Wednesday, December 19, 2012

AlienVault infographic about 2012 malware

New infographic from AlienVault, maker of OSSIM, on "The Eternal Life of Malware" showing that 2012 was about malware that simply was a remix of previously seen malware. The eternal life of malware
Infographic by AlienVault

Tuesday, December 18, 2012

What version of Adobe Flash am I running?

Attacks using compromised Adobe Flash files are common, and prevalent in today's malware marketplace. Java has had and gets to keep the title of "King of Vulnerable Software" for the foreseeable future, but Flash is always #2 on the list. This is due to it being installed by default on some older operating systems, and everyone needs it to see dynamic content and videos online.

Because of this, I've wanted to tell what version of Flash I'm currently using in the particular browser on the particular machine that I'm on at any moment in time. It isn't obvious to determine or find this information.

As it turns out, Adobe created a page specifically to help with this problem. I Google'd and found this very handy link from Adobe that allows you to see what version of Flash you're using, as well as a list of what the current version is, AND where to download Flash.

Good luck, have fun and stay safe out there!

Tuesday, October 16, 2012

Need an old version? Go to

Ever wanted to make a system vulnerable for demonstration purposes? can help you accomplish that goal. They have (at the time of this blog article) 7934 versions of 485 programs. There's got to be some good vulns in there somewhere...


Friday, January 27, 2012

Judge Orders Defendant to Decrypt Laptop | Threat Level |

Judge Orders Defendant to Decrypt Laptop | Threat Level |

This decision has left me wondering, why would someone volunteer to decrypt their laptop? Isn't it the equivalent of telling the police where you hid the murder weapon? You can order someone to do it all you want, but the fact is I can't think of a reason the person would be motivated to give it up. In the end, I guess its the same as a murder weapon; you hope that the more cooperative you are with authorities the less of a sentence you receive as a result of the crime.

This portion of the case was really just a test to see if revealing a password *could* be protected under the 5th amendment, which it is not. I doubt this precedent is going to change much either in police work or in court cases.

Wednesday, January 25, 2012

Gov't and IP, takedown of

It is an interesting coincidence that in the same week time frame that SOPA/PIPA are to be voted on here in the US, is taken offline and its owner being brought up on charges. The US Gov't has conveniently listed them on the home page of for us to reference. I think there a couple of interesting points to be made out of these recent events.
  • SOPA/PIPA are both the wrong tool for the right job. Certainly we expect the government to take steps to protect people's intellectual property (IP) and their copyrights. What we're challenged with, however, is the history of "personal use" when duplicating quality was a problem, and both the originators of the content and the people making personal copies were satisfied with the quality of the copy. Laws and content owners were satisfied (or at least told to be satisfied) with people making copies of media for their own use. Those who are old enough to remember... We copied each other's vinyl albums onto cassette tapes.  We made mix tapes from songs recorded from albums or the radio. We bought VCRs specifically to record our favorite TV programs from network, broadcast TV. And all was good, and the law was on our side. Only when technology improved to create near, or even exact, copies of the content were the content providers not satisfied with the laws of "personal use" and sought to change the laws. I would argue that they instead should keep focusing on managing the technology of content delivery. Yes, its a hard problem and one that is going to take a long period of time to resolve. Where content providers are challenged with delivering a product that can be easily copied and distributed, they should not be creating an onerous legal environment which has significant ramifications to more than just their content distribution.
  • Did do something illegal? They should likely be prosecuted for their role in promoting privacy. I say likely, because I'm not privy to the evidence the government has. In matters of prosecution for information security related things, they've been pretty good. The fact that Kim Dotcom barricaded himself in his mansion on the distant island (at least from the US authorities) of New Zealand probably says something about how he feels about his own business dealings as well. Not that its evidence of wrongdoing but...
  • Shuttering a site that is not used exclusively by evildoers is not a good solution. There should be a better method for dealing with shutting down sites which hold legitimate consumer data. While I believe MegaUpload intentionally catered to the people who wanted to share illegally copied content, I have to imagine that some of that 50 million user base statistic are legitimate users of a functional service. I believe, that similar to how failing banks are transitioned to new banks, sites and data should be transitioned to similar services. How that exactly happens, I'm not sure, and I'm sure it would be challenging, but the point is that consumers are left without their data because the government shut down a site that was providing services to law abiding citizens, unknowingly supporting a (likely) criminal enterprise. People's ownership and stewardship of their data is going to become more and more of an issue as our lives are increasingly data driven.
Comments? I'd love to hear them.


Wednesday, January 4, 2012

uCertify's Computer Hacking Forensic Investigator PrepKit initial impressions

I received an offer from uCertify to review their "PrepKit" for the EC Council's Computer Hacking Forensic Investigator certification. Given I'm a security geek and hold several certifications, I thought I'd see what it's like. They call this the 312-49 PrepKit.

Initially, the UI looks good and the process of taking the first assessment test was good. Lets face it, the requirements of a test UI isn't rocket science, however it is hard to do well. I think uCertify has done a good job at this component. I was a little challenged in the initial assessment questions around specific tool names, so I'm eager to understand the rest of the test questions to see if this is a quality test prep for that exam.

As soon as I am done with the full review I will post it for you all.