Monday, December 28, 2015

On The Topic of Deploying Honeypots

Hey everyone - I hope you are having a good holiday.  A little while ago, I came across a article about the operational security (OPSEC) of deploying honeypots for industrial control systems.  The article is here, and I thought it brought up an interesting point about deploying defenses in a network.

Monday, December 21, 2015

Be Merry This Holiday: Be Careful Where You Click

Hey everyone - With the holidays right around the corner, you might be scrambling for that perfect holiday gift.  You might be buying that gift online.  Even though we have seen breaches at large stores like Target, Home Depot, and Neiman Marcus, information compromise can happen when shopping from your computer at home.

Monday, December 14, 2015

On The Topic of Being Too 'Careful'

Hey everyone - We have seen a number of data exfiltration methods that hide data in plain sight.  Things like Twittor, IRC, Facebook, domain fronting, et cetera. Using services and protocols for purposes other than they were intended is nothing new (that last link was published in 2010).  As a network defender, your first reaction may be to block the protocol or service.  However, as more otherwise legitimate services and protocols are being used in this way, how do you draw the line?  If you are worried about Amazon Web Services (AWS) as a command and control (C2) channel, do you block all of AWS?  That could be problematic for your organization.  So where do you draw the line?

Monday, December 7, 2015

On Mozilla's Automated Add-On Scanning For Firefox

Hey everyone - This might be obvious to some of you, but browsers are a large attack surface in modern computing.  We do all kinds of things in our web browsers: banking, shopping, pay bills, read news, and watch videos.  Some of that should remain private, so it is important to ensure that we are doing as little as possible as users to compromise that privacy.  This includes some of the easy things: using HTTPS wherever possible (and making sure the certificate is signed by an appropriate authority) and being careful of links we click on and sites we visit.  It is also important to be careful of software (extensions) that enhances the browser for the sake of convenience or to do something that the browser's developers did not envision.  These extensions can add some really useful functionality to the browser,  like ad-blocking, or debugging if you are developing web sites.  However, even inside of the walled garden of the browser's ecosystem, malicious software can slip in.  This causes a problem for the browser developer: how do you scale the vetting of these extensions?