Archive

Archive for the ‘Uncategorized’ Category

Security Matters: How To Protect Yourself Online

November 17, 2016 Leave a comment

The internet is a wide open space and, much like the real world, contains the greatest and the darkest of things. This blog will focus on the best browsing practices to protect yourself on the internet.

There are a thousand and one products out there that promise to keep you safe online, and they all work to varying extents, but the best protection is situational awareness and best practices. Much like you wouldn’t walk down a dark alley at midnight in the highest crime area of a city, you shouldn’t go wandering into the dark depths of the internet.

Be Safe On Social Media

Let’s start with best social media practices. It is best practice to not publicly post your information, but if you do, following these guidelines will help keep you safe:

  • Double check your privacy settings. Are you sharing more than you think?
  • Think before you post: Would you be embarrassed if this picture or post was viewed by your mother or your boss? If so, you probably shouldn’t post it.
  • If you are going to be leaving on vacation, don’t post this type of information publicly. Criminals have been known to search social media to find targets to burglarize.
  • Don’t “friend” strangers. Criminals have been known to friend people so they can view the information they post on social media. This information can help them steal accounts with easily guessed password-recovery questions.
  • Be guarded with the information you post. If you see a survey full of personal questions like your mother’s maiden name, first pet, first car, street you grew up on, first job, etc., don’t fill these out. These are all common questions used for password resets.
  • If you are doing online dating, pick a random handle, not one you use anyplace else – and not your real name. You should also not post pictures with identifiable places where you commonly hang out. The internet has its share of creeps and this information can help them find you, especially in smaller communities.
  • Talk to your kids about the safe use of social media. In this day and age it is important that they know how to stay safe online.

Avoid Downloads

Another big one is, don’t download software from peer-to-peer or other dodgy sites. Software can be expensive but illegally downloading is not only illegal, it’s dangerous.

It is easy to add Trojan virus and malware to seemingly legitimate software. Sure, the latest version of Photoshop may work just fine when you install it after downloading it off the Pirate Bay but it is very likely you also just installed ransomware, and it will cost you more in the long run. Only purchase your software from legitimate sources.

Don’t open documents in an email, instant messenger or text message, unless you are expecting them, even if it is from someone you know. This is another large vector for malware infection.

Word documents, Excel files, PDFs and other files can contain what is called a macro virus. These are programs inside the files that can be used to install malware on your computer. Once an attacker infects a computer they will send out messages to everyone in the person’s contact list with a virus attached. These have even been seen on mobile phones, mainly on Android devices, which for a variety of reasons tend to be the least secure.

Browse Safely

Keep your browsing software up to date. Browsers have become much better at this, with Firefox and Chrome automatically updating themselves. To be on the safe side, go into the menu option and check to see if your browser is up to date. If you are an Internet Explorer or Safari user, be sure that you are installing all the latest patches from Apple and Microsoft. Older browsers often have vulnerabilities that can be exploited just by visiting a malicious website.

Use an ad blocker. There is a large overlap with ad networks and malware. This is often called malvertising. Malicious code finds its way into ad sites on a regular basis because criminals know that by compromising an ad site they will be able to infect a large number of browsers. If you block these sites you avoid the ads, and the risk.

Virtual Host Enumeration for fun and profit

April 15, 2016 Leave a comment

The following will allow you do virtual host discovery using the bing API

Step 1: Find the web servers you are interested in using NMAP

nmap -PN -p 80 –open -oG – 192.168.1.0/24 | awk ‘$NF~/http/{print $2}’ > webservers

Subsitute the IP address range you want in the above command and whatever you want the file name to be

Step 2: If you don’t already have a bing API key get one. The free API key allows you to do 5,000 transactions per month. If you need to do more there are paid tiers.

https://datamarket.azure.com/dataset/bing/search#

Step 3: I found a python script that works, its usage is a little bit funky, so I will be modifing it when I find some time.

https://bitbucket.org/holiman/ipsearch/downloads

Step 4: Create a text file and put your API key into it. IE VI key.txt

Step 5: Run the following command to search bing for the IP addresses in the file you created in step 1, this will output a text file called URLS that can then be used with eyewitness

cat webservers | python bingIP.py -b key.txt | awk ‘{ print $3 }’ > URLS

Step 6: If you don’t already have Eyewitness to capture screen shots down load it

git clone https://github.com/ChrisTruncer/EyeWitness.git

Step 6: Run eyewitness to get screen captures of all the virtual hosts
./EyeWitness.py –web -f URLS

Categories: Uncategorized

car trouble

May 20, 2005 Leave a comment

Well my timing belt broke yesterday while I was on the freeway. Luckly I actually had my cell phone and AAA was quick to come. Really sucks I had been putting this off for about 30,000 miles. Its just such a hastle to have to drop it off and then get a ride to work and then to pick it up. Why don’t they stay open latter and on the weekends?

Categories: Uncategorized

Test

February 24, 2005 Leave a comment

This is the first test of wordpress. It was MUCH easier to set up that movable type

Categories: Uncategorized

testing pocket pc

May 13, 2004 Leave a comment

I am testing the new pocket PC I inherited. Kind of cool I still need to learn to input text faster. this thing has predictive type ahead which is cool. I dont know if I should use the letter recognizer or the block recognizez.

Categories: Uncategorized

San Francisco

April 27, 2004 Comments off

I am in San Francisco for a conferance right now. A few observations, there are way too many Star Bucks here, one on every freaking corner in the financial district. The bart system is very cool, for $5.15 I can get from the airport to my hotel. I would hate to have to drive around here traffic and parking are a huge pain in the ass. Forgot my wireless card for my lap top so I took a walk down Market street untill I found a raio shack to buy a new one. I got a motorola card, apearently it isn’t supported in linux which really sucks I wanted to have some fun with drift net at the conferance, oh well.

Categories: Uncategorized

March 3, 2004 Leave a comment

Got my state taxs back today. That was just in time. I have a Best Buy bill due and if it isn’t paid off this month I get socked with $500 of accrued interest. On Friday the federal taxes should come through. Whch means I can get a paintball marker. Whoooooooo

Categories: Uncategorized