Information Security and Network Awareness

Hurricane Labs

Subscribe to Hurricane Labs: eMailAlertsEmail Alerts
Get Hurricane Labs: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Latest Blogs from Hurricane Labs
http://hlurl.com/bb -- Just wanted to link to something I wrote a few months ago. Basically, security people should stop being scared whiners and start being educated technologists. Oh and here is the unedited, full version with my actual title :-) Stop Calling It A SmartPhone and G...
Company expansion is an issue that many companies will come across in their lifetime. WAN connectivity can be as easy as setting up a contract with an ISP to as tedious as mapping OSPF across an MPLS backbone or dynamically peer'd VPN connections. Either way, these tasks eventually hav...
Over the weekend of April 16-18, I attended Notacon for the first time in 2007. Back in 2007, I was new to the security “scene” and was a bit timid to give my talk about hacking MySpace. This year, just as a spectator and a little more seasoned in the conference scene, I found myself ...
So this week I had the opportunity of setting up a little lab to test both of these firewalls. Before this week I had no idea these firewalls even existed, and the only open source routing/firewall software I even knew of at the time was Vyatta; which is really only for routing...
I sat for the EC-council's Certified Ethical Hacker exam today. Mostly as part of a much larger experiment in finding some valid/useful training for my guys here. I just wanted to lay out some of my thoughts on this particular exam:1) I will qualify this by saying I'm not one of these ...
I recently wrote a couple of to-be-published articles basically laying out all the reasons why we as security professionals should not be running away from so-called "new" technology. Essentially I am asking that we take the time to really understand what's so new about this stuff. Sma...
Recently, we were planning a migration from MRTG to Cacti, and we ran into a few issues during this process.Some of the obstacles that I ran into during the migration:Data imported into Cacti was not accurate.Data would import accurately, but would get overwritten at 5 minute intervals...
No matter what facet of information security you're in, from being the CISO down to just installing security patches and keeping up to date, there will probably be a point where you need to see the details of a hack. Maybe it's because you need to fingerprint what it does or how it act...
Missed out on our Hack Challenge? Weren't taking notes during Jordan Wiens' presentation? Or perhaps you're feeling a little nostalgic. Whatever your affliction may be, we have just the thing to cure what ails you: Hack Challenge videos! That's right, relive your favorite moments from...
Yesterday we started getting floods of malware alerts for machines on many different networks that we manage going out to a site that was identified a while ago for MS08-067 type activity. So we did our due diligence and notified our clients that we were seeing this traffic attempting ...
Well, I'm in Washington DC following the aftermath of Shmoocon 2010. Despite me being an avid security/hacker con goer, this was my first. Let me start by saying that "aftermath" is no exaggeration. Between the 24+ inches of snow and the crazy antics one can only find at a hacker conv...
Here I am at ShmooCon 2010 right in the middle of what people here in Washington DC are calling Snowpocalypse 2010. The Metro, busses, and taxis are all closed down and essentially the city has shut down. Being from Cleveland I find it a little laughable but it’s still a pretty bad sto...
Recently I’ve been faced with a very difficult type of question, and it isn’t even technical. No, it’s not the typical ‘How do you find a buffer overflow?’ or ‘Can you write me code entirely in assembly in 20 minutes?’ It’s much more difficult to answer. It’s answer, to many people, ma...
I've had the pleasure of spending yesterday and today (and I'll be here tomorrow too) at the 2010 CodeMash conference in Sandusky, at the spectacular Kalahari resort (if you've never been here, its way worth it). We attended the "precompiler" presentations yesterday, and have been to 3...
Hurricane Labs had a webinar today on achieving compliance and security through Open Source technology. We had a great turn out and the attendees were able to take away with them some useful information.Below is a link to the webinar recording. Feel free to check it out. http://hlurl.c...
Written by Rick DeaconRecently I've been faced with a very difficult type of question... and it isn't even technical. No, it's not the typical 'How do you find a buffer overflow?' or 'Can you write me code entirely in assembly... in 20 minutes?'... it's much more difficult to answer. I...
Written by: Matt Yonchak, Hurricane Labs If you’ve read our newsletters before, we’ve talked about securing things from networks to web apps and hopefully have given some perspective and tips for how to do so. Recently a colleague of mine (Rick Deacon) gave a talk here at our offi...
Written by: Matt Yonchak If you’ve read our newsletters before, we’ve talked about securing things from networks to web apps and hopefully have given some perspective and tips for how to do so. Recently a colleague (Rick Deacon) of mine gave a talk here at our office about what the pro...
Hurricane Labs has responsibly disclosed a security issue to Check Point Software related to their Edge line of products. The details are as follows:Summary-----While writing a utility for a client to do automated password changes on a large installation of Edge appliances one of our e...
I had the wonderful chance to visit a new doctor today (not that my old doctor was much better about this) and had the chance to be left alone, with her computer, for about 10 minutes, unlocked. For those that know me know this is not a good scenario. For those that work with me at Hur...
Written by: Rick DeaconSo you have some things you’d like to have pen-tested. Maybe it’s some web applications or a subnet of Internet facing IP addresses. Maybe it’s just some of your internal network or internal physical security. Either way eventually everyone should have a third pa...
http://extendedsubset.com/?p=8 More to come and there is no public exploit code I'm aware of (but there will be soon I'm sure). This will essentially allow you "splice" several connections together so that you can snoop on someone's encrypted connection without them really knowing it. ...
Last week was the Information Security Summit at Tri-C Corporate College East. It was my first time at the Summit, so I went in looking to learn something new. Looking over the 'pre-con' training that they had to offer, I noticed an inexpensive course on NAC (Network Access Control). T...
When I first got into this business (many, many moons ago) it was about trying to help people build proper networks and applications, there was not much else. I mean sure you had some standards and compliance stuff to deal with but the business was not built around these things. You wa...
If you were one of the lucky people to pick up one of the red USB sticks at this year's Information Security Summit fear not! There's nothing malicious on it. It was merely an exercise to see how aware some security folks are these day. Here is what the sticks had on them: 1) familyp...
I traveled to Toronto, ON for the third Security Education Conference Toronto (SECTor). There were many great presentations on the first day, but the common theme among them all was something we, as well as many other security professionals, have been harping about for years: Input Val...
A few more observations from Linuxfest.1 - There are some talented people out there without work right now. In a struggling economy it becomes more important than ever to care with who you hire. Perhaps it's time to choose talent over a good resume and passion instead of experience. Th...
Here at Linuxfest and if there is one thing I'm taking away it's how you need to make your tools work for you. It does you no good have something that is perfect for someone else's environment.I was approached by someone who works for a well known vendor that told me about how they use...
GreenSQL-FW, also known as GreenSQL, is a MySQL database firewall/proxy. In the default mode, IDS or Intrusion Detection System, it acts as a reverse proxy for MySQL databases. The SQL queries are evaluated before the query is passed to the database. With GreenSQL, common administr...
I attended last night's Northeast Ohio Information Security Forum, which is a local group of security professionals and other interested parties talking about a wide range of security-related topics. I was happy to see that the topics for last night's meeting were at opposite ends of t...
Perhaps I am late to this realization (probably because I don't pay attention to MS release dates?), but does anybody else find it interesting that the windows 7 release date is scheduled exactly one week before that of Ubuntu 9.10 "Karmic Koala"'s anticipated release? Perhaps since *...
Today I attended the September meeting of the northeast Ohio/Cleveland chapter of ISSA. The speaker was Craig Campbell who gave a very instructive presentation on building a Snort sensor from scratch. He went over basic configuration and gave an overview of how to integrate Snort with ...
Written by Bill MathewsThe challenge was to find an Open Source Search engine to use internally that was comparable to Google’s Search Appliance. This sounded easy enough but wow was I wrong. There seems to be a few projects that focus on giving you the tools to build your own search ...
We just created a new URL shortening service. Try it out and feel free to use it whenever you want! http://hlurl.com/
Written by: Matt YonchakOne of the most common things I hear when people visit our office is “Wow I wish I could work in an office like this”. That statement is usually brought on by the fact that one of the first things they see when they walk in the door is our pool table. This got m...
Written by: Rick DeaconThe morning after. After the hack challenge that is, which happened to be a great success this year. The Northeast Ohio Information Security Forum helped us organize and put it on. We had over 30 competitors come and have their hand at the numerous vulnerabilitie...
So, I just got back from DEFCON 17 in Las Vegas, NV. This year was probably the most impressive turnout I've seen in my 3 years of going to DEFCON. The hacker conference lasted from Thursday until Sunday. The first thing to do Thursday is to get your badge. Bright and early in...
Last night (July 15, 2009) we had our first Hack Challenge in a very long time (we've held them quite a bit in the past) so I wanted to recap it a bit here using words and pictures. :-) Here we go.The purpose of our Hack Challenges is to demonstrate both the ease of exploiting flaws an...
Written by: Rob JerinaI’ve been looking through a lot of firewall rulebases lately. Many of them need major improvements, of course no rulebase is perfect. However, most of them seem to be very open, especially allowing traffic to their own firewall. I would like to discuss the general...