Enjoy!
Deleted after my wife complained about the pictures.
Monday, January 25, 2010
My Beautiful Wife
While going through old pictures, I found these pictures of my beautiful wife. :)
Enjoy!
Deleted after my wife complained about the pictures.
Enjoy!
Deleted after my wife complained about the pictures.
Friday, January 22, 2010
Cobo NAIAS Fire
So, I was at Cobo yesterday for the Detroit Auto Show / North American International Auto Show.
Of course, there was the fire. Here's some quick video I shot as the security guards were ushering everyone out:
Video 1:
Video 2:
MJ
Tuesday, January 19, 2010
The Google Hack
I admit. When I first read Google's post about getting hacked, I was pretty stoked about how they were going toe to toe with one of the world's most powerful and "meanest" governments.
I then realized that the most important part was in the first paragraph, "resulted in the theft of intellectual property from Google". The next nine paragraphs just put an interesting, humanitarian spin on things.
John Markoff and Ashlee Vance just published "Fearing Hackers Who Leave No Trace". In it, they discuss why it is a big deal for someone to hack into Google, Adobe, or the other companies. It is well worth the read.
And, if you've missed it:
I then realized that the most important part was in the first paragraph, "resulted in the theft of intellectual property from Google". The next nine paragraphs just put an interesting, humanitarian spin on things.
John Markoff and Ashlee Vance just published "Fearing Hackers Who Leave No Trace". In it, they discuss why it is a big deal for someone to hack into Google, Adobe, or the other companies. It is well worth the read.
And, if you've missed it:
- http://blogs.technet.com/msrc/archive/2010/01/19/security-advisory-979352-going-out-of-band.aspx This site looks down now. But, this is where Microsoft has announced that they're releasing an Out of Band patch for this IE issue.
- Microsoft advises using IE 8 instead of version 6 or 7 as it is "less vulnerable". Not "safe", just less bad.
- Not so fast says Vupen. They say that IE8 is just as vulnerable as anything else. They all suck.
- New Windows(R) kernel Vulnerability. To top it all off, Tavis Ormandy has just published a new vulnerability in the Windows Kernel. Which versions? Oh, just those in NT 3.1 through Windows 7. That includes the Server versions (like 200{0,3,8} as well as things like XP) since they're all on the same happy kernels. What kind of vulnerability? Privilege Escalation. So, as long as you can execute any code on the box, you can now escalate to full privileges. Nice.
Saturday, January 16, 2010
Status Mail
Below is a scrubbed version of a status email I put together for my management on the new Microsoft Vulnerability.
A few days ago, Google published a not saying that they were targeted by an adversary which successfully
On January 12th I (and thousands of others!) received notice from Google saying that they "detected a highly sophisticated and targeted attack on our corporate infrastructure originating from China that resulted in the theft of intellectual property from Google." Note that the attack was not on Google's products (web search, advertising, YouTube, Gmail, etc.). The attack was against Google corporate, which is likely protected with the same kinds of firewalls, IPS, and AV which any Fortune 500 company uses. Google also mentioned that, in the course of investigating the attack, they discovered that they were only one of many companies that were targeted as part of the same attack.
On January 14, George Kurtz (McAfee's CTO) published information saying that they are "working with multiple organizations which were impacted by the attack" that famously hit Google. As part of their investigation, they found a new Zero Day exploit in Internet Explorer. George goes on to say:
End Quote
Microsoft's Response: Normally, Microsoft tempers their Security Advisories by trying to make customers understand to what degree adversaries are exploited an particular vulnerability. Version 1.0 of the security advisory mentions that they are only aware of one customer who was actually hit by an exploit for this vulnerability. I have never seen Microsoft publish a SA without there being some type of wide-spread exploitation. Microsoft has no acceptable work around.
Germany has taken an unheard of step. The German Office for Internet Security has recommended that citizen not use Internet Explorer version 6, 7, or 8 on Windows XP, Vista, or Windows 7 until Microsoft issues a patch.
McAfee (and others) have reported that code to exploit the IE vulnerability is public.
Anti-virus is of limited use against this threat. Anti-Virus works best against exploits which many customers have already seen. A dedicated attacker could download a malware toolkit, create the exploit, and send it to a few employees in minutes. It would be an attack that the AV has never seen before, and thus can only provide limited protection.
References:
http://googleblog.blogspot.com/2010/01/new-approach-to-china.html
http://arstechnica.com/security/news/2010/01/researchers-identify-command-servers-behind-google-attack.ars?utm_source=rss&utm_medium=rss&utm_campaign=rss
http://siblog.mcafee.com/cto/operation-%E2%80%9Caurora%E2%80%9D-hit-google-others/
http://siblog.mcafee.com/cto/%E2%80%9Caurora%E2%80%9D-exploit-in-google-attack-now-public/
http://www.microsoft.com/technet/security/advisory/979352.mspx
http://www.dw-world.de/dw/article/0,,5132998,00.html
A few days ago, Google published a not saying that they were targeted by an adversary which successfully
On January 12th I (and thousands of others!) received notice from Google saying that they "detected a highly sophisticated and targeted attack on our corporate infrastructure originating from China that resulted in the theft of intellectual property from Google." Note that the attack was not on Google's products (web search, advertising, YouTube, Gmail, etc.). The attack was against Google corporate, which is likely protected with the same kinds of firewalls, IPS, and AV which any Fortune 500 company uses. Google also mentioned that, in the course of investigating the attack, they discovered that they were only one of many companies that were targeted as part of the same attack.
On January 14, George Kurtz (McAfee's CTO) published information saying that they are "working with multiple organizations which were impacted by the attack" that famously hit Google. As part of their investigation, they found a new Zero Day exploit in Internet Explorer. George goes on to say:
As with most targeted attacks, the intruders gained access to an organization by sending a tailored attack to one or a few targeted individuals. We suspect these individuals were targeted because they likely had access to valuable intellectual property. These attacks will look like they come from a trusted source, leading the target to fall for the trap and clicking a link or file. That’s when the exploitation takes place, using the vulnerability in Microsoft’s Internet Explorer.
Once the malware is downloaded and installed, it opens a back door that allows the attacker to perform reconnaissance and gain complete control over the compromised system. The attacker can now identify high value targets and start to siphon off valuable data from the company.
Our investigation has shown that Internet Explorer is vulnerable on all of Microsoft’s most recent operating system releases, including Windows 7. Still, so far the attacks we’ve seen using this vector have been focused on Internet Explorer 6.
End Quote
Microsoft's Response: Normally, Microsoft tempers their Security Advisories by trying to make customers understand to what degree adversaries are exploited an particular vulnerability. Version 1.0 of the security advisory mentions that they are only aware of one customer who was actually hit by an exploit for this vulnerability. I have never seen Microsoft publish a SA without there being some type of wide-spread exploitation. Microsoft has no acceptable work around.
Germany has taken an unheard of step. The German Office for Internet Security has recommended that citizen not use Internet Explorer version 6, 7, or 8 on Windows XP, Vista, or Windows 7 until Microsoft issues a patch.
McAfee (and others) have reported that code to exploit the IE vulnerability is public.
Anti-virus is of limited use against this threat. Anti-Virus works best against exploits which many customers have already seen. A dedicated attacker could download a malware toolkit, create the exploit, and send it to a few employees in minutes. It would be an attack that the AV has never seen before, and thus can only provide limited protection.
References:
http://googleblog.blogspot.com/2010/01/new-approach-to-china.html
http://arstechnica.com/security/news/2010/01/researchers-identify-command-servers-behind-google-attack.ars?utm_source=rss&utm_medium=rss&utm_campaign=rss
http://siblog.mcafee.com/cto/operation-%E2%80%9Caurora%E2%80%9D-hit-google-others/
http://siblog.mcafee.com/cto/%E2%80%9Caurora%E2%80%9D-exploit-in-google-attack-now-public/
http://www.microsoft.com/technet/security/advisory/979352.mspx
http://www.dw-world.de/dw/article/0,,5132998,00.html
Thursday, January 14, 2010
An Inflection Point in Information Security
Very recently, The Microsoft Security Response Center (MSRC) published a blog post about Security Advisory 979352. Go ahead and take a minute to read the blog post. The Security Advisory is only interesting from a comical (not informational) perspective.
This is crazy, on two fronts. First, it's like a security advisory from Ms. Cleo "Ya' gots som'body doin' sum'tin' baaaaaadd on yo' network! Ya gots ta' fix da Intanet Explora!" There's less detail than in ... well, a Microsoft security bulletin. A third grader could've published something with more actionable intelligence in it.
Second, Um... but, targeted attacks have been going on FOR A LONG TIME. Now Google decides to go public about one of their's, with only a few blog posts, I might add. That's all it took? One company to make a stink about it? Just had to be the right company, I guess. (This behavior of American media only paying attention to "celebrities" (whether they are Paris Hilton or Google) and ignoring "experts" (SANS, other Information Security groups) is ridiculous, but that's another blog posting)
We've crested an inflection point in the Information Security Industry. Here's what I mean:
- Google has gone public about them falling victim to a targeted attack which appears to have used vulnerabilities in IE and Adobe Reader. They point out that many other, very large organizations were also attacked.
- Adobe responds by saying that everyone should (purchase an) upgrade to the latest and greatest Acrobat version which has 90% more securification. Or, something like that...
- Microsoft has published a security advisory (granted: with zero detail) for something that only one customer has reported. This is a huge change for Microsoft. Historically, Microsoft has tried to temper reported vulnerabilities by saying that only small numbers of companies had been effected or such. This is a new direction for them. Hopefully one which will continue.
It appears that we're crossing an inflection point in the history of Information Security. Companies which are serious about security have been spending large amounts of money on their Information Security programs. First, they have to understand what's happening on their networks; which is no easy task. Second, they have to recognize when they're being attacked; which is even harder. Here's where it gets really difficult: At this point you need a two pronged approach to understand if the attack was successful, and understand the damage; the second prong is to figure out how to defend yourself against that attack in the future.
In the past, these companies have relied on best-of-breed commercial and open source tools which consistently failed to meet their needs. So, they've spent countless man-hours creating custom tools to fill the gaps. They've spent countless hours fighting vendors who blew them off because they were the "only one" experiencing said problem.
Now (I hope!) the tables have finally turned. Google (who loves to tote that their key servers run Linux) has forced Microsoft to publicly acknowledge a vulnerability which only caused financial harm for one company. Google is forcing a major world government to rethink their policies.
Google is forcing every company out there to rethink their security policies, written and unwritten. Every company now knows that they bad people out there will work hard to get at their data.
Links:
- Microsoft Blog Post
- Microsoft Security Advisory (979352)
- McAfee Gets It: Read the ending paragraphs
- Slashdot Article
Subscribe to:
Posts (Atom)
