That’s right! No longer do you have to spend days and nights worrying about the state of your network. No more fretting about your partners, security or other traditional concerns.

Today is the dawn of a new day for network engineers around the globe!

Want to know how your network is? ASK YOUR PACKETS!!!!!

MicroSolved’s revolutionary new product, code named, NED or Network Emotion Detector, will continually update you on the emotional health of your packets. If there’s a network problem, a security breach or if you happen to fall out of compliance with the Pennsylvania Concrete Institute’s (PCI) standards, your NED will immediately alert your team to the lack of happiness being experienced by your packets as they traverse the various public and private networks!

Even more powerful than the executive dashboard, the GUI can be operated near the data center hallway window, so passing executives can quickly identify the happiness quotient (TM) of your network. When they see NED smiling, they will know you are doing your job well. When NED is unhappy and your packets begin to show signs of sadness, they can quickly and easily purchase additional “emotional credits” through the handy interface. These emotional credits (ie: money) make your packets happy and joyous as they traverse the Intertubes.

If that were all NED did, it would still be the most powerful network emotional monitoring tool on the market, but we even take it one step further! Using NED’s soon to be copylefted capabilities, we create emotional tunnels for your packets to move back and forth with your peers. These “Virtual Private Hugs” (VPH) allow you and your business partners to mutually enjoy all the power of NED and emotional credits together. You can easily monitor the happiness of your partner’s packets and those that show emotional disparity, making VPH even more important for those folks. Lastly, NED features a peer-to-peer network monitoring mechanism that allows you to closely monitor the overall happiness level around the Cloud. That’s right, MSI is the first in the world to create Happiness as a Service (HaaS)(TM)!

Act now and you can get your own copy of NED for Windows FREE for a limited time. Download from here and start enjoying the ease and joy of NED from MSI. We hope you enjoy NED, “because packets need love too…”

Happy April Fools Day from your security partners at MicroSolved, Inc. We hope it made you smile. BTW – The download really runs. Windows only, for now…. :p

Thanks to the folks who joined us for this afternoon’s PHP security talk about modern RFI attacks, how they work and what attackers are up to. If you are interested in the new slide deck, you can find them here: http://bit.ly/bT2TF7

If you would like to attend a virtual presentation or book one of our engineers to give the talk for your development team (either virtually or face to face), drop me a line and let me know. The talk is very strong and lends itself well to understanding how PHP RFI has become one of the most common attack vectors in use to spread malware, bots and other illicit activity.

In the last few days, the folks that make sub7, a pretty common and well known Windows back door/remote access tool, released a new version. You can find more about the capabilities of this application here.

Since I have been doing a bit of research lately that has included anti-virus and their often abysmal detection rates, I decided to test this new version of Sub7 against the VirusTotal scanning base. You can find the results here.

As you can see, the detection rates for this “remote access tool” is just under 55%. This time, all three of the major enterprise vendor products catch the malware nature, but the most common free tool, AVG, misses it entirely. As such, organizations are likely protected, but a vast many home user and consumer machines will be unable to detect the install of this very common attacker tool.

As with many of the posts about this in the past, I simply point this out to folks to help them come to an understanding of the true levels of protection that AV offers. Many people see it as a panacea, but clearly, it is not. AV is a needed part of defense in depth, but additional controls and security tools are required to create effective detection for malware infections.

I just posted this on Twitter:

The #HITME caught 1,684 new unique probes last week. That’s about 10 unique probes per hour or one unique probe every 6 minutes on avg.

Interesting idea that some sort of entropy in attacker signatures happens that often on average. Every 6 minutes some nuance of an attack pattern changes and we see it in the HITME data. Sure, some of these are encoding changes, slight modifications, but some are new scanning targets, new payloads and entirely new strains of attack and probe activity.

With attack patterns changing so rapidly, are you really sure your heuristics-based tools and approaches are able to keep up? Remember, too, this is just server/application viewpoint data. It has nothing to do with the threat entropy that a client application like a browser encounters. Those metrics, in my opinion, are likely to be exponentially higher if we could ever find a way to measure them in a meaningful way.

I just completed the slides for my new presentation on application security. It is focused on understanding Remote File Include attacks against PHP implementations.

After much conversation with the folks who manage the ISACA.org site and quite a bit of frustration trying to reach the people responsible for the site within ISACA, I had a good discussion with them last night and they have removed my login credentials by my request. While I have been and continue to be a supporter and member of ISACA, I disagree with them over this particular issue.

The problem is that the ISACA.org password reset mechanism sends your password in clear text to your registered email address. An attacker, or anyone, only needs to know or guess a user name to cause the system to send the password. If an attacker initiates this process and can gain access to the email system or the email itself in transit, then they gain access to a live, user generated password.

The threat model for this is obvious and commonly exploited. Users, even security folks, often re-use the same passwords around the Internet for a variety of sites. If the attacker can gain the password by exploiting this mechanism, then it becomes easy to try and leverage those credentials on a myriad of sites and accounts. Similar attacks have been quite popular lately and have proven effective for high level compromises on social media, e-commerce and other popular sites.

When I explained the problem to the web manager, he did not disagree with either the risk or the attack vectors. He only explained that they had known of the problem for a year or so and that their mitigation was to launch a new web site. He assured me the new site would be ready within a few months. He explained that the new site, in accordance with current best-practices, would include a new reset mechanism for passwords that used a token URL link or the like instead of a plain text password. I suggested that they remove the current mechanism from use until then and he said they would explore that as an option.

My main point on this issue is that I expect more from ISACA. I expect that since they are teaching the world to audit systems and processes for security, that they themselves would have secure processes. I especially have a hard time accepting that they knew of this problem for a year and chose to accept the risk without any additional controls being implemented, thereby placing the residual risk squarely on the shoulders of their members. To make matters worse, they transferred this risk to the membership without so much as a reminder or disclosure statement on their site about the problem. I understand that they may have resource constraints around managing the site, as he explained,   but these are the same issues that all organizations face, including the very organizations their training teaches people not to accept this explanation from.

While the discussion was amiable and professional, I am left with my disappointment. I got no assurances that anything would be done differently until the new site is launched and I got no sense for how that new site will be peer tested, reviewed or the like. Thus, I asked them to remove my account until that time. This is also the reason I am making this post. I want all ISACA members to be aware of the risk and that their credentials could potentially be exposed. Hopefully, none of the membership reuses their password around the web, but that seems unlikely. At least now, if they read this blog post, they will be aware.

Please feel free to let me know your thoughts on this issue by leaving a comment below. You can also contact ISACA by phone. Their numbers are listed in the contact us portion of their website.

Lastly, I want to say that I continue to support ISACA and their membership. I think their mission is critical and that their training is a strong positive for the security community and the world at large. As always, thanks for reading!