February 20, 2010 | Posted by Dave Earlier this week I hosted a webinar entitled “Inside the Mind of a Hacker”. During this hour long broadcast we discussed; How a Hacker thinks, What are a Hackers goal, and the tools of a Hacker. We concluded the Webinar with a demo of a Trojan.
The webinar can be found on Parameter’s website or by Click Here.
Categories: Original, Viruses, compliance | 
Tags: chronister, trojans, webinar | 
No Comments »
November 12, 2009 | Posted by Dave I apologize for delays in new post, business has been well keeping me busy. 2010 I hope to update more regularly. Until here is an article I wrote for security magazine in 2008. I hope you enjoy.
by Dave Chronister
April 1, 2008
Technology’s ever-growing importance is a mixed blessing.
On one hand, it keeps me employed, but many times I will find myself talking about “new threats” that aren’t really new, they are just finally coming to the public’s attention.
The issue “de jour” is identity theft, and, according to the general public, this never happened until the TJ Maxx break in. Am I the only one who watched Sandra Bullock in “The Net?” Granted this movie was a little far-fetched — I mean, come on, ordering a pizza online? But there we were in the mid-1990s watching a movie about a recluse woman whose identity was stolen in order to cover up a major conspiracy. Now, 13 years later, we live in a world where it seems the only data leak to worry about is consumer information.
Doesn’t a company with revolutionary ideas worry about corporate espionage and loss of trade secrets? Shouldn’t a publicly traded company need to ensure its financials are not released prematurely?
In reality, security professionals have to deal with data of different levels of security, much of which is unknown to even them. So while the rest of the world is focused on the little old ladies’ Social Security numbers, let’s look at the best strategies on keeping our sensitive information in our castle’s keep and maybe even use the identity theft hysteria to our advantage.
The decentralization of a company’s data stores and multiple facets of data retrieval have rendered the security strategy of building a bigger outside wall obsolete. A silver-bullet solution will eventually become an Achilles’ tendon. Instead, you want to go for layers, defense in depth. Structure your security solutions to identify threats, guard against automated scans, and slow down and report possible intrusions. In the event of a successful attack, ensure containment and, if possible, identify the offenders of the data loss.
Let’s take a look at a few weapons that you may want to put in your arsenal.
First, there are network traffic analyzers — and we are not talking about your network administrator’s wire shark system. These analyzers will examine the content and determine if sensitive data may have been sent out to unauthorized recipients. Many traffic analyzers will even determine if information is being sent to correct destinations but over incorrect channels, say instant messaging or IM, or to the public network unencrypted.
The obvious concern with this technology would be the potential bottleneck that you would face even on a small network. Global Velocity, one of the newer companies in this realm, is about to release a hardware-based content analyzer that it claims can process 10gbps. The potential is a godsend, but it isn’t without limitations. It can only analyze clear text. Someone sending out binaries, say screen prints, or encrypted traffic, such as a virtual private network or VPN stream, would not be analyzed. It also only handles traffic heading out of your network to other networks either public or private.
This doesn’t address other avenues of “data escape,” such as mobile devices and USB keys. There are multiple solutions to this problem, from physical USB locks to software solutions, such as Devicewall’s Centennial, which can block various types of USB devices, such as MP3 players or PDAs, and provide a complete audit trail. Microsoft shops could even use network policies to lock USB ports.
Speaking of policies, let’s take a quick look at your greatest weapon and your worst enemy: The User.
Sometimes it may seem a better idea to give flamethrowers to your local Cub Scout troop than to depend on John Q. User to ensure the integrity of your data. No matter how much you secure your sensitive data, the simple fact is your employee will be retrieving and writing this data on a daily basis. You need to ensure your security awareness program prepares them to handle the various aspects of social engineering as well as prevent accidental data leaks. After all, hackers are targeting the secretaries, not the Certified Information Systems Security Professionals or CISSPs. Computer-based training and posters should be part of your program, not the entire program.
Finally, getting upper management’s buy-in to the cost of data protection in money and manhours can be a daunting task. The horror stories of other data breeches as well as the projected cost to a business for identity theft can be used as a case study during your presentation. If that doesn’t work, maybe you can bust out your VCR and hope Bullock’s stellar performance in “The Net” does.
http://www.securitymagazine.com/Articles/Feature_Article/BNP_GUID_9-5-2006_A_10000000000000298345
Categories: Best Practices, Original, compliance | Tags: business professionals, cyber security, identity theft, security awareness training | 1 Comment »
May 19, 2009 | Posted by Dave Over the past few days I have seen a few of these new PC/Mac guys commericals. While I am not a big fan of Apple (that is a discussion for another day) I do think these commercials are pretty funny. These newest commercials have had some statements that made me stop and listen. Cut to a woman looking for a PC (Yes windows/linux/macs are all PCs). She says “I want a computer that doesn’t get viruses” and all of the “PC Guys” walk away.
What?? I know I didn’t see that correctly. Did Apple say they do not get viruses?? So I went back on my TiVo. Yup that was exactly what they said. A couple of commercial breaks later another Mac ad comes on and again they say they are not vulnerable to viruses. You have got to be kidding me… What ever happened to truth in advertising. Obviously people don’t believe this.. So I posted on my facebook status “I just saw an ad claiming Macintoshes don’t get viruses, and I laughed my butt off. Do people really believe this??” Within one of my friends replied and the follow facebook conversation ensued..
Friend: You’re the expert, but I’ve had a Mac (a few different obviously) since I was 17. I’ve never once had a virus. Most people I know on PC’s have them constantly. Just sayin’.
Dave: And did you have a virus scanner installed?
Friend: No. But zero performance issues. Pc people amuse me though this is entertaining to me.
Dave: So… Let me get this straight.. No Virus detector, and you know you never had a virus??? Sooooooo…. Yeah….. Need I say more?? 
About this time I was getting a bit annoyed about this. This guy says he has never had a virus, but has never run a scan. He knows because he has not had any performance issues. And HE IS ENTERTAINED BY PC PEOPLE??!?!? So I added the following
Dave: Besides been rockin the Ubuntu lately.. I still run at least ClamAV on it
Around this time another friend of mine chimes in (and this is one of my old BBS friends, a big linux guy)
Friend #2: people write linux viruses? since when?
Well I guess beliefs like this will keep me employed…
Meet OSX/Leap-A, this little worm is the first virus discovered for Mac OS X. It was discovered back in early 2006. Since then many Trojans, worms, OS specific vulnerabilities and other nasty mal-ware have been discovered. The folks over Securemac are doing a great job at keeping everyone up to date. In fact it may be a good idea if Apple would have their advertising group look at their entry from 12/2008
12.02.2008 News
Apple has officially acknowledged that Mac users should use anti-virus solutions in this technical note. As their market share continues to grow, so do the threats to the users.
Related Articles:
Washington Post: Apple: Mac Users Should Get Antivirus Software
The Tech Herald: Apple Encourages Anti-Virus Protection
CNet: Apple suggests Mac users install antivirus software
Apple Insider: Apple encourages Anti-Virus Software
Again, where is the truth in advertising.
For my Linux friends, yes Linux and Unix have Mal-Ware also. Here is an old list from 2005.
If you are going to spend the time to build a virus, you will probably want to do the most damage. Windows machines out number Macintoshes 10 to 1. Simple math, more machines, more dangers. However we are seeing a growth in Mac malware. While Apple says this is due to an increase in Mac growth, I would tend to believe it is due to the lax security practices of the average Mac user.
Anti-virus is an insurance policy, better to have it and not ever need it than to wish you had it when infected. Make sure the software looks for virus, worms, and Trojans. Securemac would be a good resource to find the best solution for you.
Bonus -
Hats off to fellow St. Louisian Charlie Miller for hacking a MacBook Air in less than 2 minutes. You can read about it at Infoworld
Categories: Best Practices, Original, Viruses | Tags: cyber threats, Dave Original, laptop, linux, Macintosh, virus | 8 Comments »
