In the past, I had a iPad Mini through work. It was on Verizon, and I could tether to it to get and IPv6 address when I wanted to test. I can’t really justify the monthly data plan cost, and the upfront hardware cost to get that on my own. So I finally set out to set up tunnelbroker from Hurricane Electric to proxy IPv6 traffic over IPv4. This task was made easier by having a newer router/accesspoint from ASUS, the RT-AC68P.
I found a number of setup examples on the internet, the best for me was a thread on the Hurricane Electric forum.
The one issue I had following these instructions is adding tunnelbroker to dnsomatic.
The hostname should be the fqdn assigned by hurricane electric and they now use an update password (on the advanced tab) rather than the password to log into tunnelbroker.
Other than that, piece of cake.
The ASUS RT-AC68P contains an IPv6 firewall for unsolicited inbound traffic so make sure that is enabled.
Last week, I needed to ask my mortgage company a question. They responded with a Cisco Secure Mail message. This meant I had to create a Cisco account. Set up password reset questions. And eventually I was able to see the message ”
Thank you for your request. We are reviewing your information and will respond as quickly as possible. If we have any questions, we will contact you.
That was a lot of security for a message that essentially says “your call is very important to us, please stay on the line and your call will be answered in the order it was received”.
Additionally, they sent a letter to my home with the same information.
Today, I received an email with subject Regarding Loan Number 325,632,897 (not the actual numbers). There was nothing in the body of the message. I did not recognize the sender domain. There was a PDF attachment.
Other than Gmail allowing it to my inbox, there was every indication this was spam.
I checked out the headers and saw it passed SPF and had a dkim signature. Turns out the domain is for a company that does technology for mortgage companies. The file passed virustotal. It turned out it was a reply from the mortgage company.
Kind of funny that when saying nothing at all, they make me jump through the hoops of Cisco secure mail. But when sending an actual response it looks like phishing.
James Lyne of Sophos has a good awareness video on mobile wifi security for normal people.
With infosec unemployment approaching 0%, particularly in the DC are where I live, companies need to be competitive in their recruitment. Jeff Snyder of SecurityRecruiter.com posts an interesting article on this.
I changed jobs in 2014 and a lot of this rings true to me.
Obviously improvements in salary, telecommuting, vacation, good retirement matching and good retirement program would be a nice start. But this is about the hiring process not fantasy. 😉
There are reasons why so many jobs go to people with connections. It’s not necessarily because networking is so awesome.
Is the job posting interesting? When you are networking, your contact can tell you what’s great about the job. If you’re coming in cold, what about that posting sets it apart? While I’ve seen examples that go too far in the other direction, generally going too far isn’t the problem. Most are boiler plate for 50% of the content.
Is recruiting treating the resumes like an auditor running down a checklist? Most job seekers believe this is the case. They add in buzzwords to the résumé thinking they will score higher on relevance. If the HR recruiter is looking for 3 years of X and 2 years of Y, they may miss out on a great candidate. The best resume may never make it past the gatekeeper to the hiring manager. Another point for networking. It gets the résumé into the hiring manager’s hands.
According to Jeff, companies are still taking too long in making decisions. With the short bench, talent has lots of choices. If you’re planning to hire the people you attract to a job req, you should be ready to move.
Check out Jeff’s article for more on this topic.
A post on Friday, at torrentfreak.com reveals a security flaw in WebRTC enabled browsers that leaks the actual IP addresses of VPN users.
I primarily use VPNs to protect my data when on a untrusted network (such as at a hotel, coffee house or other hot spot. It also comes in handy to check access from other parts of the world, by VPNing to a foreign point of presence.
VPNs are also used for anonymity. Websites are able to make a STUN request, and the browser’s supporting this request will reveal what was thought to be protected IP addresses of the client.
You can check if you are affected at a test website set up by Daniel Roesler. https://diafygi.github.io/webrtc-ips/
In my case when using Chrome, the website shows 2 internal IP addresses (wired and wireless), my VPN client IP address, my external (ISP) IP address, and the IP address my request is coming from.
Internet Explorer does not support WebRTC and does not leak this information.
Per torrentfreak, fixes in Firefox include running NoScript. In Chrome ScriptSafe or WebRTC Block.
This morning I was looking at my work email in Good, and saw I had a ‘package undeliverable’ email. Since I dont use my work email address with any deliveries I figured this was phishing. Because the address is less than a year old, I sighed that my address was already known to spammers and scammers. When I got to my desk, I took a look at the mail headers just to verify it had slipped past MessageLabs (Symantec.cloud), so I could submit it as a false negative.
The mail headers revealed a ‘phishme’ mail server. This indicates it is a phishing drill rather than an actual phish. I almost want to click on the link in the message to see what the education message looks like. Better not so I dont end up on any ‘bad’ list. I’ve been on the other end of that, looking at the list of people who took the bait and shaking my head.
Its kind of funny when I read The Drudge Report links related to Information Security. Today, he links to a VultureBeat article on KeySweeper.
Keysweeper is a project, standing on the shoulders of other work, to create what appears to be a USB wall charger, but is actually logging keystrokes from nearby Microsoft wireless keyboards.
Sniffing wireless keyboards has been around for a long time. I wrote about it in part of a blog entry in 2008. Taking a quick glance, at the articles, it sounds like Microsoft is still using XOR to provide confidentiality in wireless keyboards. Makes me happy I’m using Logitech’s wireless keyboard. Logitech says they provide 128-bit AES encryption. The product info at Amazon for Microsoft’s keyboard merely states it has “secured wireless transmission”. Or apparently not.
On Monday, Kaspersky posted about malware it has dubbed DarkHotel which targets corporate executives traveling abroad.
It is a good awareness piece. Any time you are on someone else’s network, you are engaging in risky behavior.
With DarkHotel, users are prompted to install ‘updates’ to their software. This is familiar, as similar fake updates are presented to spur users to install malware when visiting compromised websites or sites with malicious advertising. Software updates should be performed on a trusted network whenever possible. Updates should always be gotten from a trusted location.
This can be more difficult than it seems. Lets say you see a prompt to update Flash. Too wise to fall for this, you close your browser, reopen it, and browse to adobe.com to download the latest flash update. If adobe doesn’t use SSL, and a malicious attacker controls your network, you could be redirected to install malware instead even using this ‘safer’ method.
When you’re on the road, its not the best time to perform updates to your system anyway. If something goes wrong you may not have access to resources to fix issues with even a legitimate update.
What if you’re on the road all the time?
This is where VPN software comes in handy.
I’ve blogged about my use of Witopia as a personal vpn provider.
If I was traveling for work, I could use my work VPN, however if your company doesn’t tunnel ALL traffic, you are still vulnerable.
Advanced users may choose to install a router at home which contains VPN server software to be able to VPN home. Some newer routers support this functionality.
Staying safe on the internet requires vigilence.
DigitalGuardian has named this blog as one of the Top 50 Infosec Blogs you should be reading.
DigitalGuardian by Verdasys offers an interesting solution in the DLP area as well as advanced threat protection. Definitely worth checking out.