Archive

Category Archives for "Security"

The Walls Are On Fire

There’s no denying the fact that firewalls are a necessary part of modern perimeter security. NAT isn’t a security construct. Attackers have the equivalent of megaton nuclear arsenals with access to so many DDoS networks. Security admins have to do everything they can to prevent these problems from happening. But one look at firewall market tells you something is terribly wrong.

Who’s Protecting First?

Take a look at this recent magic polygon from everyone’s favorite analyst firm:

FW Magic Polygon. Thanks to @EtherealMind.

FW Magic Polygon. Thanks to @EtherealMind.

I won’t deny that Checkpoint is on top. That’s mostly due to the fact that they have the biggest install base in enterprises. But I disagree with the rest of this mystical tesseract. How is Palo Alto a leader in the firewall market? I thought their devices were mostly designed around mitigating internal threats? And how is everyone not named Cisco, Palo Alto, or Fortinet regulated to the Niche Players corral?

The issue comes down to purpose. Most firewalls today aren’t packet filters. They aren’t designed to keep the bad guys out of your networks. They are unified threat management systems. That’s a fancy way of saying they have a whole bunch of software built on top Continue reading

The hollow rhetoric of nation-state threats

The government is using the threat of nation-state hackers to declare a state-of-emergency and pass draconian laws in congress. However, as the GitHub DDoS shows, the government has little interest in actually defending us.

It took 25 days to blame North Korea for the Sony hack, between the moment "Hacked by the #GOP" appeared on Sony computers and when President Obama promised retaliation in a news conference -- based on flimsy evidence of North Korea's involvement. In contrast, it's been more than 25 days since we've had conclusive proof the Chinese government was DDoSing GitHub, and our government has remained silent. China stopped the attacks after two weeks on their own volition, because GitHub defended itself, not because of anything the United States government did.

The reason for the inattention is that GitHub has no lobbyists. Sony spends several million dollars every year in lobbying, as well as hundreds of thousands in campaign contributions. When Sony gets hacked, politicians listen. In contrast, GitHub spends zero on either lobbying or contributions.

It's not that GitHub isn't important -- it's actually key infrastructure to the Internet. All computer nerds know the site. It's the largest repository of source-code on the Continue reading

Solidarity

The government's zealous War on Hackers threatens us, the good hackers who stop the bad ones. They can't tell the good witches from the bad witches. When members of our community get threatened by the system, we should probably do more to stand in solidarity with them. I mention this because many of you will be flying to SFO this coming week for the RSA Conference, which gives us an opportunity to show solidarity.

Today, a security researcher tweeted a joke while on a plane. When he landed, the FBI grabbed him and confiscated all his stuff. The tweets are here:



Chris Roberts' area of research is embedded control systems like those on planes. It's not simply that the FBI grabbed him because of a random person on a plane, but specifically because he's a security researcher. He's on the FBI's radar (so to speak) for things like this Fox News interview.

I suggest we all start joke tweeting along these lines,  from the airplanes, like:

DFW->SFO. Playing with airplane wifi. I Continue reading

VCDX-NV Interview: Ron Flax On The Importance Of Network Virtualization

Ron Flax is the Vice President of August Schell, a reseller of VMware products and IT services company that specializes in delivering services to commercial accounts and the federal government, particularly intelligence and U.S. Department of Defense. RonFlaxRon is a VCDX-NV certified network virtualization professional and a VMware vExpert. We spoke with Ron about network virtualization and the NSX career path.

***

The most exciting thing about network virtualization, I think, is the transformative nature of this technology. Networks have been built the same way for the last 20 to 25 years. Nothing has really changed. A lot of new features have been built, a lot of different technologies have come around networks, but the fundamental nature of how networks are built has not changed. But VMware NSX, because it’s a software-based product, has completely altered everything. It enables a much more agile approach to networks: the ability to automate the stand-up and tear-down of networks; the ability to produce firewalling literally at the virtual network interface. And because things are done at software speed, you can now make changes to the features and functions of networking products at software speed. You no longer have to deal with Continue reading

Masscanning for MS15-034

So Microsoft has an important web-server bug, so naturally I'd like to scan the Internet for it. I'm running the scan now, but I'm not sure it's going to give any useful results.

The bug comes from adding the following header to a web request like the following
Range: bytes=0-18446744073709551615
As you can see, it's just a standard (64-bit) integer overflow, where 18446744073709551615 equals -1.

That specific header is harmless, it appears that other variations are the ones that may cause a problem. However, it serves as a useful check to see if the server is patched. If the server is unpatched, it'll return the following error:
HTTP/1.1 416 Requested Range Not Satisfiable
From the PoC's say, a response that looks like the following means that it is patched:
The request has an invalid header name
However, when I run the scan across the Internet, I'm getting the following sorts of responses from servers claiming to be IIS:

HTTP/1.1 200 OK
HTTP/1.1 206 Partial Content
HTTP/1.1 301 Moved Permanently
HTTP/1.1 302 Object moved
HTTP/1.1 302 Found
HTTP/1.1 302 Redirect
HTTP/1.1 401 Unauthorized
HTTP/1.1 403 Forbidden
HTTP/1.1 404 Object Not Found
Continue reading
1 170 171 172 173 174 182