Boy Scout Camp

Posted on July 19, 2017 by Emintzer

I am off from work this week and spending it with my boys at Boy Scout Camp. I have done this for six years as my boys are older. Our Troop goes to different camps each year so I have been to a few of them in our area. This year, we are at Camp Keowa in New York.

As usually, I am sleeping in a tent the camp provides – it is a on a wooden platform and has a thick canvas canopy. Sleeping in the woods for a week is refreshing for the first few days. I get fresh air while I sleep and wake up to the sounds of nature – birds chirping is a really pleasant sound. Since it is not my first time, I brought some aids such as a pad to make the cot comfy and a battery operated fan so I can sleep with a breeze. Plus, I have my mosquito net over a frame I built out of PVC pipe. Anyone with good eyes can see my CiscoLive backpack below.

As you may be able to tell, I am still connected. AT&T has a great signal out here so I am able to post this from within our camp. Below is my view from where I am writing this.

Being connected has pros and cons. I can stay on top of email and was able to do some research for a project that became a priority. Of course, my work now realizes that I can respond to my emails now which is a big con. So far, no one has called for an emergency meeting so that is at least a good thing. But, my work is piling up back at the office and I have a few meetings scheduled for next week.

Posted in Camping | Tagged | Comments Off on Boy Scout Camp

More from Vault7

Posted on July 14, 2017 by Emintzer

In case you did not know, Vault7 is the name of a group of documents that are being released by WikiLeaks, which started releasing on March 7, 2017. It documents the activities and capabilities of the US Central Intelligence Agency including programs or tools that were held by the government agency. Allegedly, these tools were created for electronic surveillance and cyber warfare by the US. Unfortunately with the release of these tools, other entities have created their own hacking tools to attack the innocent. For instance, WannaCry used the Eternal Blue tool that used SMB version 1 to spread to other Windows machines. Microsoft created a patch (MS17-010) to close this bug earlier this year and released it to expired operating systems as a response. Of course, not everyone listened.

This week we get another dump from Vault7 and it includes HighRise, which was designed for mobile devices running Android (specifically 4.0 to 4.3). It provides a redirector function for SMS messaging. Since there are a number of IOC tools that use SMS messaging, HighRise could be used to hijack that stream to offer different commands. For instance, the message could be that there is a problem (IOC device not working correctly) when the delivered message is everything is OK. Basically, messages destined for the Android device get proxied by a 3rd party somewhere else and it is done over TLS/SSL secured communication.

With Blackhat and Defcon coming up, I am sure that there are a few attendees that will be taking a closer look at this document. There will probably be a bunch of Android devices at those conferences. This is just another example that shows companies they need to upgrade. Android 4.0-4.3 (code names were Ice Cream Sandwich and Jelly Bean) is older and support for these versions ended sometime in 2011-2012. Version 7.x (Nougat) is the latest with 8.0 expected. It is time to upgrade – I know, sometimes easier said than done .

Posted in Vault7 | Tagged , , | Comments Off on More from Vault7

CiscoLive 2017 Recap

Posted on July 11, 2017 by Emintzer

I just got back from CiscoLive 2017 in Las Vegas and have started my own blog, with this being my inaugural post. I am not new to CiscoLive as this was my 6th major Cisco event in the last 7 years (I skipped San Francisco). Yes – I am an official NetVet. Las Vegas is in the desert and it was scorching hot while I was there. Fortunately, the hotels know how to make it cool inside.

 

My biggest takeaway is that Cisco is making security a high priority. In the past, many companies (including Cisco) seemed to have added security as something they have to do. This year, security was discussed by Cisco’s CEO Chuck Robbins in his main keynote and it appeared on multiple slides. The message was that Cisco is serious about security.

The security forces at Cisco have been working hard at making things better for all of us. The picture above is from Robbin’s Keynote and was used to describe what Cisco Security is doing. Would you fly on a plane made from different parts or would you like one with parts that all work together? For starters, there is Talos which had a few great sessions last year. This is the threat intelligence arm of security as they scour the Internet for problems and find solutions. ThreatGrid is Cisco’s means to convert some of what Talos does into a sellable product and it can be combined with other products (even non-Cisco ones) as a threat intelligence feed. OpenDNS (2015 acquisition) has become the main part of a new product called Umbrella that uses these solutions to analyze end user traffic for anything malicious. Umbrella seems to be a really cool product as it offers a better way to do URL filtering without using a proxy. It has a lot of really cool security features and I will dive deeper into it another time.

Posted in CiscoLive | Tagged | Comments Off on CiscoLive 2017 Recap