Jason A Lindsley

These aren’t showing up as hyperlinks to me (ust plain text). Can you please confirm that we should be installing Windows 10 on VMWare Workstation 12 or VMWare Workstation 14?

I saw in the other thread that we are not going to be using Windows 7. Do the same instructions apply for windows, update Cygwin, Windows_LinkedPS_Scripts, and…[Read more]

Nice post Mustafa – Has anyone ever tried one of the Mirai scanners that are available such as this one?

https://www.incapsula.com/mirai-scanner/

The scanner checks ports 22(ssh)/23(telnet) to see if it can connect to any IoT devices. I gave this a try, but it did not scan successfully. I got the message “a device being scanned is infected…[Read more]

Hi Vince,
What a thorough post! Nice work.

I think the key in why it is referred to a “privilege escalation” exploit is because of this statement you made: “This will replace/overwrite the existing sudo (root) line of text with a new line containing your user name added to the sudo group.” Since you are a non-root user and you were able to…[Read more]

Our organization is also currently heavily focused on vulnerability and patch management right now. The traditional model requires periodic scans and typically manually patching servers that have the highest vulnerabilities. We are shifting to automated patching capabilities that will be used to patch systems uniformly and in an expedited…[Read more]

Nice summary Vince. The article was very interesting and I especially liked the commentary on how detrimental it was to the criminals that they released their source code.

I thought is was odd that Allison Nixon said “when you can ID them and attach behavior to the perpetrator, you realize there’s only a dozen people I need to care about a…[Read more]

Thanks Scott – this was super helpful because I came across the same error and I was struggling with the solution. I like how you articulated the change in Windows 10 and why we now had to use a different approach to generate a static text file to view the logs.I really appreciate the video demonstration.

Hi Fred,
Very interesting take on choosing IoT wisely. I have a Ring doorbell that we bought because solicitors are constantly coming to the door and I was concerned about family safety. I can’t choose to “unplug” this device, so I’ve accepted the risk that I have an IoT device that is always on.

I do periodically check the firmware of my…[Read more]

Glad to hear Mustafa! How did the scan go for you? I have not had a chance to restart all devices and re-run the scan. Does anyone else have any suggestions on scanning your network for devices that are subject to Mirai?

Wow. This is a concern. I wonder if Strava shares this information publicly by default or if the users turned on location sharing. I could see this as a very difficult problem to solve. I imagine it would be very difficult for the military track and monitor all potential mobile apps that track and share location data. Some possible…[Read more]

Thanks for sharing Mustafa. I used SnagIt because it was recommended in Wade’s class, but I had to purchase it. I like it because it allows you to create advanced screen shots with detailed annotations, perform screen recording, and perform video recording. The only thing I don’t like about it is that I cannot seem to edit the recordings in…[Read more]

Interesting stuff. I was recently discussing the Equifax breach with a colleague. A question came up regarding the risk of a system that had a SSN and account information, but did not actually contain the customers name or other identifiable information. Obviously this is restricted information regardless, but now the risk is much higher for…[Read more]

I mentioned in my other post, but I’ll reiterate here. I’m actually not very surprised that these devices are running Windows. Most ATMs were deployed many years ago and they are very expensive to replace or upgrade. At the time, a decision was probably made to use Windows based on user experience and functionality. I imagine financial…[Read more]

Great summary Frederic. I also found these benchmarks very useful and I was impressed with the level of detail and structure of these documents. I also think it’s great that they publish Cloud images for these main Cloud providers.

One of the greatest benefits of Cloud is to easily deploy hardened images. However, it’s essential that org…[Read more]

Vince,
Curious, what are you running Hyper-V on? I’m using VM Workstation on Windows 2016, but I’m curious about your hardware setup. Also, do Temple students have access to a free copy of Hyper-V?

Thanks for sharing Bilaal. I’ll bet this is one of the many reasons my work computer had so many updates pushed and installed over the past few weeks. I’ll need to check my personal devices to see if they are vulnerable.

Adobe Flash is like a zombie, but it looks like it will finally be sunset in 202…[Read more]

This article was disturbing to me as well Satwika. The article explained that the company eventually sent e-mails to the customers, but this was not an adequate response because many customers lost e-mail access based on the attack.

I also found it disturbing that Newtek also performs many other outsourced functions beyond domain hosting.…[Read more]

The article also mentions that updates were released for individuals running Adobe Reader or Acrobat that address at least 39 vulnerabilities. Typically these products are installed on workstations, but quite frequently in my career I’ve seen these products installed on servers and showing up on vulnerability scans. This is usually because a…[Read more]

I agree that machine learning technology is critical in identifying malicious activity on a network and stopping malware. This is a very saturated market right now and all security products are pushing to incorporate machine learning algorithms into their solutions.

It’s key to remember, however, that human action is still typically required…[Read more]

Wow, definitely seems like Nation State espionage due to the sophistication of the attack and the limited targets. According to the Ars Technica article – https://arstechnica.com/information-technology/2018/03/potent-malware-that-hid-for-six-years-spread-through-routers/ – it hid in routers for six years and infected about 100 machines.

That’s really cool Vince. Nice work summarizing these technical details in simple terminology.