The Inbox March on April First

Sadly, this post isn't an April Fool's joke.  The flood of spam, delivering phishing messages trying to steal your information or malware trying to do the same, continues to assail our email Inboxes without pause.  Criminals use this technique because it works; many people click on the links and images in the messages they receive, which may point to malware, a form trying to steal your information, or just a flood of webpages that will make money for the criminals the more that people view them.

Well, take up your Sousaphone and get ready to march the April blues away!

---

The Inbox March on April First

Everyday's the first of April in my Inbox!
Everyday someone's playing a big joke.
Some would say I should just delete the junk mail,
But instead it just makes me want to choke!

It would seem that my mailbox is all filled up,
And I must log in now to save my skin.
'nother one says I came into some money,
If I send my bank login to Prince Jim.

Jim it seems is a prince living in exile.
Royalty, they have never seemed so kind,
Unlike those who robbed my dear friend in London.
Didn't know that he had vacation time.

All these banks want to check my information
Even though I don't bank there anyway.
Lucky me, someone's checked my online profile.
Russian bride? Doubt my wife would say "OK!"

Everyday's the first of April in my Inbox!
Everyday someone's trying to fool me!
Wish there was some neat way that we could stop them,
But instead I'll just have to hit delete!

I Won't Be Abandoning Windows XP

Windows XP is at an end.  Microsoft announced a while back that they were stopping support of the operating system, and as of April 9th, they will no longer be providing security updates to the graying OS.  This leaves many people in a lurch.  Some users of XP cannot upgrade because their current computer cannot run a more modern OS and they cannot afford to upgrade their hardware.  Other users, especially on college campuses, have laboratory and specialized equipment that was build on a Windows XP platform and the vendor either cannot upgrade it or went out of business years ago.

Of course, there are also those who just don't want to change their OS.  Their computer runs "just fine", and why fix what isn't broken?  Warnings about security problems fall on deaf ears, and resistance grows with every attempt to sway them away from their Windows XP.

---

I Won't Be Abandoning Windows XP

I've had this here laptop since twenty-oh-one.
The two of us have had all sorts of great fun.
The best part about it was all it could be
Because I upgraded from Me to XP!

XP was the better OS, sir, by far.
'Twas faster and stabler and shined like a star.
It ran all my programs, a crash was quite rare.
It made my computing come without a care.

Oh, sure it had updates to fix this and that.
Three service packs later, quite stable it sat.
Occasional viruses might have caused harm,
But after a cleaning I'd feel snug and warm.

And now you all tell me that this is all done.
You tell me that XP's a race that is run.
I just won't believe it, I won't let it go.
Hell no, I won't upgrade, I just love it so!

Sure MS won't update my box any more.
They've thrown in the towel, they've shut up the door.
They've moved on to 7 and gross Windows 8.
But I just refuse to accept that whole fate.

So keep all your warnings, they won't be observed.
To me it all sounds like a notion absurd.
My XP keeps running, my XP loves me!
No, I won't be abandoning Windows XP!

NTP is DoS-ening.

Criminals recently have been using poorly-configured NTP (Network Time Protocol) servers to launch Denial of Service (DoS) attacks on a number of victim networks and sites on the Internet.  Proper NTPD configuration would help stop this misuse.

---

NTP is DoS-ening

Pardon me.  What time is it?
The answer could cause a fit.
I'll bet your site can't handle it.
A DoS attack will flip its bit.

NTP is listening.
A golden ring is glistening.
A DoS attack is quite the thing!
The packetstorm is littering.

The bad guys find an open host,
And with the proper query post,
They fake the source, and with a boast,
They turn your website into toast.

'Cause they all got themselves some bots
That wait for them to call the shots
The bots all front and lie a lots
Like "eating healthy tatertots".

A million bots all say hello
And tell the answers where to go.
And NTP? Heck, it don't know.
It sends them to some lucky shmoe

Whose network pipe gets overfilled.
Their ISP gets over-billed.
Like gardens that are never tilled,
They're strangled and then fin'lly killed.

So if you're running NTP,
Please take the time, listen to me:
Help make a net that's clear and free.
Secure that stuff! Yo, hear my plea.

My Twin - A Reminder for Unique Passwords

Over this past weekend, Kickstarter.com emailed their userbase to inform them that there was a data breach that allowed the usernames, email addresses, other personal information, and encrypted passwords of the users to get out.  Bad guys could use these data to attack and take control of other accounts owned by the users, especially if they crack the passwords and those passwords are used on other sites.

http://news.cnet.com/8301-1009_3-57618976-83/kickstarter-hacked-user-data-stolen/

Always use unique passwords on each site you visit.  Don't make it any easier on the bad guys.

---

My Twin

Did you know I have a twin?
Do you know where it's been?
Lingering in sites around
The Internet, where sites abound.
When my dear user must create
An account with which to participate,
He always uses my little twin,
And doing that's a little sin.

Now that my dear twin's alive,
It goes along for the ride,
Whether sitting encryptedly
Or left alone for all to see.
And if a bad guy comes along
And hacks the site; oh, it's so wrong!
My twin, it now be known to her!
My twin, it now creates a stir!

My twin will let the hacker know
Other places she can go:
Into my user's email box;
The places seen in Firefox;
Or allow the bad Anonymous
To find some dox and start a fuss;
Or steal my user's bank account:
My twin would show the full amount.

The lesson here for you to learn
Is every password made does yearn
To be unique and used just once.
Don't let yourself be seen a dunce.
Passwords distinct for every site
Will help you sleep throughout the night.

ZeroAccess

This one is dedicated to one of my peers, who recently left the Higher Ed Infosec world for the private sector.  Keep on fighting the good fight, Gabe.

Meanwhile, along with Cryptolocker, we've been seeing lots of ZeroAccess infections.  ZeroAccess is a downloader itself, but it can bring down all sorts of nastiness, from Zeus to Bitcoin miners to clickfraud runners.  It even does fun filesystem tricks to hide itself from antivirus software.  It's a one-stop-shop for badness.

And in the spirit of my Cryptolocker Rap, here's a rap featuring ZeroAccess.

---

ZeroAccess

ZeroAcess:
Worse than taxes!
It's a danger! Don't relaxes.
It's a trojan that harasses.
It infectses all the masses.

Through the I-net,
It's a safe bet,
Through a website when Java abets,
Like a program suid set,
It will take all the things it can get.

ZeroAcess:
Worse than taxes!
It's a danger! Don't relaxes.
It's a trojan that harasses.
It infectses all the masses.

Once it installs,
It has a ball.
Slips by AV and your firewall.
It then makes a little phone call
And downloads friends; makes your jaw fall.

ZeroAcess:
Worse than taxes!
It's a danger! Don't relaxes.
It's a trojan that harasses.
It infectses all the masses.

It does Bitcoin!
IRC joins!
It does click fraud, tries to purloin.
"All your data, it's now all moin!"
Says the malware. It kicks your groin.

ZeroAcess:
Worse than taxes!
It's a danger! Don't relaxes.
It's a trojan that harasses.
It infectses all the masses.

Cryptolocker

The current news is full of reports of a nasty ransomware trojan making the rounds called Cryptolocker.  It shows up as an email attachment, and if the user runs the attachment, the malware will encrypt files and demand payment to decrypt them.  The only way to clean this mess up is to revert to any backups you might have, and if you don't have backups, you will probably lose your data.

This sort of malware makes me angry.  And when I get angry, I want to rap!

---

Cryptolocker

If you see and click a link that's sittin' in your mailbox
The love for your computer will be dashin' on the rocks
You never gonna get all of your data stuff back
'Cause you have fallen victim to a phishing attack!

Cryptolocker gonna get ya', Cryptolocker gonna play.
Cryptolocker got your files, and it won't give them away.
Cryptolocker done encryptin', Cryptolocker walkin' tall.
Cryptolocker want your money, gonna make you take the fall.

Like runnin' ancient Java: you got scissors in your hand,
You're running down a hallway like you late for somethin' grand,
But bullies gonna see you, and they gonna trip you up.
Things will get all stabby when there's Java in your cup.

Cryptolocker gonna get ya', Cryptolocker gonna play.
Cryptolocker got your files, and it won't give them away.
Cryptolocker done encryptin', Cryptolocker walkin' tall.
Cryptolocker want your money, gonna make you take the fall.

Or if you running Flashy or Adobe Acrobat:
It's gonna get all mashy when see what's up with dat.
If your compy still be runnin' wit' the cycles that they hog
You'll end up hacked and broken, and you'll be a botnet's cog.

Cryptolocker gonna get ya', Cryptolocker gonna play.
Cryptolocker got your files, and it won't give them away.
Cryptolocker done encryptin', Cryptolocker walkin' tall.
Cryptolocker want your money, gonna make you take the fall.

You need to look for it...

... to know what it's about.

---

Can you image a world
Ready to accept
All the risks and dangers
Perpetrated against our
Systems, computers, and
Infrastructure?
Can you deal with the
Interminable, relentless
Loss of trust and dark
Emotions that come with a lack of
Security?

Data Steward's Prayer

Our Data, which art in my email attachments folder, vulnerable be thy bits. A hacker comes, some stealing be done online as it is in meatspace. Give us this firewall and daily virus scan and resist any urge to click on email attachments, as those are the source of trespasses against us. And encrypt we must into unreadable hexcode to deliver us from lawsuit.

Amen.

SPC 2013 - Risk Management Haiku

We cannot eliminate risks.  We can only manage them.

We can also dazzle them with 5, 7, 5.

---

Risk Management Haiku

Identify risks:
Boulders cling to mountain sides.
Gravity calls them.

Entropy calls us,
Daring the brave to forget
To run the backups.

Like the beaver's dams,
The change control processes
Keep torrents at bay.

SPC 2013 - Man In The Middle

This is a similar idea to the Shoulder Surf Sonnet, taking the perspective of the Bad Guy(tm).  Both are versions of social engineering attacks, though this one uses a bit more tech to steal the goodies.

---

Man In The Middle

Words and pictures are on the wind,
Secrets are floating by.
A confession to you that I have sinned
While waiting to get to the sky:

My flight, it was late, the crew they just shrugged.
They said it would take a few hours.
So I opened the laptop all day I had lugged
And searched for wifi net towers.

Once I had signal, I smiled a grin,
And I started a small packet capture,
Which let me sit in on chats between kin,
Someone stealing a cover of Rapture.

Another was there surfing websites for some porn.
(I looked around, wondered who did it!)
But then I saw something that tooted my horn!
When I put out some bait, someone bit!

For I stole the gateway and whatever connections
That traveled by SSL tunnel,
And I sent all their passwords in wrong new directions,
Down the spout of an account-stealing funnel.

I gathered them all, all the ones that I could,
Before it was our time to board.
I hugged my PC, I hugged it right good
For it held all my ill-gotten hoard.

The time passed so quickly, I was so entertained
At the expense of all those around me.
I saw what they did, what their small lives contained
And how easy it was did astound me.

And when I get home from my time in the air
Where the words and the secrets do fly,
I look forward to using all the logins I dare
And draining every bank account dry!