Silicon Shecky

IT News, Reviews and Thoughts

Connect

2.5 weeks out

By Leave a Comment

Certs in our industry are a funny thing. In fact, You mention OSCP or a SANS cert, and I rarely hear a bad word. On the other hand you hear CISSP, CEH, Security +, and may others and you get mixed reviews. Never mind that sometimes the job wants you to get one of these “paper” or “not worth the time” type certifications. There are reasons, and yes, while one could hack their way into getting one of these certs without having actual experience (even with the 5 year requirement for the CISSP), the upper levels of management in many companies, and HR in a lot of companies want to see some of these certs.

I go off on this because I just set up a date to take my CISSP cert. I know a bunch of infosec people, and many of them have told me not to do it, until they hear it is part of my bonus objectives for the year, and then it is, “Well I guess that is a good reason to.” Personally, I am nervous as all getup about it. I haven’t taken an exam in many years, and haven’t passed one in almost 10 years. Reality is that means I have not been good at taking exams, or memorization. Heck, we have google, duckduckgo, and other search engines, books in paper and digital format, and social media to ask questions and get answers from in real time. I’m getting older and the memory is not always what it once was. The fact that some of them feel my skills are well beyond this exam means a lot, but still it is something to toss out there. Something to get me a better raise, force more money maybe, but really it might shut some people up that I do not know what I am talking about. Mind you those people are not in the infosec world, and in a bunch of cases not in the IT field at all.

A self made man is what I am. I have learned from others and from books. I have experimented on my own equipment. I have no degree from a college. I know what I know and I don’t know so much more it is amazing. So much to learn. So why get down on a simple cert, that if you actually study for it, someone can learn something? I mean, isn’t that one of the things that makes infosec great, the constant learning?

This week and some thoughts on Kaspersky

By Leave a Comment

Interesting week this week for me. I uploaded a few new Powershell Scripts to my Github, mind you that while changing telephone numbers or unchecking an attribute box in AD is not sexy security, these scripts do show how to do some manipulation. The Attribute box for “Deny this user permission to Remote Desktop Session host server,” is the more interesting one due to Powershell having to manipulate the object using LDAP instead if normal AD commands. This is due to that attribute as part of the normal AD schema being buried in a single attribute that covers a bunch of odds and ends, and tough to manipulate otherwise. The idea of manipulating AD through LDAP does leave questions open to LDAP bugs being exploitable through Powershell, and how easy that could be. Also it means you have to make sure that some sort of LDAP logging is on, as some of the smaller attributes might not have changes logged by AD into the Windows Event Logs. I am going to investigate further into that.

One of the big things going on in our world is the whole Kaspersky debacle. So much information and/or misinformation has been floating around, that it really feels to me like a lot of this is PR posturing by the U.S. Government. What I want to point out is a few things.

  1. The data that was found using Kaspersky was not on a government machine. This was another Contractor that took classified materials out of the NSA and back to his house. This is important as we do not know the motives of this contractor. Yes I am going to go a little tin foil hat here, but what if it was a setup? What if said contractor intended for the data to get swiped from his home machine. I am not saying this is the case, but it is a possibility.
  2. The source of proving the Russians used Kaspersky to do this ex-filtration was Israel. More specifically Israeli hackers who had hacked into Kaspersky’s network. Think about that. If the Israelis hacked into Kaspersky’s network, why must Kaspersky have worked intentionally with the Russian government? Now Kaspersky being hacked is a black eye on the company, but we all know that there is no perfect security and anything can be hacked.
  3. Vendors work with Governments. Period. NSA had RSA put in a backdoor into its encryption. McAfee and Symantec have at times worked with the U.S. Government. It is a fact of life.
  4. Reuters reported that German intelligence found no evidence of Kaspersky software used for hacking. Now we start getting back into a he said/she said about what has happened.
  5. With all the cloud systems out there, this same hack is possible to do using Symantec, McAfee or any other AV vendor.

Now I am not saying that there are not issues, trust issues that Kaspersky has to work through, but this is the good ol’ U.S.A. here. We forgive Target, Home Depot, soon, Equifax, and all these other breaches of our own personal data. Keeping Kaspersky off Government machines I can understand, but it is still one of the top AV vendors and I will continue to recommend their software for home users until I see better proof not to. Remember in this day and age, it is all about who you want to have the data, and in the end it is probably everyone who does have it.

Time changes things

By Leave a Comment

The title says it all, time changes things. Communities change, adjust, split and reform. Your perspective changes as you wind up with more filters from more experiences. With all that has been going on in the infosec world, I think a non-technical article, a look at how things can and do change is relevant. All that follows is my opinions based on my observations.

There is a powder keg slowly exploding across the infosec community. Harassment, fragmentation, bullying, making fun of, changes to the way people view us and how we view ourselves. The infosec community has grown a lot over the years. Just take a look at not only attendance numbers for Defcon, Shmoocon, Derbycon and the other conferences out there, but look at how many conferences have come into being. As information security has become more relevant, the amount of people in it have increased. the first generation has given way to the second and third generation. Natural progression changes ones point of view. Adapt or become irrelevant.

I am not a Jack Daniel or Jeff Man, I do not have the honor of being well known or respected. Even with my age, I am not sure which generation of professionals I would fall into, but I love what I do, and have been impressed with the portion of the infosec community that I know. I have noticed a lot of issues with the community at large though. These issues have been growing over time, and I see it through various places, Twitter, Podcasts, meetups, and conferences. I am judging, because no matter what, that is what we all do. We cannot stop judging, that is what an opinion is, a judgement. I do what I can to stay neutral, to try and understand both sides, but it is hard. Now, lets start by looking at something that seems not related.

Ever look at a children in different stages of their life? If you can, go and watch a 0-2 year old for a while. It is even better if you can watch the same one every couple of months as they age. Watcher their wonderment, how open they are to things. How curious they are about everything, and how non-judgemental they tend to be. Race, gender, none of it matters to them. The try and learn, experimenting for the way to get something done. Sort of like the young person just getting into hacking/information security.

As that child grows, between nature and nurture, their world expands and their view on the world shrinks. Experiences, how others look at things around them, and what they are taught take hold. The wonderment disappears. Judgements become more serious. Friendships are formed and disappear, sometimes for good reasons, sometimes not. They integrate into society, after all we are communal creatures. The more information they have the more filters are put into their head about things until perspectives seem to become natural to them. Some see things and they want to change them for the better. Others want to maintain the status quo. Society itself changes around them. What was once acceptable might not be anymore. They are stuck though trying to change what has become their nature, or they go the way of, accept me as I am warts and all. This does not excuse them, but is just a fact. They tend to group with people who are more accepting of them, and put up defense mechanisms to keep their ego somewhat safe. It is part of being a person. It takes work to break that.

That sums up the basic idea of change over the years for a person, but how does this relate to the infosec community? Lets look at those last couple of lines though. We tend to group with those who are like minded.

I have and am in many different communities. some larger than others, some no longer exist or have changed a lot over the years and are not what they once were. All of them have fractured or become cliquish. An example is the local theatre community I am part of. The theatre I do most of my work with right now has its factions. The membership is small, but it has its cliques. People who are like minded gravitate toward each other. We still all work together to make some cool productions happen. We try to bring in new people to add onto our community and ensure the survival of it, but in the end not everyone agrees with each other, and not everyone likes each other. Still the group has continued on for 57 years, even with this splintering, the cliques that have formed and the disagreements that have been had. The larger community in the metro area looks at each theatre as its own clique. Some are harder to get into than others, some don’t like outsiders. This is what happens as groups increase in size. It does not mean the whole community cannot come together, for instance in helping raise money for relief in Puerto Rico, but it does mean cliques. They have always existed in our community, read team, blue team, dev, ops, noobs, kiddies and more. It take effort to overcome these stigmas, and some, maybe more that I realize, will float between groups. The more specialized we become the more tendency to be part of a smaller group of the whole.

Then there are the other issues that divide us. Harassment is the largest of them. I don’t have an answer for that. Some people are just going to harass others. The larger the group, the more chance there is for harassment. All we can do is report and try to stop it. Harassment I honestly feel comes from inferior feelings or wanting to be the center of attention. Some of it might just be trolling. The long term effect though scares people away from not only community events, but the field all together.

Speaking of the need to be superior, people get picked on for going for different certs. The CISSP is looked down upon by a lot of the community, yet it is something that does help in the long run, if for no other reason than it gets you past the HR guardians when job searching. SANS is one of the gold standards, but a new person, unless they have saved a decent amount of money, is not going to be able to afford that sort of training. We pick on people who were at companies that have been breached. We don’t know the full story, but we rip the hell out of these people. We are all jaded by our own experiences, our own perceptions and are all socially engineered by the masses constantly. Social Media is a wonderful tool, but like any tool it has up and downsides.

The best way that I can think of to help overcome some of these issues is to talk about them. Straight up, respectfully talk about them. That means listening and trying to understand what the opposite view is, even when the opposite view is obviously wrong. We have to get out of the habit of just flaming at each other. We have to get back into the habit of being in wonder and curious of the world around us. Most importantly, we have to realize that not only are we wrong at times, but being wrong or making mistakes is the way we learn. Passing on our knowledge is the way we survive, and just like we have to do with the technological aspect of infosec, we have to constantly adapt and learn from the changing social world around us, or we are going to be irrelevant.