6 January 2021 was a security clusterfuck.

Note the first: I started working on this article last week, but didn't post it until now because I wanted to let all of the (usually astoundingly bad) hot takes die down. While I realize that the Internet has given everyone an attention span rivalled only by the lifespan of the adult mayfly, I think it might be useful to have something laying around that can be pointed to later if need be.

Note the second: A reminder that I do not speak from an official position. I do not speak for or represent my employers, past, present, or future …

Read more...

Pen testing vs security assessment.

A couple of weeks back while traveling I had an opportunity to spend some time with an old colleague from my penetration testing days.  Once upon a time we used to spend much of our time on the road, living out of suitcases, probably giving the TSA fits and generally living la vida Sneakers.  I'm out of that particular game these days because it's just not my bag anymore.  The colleague in question is more or less on the management side of things at that particular company.  Contrary to what one might reasonably assume, however, we didn't spend a whole …

Read more...

I don't think it was North Korea that pwned Sony.

EDIT: 2014/12/23: Added reference to, a link to, and a local copy of the United Nations' Committee Against Torture report.

I would have written about this earlier in the week when it was trendy, but not having a working laptop (and my day job keeping me too busy lately to write) prevented it. So, here it is:

Unless you've been completely disconnected from the media for the past month (which is entirely possible, it's the holiday season), you've probably heard about the multinational media corporation Sony getting hacked so badly that you'd think it was the climax of …

Read more...

How to move your /boot partition onto removable media.

Part of every traveler's threat model today should include the following scenario:

When you're trying to fly into or out of an airport en route to someplace else, it is entirely possible that the airport's security staff will take you aside for a more thorough search and questioning while your stuff is taken someplace out of your control and analyzed. We know that there are malware packages available today that boobytrap the boot device of laptop computers to install various forms of surveillance malware which run the next time you start your machine up and compromise the OS even though …

Read more...

Ubuntu Linux and the Heartbleed OpenSSL vulnerability.

If you're in the mad scramble to patch the Heartbleed vulnerability in OpenSSL on your Ubuntu servers but you need to see some documentation, look in your /usr/share/doc/openssl/changelog.Debian.gz file. If you see the following at the very top of the file, you're patched:


openssl (1.0.1-4ubuntu5.12) precise-security; urgency=medium

* SECURITY UPDATE: side-channel attack on Montgomery ladder implementation
- debian/patches/CVE-2014-0076.patch: add and use constant time swap in
crypto/bn/bn.h, crypto/bn/bn_lib.c, crypto/ec/ec2_mult.c,
util/libeay.num.
- CVE-2014-0076
* SECURITY UPDATE: memory disclosure in TLS heartbeat extension …

Read more...

Malware which makes use of (even more) unexpected covert channels (than usual).

Late last year, known and respected information security researcher Dragos Ruiu began tweeting about something he called #badBIOS - a malware agent of some kind that he says jacks the BIOS of a machine and sets itself up as a hypervisor-cum-backdoor beneath the operating system. He's gathered got some evidence that instances of the beastie communicate via near-ultrasound by directly manipulating the soundcard without interacting with the OS' drivers. Whether or not he's actually right, some of the NSA's older existing tools aside - it was surprising how fast corroborating details started popping up around the Net.

In December of 2013 …

Read more...

Our cyberpunk dystopia is shaping up nicely.

I find it increasingly difficult these days to shake the feeling that the cyberpunk dystopia our world is becoming is shaping up to be more and more like Shadowrun. Ever since 2012 (which turned out to be a slightly less tumultous year than Terrence McKenna had always preached) things have become more and more surreal and disturbing (in a David Cronenberg and not a David Lynch kind of way). The Snowden/NSA scandal continues to bring truly frightening information to light, and the first thing that comes to mind is that ECHO MIRAGE exists as a real thing which is …

Read more...

Setting up AIDE in Kali Linux.

Kali Linux (formerly Backtrack) is a distribution of Linux designed for penetration testers and information security professionals. I'll spare you the details - that's what Wikipedia is for - but I did want to post about a problem that I've been wrestling with for a couple of hours.

Kali Linux can be installed and operated like any other distribution of Linux, which means that you get all of the nifty and handy tools that you'd expect to have, like AIDE for monitoring the file system for unauthorized changes. Unfortunately, because Kali is based upon Debian, and Debian over-engineers a lot of things …

Read more...

Presentation to ISOC-DC, 20121016.

I wound up not giving the whole presentation to the DC chapter of the Internet Society last week because the format got changed up at the last minute. But anyway, here is the presentation I would have given in PDF and OpenOffice Presentation formats.


This work by The Doctor [412/724/301/703] is published under a Creative Commons By Attribution / Noncommercial / Share Alike v3.0 License.