Monthly Archives: July 2014

//July

Staying safe on unknown networks

Staying safe on unknown networks isn’t too difficult, as long as you keep security in mind. I often hear hoteliers advising “secure WiFi”. I even took some IT training with a Company (who shall remain nameless) some years back advising using their “secure WPA2 network” for sensitive transmission. The statement is ambiguous in any case, but there is little security to the user in being connected to an encrypted wireless network, where the network operator and the other network users are untrusted. Let’s look at some risks: Regular Ethernet Cabled Network Risks: Interception of your data in transmission through a tap/RF emissions Interception of your data through network manipulation by malicious user on the network (DHCP spoofing, ARP spoofing, etc) Interception of your data at the router controlled by the local system admin, or any other router along the way between any number of admins along the route to your destination. The risks of open WiFi and WEP secured WiFi are the same as above, save that no tap is needed. The medium is the air, and anyone with access to the medium can intercept and manipulate traffic. WPA/WPA2 is a slightly more interesting case. Passive sniffing is out – the access point negotiates different keys per connected client. Therefore one client sniffing the network will observe encrypted data only. That said, network attacks such as DHCP spoofing and ARP spoofing work just fine. […]

By | July 16th, 2014|Security Consultant|0 Comments

My 5 step offshore interviewing process

Often being called on to assemble and manage teams of designers or coders in particular through projects, I’ve developed a few tips and tricks in 12+ years of off-shoring which I wanted to share. They may be obvious to some. With experience, I’ve found that most off shore contractors are hard working and keen to grow but can sometimes be challenging or even impossible to work with. Can a job applicant read? Usually, the job description will contain the old test, “please include the word ‘blah’ at the top of your reply to prove you’ve read this description”. This makes sure that the applicant has read the description rather than just posted a cut and paste canned application to multiple jobs. Sometimes, applicants respond to questions that they prepare rather than actually reading and understanding your questions. I was hiring someone to work on some Google AdWords campaigns. I asked, “can you let me have some stats/supporting evidence/case study on any recent previous job – click through rates, impressions, conversions and metrics.” What I’m asking is, what did you do, and what were the results? The applicant on the other hand, seemed to answer the question, “can you tell me anything y0u can think of about some of your past work?” As an applicant, if you can’t read my requirements and queries accurately, how can I work with you? If you want to save yourself the hassle, have a look at our php programmer services. […]

By | July 15th, 2014|Development, Security Consultant|0 Comments

Open relay mail server fail

After my near fail with a potential phone malware infection, the only thing that could top my week was an actual fail! I managed it in style by managing to publicly expose an open mail relay – talk about basics 101! I’ve been traveling pretty extensively over the last 6 months and frequently find myself on connections where port 25 outbound (SMTP) is blocked. So I’m sitting in an internet cafe in south Peru, on a connection sporting something like 64kbit down and 5kbit up. I’ve just beaten my worst latency record with a ping time of about 5 seconds to 8.8.8.8. I have 4 items sitting in my outbox and I’m wondering if they’re not going because the port is blocked, there’s an issue with my mail server, or whether they’re about to go at any minute but just can’t make it past the huge connection latency. (In case you were wondering, I’m just setting up my excuses!) Eventually some debugging with netcat and tcpdump lead me to confirm that port 25 is blocked. No problem, it’s my personal mail server after all, I’ll just set up a proxy listener on port 2525. With a one liner to execute simpleproxy, my mails start leaving and all is good. I daemonize simpleproxy for later and go and do something else. […]

By | July 14th, 2014|Security Consultant|0 Comments

Exim, DKIM and Debian Configuration

DKIM is a system for cryptographically signing messages and confirming they were sent from a sending server authorized at domain level. A private and public key pair is generated. The private key is used to sign the messages, and the public key is published as a DNS TXT record for the domain name. This allows recipients to electronically verify that mail claiming to be from domain was actually sent by a server authorized to send mail on behalf of that domain. Implementing DKIM into a mail system increases trust and deliverability. Setting up Exim to sign outgoing mail under DKIM (Domain Keys Identified Mail) is a reasonably quick and simple task. Assuming you’re using an up to date version of Debian with Exim4, the process is even easier. […]

By | July 11th, 2014|BASH, Linux, Networking|7 Comments

Why pen test?

Let’s first separate the differences between a pen test/penetration test and a vulnerability assessment. A pen test is exactly that – testing to see if the systems can be penetrated by an attacker. Remaining within the agreed scope, a pen test is done with a hacker’s mind set. Different tools and methods may be used, different services may be attacked and combination attacks may be leveraged in order to penetrate the target systems. A vulnerability assessment on the other hand involves testing a systems or services for known vulnerabilities alone. It is often achieved partially or wholly through an automated software scan using a tool such as Nessus. A vulnerability scan will typically check for enabled software features or specific running versions of software that are known to be vulnerable. Vulnerability assessments can also be used as part of a larger pen test. So a pen test is better right? Not necessarily – it depends on the aims of the test and the business requirements. Vulnerability assessments are often used as a pre-cursor to a pen test, but also where specific risks need to be assessed. They won’t however provide an accurate picture of security posture vs an external hacker. Hackers often won’t just run vulnerability assessment tools against a target but will attempt to leverage coding, policy and all manner of trust weaknesses in order to gain access to a target. […]

By | July 9th, 2014|Security Consultant|0 Comments