Reading for 10/2/14

The day started with today’s SANS ISC StormCast.

WSUS Reporting with Powershell & WSUS automatic E-mail reports HOWTO – I’m attempting to automate my daily processes, so getting an email from WSUS telling me who needs patches is great.  Now to find the time to set it up!

Back to my post yesterday to get the VMWare link, then to the latest bash related update.  Looks like a vast increase in the vSphere related products affected.

Are Docker Containers Essential To PaaS? – A quick scan of this got me wondering what Docker is…so I looked it up.  This sounds like a very cool and scalable way to build many apps, but I’m not an appdev.  Wonder if it would work to build a distributed IDS? 🙂

Elijah Wood’s New Movie Is a Prophetic Thriller About Celebrity Hacking – We talked about the creeper factor yesterday.  Well…Frodo helps kick this up a notch.  Looks like a ok movie.

Cyber Spy High: Meet the NSA’s Hacker Recruiter – Skimmed this…I wonder if all the Snowden leaks help or hurt recruitment.  I mean – how cool would it have been to help build some of the NSA tech.  That is…if you don’t think of the ethical ramifications.

Online Router Forensics Lab – This is freaken sweet.  A tool to tear apart a Cisco IOS device and learn all of it’s dirty secrets.  I will definitely be checking out the online lab, and possibly download the framework to give it a real spin.  Decided to pop the /dev/random blog into my feedly account and see what he turns out.

The Security Setup – Security researchers talking about their current hardware setups, and their dream setups.  Going back later for more, the maybe a new budget request. 🙂

Lantopolog – Checking out this switch mapper, hopefully it’s user friendly because it’s dirt cheap.

How to set up a silent install of QuickTime through a batch script – Take a wild guess why I read this.

That’s the majority of it today – I haven’t even started through feedly yet.

Update: How to build a $10 passive network tap – Needed this for my home Suricata setup I plan soon.  Just need to find a hub somewhere now.

Things I read today…

I know the title is rather boring, maybe I will think of something more exciting later.  I thought it might be worthwhile to share what I read in regards to information security today, and more importantly why.  We infosec professionals read so many blogs, newspapers, and articles today that I’m surprised we read anything for pleasure.  Hopefully this helps someone, or at least gives me a reference back to something cool I read later on.

FYI – I prefer feedly for my RSS reader, since it syncs to so many different devices.  I love the site’s layout as well, and both the Android and iOS apps are awesome.

I listen to the ISC StormCast by Johannes Ullrich of SANS ISC daily – if you don’t, you really should.  He touches on a lot of important information daily, and you will always hear something relevant or interesting.

The latest SANS OUCH! Newsletter is out and covers the five key steps to basic cybersecurity for the end user.  I recommend you read it and pass it on to your users – even if you have to pare it down a bit for them.

Dynamoo’s Blog – read a few of the “Something evil” posts, which I find useful to test and see if we are already blocking the junk he’s found.  Most of the time we are, but there are always times we aren’t.  I also read his NATO phonetic alphabet guide just for fun.

Adobe Flash copyPixelsToByteArray() Heap Overflow – I can’t remember if this is the current Flash version or not at the moment, thanks to the fact I have to change all my work passwords as of last night. grr

Outlook Web App (OWA) / Client Access Server (CAS) IIS HTTP Internal IP Disclosure – A possible “oh sh!t” if this is something that affects even patches Exchange servers.  Time to investigate!

FBI to open Malware Investigator portal to security researchers – more yesterday’s news but still wicked cool considering the implications.  Mr. Ullrich mentioned during this morning’s podcast he might require you to be a member of InfraGuard, but even still this will make malware analysis far more commonplace.  How often do you simply wipe and rebuild an infected machine without checking the malware out first?  You do wipe/rebuild infected machines…right?  I’ll be investigating this myself more soon, and I’m thinking about experimenting more with learning about malware analysis and forensic imaging techniques.

DDoS down globally, on increase in Americas in Q2, report says – I haven’t yet read the whole Akamai report, but this is somewhat promising news on the surface.  Sounds like high-level app attacks are down but attacks against basic layer 1-4 services are on the rise.  This is likely due to how friggen simple they are to attack.  The Prolexic Quarterly Attack Report site requires you to sign up, but I think I will just to see if this is worth reading.

Considering Linux? 10 Common Questions Answered – Pulled the tldr skim, but looks like a worthwhile read if you are actually considering Ubuntu for your desktop.  I personally don’t think it’s there for the average user, but I haven’t really used it for anything other than infosec stuff recently.

The Best Apps that Integrate with iOS 8’s Healthkit – FYI – even your iPhone 5’s are keeping a creepy stalker eye on your habits now, like how many steps did you take today.  While I do consider the on-by-default tracker an invasion of my privacy, it might be outweighed by the benefits of actually using it to improve your health.  YOLO, so being healthy is a good idea.

How to Effectively Work for a Manager You Never See – Not really infosec related, however my supervisors live three hours away from me.  We do see each other physically a few times a month, however this is still a good read for anyone who works remotely.

Google Calendar Door Sign – Again, not really infosec related, but a very cool project which could be adapted for many things.  I have three screens in front of me daily, but it would be nice to have a ‘HUD’ type setup allowing me to see some infosec metrics, or even my upcoming events.  Sent to the ‘wish project if I had time’ file.

Microsoft takes the wraps off Windows 10 — No, seriously – No much indepth coverage in the article, but there is a video I didn’t watch.  The big news sounds like Microsoft just took Windows 8.1, jacked in a regular Start menu and polished it up a bit more.  Seriously???  Ugh, and I thought I’d never jump ship from Windows until Windows 8 came out.  This is making me think a lot harder about that.

KB3001554 appeared in my WSUS server this morning – basic DVD playback patch, no reboot required.

And just because it made me laugh:

Thanks FailBlog!