Category Archives: Announcements

Come Out and See Us at NE Ohio Security Summit

Posted on by
5

Brent will be speaking at the NEO Security Summit again this year. He will be concluding his set of presentations on the History of Cybercrime and Toffler’s Cell Theory as its basis. TheSummit is October 24-25, 2103 in Westlake, Ohio. 

Brent speaks on Thursday at 1:15 PM in “The Champagne Room A”. (Get the thought out of your mind.. You know what Chris Rock says… NSFW…)

This is the 11th annual Summit for NEO and it has history of being a fabulous, affordable event. Come out and learn some stuff, get a ton of CPEs and re-connect with old friends. You can find out more about the event and register here. 

As always, thanks for reading and we hope to see you at the event!

UPDATE: Looks like I’ll be doing back to back sessions on Thursday at NEO Summit: 1:15 Crime History in Champagne A, 2:30 Defensive Tampering in Bordeax A. Come out and see me. That’s 2 chances in one day to get your heckle on!!!!

Operation Lockdown Update ~ Xojo Web App Security

Posted on by
Reply

Just a quick note today to bring you up to date on Operation Lockdown. As many of you may know, MSI began working with Xojo, Inc. a year or so ago, focusing on increasing the security of the web applications coded in the language and produced by their compiler. As such, we gave a talk last year at XDC in Orlando about the project and progress we had made. 

Today, I wanted to mention that we have again begun working on OpLockdown, and we remain focused on the stand-alone web applications generated by Xojo. 

Last week, Xojo released Xojo 2014R3 which contains a great many fixes from the project and our work.

The stand-alone web apps now use industry standard HTTP headers (this was true for the last couple of releases) and have the ability to do connection logging that will meet the compliance requirements for most regulatory guidelines.

Additionally, several denial-of-service conditions and non-RFC standard behaviors have been fixed since the project began.

My team will begin doing regression testing of the security issues we previously identified and will continue to seek out new vulnerabilities and other misbehaviors in the framework. We would like to extend our thanks to the folks at BKeeney Software who have been helping with the project, and to Xojo for their attention to the security issues, particularly to Greg O’Lone, who has been our attentive liaison and tech support. Together, we are focused on bringing you a better, safer and more powerful web application development platform so that you can keep making the killer apps of your dreams!

Hello from DayCon!

Posted on by
Reply

I have spent some time this week at DayCon in Dayton, Ohio. This is a small hacker conference, with attendance by invitation only. This year the event was focused on attack sources, emerging trends and new insights into the cutting edge of dealing with cyber-crime across many vertical markets and countries.

I speak later today, and I am focusing on the history of cyber-crime, the crime stream, the criminal value chain and how information coalesces before an attack. I look forward to my talk, especially given how engaged the crowd has been thus far with the other speakers. The hallway conversations have been great! 

Lots of variety in the speakers here, with professors, researchers, hackers and even some ICS/SCADA folks in attendance. Lots of good insights floating around and even a few new product ideas!

I’d highly suggest you check out DayCon next year.

PS – Also, looking at the calendar, we are prepping for DerbyCon next week. Come out and see us there. I will be speaking on the Stolen Data Impact Model (SDIM) project and other topics. Plus, as usual, we will be haunting the halls and swinging from the rafters! 🙂 See you in Louisville! 

Infosec, The World & YOU Episode 3 is Out!

Posted on by
3

Our newest episode is out, and this time we are joined by a very special guest, @TSGouge who discuss social engineering for companies and on the nation state scale. Victoria reveals her new plans to take over the world and Brent tries to keep up with these gals, who are straight up geniuses. We also pontificate on Syria and the potential for cyber-fallout from the action going on over there.

Check it out here

Have a global real world/cyber issue you want us to tackle? Observed an odd event that ties to a real world cause in the Internets? Drop us a line ~ we’d love to hear about it or get you on the show! 

You can find Brent on Twitter at @lbhuston and Victoria stars as @gisoboz. Get in touch! 

CMHSecLunch is Monday August 9th

Posted on by
Reply

This month’s CMHSecLunch is Monday, August 9th, 2013 at 11:30am. The location for this month is the Easton Mall food court. You can register here, or just show up. ADMISSION IS FREE!!!!!

Imagine hanging out with your infosec bestys, or meeting a new infosec connection that takes your career to the next level. Ever wondered what infosec experts eat, drink or why some of them only wear pastel shirts? This is YOUR chance to find out! 

We hope to see you there! 

Save The Date: August 12 is CMHSecLunch

Posted on by
2

Just a heads up, mainly because it seems late this month, but the next CMHSecLunch is Monday, August 12, 2013. Location is the North Market, beginning at 11:30am. 

You can find out more here, as well as sign up for reminders and such.

Thanks to all who make it out, we always enjoy seeing you and the amazing conversations that happen there! 

See You At EPRI Event in Chicago

Posted on by
3

Next Monday, June 17th, I’ll be presenting at the EPRI conference in Chicago. My topic is a threat update on what attackers are targeting and what kind of value future state designs and other research/planning data has on the attacker market. If you’re going to be at the event, please join me for my presentation. If you’d like to grab a coffee or the like, let me know. I’ll be around all day. 

Thanks for reading and I hope to see you there! 

HoneyPoint Used to Confirm Skype URL Indexing

Posted on by
4

Last week, several sources were talking about the indexing of URLs that happen inside supposedly secure and private Skype sessions. There was a bit of press about it and we thought it would be fun to test it out and easy to do with HoneyPoint Personal Edition. Here’s how we did it:

  • First, we stood up a HoneyPoint Personal Edition and dilated port 80 with a web listener. We configured it to look like a default under construction page on an IIS box. We then exposed it to the Internet.
  • In order to cut down on noise from scanning while we were testing, we decided we would use a target page in our test URL of vixennixie.htm, since scanners aren’t generally looking for that page, if we get scanned while we are testing, it won’t interfere with our data gathering and analysis.
  • Next, we created a Skype chat between to members of the team and made sure each of us was configured for full security.
  • Once this was confirmed, we passed the URL: http://target_ip/vixennixe.htm between us. The time was 1:13pm Eastern.
  • Then, we waited.
  • Lo and behold, we got this nearly 12 hours later:

                     2013-05-22 01:09:45 – HoneyPoint received a probe from 65.52.100.214 on port 80 Input: HEAD /vixennixie.htm HTTP/1.1 Host: target_ip Connection: Keep-Alive

A whois of 65.52.100.214 shows:

#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/whois_tou.html
#

#
# Query terms are ambiguous. The query is assumed to be:
# “n 65.52.100.214”
#
# Use “?” to get help.
#

#
# The following results may also be obtained via:
# http://whois.arin.net/rest/nets;q=65.52.100.214?showDetails=true&showARIN=false&ext=netref2
#

NetRange: 65.52.0.0 – 65.55.255.255
CIDR: 65.52.0.0/14
OriginAS:
NetName: MICROSOFT-1BLK
NetHandle: NET-65-52-0-0-1
Parent: NET-65-0-0-0-0
NetType: Direct Assignment
RegDate: 2001-02-14
Updated: 2012-03-20
Ref: http://whois.arin.net/rest/net/NET-65-52-0-0-1

OrgName: Microsoft Corp
OrgId: MSFT
Address: One Microsoft Way
City: Redmond
StateProv: WA
PostalCode: 98052
Country: US
RegDate: 1998-07-10
Updated: 2011-04-26
Ref: http://whois.arin.net/rest/org/MSFT

OrgNOCHandle: ZM23-ARIN
OrgNOCName: Microsoft Corporation
OrgNOCPhone: +1-425-882-8080
OrgNOCEmail: noc@microsoft.com
OrgNOCRef: http://whois.arin.net/rest/poc/ZM23-ARIN

OrgTechHandle: MSFTP-ARIN
OrgTechName: MSFT-POC
OrgTechPhone: +1-425-882-8080
OrgTechEmail: iprrms@microsoft.com
OrgTechRef: http://whois.arin.net/rest/poc/MSFTP-ARIN

OrgAbuseHandle: HOTMA-ARIN
OrgAbuseName: Hotmail Abuse
OrgAbusePhone: +1-425-882-8080
OrgAbuseEmail: abuse@hotmail.com
OrgAbuseRef: http://whois.arin.net/rest/poc/HOTMA-ARIN

OrgAbuseHandle: ABUSE231-ARIN
OrgAbuseName: Abuse
OrgAbusePhone: +1-425-882-8080
OrgAbuseEmail: abuse@hotmail.com
OrgAbuseRef: http://whois.arin.net/rest/poc/ABUSE231-ARIN

OrgAbuseHandle: MSNAB-ARIN
OrgAbuseName: MSN ABUSE
OrgAbusePhone: +1-425-882-8080
OrgAbuseEmail: abuse@msn.com
OrgAbuseRef: http://whois.arin.net/rest/poc/MSNAB-ARIN

RTechHandle: ZM23-ARIN
RTechName: Microsoft Corporation
RTechPhone: +1-425-882-8080
RTechEmail: noc@microsoft.com
RTechRef: http://whois.arin.net/rest/poc/ZM23-ARIN

#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/whois_tou.html
#

I’ll leave it to the reader to decide what they think about the data. You can draw your own conclusions. We just appreciated yet another use for HoneyPoint and a quick and dirty project to play with. Thanks for reading!

Save The Date: June 10 is CMHSecLunch

Posted on by
8

Save the date of June 10th for the next CMHSecLunch. This month’s event is at the Polaris Mall food court. It’s 11:30 to 1pm.

As usual, you can sign up here. You can also talk to @cahnee about it on Twitter if you would prefer. She can help you find folks wherever we meet.

The event is FREE, open to anyone interested in IT and InfoSec. You can brown bag it, or get food from the vendors. But, the conversations are amazing. You get to see old friends and make some new ones. Check it out!