Author: Doug

CyberGent101 is moving to new domain

After about a month of behind the scenes site building and tweaking, CyberGent101 finally has a new home.  I am moving from a wordpress.com blog site to a self hosted blog site. I need more room to expand my thoughts, information and stories. Thanks for reading!!!

The new site can be found at CyberGent101. Look forward to seeing you there.

-Doug

Advertisements

CyberGent 101 Career Chronicles: Facing Failure

Aside from the cyber security information and tips, I also want to share my career journey through a series of post I will call CyberGent 101: Career Chronicles. These posts will highlight my failures, progression, understanding and moments of clarity . Hopefully these posts provide insight and inspiration to someone who needs to keep pushing, fight through any obstacle while keeping the end goal in mind. I did.

Mentee becomes Mentor

Last Thursday I received a call from a guy named Frank. Frank was referred to me by one of my mentors. Frank was looking for some IT advice. He recently graduated from the same college I did receiving the same degree in Computer Networking and Telecom.We had a good conversation. He told me about his recent failures in terms of job searching and interviewing. Frank stated that he had been on 6-7 job interviews but was unsuccessful in his efforts. Some of the jobs that he applied to were some of the same jobs I applied to when I was looking for my big break into IT back in 2006. My transparency set in after he explained his efforts and frustration. I told Frank finding that first IT job is hard (I was told the same thing back in 2004-2005) I explained to him that I too went on numerous job interviews and spent many hours searching for a job.

I told him that the thing that kept me going was my faith and just knowing that my work ethic, drive and determination would pay off. I advised him to read up on what concentration he wants to focus on in IT. I also advised him to get a certification or two under his belt. I say it was a good conversation because by talking to him, I immediately understood why I failed in my searching and job attempts. As I was giving advice, I realized that my experiences were not just for me. These experiences and failures are to be shared with the Franks of the world who are simply trying to get closer to their purpose while moving up in life.

failure-is-not-the-opposite-of-success-its-part-of-success-quote-1

Career Chronicles: 2003-2007

Computers have always been a part of my life. Whether it was playing The Oregon Trail in elementary school on an old school Mac, being introduced to PC games like Doom and NBA live in 1994 at a friends house or when my family got our first PC in 1999, my future was staring me in the face. I never really took computers seriously until around 2004. Before then I was trying to figure out what I wanted to do and what I wanted to become in life. During my senior year of high school I thought I had figured it out. I wanted to become an architect.

In August of 2000, I ended up going to college as an engineering student. I wanted to specialize in civil engineering/ architecture. That dream quickly came to an end. The growing demands of the classwork, the difficulty and complexity of the advanced math classes became stressful and unbearable so I dropped out of college in December 2002. Before I dropped out I strongly considered switching my major to history. As far as my life goes I’m glad the potential switch to history did not play out the way I intended at that particular time.

2003

About 6 months after dropping out of college, I joined the Air National Guard. Even after joining the military, I found myself around computers, not actually working on them or using them to solve issues, I used them in support of my work. Often times when my computer had an issue, I would have to call the help desk to resolve the issue. This is funny to me now but we all have to start at some point right? When the CSA or Client Support Administrator came to work on my computer I would watch what they were doing to fix the issue and ask questions. After awhile, I took the initiative to shadow the CSA’s when they had to fix computers. My curiosity for learning computers was evolving.

2004

After taking a growing interest in computers, I was pushed by my girlfriend (now wife) to go back to school. This time I knew what I wanted to go to school for and what field of work I wanted to excel in. After realizing that, I had to move myself and my fears aside. I ended up registering at a local community college majoring in Information Technology.

2005

Barely even understanding what caching was or how to even translate computer specs, after a few months of working in general sales at Circuit City, I was promoted to computer and technology sales. I did not understand the promotion at the time. All I knew was that I went from making $8.50 to $9.50 an hour. But looking back now I see how things fell into place setting me up to where I am today. It’s so funny because in 2005 I still remember when my hard drive crashed, I actually called a friend because I did not know how to reformat my new hard drive with Windows XP nor retrieve the data off of the old hard drive. I just threw it away. From that point forward I had to learn my craft in order to confidently relay the latest technology to customers.

2006

After getting a few technical AA degrees, great hands on training and being thrown into the fire by a cousin who has a local computer repair shop, my confidence in my technical abilities grew. I still remember one of the first times I attempted to troubleshoot a computer. My cousin placed a computer on the workbench, had me pull up the screen and simply asked me “So.. whats wrong with it”? Looking confused and not knowing where to start , I began clicking around the OS to understand what was going on.Slowly but surely I was able determine what was going on.

Looking for “Experience”

While still drilling with the Air National Guard, a Client Service Admin role opened up over in the IT Section. I read the job description and was very confident that I could do the role so I applied. I mean between the great hands on training I received in school, the tough and straight to the point tech methods of my cousin and the little bit of research I was doing, I thought I would be an excellent choice. Being that the role was a drill weekend job, I was able to schedule a meeting with the chiefs to discuss my interest.

After applying for the role and touching basis with the managers, I was granted an interview. I walked in the office and was interviewed by two Chiefs (E-8s). One who was interested in what I was saying and asking me questions. And another Chief who could have cared less. This had to be one of the most awkward interviews I had been on. The Chief who was too busy never really payed me any attention as if he already had someone in mind for the role. This particular interview was a let down but that did not put out my fire for learning more about IT.

After a few months of working along side my cousin, I applied to a local non-profit organization for an IT Specialist Job. After three (yes 3) interviews with the non-profit organization, I was awarded the job. This was my first full-time I.T.gig and I was excited. I was finally able to rack up that experience that most jobs require now a days. Later on my manager told me that I was selected over 71 other applicants. I was also told that the role I was selected for was a newly created position. Mentally I was well on my way to putting in years of work and valuable experience at this company.

2007

My world came crashing down in October of 2007. I was working in my office one day when two HR employees walked into my office unexpectedly. At the same time they were entering the room, my manager exited the room without saying a word. The two ladies that walked into the office closed the door behind them. The body language of one of the HR employees displayed that something bad was about to happen. My intuition was right, I was informed that due to budget cuts and a company reorganization my position had to be cut since the funding for my role was needed elsewhere. I was employed at this company for exactly a year. After they told me the bad news everything else they said sounded like Charlie Brown’s teacher. In that moment I was trying to process the news and figure out my next move.

This news was devastating to me. Again not understanding what was going on at the time (aka the bigger picture) I became emotional by asking how could this happen to me, I even stressed that my wife was pregnant and I needed this job to support my family. As I stated my disbelief, tears flowed from the HR manager who initially displayed the sad body language. She was very empathetic as she listened to my story. Minutes later I packed up my stuff and was escorted off the property as if I had done something wrong. Being laid off quickly reminded me that nothing should be taken for granted and that I had more work to do.

What happens after the lay off? What does 2008 bring? You will find out soon enough…

CyberGent101 TechSplanation – Process Explorer + Virus Total

Do you ever hear your computer’s fan spin up randomly? This kind of activity can be related to several things such as a process running for a recently opened application, scheduled virus scan or even a virus trying to execute an attack your PC. One program that I use to check my computer’s processes is called Process Explorer.

Process Explorer

Process Explorer is a combination of task manager and system monitor for Microsoft Windows. PE provides the functionality of Windows Task Manager along with other features for gathering information about processes running behind the scenes.

The feature I want to mention today is Virus Total’s integration with Process Explorer. Virus Total is a free multi-engined anti-virus online scanning service that analyzes files,URLs and hashes. Virus Total uses AV engines such as AVG, Avast, Avira, BitDefender, ESET, F-Secure, GData, Kaspersky, Malwarebytes just to name a few, to identify viruses, worms, trojans and other kinds of malicious content within a few seconds. With the Virus Total integration into Process Explorer, you will be able to analyze suspicious files/processes in real time.

  1. Download Process Explorer here
  2. Extract the contents from the ZIP file. Right click the Zip file and select “Extract all..”
  3.  Once the program is extracted, double-click the file procexp.exe to run Process Explorer

Once PE is opened, right-click the a file and select ‘Check VirusTotal’ in order to scan the file of a process running on your computer. Before you can submit a file, you have to agree to the Terms-of-Service . After you click Yes for the ToS, the file will be submitted to Virus Total and return with a result.

pe_vt

PE tos

Generally you will see a result like 0/56. If you see a result like 1/56, it means that only one AV detected something. This generally means that the result is a false positive/ clean file.  The more questionable processes will have results like 2/56, 3/56, 4/56 etc. Clicking on the link will open a new browser window displaying info like which anti-virus provided a result, the time of the scan along with the type of infection/malware that was found . Here is an example report:

Detailed results of a file/process marked by Virus Total 

Another way to submit the file to Virus Total is to right-click the file and select ‘Properties’. Once the properties window appears, click on the submit button to send the file to VirusTotal.


This added functionality added in PE will be very useful for anyone wanting to quickly scan a suspicious file on their PC too see whats going on behind the scenes.

The Miami CHEAT – Two man team using a skimming device

Recently security cameras at a Miami Beach gas station caught a man in the act of skimming. Within a few seconds he is able to perform this low level hack. The man next to him appears to distract the clerk while he quickly places a credit card skimmer over the credit card payment terminal. They probably hyped themselves up in the car to do this listening to Junior M.A.F.I.A.’s “Get Money”

What is Skimming?

Skimming is an act of using a hacking device (skimmer) to illegally collect data from the magnetic stripe of a debit, credit or ATM card. Skimming devices are placed over or inside the actual ATM card scanners and point of sale systems allowing thieves to retrieve account information.

how skimming works

In this video you will see how easy it is to install a “Skimmer”

 

As you saw in the video, the “hacker” waits until the clerk has her back turned before making his move. In these few seconds, he quickly slips the card skimmer over the payment terminal. The clerk, who was distracted by the partner in crime, never had a chance to see the hacker’s stealthy skimmer install.

This video is a reminder of how careful you have to be when using your credit card in stores, gas stations and other places of commerce. As you can see it won’t take much for a thief to swipe your information.

To avoid becoming a victim of skimming:

Shake the card reader, if it comes loose do not use that machine. Look for loose wires, anything protruding or other oddities like this:

Skimmer_with_Card_1

card skimmer

Check the tamper tape on gas station pumps. If the tape appears to be tampered or even removed stay away from that particular pump.

gas-station-credit-card-fraud

Do your best to remain aware of these types of devices. Knowing this information will keep you alert and aware when it comes to skimming techniques.

 

CyberGent101 TechSplanation – 64 Bit Google Chrome

This is a first in a series called TechSplanations that will be geared to different security solutions for your computer use. Today’s featured software is the 64-bit version of Google Chrome. Chrome has grown pretty popular among users that browse the internet on a daily basis. Chrome is lightweight, speedy and easy on the eyes. I like the fact that the address bar doubles up as google search, it speeds up my research process.

Why get the 64-Bit version of Chrome?

  • For Speed: 64-bit processors are faster than their comparable 32-bit versions. Performance tests have been ran by Google in which they saw average of 25% improvement in performance, especially in visual elements.
  • Better Security: For example, the 64-bit version of Chrome utilizes Windows 8 features to help make it harder for hackers to target processes running on your computer. If they can’t find the processes needed to exploit, they can’t hack it.
  • Stability: Google reports that Chrome 64-bit crashes only half as much as the 32-bit Chrome. A fairly impressive stat since google chrome already has a very low crash rate.

chr641

64-bit Chrome is more secure than its 32-bit counterpart. For instance with the 64- bit version, Google Chrome is more effective at defending against vulnerabilities that rely on changing the memory layout of objects. One example is a more stable version of Adobe Flash. The flash in this case is 64-bit based as well. Google teamed up with Adobe to improve Flash’s protections against various types of attacks/ vulnerabilities. Another key security feature in the 64-bit version is that it can run alongside a technique called High Entropy ASLR. (aka the toughest game of match ever) This technique is used to prevent exploits by placing key data areas of a program into random parts of the computer’s memory so attackers can never know exactly where to find it. Stealthy and high tech exploit avoidance if you ask me.

Where can I download 64-bit Chrome?

You can visit the Chrome for Windows page to download it. You should see a page similar to the image below. Click on “Download Chrome” and install it like a typical download file.

chr642

Mac and Linux users, you’re covered too.With the Mac OS X, Chrome was converted to 64-bit with Chrome update 39 in 2014. In a recent report Linux  is supposed to convert to to the 64-bit version of Chrome sometime this month. If you still have the 32-bit version installed on your Linux machine, you can visit the Google Chrome download page and install the 64-bit version now. Again if you are looking for speed, stability and enhanced security, consider using the 64-bit version of Google Chrome for your operating system of choice.

Dear BFF’s, Princesses and Superheros – Hackers are your biggest fans

We have all seen the Facebook quizzes that flood our timelines. Which Disney character are you? Who is your true BFF?  What is your inner spirit animal? What is Superhero personality? Who is your soulmate? Well as 1 of many CyberSec superheros, CyberGent101 wants to help you out with something. Your longing to be a Disney character, Superhero, to release your inner spirit animal or finding out who your BFF is, maybe putting your personal data at risk. The video below gives some insight into what can occur if your data is stolen actually handed over via Facebook quizzes.

 

(video credit wfla.com)

A friend of mine @MsSharlee  and I often times find ourselves shaking our heads at the growing number of quiz posts that we see on our timelines. We continually post (and re-post) about the potential dangers of  taking these quizzes. At some point we hope that our concern will make others aware of what they are releasing to the internet.

As stated in the video here are a few helpful reminders to stay out of the crosshairs of hackers:

  • Be cautious of apps, quizzes, etc that require you to sign in or redirect you to a site to enter your credentials. Personally if something requires me to login, I don’t participate.
  • Treat your email addresses like cash. Make sure you use a strong password as well.
  • Don’t always trust links from friends. Web address analysis services like urlquery.net allow you to check out links that you may receive from emails, texts, etc. URLquery also provides a screenshot of what the site looks like at that particular time with analysis on if the link is malicious or not.
  • If you must participate in a quiz to see who your soulmate is or how many kids you will have with what celebrity, take a quiz from a company that has a good reputation of protecting data.

 

It’s..about..to..go..DROWN

Over the last few years a multitude of servers have been affected by SSL/TLS encryption breaking attacks. First off, SSL stands for Secure Socket Layer. SSL is the standard security technology for establishing an encrypted link between a browser and a web server. Transport Layer Security or TLS is a protocol that guarantees privacy between applications and their users over the Internet.

Although there have been multiple instances of SSL/TLS attacks, the two examples I want to briefly discuss are FREAK and a newly discovered attack called DROWN. (I did not make these names up by the way)  With the DROWN vulnerability researchers have stated that under some circumstances, an attacker can also impersonate a secure website (and you thought Elvis impersonations were scary) in order to intercept or change the content the user sees on the screen.

What does this mean to me?

Whenever you log into a site such as Amazon, Gmail or any other site that holds important data and information, you typically are logging into a secure site. TIP: Always look for the web address prefixed by “HTTPS”. The “S” in HTTPS stands for secure. If a web server for a particular site does not get the proper patches for SSL based attacks like DROWN, any information visitors submit during online transactions can be decrypted and obtained as it travels over the internet. Things such as passwords, addresses and credit card information can be accessed by an attacker a.k.a. the “Man-In-The-Middle” using this exploit.

One example of a previous SSL attack

The FREAK (Factoring RSA Export Keys) attack was announced on march 3rd 2015. The FREAK attack allowed attackers to easily intercept HTTPS connections between vulnerable clients and servers forcing them to use weakened encryption during the session. With this vulnerability exploited, the attacker could break the encryption in order to steal or even manipulate sensitive data. FREAK has since then become remediated as server administrators patched their systems upon hearing about this vulnerability. Vendors also advised them to disable support for all known insecure ciphers.

There are other historic SSL/ TLS attacks such as POODLE, BEAST and HeartBleed. Feel free to click the link for each one to learn more about how they were discovered along with their attack methods.

The Current SSL attack

The DROWN attack or Decrypting RSA with Obsolete and Weakened eNcryption, is a vulnerability that affects HTTPS and other services that rely on SSL and TLS. Websites, e-commerce sites, mail servers (i.e. Yahoo/ Gmail), and other TLS based sites and services are currently at risk for the DROWN attack.

DROWN_diagram1

What makes this a serious security risk is that any server that simply supports SSLv2 (SSLv2 doesn’t have to be active) is a threat to modern servers and clients.  This is demonstrated in the illustration above (illustration credits: Drownattack). The Man-In-The-Middle can launch SSLv2 probes in an attempt to decrypt the traffic and read the information transferred from the client to server.

 

 

 

drown pic

My contribution

Earlier today I used the DROWN website checker to see which sites were vulnerable to this attack. Some of the sites I came across are well known sports sites and e-commerce sites. As part of my research I plan run a few website queries to see which sites are vulnerable to DROWN, contact the site administrators / server administrators of 10 or so websites, give them my findings/results provided by test.drownattack.com and follow up with the site admins to see if they actually fix these vulnerabilities with the appropriate software security patches. This should be fun.