguements is not in the best interests of any business.
Going through my inbox, today seems to be a good day for sharing links. So I thought I pass some of these on, may be of use to others too.
IronGeek’s Security and Forensic podcasts:
Links to the latest episodes of the podcasts that are regularly listened to by IronGeek, in chronological order. Shouldn’t be too many surprises; PaulDotCom, Exotic Liability, etc. Could be a good way to keep upto date and/or check the content for anything interesting of those podcasts you don’t listen to religiously.
Tools for extracting files from pcaps:
SANS ISC diary has a list and discussion of tools for gathering different files and executables from a PCAP file. Often useful for incident response, forensic or malware analysis work. Looks like a nice compilation of tools to have handy for when the need arises.
40 Tools for your sysadmin bag:
Sunbelt provides a list of 40 tools useful for SysAdmin and security work. Some good tools listed, but as it’s compiled by Sunbelt some of the entries should be taken with a pinch of salt. For instance Sunbelt’s own sandbox is listed as being ‘similar to VirusTotal’, without the more ubiquitous VirusTotal itself making the list.
Sorry for the non-security related rant. I recently recieved my renewal reminder for the BCS, I’ve been increasingly disappointed with the ‘advantages’ of being a member. Whilst I don’t like not being a member of a professional body for my craft, I simply cannot justify the cost any longer. I don’t like being negative but my response to a question on the exit survey says it all:
What, if anything, do you feel BCS could be doing to better serve it’s members?
Primarily: Better regional events. Most (all?) events are located in London, making events infeasible for members in other regions of the country. When I joined as a member there were several good events, covering a wide range of topics, held by my local groups. My local branch (Newcastle) has not ran a decent event in excess of 12months and currently do not have ANY events organised for the future (using newcastle.bcs.org as a source and point of contact).
Alternative groups in the area (SuperMondays, CloudCamp NE, among others) are free of charge and provide significantly better events, networking opportunites and information than BCS alternatives. Taking the geographical location out of the equation, the quality of discussion on the BCS’s online forums is limited, infrequent and in most cases superfical. It seems most members do not view the forums as a good source for information or discussion.
The last event I attended was finished off with a presentation and Q&A session by Rachael Burnett, at the time president of the BCS. For the head of the organisation Rachael appeared out of touch with the real-world industry, this is a situation that I’ve seen mirrored in the organisation as a whole in my experience.
When starting my career, the information provided by the newsletters, email announcements, etc. from the BCS were valuable. Lately however, the articles have been dated, with me already recieving the information from another source in some cases weeks before the BCS version. As a result the BCS emails now recieve little more than a cursory glance before being deleted.
I’m aware that there is work in progress to provide a local branch of the YPG in my region. Whilst I sincerely hope this is successful I do not have high hopes for it’s success and after several years paying membership with seeing any real benefit this move is too little too late for me.
There is a hugely active and skilled computing profession in the North East of England, but the BCS seems to completely ignore the region and fails (from my experience) to provide any benefit to the region or the region’s members; either that or the BCS is equally out of touch and poorly serving the UK’s IT community as a whole.
For those of us that are unable to attend BlackHat in person, the talk resources are now available online. Currently the video/recordings of the talks themselves aren’t uploaded but there are slideshows, whitepapers etc. available for each talk.
It’s a long list of good looking information, to the point I’m still struggling to decide what to look through first, and unlike looking through the line-ups of previus years there is very little that doesn’t spark my interest.
Get you fill of BlackHat material here
Something I’ve been meaning to do for a while is document and keep a list of all the RSS feeds I’ve collected over the years, mainly because I can’t remember them all. Initially I had a mild panic as I couldn’t find any of the URLs from the feeds I’ve got configured through Outlook 2007, the usual guestimate of right-click>properties failed me. For those needing to do the same ‘File > Import and Export’ is your friend. Select the ‘Export RSS Feeds to an OPML file’ and the rest should be self explanatory to get all of your RSS info in XML form.
With panic over I’ve transferred all relevant links to the RSS page over at Infosanity. Hopefully you might find a few unknown gems amongst the list. If you’ve got some good feeds I’m missing please let me know and I’ll update accordingly.
