Something new…

I haven’t posted much, and this isn’t going to be as much of a post as it is a call for assistance. I do security work, not web dev / SEO. With that said, I’m doing some work with http://www.sbarbarolaw.com . Anybody have some great ideas on how to best get higher site rankings and write a good xml site map? Also, if anybody needs legal assistance I highly recommend their services.

 

I guess I could throw a little bit of a post into this while I’m here… recently I’ve helped some friends and family “clean” some of their infected systems. Bad Guys: Thank you for making my job much easier than it should have been, rename your stuff so it isn’t so obvious when somebody does preliminary forensics. Of course the easiest thing to do is just whack the mbr and rebuild the system because for every piece of found malware I’m sure there are 10 undiscovered hidden parts of some nifty rootkit. Alrighty, that’s all for now. Thanks for any help. reliminary forensics. Of course the easiest thing to do is just whack the mbr and rebuild the system because for every piece of found malware I’m sure there are 10 undiscovered hidden parts of some nifty rootkit. Alrighty, that’s all for now. Thanks for any help.

Where to start…

First, I want to apologize for not posting much.  I was asked to stop and I complied because I truely felt I was going to be able to make a difference, and since they asked me to stop blogging it would be a good guesture to do so.  I figured that if I cooperated with them they would do what they needed to do in order to get stuff fixed.  WOW was I wrong…  asking me to stop was their way of hiding their incompetence even if I NEVER disclosed any identifying information.  So now that I have gotten my final check from my previous employer and it has cleared the bank I feel it is time to speak some truth about the wasteful spending of man hours to unqualified, unmotivated, ignorant, shady and downright incompetent personnel.  When I took the position I genuinely felt like I had the opportunity to take my previous experiences and make a huge difference in a place that needed a major overhaul from a security perspective.  Initial meetings/conferences seemed to also point in that direction.  Leadership seemed like they really understood the problem and really wanted to make a difference.  Re-orgs were happening to place the right people in decision making positions, budgets were being announced, contracts were being awarded….  it all seemed to make for a situation ripe for success.  Boy was I wrong……..

It seems the good old boy system was way more at play than anyone could have imagined.  In order to protect the innocent “A” will be used as a Chief Executive level officer, “B” for the security lead, “C” for contract lead, and x, y,z for the incompetent underlings.  So…  A and C had a long past that made for what seemed to be a good relationship at first and turned out to be a good way to backdoor the system and processes.  A and C talked about how they could just move the prime out of the way if it didn’t work out.  C couldn’t do the work alone because they didn’t exactly qualify as a company for the award but C was surely in on the $$ with a little help from a friend.  A appointed B in what seemed like a good move but later turned out to be something somewhat forced and although it was pointed out many times that B was more incompetent than a parapalegic playing professional football and in way over his head, A could do nothing about it.  A told C that he agreed B was incompetent and knew he was unqualified, but couldn’t do anything about it.  xyz wanted to do more complaining about things than actually working on fixing the issues.  They talked about bastion hosts like they were the newest thing in the world and the end all to security problems, ummmm…. yeah.  xyz also decided to do some internet stalking when I first started….  have fun reading mullet man ( m!m )!!!  B at one point decided to report something as a CAT3 to the CERT that was unequivacly a CAT1….  malware being executed as a domain admin and pushed out across the network as a domain admin with psexec, O and that domain admin just happened to be “B”.  Hmmm, anyone else smell ethical issues here?!?!  B also was quick to change dates and names on official deliverables in order to hide his incompetence.  CERT:  If you would like more information, aka CSA logs, I’d be happy to provide that to you.  I would normally never do such a thing but since this wasn’t the only unethical thing that was done I feel it is my duty to provide the information you should have legally been given up front.

C had a team hired to help fix things but as it turns out C really only wanted to make it seem like we were there to make a difference, the real reason was to fill seats.  We were even asked to go 24/7 at which point it was noted there wasn’t enough “other” support and it was really just wasting money.  Well, as it turns out again A and C were there to fill seats, build resumes, make money, and A didn’t care if the money would be well spent as long as the total number of positions was increased, making A and C look good in the end.  As long as C was able to meet A’s requirements all is well and both are made to look like the heroes.  Official audit??  IG are you out there?

There are a few good people to work with there but there is also an overwhelming number of people who really aren’t worth their weight in trash.  It’s obvious to see exactly why some agencies end up getting pwn3d over and over again.  For anybody that believes things will just magically get better by TALKING about things and not actually DOING things is sorely mistaken.  I’ve seen places in the past that are in poor shape from a security standpoint but take the recommendations of security professionals and actually get better.  Crazy concept I know!!

In the end, I guess you could say they won.  The smartest people there left, the A, B, C and xyz get to do business without someone like me pointing out problems, the CERT has no idea what is really going on.  Congrats to them, now they can get owned and be completely oblivious to it but they will certainly have the man power to sit and do nothing.

Thoughts on NOTACON 6

Just got back from presenting our client side talk at NOTACON with CG.  The drive out and back from Cleveland OH was fun in the M and the area chosen to host the CON was aparently the “nice/hip” part of town-  Good choice.   Now on to the actual con…

The point of NOTACON is that it isn’t a typical CON, and it lives up to this. The talks were all good but ranged from hacking sql to strategy behind the go game to audio programming languages. If you were there for any specific reason you would have had a considerable amount of down time.   You really needed to be a security/ techie/gaming/ hardware geek to find something during each timeslot.

I think our talk went well although they didn’t have feedback forms for participants to fill out so I have no idea how well we really did.  We got good on the spot feedback from a few people but we packed the room in so it would be good to know for the future.  If anyone wants to post a review we’d appreciate it.  

Enough about me for now…  David Kennedy’s (ReL1K) talk about fast-track was very good and even tempted the demo gods with live demos with great success.  I will be testing out the software shortly.  I’m sure he was happy that he didn’t need to have a shield as nobody was throwing lemons or other items.  Another member of secure state, Matt Neely (Zamboni) gave a great talk on decoding hotel room keys for personal information.  He showed all kinds of techniques to get and analyze raw data from mag stripe cards and was very informative.  Travis Goodspeed as usual gave a pretty detailed talk on hardware modding and building your own binary clocks and circuit boards.  I’m not an electrical engineer but if you were you would really have enjoyed the talk.  

I went to a few more talks and all were informative but decided to head out of town early and didn’t make it to the end.  Oh yeah… memedump by Jason Scott for 2+ hours was a blast.  It was basically a movie of the “best youtube has to offer” with beer and cheering.  Good times!  

I don’t have the video uploaded to vimeo yet but plan on getting that taken care of soon so check often if you are interested in seeing it.  

Till the next con… peace out intersphere

Thoughts on Source Boston

So, last week was my first trip to Source Boston and wow was I impressed.  I haven’t been to hundreds of CONs but I have been to enough to know that Source Boston was quite possibly the best I have ever been to for a number of reasons.  

1.  First and foremost, I want to thank Stacy and Dildog for setting up a great CON. Also, thanks to the rest of the panel that did an amazing job choosing talks.  Almost every talk I went to was top notch, and those that weren’t “top notch” IMO were very relevant to security and well presented, just not my cup-of-tea.  

2. Val, Dino, and Dan’s talks were all right on target, technical, packed and very well presented.  Kaminski’s talk made my head hurt as usual with the amount of info provided.  James Atkinson’s talk might have caused the most well deserved fear, and the most Twitter traffic.  There were really too many great talks to cover them all on here and unfortunately I really had to “choose” the best track more than once throughout the con, something that is usually a no-brainer at most cons, so I need to go back and watch all those that I missed.

3.  Along with the people above, finally meeting people like Goodspeed, Cabetas, Weber, Zeltser, Jolly, and a dozen other well respected individuals (my apologies if I didn’t add your name) made the experience even more special.  

4. I might have a little bias on this one, but the Client-Side talk given by CG ,and yours truly, made the whole thing worth while. The videos of our demos can be found HERE. The actual video of our talk can be found HERE.

So with all of that said, if there is one con you should attend, Source Boston seems to be it! Don’t get me wrong, I enjoy going to all of the other cons throughout the year, and DefCon always brings out the heavy hitters even if they do not talk, but the creators of Source really did a grade A job, thanks again Stacy!

That’s all for now, time to start on preparing for the next con.

Lots to drop soon

It’s been a while since I have posted anything and I apologize to everybody. I have been busy working on new ventures and getting slides ready for some upcoming talks. I plan to drop some interesting posts in the near future so check back after Source.

Hmmm… not a fun time working for DOD cyber defense

DOD CyberAttack 28Nov2008 reported by Baltimore Sun

Hmmm…  nothing too out of the ordinary here, people constantly trying to hack DOD networks but this one part caught my eye:

“…penetrated at least one highly protected classified network.”   <– that can’t be good!

and this quote:

“The malware is able to spread to any flash drive plugged into an infected computer. The risk of spreading the malware to other networks prompted the military to ban the flash drives.”

would explain this: Army Bans USB Flash Drives

Happy Thanksgiving!!!!

Disguised Attack Vectors??? Maybe, maybe not…

So earlier this week, Monday to be exact, the day before the elections, CG and I got off of our train and noticed DVD’s for McCain and the Rep party on every persons car.  Now just FYI, this train goes to and from DC so most people in the parking lot probably work for some type of government.  CG and I immediately thought of how good of an attack vector this might be as we noticed all kinds of people just grabbing them and getting in the car with them.  How many of those people do you think actually stuck that DVD into their computer?  I don’t know the answer but I would imagine there are at least 500 parking spots and if 10% did play the DVD you could have potentially infected 50 people! !  That’s a pretty good vector if you ask me,  especially under the guise of “campaign propaganda”,  just create a trojan that runs with the movie and let people do the rest.

What I have described so far could be looked at from two points of view.  1.  Someone wanting some shells and possibly some government shells if people took the DVD to work or used it on a computer that VPN’d to work.  Good, fun, easy.  2.  Democrats…  if it were to get out that a DVD for the Rep party was sent out with malware!!!  Wow, what a mess!  Now, for the record I did not do any forensics or testing or watching of this DVD so this is all just my random thoughts but as you can see the possibilities are endless!  Why try to break into somebodys front door when you can just spend a small amount of money to burn a bunch of CD’s or DVD’s and hope someone foolish plays it on their computer.  Thanksgiving and Christmas are coming up soon, a FREE MP3 CD or DVD could hold some potential

Moral of the story:  Scrutinize EVERYTHING, Nothing is as it seems!

Protected: wow, what a week at work! virus –> full pwnage = wow! Follow directions for access (http://g0ne.wordpress.com/protectedaccess/)

This post is password protected. To view it please enter your password below:

Password:

New blog site

Ladies and Gentlemen, I had to change my blog host from blogger to here in order to comply with some privacy concerns and add a layer of security to certain blogs.  If you are linking my previous blog (vmarve.blogspot.com) please make the appropriate changes to this new blog addy (g0ne.wordpress.com)

Over the next few days I will be tweaking the layout and theme.  If you have any suggestions please shoot me an email or drop a comment.

Protected: Time to move on

This post is password protected. To view it please enter your password below:

Password: