Friday, December 30, 2016

GRE Tunnels vs IPsec Tunnels

I feel like there's always been a bit of confusion when it comes to GRE and IPsec tunnels. Questions like when to use them and which was more secure are brought up frequently. Hopefully this article clears up any confusion on the differences between these two frequently used tunneling methods.

Wednesday, December 28, 2016

Vetting Out Cloud Apps Like A Pro

Putting your data in the cloud isn't an excuse to be lazy about security. The cloud makes things flexible, but it doesn't mean you skimp on security. When moving systems, applications or data into the cloud we still need to perform our due diligence to protect our assets.

Here's an article I wrote describing a few methods to vet out cloud applications before it becomes a security afterthought.

Tuesday, December 27, 2016

Establishing A Data Protection Committe

Data security and privacy are major concerns now within enterprises and creating a data protection committee is a way to establish responsibility, strategic direction and member buy-in throughout the organization. Developing a data protection committee and brining in members from deep within the company will assist with getting insight into security concerns you might have initially overlooked.

Here's an article I wrote for CloudPassage describing the creation of a data protection committee in greater detail. 

Friday, December 23, 2016

What is fuzzing and why do I need it?

Fuzzing is my new favorite word and not just because it's fun to say! Fuzzing is a method used in software testing that allows for automated, or manual, techniques to input invalid, random and unexpected data in a program to see if it can generate errors. These errors can be either functional or security related and using fuzzing techniques helps develop code that's more stable and secure.

Microsoft is taking these techniques and putting them in the cloud with their "Project Springfield" initiative. Here's an article I wrote about fuzzing, Project Springfield and why you need it.

Thursday, December 22, 2016

Post Exploit Visibility

Great article from Efflux Systems discussing post-exploitation, eliminating blind spots and improving security operations via correlation and automation. There's been a lot of talk about this subject lately and they bring a good perspective to the conversation.

It's worth a read!

Wednesday, December 21, 2016

Open Season - Building Syria's Surveillance State - Privacy International

Once again, here's some great work done by "Privacy International" revealing the Syrian governments repressive surveillance state. The report dives into how they perform surveillance, the middlemen involved and how the Assad regime has used technology as a weapon against their own people.

As the report mentions, "The lead up to the Arab Spring was open season for surveillance companies - they provided technologies to eager government clients widely know to be publicly engaged in repression." Seeing the tragedy of Aleppo unfold in the media, it's hard to believe how these surveillance companies sleep at night.

Take a look at the report here: https://privacyinternational.org/sites/default/files/OpenSeason.pdf

A Look Back at 2016

Here's an article I contributed to for Tripwire tying up the some of the biggest items of the year. Lots of other really good contributors on here too.

Thursday, December 15, 2016

Petitions to Pardon Snowden - Sign here today!

Please sign the following petitions (here and here) and let President Obama know Edward Snowden deserves clemency for his patriotic acts.

I am writing to ask you to use your presidential authority to pardon Edward Snowden, an American whistleblower who acted on the conviction that the public had a right and need to know about a global mass surveillance system that exceeded the limits of the Constitution. 

Snowden’s actions, and the Pulitzer Prize-winning reporting that followed, set in motion the most important debate about government surveillance in decades, and brought about reforms that continue to benefit our security and democracy. 

Last year, Congress reined in the government’s surveillance authority for the first time in nearly four decades, after a federal appeals court struck down as illegal the NSA’s mass call-tracking program. A blue-ribbon commission you convened recommended 46 sweeping changes to our surveillance and security practices. And technology companies around the world have been newly invigorated to protect their customers and strengthen our communications infrastructure.

None of these reforms would have occurred without Snowden’s actions. Former Attorney General Eric Holder believes that Snowden “performed a public service by raising the debate that we engaged in and by the changes that we made.” You have also expressed confidence that the debate about surveillance and democracy he helped launch “will make us stronger.” 

Snowden should not be threatened with serious felony convictions and prolonged confinement under World War One-era laws that treat him like a spy who sold secrets for profit. 

Winston Churchill once wrote, “Men occasionally stumble over the truth, but most of them pick themselves up and hurry off as if nothing ever happened.” Not so with Edward Snowden.

It is clear that America’s democracy has benefited from Snowden’s actions, and I am confident he will be remembered as a whistleblower and patriot. I urge you to use the powers granted to you under Article II, Section 2 of the U.S.Constitution to pardon Edward Snowden.

Friday, December 9, 2016

Into the Abyss - What is Upstream Surveillance?

This is infographic made by the ACLU on "Upstream Surveillance". You can read the article in it's entirety here.

Wednesday, December 7, 2016

CLDAP DDoS Amplification is a Thing

Just about any protocol, if not protected properly, can be abused my attackers. We've see this recently with CLDAP being used in DDoS amplification attacks across the internet. In this article, I explain what DDoS amplification is and why leaving unneeded services on the internet provides attackers ammunition to quickly launch attacks against their victims. With any amplification DDoS, attackers rely on insecure, misconfigurationed or unpatched systems sitting on the public internet to be used as a weapon in their assault. At this point, our negligence in using technology properly (patching and configuration) becomes an enabler for attackers looking to abuse them for their own gain.

Monday, December 5, 2016

What happens after a malicious link is clicked?

Most security teams are focused on how to stop people from clicking malicious links, which they should be, but I don't see enough thought on what should be done after a link has been clicked. Yes, we need to spend time implementing tools that will help prevent "click happy" people, but we also need to prepare for the inevitable. Seriously, it's going to happen and it won't stop anytime soon.

So, in this article I wrote for SearchSecurity I go over a few areas we should be thinking about after a malicious link has been clicked. I think it's equally important to know how to react to these situations as it is implementing technology that will prevent it. It's a big deal.