Its been fun, and I hope that I’ve helped or informed in some small way these many years. But its become clear that work policies and vender sensitivities dont allow for the type of blogging that I’d like to do. Stay safe out there.
Recently a problem came up with some required training hosted on our Learning Mangement System. Users would receive a warning “Only Secure Content is Displayed”. While users could click ‘show content’ they received an error message ‘unable to connect to LMS’. They could watch the training video still, but were not shown as completing the assignment in the LMS.
Mixed content refers to websites that contain some elements in HTTPS and other elements in HTTP. An attacker could replace elements presented in HTTP, compromising the security of your computer and your access to the “secure” website. Microsoft has an extensive writeup on IE9 and mixed content here.You would expect that upone clicking ‘show all content’ that the LMS presentation would work correctly. But in this case the reload of the page to add the insecure content appears to have broken some sort of connection, probably authentication.
To troubleshoot this issue, I installed Fiddler, and enabled SSL description. I then recorded traffic while reproducing the issue. I was able to quickly determine that the HTTP content was a call to Google Fonts. I then searched the Fiddler logs to determine which file included code with this call. The change was tested and implemented with no further issues. Microsoft summarizes the steps in this article. To that I would add you need to enable SSL decryption in Fiddler, and may need to install a plugin to decompress content.
see update at bottom of story
They searched for backpacks and later searched for pressure cookers. Obviously, this could only be the work of a terrorist cell.
The question that comes to mind first is how did the government know? Google searches are generally SSL encrypted. This would have to be access at the Google servers.
The next thing that comes to mind is who will make the first parody add for a Google Search competitor. “Use Google, and get a visit from big brother.”
After September 11th, people demanded to know why the intelligence community didn’t put the pieces together. But this isn’t putting pieces together. This is sifting everyone’s lives looking for evidence. It reminds me of pre-Internet when the police might try to get access to library records because Lord knows reading Catcher in the Rye means you’re about to commit murder.
The Atlantic Wire uses a stock photo showing a swat team with a shield at the door of a house. This is irresponsible journalism. The write-up from the wife describes six men in casual clothing
The Suffolk County PD has reportedly issued a press release. This release is not currently on their website. But a copy is posted at outsidethebeltway.com
Suffolk County Criminal Intelligence Detectives received a tip from a Bay Shore based computer company regarding suspicious computer searches conducted by a recently released employee. The former employee’s computer searches took place on this employee’s workplace computer. On that computer, the employee searched the terms “pressure cooker bombs” and “backpacks.”
So, that answers how the police became involved. It wasn’t NSA intercepts. The big brother here was the company IT guy.
On this date in 2004, I started this blog.
In some ways it was about playing with the technology, first MovableType and later WordPress. In other ways its been a place to dump my brain with linked I wanted to remember. It became a place to talk about my experiences. Other people’s blogs and community posts have helped me out. If I can save someone else a few minutes, why not give back in that small way.
I don’t know what the future will hold. Whether you’re a regular reader so someone who drifted in on a bing/google search, thanks for the read.
Its been rather quiet on the blog for a while because of an unfortunate incident that occurred back in March.
I never really believed I was anonymous. After all, the domain was originally registered publically rather than via a proxy, so it’s a simple matter to get my name and address. Nevertheless it is a bit disconcerting when a big yellow vender goes to the trouble of contacting your workplace lawyers over something you write. They felt that their product roadmap works best as a surprise to customers. So, lesson learned. Next time you’re told its ok to blog something, get it in writing if it’s not already on the internet. What they don’t realize is that I could write the same article without the information they provided and they look much worse.
The greater can of worms that was opened is the company social media policy, quietly enacted last November, which forbids me from talking about the work vendors do for us. So we may just have cat pictures until I feel more comfortable giving my direct, unfiltered, caustic opinion.
ComputerWorld’s Best Careers for the Introverted IT Pro article caught my eye. Information Security Analyst is one of the suggested jobs. Laurence Shatkin, author of 50 Best Jobs for Your Personality says, “This career is so focused on data and, to a lesser extent, on hardware that it offers many opportunities for solitary work.”
This is so opposite the mantra that I hear from people regarding infosec work, I thought it worth comment.
According to the Bureau of Labor Statistics, Information Security Analysts:
Plan, implement, upgrade, or monitor security measures for the protection of computer networks and information. May ensure appropriate security controls are in place that will safeguard digital files and vital electronic infrastructure. May respond to computer security breaches and viruses
Ok, nothing about chatting people up there.
But the Infosec Institute takes it further:
They are responsible for implementing any training required including instructing staff on proper security measures both in the office and online. The security analyst must work with business administrators as well as IT professionals in communicating flaws in security systems. They recommend changes that will improve every aspect of company security. The security analyst is also responsible for creating documentation to help the company in case there are any breaches.
It isn’t enough that the Infosec Analyst needs to have knowledge of every aspect of Information Security within a company. They are train people, notify of vulnerabilities, work with business units, and influence executives.
It simply isn’t possible to be all things to all people. Often the people that are great at influencing, dont have the same drive to staying current on the technology. But to say that Infosec Analyst is a great job for an introvert because you just deal with computers and data is dated. People are the layer 8 problem in security. You ignore that to the detriment of your information security program.
On the whole, I think that ComputerWorld has succeeded with link bait, but failed to make great article.
The SANS blog post today about an AVG false positive in Windows XP reminded me that we’re just over a year away from XPiration. (Think that will be a hashtag next year?). So I’m getting an early start on the tech media flood of articles on the impending end of support for Windows XP. On April 8th, 2014 you will no longer be able to get security updates from Microsoft. On my network there are only a handful of XP machines left thanks to a successful Windows 7 migration. Those machines should have forced retirement through lease expiration by that date.
I’m in a small to midsized environment, and I have the tools necessary to do my job. Among the machines I control we have software inventory through SCCM. Forescout provides OS identification for managed and unmanaged systems. Because of this, I shouldn’t have any unknown systems popping up.
The retirement of Windows 95 wasn’t so simple. It wasn’t a retirement of 95 per se, and I dont remember if this was before or after the Windows 95 retirement date Dec 31, 2001. Rather we forced out Windows 9x by increasing the security requirements to a point where existing 9x clients didn’t work. It turned out that the printer that cut checks was Windows 95. smh.
A couple of good updates if you’re a LastPass Enterprise customer.
The LDAP sync utility version has been updated and will now run as a service. Before it ran as an application, and that didn’t work well for me. The LDAP sync talks to your directory and updates new users and disabled/deleted users according to the settings you provide.
The second update is a new video for enterprise users. The provided training videos are great. But they don’t cover topics specific to the enterprise product. I also was looking for a way to host internally. If I link to Youtube the user will see an advertisement before the video. The “what’s related” after a video caused me embarrassment in a training session. (Next time, I’ll disable “what’s related” in the link). This new video is good.
Both were issues or annoyances I had, and both were quickly fixed.
At Shmoocon 2013, Jake Williams and Mark Baggett presented a talk on techniques for malware persistence.
We all know the correct course of action with an infected computer is to wipe it and start over. But when it comes down to it, we ignore that advice and attempt to recover. The reasons for this are many. The need to play superhero. Boredom (if you haven’t been cleaning computers, it sounds more challenging than the usual same old). There is also pressure from the business (or from the family member). They don’t want to reload everything. They may not even have the install media.
What is more downtime for the business, waiting for a system reload or having the system be “reinfected”.
When even the average tech might think that Malwarebytes is enough, its hard to convince business to just wipe the drive. And sometimes its hard to convince ourself. Wiping the drive isn’t a personal failing, and this talk from Shmoocon attempts to convince you of that by outlining re-infection techniques you may not have thought of. Autoruns, msconfig or hijackthis aren’t the the beginning and the end for how malware may return to your machine.
The slides are available at www.wipethedrive.com. It’s a good talk and worth checking out the slides.