OED tools: Chocolatey

The problem Install software on Windows and keep it updated is a boring and repetitive task. Linux and BSD/OSX users can install software from packages and keep it updated with a simple apt-get update;apt-get upgrade command. Wouldn’t it be great to have the same feature on Windows? The automation Chocolatey is a package manager for […]

Lenovo Thinkpad T420: Another excellent, inexpensive Linux laptop

For the past three years, I have been using a Lenovo Thinkpad T400 as my main platform for researching open-source network simulators and emulators. The T400 is an excellent, inexpensive computer that, even today, offers excellent value.

lenovo-thinkpad-t420-1

But, I need a computer that supports high-resolution external monitors so it must have a DisplayPort output. I also want to expand the number of VMs I can run concurrently with adequate performance so I need a processor that supports HyperThreading. I want to switch to the Ubuntu Linux distribution and the Ubuntu Unity desktop environment needs just a bit more processing power to run smoothly.

I recently purchased a used Lenovo Thinkpad T420 laptop, which offers everything I want and more. It is a five-year old product but it offers all the ports and performance I need. Because it is well past its depreciation curve, anyone can purchase a used T420 for a very low price. Read on to learn more about the Lenovo Thinkpad T420, another excellent and inexpensive Linux platform.

The Lenovo Thinkpad T420

The Lenovo Thinkpad T420 is a business-class notebook produced in 2011 that was leased in large volumes by companies for use by their employees. Now, Continue reading

11 tips for spotting insider threats

Security pros are constantly being warned about insider threats. We’re told our companies need next-generation software, integrated threat intelligence, and the ability to correlate massive amounts of event logs and context to arm ourselves against these threats.We’re told that these tools are necessary to block attacks and to recover from attacks, should they be successful. Unfortunately, when companies eventually figure out that they’ve been compromised, they also discover their systems had been compromised for an extended period of time.“Insider threats can include a combination of malicious insiders, compromised insiders, and careless insiders,” says Wade Williamson, director of product marketing at Vectra Networks. “You will need clear visibility for identifying all of these threats, but they will differ in behavior and how security will be able to detect them.”To read this article in full or to leave a comment, please click here(Insider Story)

Uncovering the Seven Pointed Dagger

The full report “Uncovering the Seven Pointed Dagger: Discovery of the Trochilus RAT and Other Targeted Threats” can be downloaded here. Threat actors with strategic interest in the affairs of other governments and civil society organizations have been launching targeted exploitation campaigns for years. Typically, these campaigns leverage spear phishing as the delivery vector and often […]

Uncovering the Seven Pointed Dagger

The full report “Uncovering the Seven Pointed Dagger: Discovery of the Trochilus RAT and Other Targeted Threats” can be downloaded here.

Threat actors with strategic interest in the affairs of other governments and civil society organizations have been launching targeted exploitation campaigns for years. Typically, these campaigns leverage spear phishing as the delivery vector and often include malicious attachments designed to bypass typical detection controls. In other cases, spear phish directs users to websites that would otherwise be trusted but actually have been compromised by threat actors seeking greater access to fulfill their actions and objectives.

In late 2015, ASERT began investigations into a Strategic Web Compromise (aka “Watering Hole”) involving websites operated by the government of Myanmar and associated with recent elections. All indicators suggest that the compromises were performed by an actor group known to collaborators at Cisco’s Talos Group as “Group 27”. These initial findings – focused around the PlugX malware – were released by ASERT in a report called “Defending the White Elephant.” Analysis of PlugX malware configuration suggested that Special Economic Zones (SEZs) in Myanmar were of interest.

Following the trail of emergent threat activity, ASERT has discovered a new Remote Access Trojan (RAT) in use Continue reading

REVIEW: MailScanner and ScrolloutF1 are standouts in open source email security

Email security is of paramount concern in any organization. A significant percentage of malware is delivered via email, on the premise that an unsuspecting user will open the message, allowing the malware payload onto the user’s machine. From there, malware can worm its way into the network and wreak various kinds of havoc, often undetected, sometimes for months or even years.It should then come as no surprise that a significant industry has grown up around the serious business of containing email threats. We decided to review four open source products to see if they could deliver enterprise-grade security. The four products were CipherMail, MailScanner Scrollout F1 and hMailServer.To read this article in full or to leave a comment, please click here(Insider Story)

Best open source email security products

Email securityEmail security is of paramount concern in any organization. A significant percentage of malware is delivered via email, on the premise that an unsuspecting user will open the message, allowing the malware payload onto the user’s machine. From there, malware can worm its way into the network and wreak various kinds of havoc, often undetected, sometimes for months or even years. We decided to review four open source products to see if they could deliver enterprise-grade security. The four products were CipherMail, MailScanner Scrollout F1 and hMailServer. Read the full review.To read this article in full or to leave a comment, please click here

NZ IPv6 & DNSSEC Update

A year ago I published a table of New Zealand ISP IPv6 support. At the time support was fairly poor. I’m pleased to report that things have gotten better over the last year. There has also been a very pleasing uptick in DNSSEC support.

IPv6 Changes

The big movers here are Trustpower & Orcon, who have both enabled IPv6 by default for their users. So now we have the two largest ISPs still only offering IPv4, but all of the next tier of ISPs are offering IPv6. New Zealand has a flexible ISP market, and almost all consumers can change provider quickly & easily. This means that IPv6 is effectively available for all who want it.

NZ-IPV6

New Zealand IPv6 Availability – Click image to see APNIC data

The numbers are still small, but we can see a move upwards towards the end of the year when Orcon & Trustpower enabled IPv6. Many legacy home routers have IPv6 disabled, but as these get replaced/reconfigured, I expect to see a steady increase in IPv6 uptake across those ISPs.

The two market leaders – Spark & Vodafone still only offer broken promises. In 2014 Vodafone implied it was not far away: “I can Continue reading

The Sad State of Enterprise Networking

John wrote an optimistic comment to my fashionable designs rant:

Nobody in their right mind does "fashionable" things when dealing with infrastructures that are required to be solid, dependable and robust.

Unfortunately many enterprises aren’t that prudent – the last Expert Express engagement I had in 2015 was yet another customer who lost two major data centers due to a bridging loop spilling over a stretched VLAN infrastructure.

Read more ...

BASH Script for Dictionary Attack Against SSH Server

Although they are several dictionary password attack tools available for Linux such as Hydra, Ncrack, I have decided to practice BASH scripting and write a script getsshpass.sh that can perform dictionary attack against SSH server. The script reads usernames and passwords from dictionaries (the one for usernames and the one for passwords) and uses them one-by-one during its login attempt to remote SSH server. Once correct username and password are found, the script save them to the file result.txt and displays them on the desktop. Then it exits.

The script can be started either in a serial mode that opens only single SSH session to SSH server or in a parallel mode which allows multipe SSH sessions to be opened at the same time. Below are parameters of the script.

Picture1-Script_Parameters

Picture 1 - Script Parameters

All parameters are self-explanatory. If a parameter -l is not entered the script is started in a default serial mode. In case of parallel mode is used (-l parameter) it is recommended to use -l parameter together with -n parameter. The -n parameter slows down generating SSH sessions by inserting fixed number of seconds before a new SSH session is generated. This helps the attack to be successful. According to my findings during Continue reading

Upcoming VMUG Events

I’m extremely honored to have the opportunity to help support VMware User Group (VMUG) meetings all over the world. I will be speaking at a few upcoming events; if you’re going to be at one of these events, I’d love to meet you, say hi, and chat for a bit. Here are the details.

Tuesday, February 23, 2016 I’m really excited to be back in Sydney again for an opportunity to speak at the Sydney VMUG UserCon (see the event page for full details).

Thursday, February 25, 2016 Two days after the Sydney event I’ll be in Melbourne to help support the Melbourne VMUG UserCon. (More details here.)

First week in March 2016 The dates for these events are still being finalized (I’ll update this post when I have more details), but I’ll be in South Africa for a series of VMUG events there as well (Johannesburg, Durban, and Cape Town). This will be my first time in South Africa, and I’m really looking forward to meeting and talking with customers there.

Aside from these VMUG events, if you’re in one of these regions, are a current (or potential) customer of VMware, and you’d like to meet to talk Continue reading

Malware alone didn’t cause Ukraine power station outage

A new study of a cyberattack last month against Ukrainian power companies suggests malware didn't directly cause the outages that affected at least 80,000 customers.Instead, the malware provided a foothold for key access to networks that allowed the hackers to then open circuit breakers that cut power, according to information published Saturday by the SANS Industrial Control Systems (ICS) team.Experts have warned for years that industrial control systems used by utilities are vulnerable to cyberattacks. The Dec. 23 attacks in Ukraine are the most prominent example yet of those fears coming to fruition.To read this article in full or to leave a comment, please click here

Gamer blames Nvidia GPU driver bug for showing porn viewed via Chrome incognito mode

Imagine launching a game on your PC and the black loading screen instead shows the porn you had been viewing hours ago via Google’s incognito browser mode. That’s exactly what happened to Evan Andersen, according to his blog post detailing how an Nvidia GPU driver bug breaks Chrome incognito.Andersen said the porn he’d viewed hours previously had been “perfectly preserved” and was “splashed on the screen” while Diablo III was loading. He added: So how did this happen? A bug in Nvidia's GPU drivers. GPU memory is not erased before giving it to an application. This allows the contents of one application to leak into another. When the Chrome incognito window was closed, it’s framebuffer was added to the pool of free GPU memory, but it was not erased. When Diablo requested a framebuffer of its own, Nvidia offered up the one previously used by Chrome. Since it wasn't erased, it still contained the previous contents. Since Diablo doesn't clear the buffer itself (as it should), the old incognito window was put on the screen again.To read this article in full or to leave a comment, please click here

Uptime Funk – Best Sysadmin Parody Video Ever!

 

This is so good! Perfect for your Monday morning jam.

 

Uptime Funk is a music video (parody of Uptown Funk) from SUSECon 2015 in Amsterdam.

 

My favorite: 
I'm all green (hot patch)
Called a Penguin and Chameleon
I'm all green (hot patch)
Call Torvalds and Kroah-Hartman
It’s too hot (hot patch)
Yo, say my name you know who I am
It’s too hot (hot patch)
I ain't no simple code monkey
Nuthin's down
1 2,961 2,962 2,963 2,964 2,965 3,612