Suricata/Snorby multi-machine setup

Posted on by Chris Leave a comment

Boredom and too many “junk” computers scattered around my home finally congealed into a small-scale IDS system.  I’ve been toying with the idea of setting up Suricata to see how it compares to Snort, but I wanted to prototype a scalable multi-node system.  I’ve done this in the past, but it’s been several years and ran Snort/Barnyard/ACID.  So this isn’t a new idea, but I’m thinking about scaling out more with SSH-tunnels between multiple “scanners” and the “mothership.”  Long-term the nodes would be all-in-one, low footprint plug-and-play units. Read more

Kmart & Dairy Queen hacked!

Posted on by Chris Leave a comment

Looks like cybercrooks planted malware on Dairy Queen and Kmart’s point of sale systems.  Kmart customers are at risk of having their cards clone, but the company assured customers no personal information was at risk.  Dairy Queen did not specify what data was impacted specifically, but did publish a list of affected stores.

Would chip & pin card tech mitigate these attacks?

Recovering from losing your Ubuntu passwords

Posted on by Chris Leave a comment

Two methods, which I’m posting here for my own sanity next time I need them:

Recovery Mode
Changing the Grub Linux INIT String

I’ve used the init string method a few times without bothering to check the recovery console.  Hopefully some time in the future, I will document the whole process myself and post it here for posterity’s sake.

Reading for 10/9/14

Posted on by Chris Leave a comment

Dropbox, KeePass and Chrome all have updates out.
The guys who released BadUSB code also released a “patch” which only fixes one aspect of one vendor’s USB device.  They actually recommended bondo to a thumb drive to prevent physical tampering.  I’ve heard of devices that physically lock out a usb port but don’t ruin them or the case, but considering the condition of work computers I’ve seen us decommission I would just bondo it over myself. I’m sure my users would just love that.
The analytics black hole for detecting internal security threats – a breif summary of a Tech Republic article driving home the same old concepts – we do a piss poor job of user security awareness and education.
Gartner lays out its top 10 tech trends for 2015
The US Government Is Going To Store Top Secret Documents In The Cloud
Insider threat to critical infrastructure ‘underestimated’, says DHS
US Says It Can Hack Foreign Servers Without Warrants – no analysis here – just scary but apparently legal.
Obama Had Security Fears on JPMorgan Data Breach (Courtesy InfoSecNews Mailing List)
An inside look at Russian cybercriminals (Courtesy InfoSecNews Mailing List)
F-Secure’s whitepaper “BLACKENERGY & QUEDAGH: The convergence of crimeware and APT attacks”
George Kao’s “A System For Email Productivity” contains a lot of idea I’ve used in the past, but the presentation here is well worth the read.

Work In Progress – will finish updating soon!

Apple two-factor authentication for iCloud starts today!

Posted on by Chris Leave a comment

If you haven’t setup your two-factor authentication for third party apps in iCloud yet, now is the time.  Unless you are like me, and gave Google all of those tasks already. 🙂  Kudos to Apple for finally coming down of the high horse and admitting they can be hacked…kinda sorta.  🙂

As a side note, I have to say I’m coming more and more into the dark side of fanboydom since I switch to the iPhone.  I didn’t switch by choice mind you, but I did switch.  Almost all of the annoyance from my Android days were gone, but I really miss the bigger screens and greater flexibility.  For now, I’m ok with trading the flexibility up for stability in a device more important than my laptop.