Monday, April 28, 2014

Why the Internet Needs Encryption

The internet was designed to feel like a point to point communication system so when you sign on to Facebook, it feels like you and Facebook are the only two engaged in the conversation.

Because of this encryption on the internet is often a hard topic to discuss with people. It sounds like you're telling them to whisper while talking to someone one on one in their living room.

Thursday, April 24, 2014

Heartbleed: Lessons Learned

Fixing Heartbleed has received a lot of investment in a very short amount of time, both money and time wise. In my own company a number of senior Incident Response handlers and network admins were basically given a blank check on resources by management and told to solve the problem as fast as possible, regardless of the cost (Pretty unusual at my company).

Monday, April 21, 2014

Crypto Currency: A really good idea

We are already using digital currency. Credit cards, online stores, paypal, Google Wallet, online banking, and many other activities are all examples of digital currency. We cannot get away from digital currency, even if we wanted to. But our digital currency is modelled after our physical currency which has introduced some difficulties and loopholes in it's usage.

Monday, April 14, 2014

Scan, Scan, and Scan Again for Heartbleed

Whatever scanner you choose to use, make sure to scan your resources thoroughly, both before and after you patch.

Crypto Currency: Making Dollars Distinguishable

In a previous post I discussed that one of the problems with digital currency is that the dollars are indistinguishable. If I pay Bank Eville Guys $100 and Bank Connman $100 there is no way to distinguish the different $100 dollars from each other.

Friday, April 11, 2014

Scanning for Heartbleed Efficiently

So now you have a Heartbleed scanner, what do you do?

At this point in the game you have probably picked at least one (probably two or three) scanners to work with when you're detecting Heartbleed vulnerabilities. Where do you start?

NMAP over Proprietary Heartbleed Scanners

We're a couple days into Heartbleed at this point and there are now a number of different scanners and tools available. I've detailed how to get NMAP to scan for Heartbleed here.

I've looked at a few of them, and I recommend using NMAP as a scanner for a number of reasons.

1. NMAP will allow you to scan interal network resources that are not available to the internet. Web based scanners can only look at what you expose to the greater internet.

Thursday, April 10, 2014

OpenSSL HeartBleed: Not a Computer Virus

Yes, I'm reusing this graphic again. Because it's awesome.
I've heard this question come up a couple of times in different forms, "Is Heartbleed a computer virus?" "Is my computer vulnerable to Heartbleed?"

Wednesday, April 9, 2014

Scanning for Heartbleed with NMAP

UPDATE: This script has now been released in NMAP 6.45 and is available upon download.

UPDATE: For advice on scanning efficiently, see my post here

Patrik Karlsson (@nevdull77) created an excellent script to scan for Heartbleed using NMAP. It's still in development, and hasn't been included in an official release yet, but here's how to get it if you're looking for it.

NOTE: Shout out to @bonsaiviking for pointing me towards the right files.

DISCLAIMER: Obviously this script may change without warning. I did not write the script, I am interested only in providing helpful instructions to install it quickly if you want to use it before it is officially released.

Download the latest version of nmap for your operating system here (

Hacking: Needles in Haystacks

The term "hacking" is often dramatized in the media and Hollywood. Here are some excellent examples.

Tuesday, April 8, 2014

OpenSSL Heart Bleed: Simplified

OpenSSL has released a patch for an issue being called the "Heart bleed issue". There are a couple good technical explanations out there already here and here but I'd like to break it down into basic terms.

You can also just read XKCD

Monday, April 7, 2014

Crypto Currency: Indistinguishable Dollars

Continuing the discussion on Crypto Currency, here's another issue with using digital dollars: the dollars are indistinguishable.

Friday, April 4, 2014

Crypto Currency: Solution to Creating Currency

In a previous post I discussed one of the problems with digital dollars being that it's difficult to monitor currency creation. Here is an explanation of the crypto currency solution to this problem.

The obvious solution is to have some governing body monitor currency and it's creation, similar to how we do now with having certain facilities that can create paper money. But let's not be too hasty in our conclusions. Digital money brings a fundamental shift because digital money can be copied very easily. Instead of creating the money physical money you have to keep track of the money that is spent.

Thursday, April 3, 2014

Guardium Overview

Yet another system summary I did for management (I've been pumping them out like jelly beans lately).

Guardium is a 100% certainty (in theory) database monitoring tool. This means that Guardium will process 100% of the queries that come through a database it is installed on, as opposed to performing sampling on database queries and capturing a percentage of the queries as most other monitoring tools do. Similar to LogRhythm the easiest way to get a picture of Guardium is to talk about how queries travel through Guardium and how they are used.