When I was in high school, Rockwell released the popular song, Somebody’s Watching Me. In it, he examined an array of different people that he worried could be watching him on a daily basis, including his neighbors, the mailman, and the IRS. I carefully listened to the words and, of course, Michael Jackson’s background vocals, and literally took the song to heart. Who could be watching me? I agonized a bit over this song as a high school student, believing that it provided some truth.

Well, today, somebody watching you is literal fact. Surveillance camera’s exist in most public and work places, and audio recordings of phone conversations “for quality assurance purposes” are prevalent from most corporate institutions. People are literally being watched all the time, their privacy completely diminished.

There is one place, though, that regular, ordinary people are being watched without any warning signs posted. That place is online. Online, anything you post or any pictures you add is automatically visible to anyone that wants to view it. Big Brother is out there watching you…in real time. What you say or do can be recorded as you do it and used against you if it denigrates someone or something related to a specific company.

As a result, Hurricane Labs is introducing our:

Social Media Security Awareness Class: What Employers and Employees Need to Know.

This class will help you and your employees:
– Learn how to protect your company, your employees and yourself in social media.
– Distinguish between professional and personal privacy.
– Review discussing and disclosing public versus private information.
– Provide your company with the necessary tools to create a compliance procedure for your employees.

Companies should be aware that they need to address this now, before something happens online to their company. Does your company have a plan of attack on how to handle it, so you are prepared when something actually does. This class is vital to your company and employee security, as everyone from the top down needs to be educated in this area.

The first class will take place Tuesday and Wednesday, March 13 – 14 from 9:00 – 4:00 each day at Hurricane Labs. To register you or your employees, or for more information, click here. Other class dates for 2012 are listed here as well. Any questions, please contact classes@hurricanelabs.com.

OS X 10.8 Mountain Lion
- Notification Center
- Messages
- Download only?

Chrome to Surpass IE Market Share
- About time, Chrome is great
- IE 9 frustrations

Twitter Enables HTTPS by Default
- Long overdue
- Facebook will probably follow shortly

Google News
- Google DNS reaches 70 billion requests per day
- Cleared to buy Motorola’s Mobility
- Nevada approves Google self-driving cars

Hack of the Week
Malware on Cryptome.org

App of the Week
Playstation Vita

In the post 9/11 era, a stark reality exists. Terrorism poses a very real threat. At this writing, we face the very real potential for another type of attack – cyber terrorism. The same stringent safeguards protecting the public need to be employed by those of us tasked to protect our wealth, critical information, and intellectual property – that is, our electronic lives.

Governments are tasked with ensuring the well being and safety of their citizens. In an era where globalization extends past our physical borders to the borderless network on the Internet, security is even more paramount. In many respects, the United States, the nation where this very technology was invented, is falling behind in the global technological race. Issues such as necessary infrastructure improvements are being ignored while the interests of content providers are being protected and even championed. Government representatives often lack basic knowledge to make intelligent decisions regarding this critical infrastructure and its fundamental operation. This is a disaster waiting to happen.

Corporations seek to serve the financial interest of their owners and shareholders. Many of these organizations rely heavily on technology to operate. Industries such as banking, insurance, and software development work heavily with assets that exist purely in digital form. In the event of a security breach, this wealth can quickly vaporize. Competitors can be attackers, users can be threats. Do you know where all the information for your company is at any moment in time? How much information walks out of the front door each and every day? How much of that information may be lost forever?

When it comes to cyber security and threat management, user education is crucial. In many ways, the end user is the weakest link in the information security chain: secure passwords are meaningless if they are simply written on a sticky note attached to someone’s monitor. Cell phones and laptops contain a wealth of information that can very easily wind up in the wrong hands in a moment’s notice. Sites such as Facebook and Twitter provide a wealth of personal information that people are all too willing to share with someone and often anyone else. We live in a culture of sharing: sharing passwords, sharing information. Sadly, many fail to grasp the significance of handing over the keys to their digital lives to complete strangers. There is so much to lose.

We are the technologists. We are charged with using technology to improve people’s lives and make computers work for everyone. In a perfect world, security would not be a concern. Infrastructure would always be available, reliable, and secure. Threats would be nonexistent. The world, however, is far from perfect. There are many risks – too many to count. But our reaction should not be to accept failure, but instead, embrace the unknown and challenge it.
Proactive security trumps reactive security. Know your threats. Know your vulnerabilities. Know your attackers.

Cyber terrorists are everywhere. Are you prepared?

Facebook Holds “Deleted Photos
- Why put it up if you want to delete it?
- Is anyone surprised?

Amazon Prime Streaming Viacom
- Brings more content
- Closer to Netflix-level streams
- Matt likes prison shows
- RANDOM CRIME DRAMAS

Trustwave Issues DECRYPT ALL THE THINGS Super Cert
- “Not common practice”
- Then how did it happen!?

Mandatory Disclosure for IT Security Companies
- A novel idea
- Bill believes in absolute full disclosure
- Adobe guy is full of it

Do You Password Protect Your Gadgets
- DO IT
- Matt loses things, but we’ve all heard this story before
- Encrypt the gadgets!
- Mobile devices are location aware, so you can recover them
- Education is required

Hack of the Week
Google Wallet

App of the Week
Chrome Beta for Android

While cruising around for an answer to a configuration problem I was having this morning, I had an interesting thought. While it is mostly common knowledge to all of us inside the IT community that “Tier 1 Helpdesk” more often than not translates into “Let Me Google That for You”, even those at the top of the tech chain still rely on online search tools to locate instances where others have run into similar complex and unusual problems. Those search tools, in turn, point almost exclusively to online message boards and blogs for the answers to our dilemas. Online message boards who’s content is generated by “The Devil” (aka Users). User generated message boards and blogs are one of the main resources that we in the IT community rely on to get things accomplished when presented with something outside of our comfort zone. We play off of each others strengths in certain areas to form a sort of network brain-trust which helps us all succeed.

But what happens when you take away all of those message boards and blogs? Seriously, think about it. Without going too far into the bills and what they mean (you can follow this to read up on the them yourself), websites will be held responsible for user generated content. Most sites that allow user content will not be able to properly monitor that content and will have to shut down for fear of ridiculous law suits.

I’m not saying that this would completely cripple the worlds IT infrastructure (maybe Tier 1 helpdesk), but getting answers to questions may take quite a deal longer for us to research them on our own to get the answers that we need. In terms of practical everyday business, that would be grossly inefficient. Especially if the problem was creating a network outage where no one was able to get any work done. Aside from putting an extreme amount of pressure on your everyday network admin, this would also end up costing companies a serious amount of dough in a variety of ways.

First off, companies would HAVE to hire more seasoned veterans to run their network and be willing to pay them more in an economy which is still, in some cases, laying people off. Secondly, even with those senior guys at the helm there is no guarantee that they’ll be able to solve every problem that comes their way, and during a network outage every minute of unproductivity translates into thousands of dollars in wages, lost profits, etc etc. In a perfect situation, that would force an almost immediate phone call to a specialized company, for example, Cisco for support. If you have a support contract through these guys, you know that you have alotted a certain amount of time (or tickets) per period and going over those gets quite costly.

Even for smaller issues which only stops one user from being able to work effectively, if the helpdesk is not able to look up the answers easily or efficiently that is still costing the company money. Not to mention, escalation is more likely to occur filling the plates of the senior level IT guys even more.

Even an average user can appreciate this: What would happen if someone called the helpdesk, presented their problem, and the answer they received was “Sorry, we don’t know. Someone is going to the library to look it up.” – While that is obviously an exaggeration, I think you see my point.

So it begs the question. What would we REALLY do without the Googles?

Facebook Readies IPO Filing
- A LOT of people use Facebook
- A LOT of money

Lion 10.7.3
- Matt Hasn’t upgraded
- Bill and Patrick have had zero problems

Basic FreeNAS Setup
- We use it, it’s nice
- Matt is looking for his own personal setup
- Western Digital TV perhaps?
- Matt might be buying a PS3 or Xbox 360

FBI plans social network map alert mash-up application
- Why?
- There are plenty of existing services, why build something new?

New RIM CEO
- Won’t help
- No vision

Hurricane Labs Boastcast
Modern Search Engines for the Contemporary User
Gaining Access to a Check Point Appliance – Physical Access Trumps All

Hack of the Week
Anonymous hackers leak Scotland Yard-FBI conference call

App of the Week
Lookout Mobile Security Threat Tracker

When on the Internet, how do you find things? Many use a search engine. Currently the most popular search engines that people flock to are Google, Yahoo, Baidu, and Bing. As of January 2011 approximately 98% of all web searches are done on these sites. However, there are quite a lot of other search engines that make up the smaller 2%. Some with many features that aren’t available from the big four. Here are a few that tend to come up often in Internet discussions for being unique with features and results.

blekko
https://blekko.com/

blekko is unique search engine that focuses more on quality of results than on quantity of information. Unlike Google, they specifically do no want to collect all the of the world’s information or make it searchable. They remove low quality and spam sites (who focus more on monetization rather than providing information) from their index. What makes blekko unique from other search engines is that they rely on “human curation,” which relies on it’s users to help tag sites to increase the quality of the results.

blekko provides the ability to filter the results based on their defined relevance or date and blekko shows common tags so you can narrow your search base. blekko also provides the ability to change search preferences, with options such as ads displayed, secure searching (HTTPS), disabling Facebook features, and safe search.

DuckDuckGo
http://ddg.gg

DuckDuckGo is a Perl based search engine that focuses on delivering quality results while respecting users’ privacy. Two privacy issues they focus on are the search bubble and tracking. They even offer a Tor hidden service. DuckDuckGo’s website is also available over SSL.

One of the most unique things DuckDuckGo provides are the !bang syntax searches. With the !bang syntax one can narrow their search to a specific type of results or a specific site. They support hundreds of sites, and they have a complete list of available !bang commands here.

DuckDuckGo provides the ability to adjust search settings including, safe search, region, 0-click result, secure searching (HTTPS), re-directs, and user themes.

ixquick
https://ixquick.com

ixquick is a European based search engine that primarily focuses on privacy. Their privacy policy isn’t as neatly setup as DuckDuckGo, but it is very thorough in explaining their strong stance. In the process of protecting privacy and the security of their users they offer their search over SSL. ixquick’s results are mostly assembled from other popular search engines, of which they don’t specifically list. In the results, one has the ability to hone in on a specific type of result using their unique “Power Search Refinement.”

Many settings and preferences can be set – clustering of results, secure searching (HTTPS), and anatomizing picture and video searches.

whostalkin
http://www.whostalkin.com

whostalkin is a powerful search engine that aggregates results across several different sites and resources. Its primary focus is on searching social networking sites and blogs, ie: FriendFeed, Twitter, identi.ca, wordpress.com, and several others.One can focus their results on a specific division: news, blogs, or social networking, and various other networks.

The main categories that whostalkin makes searchable are: blogs, news, networks, videos, images, forums, and tags. At the time of this writing whostalkin does not provide a way to further customize usage or results besides the category selection.

YaCy
http://www.yacy.net/en/

YaCy is a P2P, decentralized search engine. Unlike most search engines where you visit a website on the Internet, you install YaCy and load up the search page locally. YaCy requires installation because it queries peers in the P2P network. By default YaCy expects you to contribute to the YaCy network. While it is contributing the program crawls various websites on the Internet and stores the results of the crawl locally. When someone else does a search and if their client connects to yours it will query your crawl cache for results.

YaCy’s main philosophy is that they want to keep information free and uncensored. They argue that other search engines are centralized which could potentially lead them to be censored, blocked, removed, or spammed. YaCy is open source, free software and is completely transparent. They provide more in-depth explanation of their philosophy here.

There are several settings that can be adjusted in YaCy, many revolve around the network itself. You can adjust how much caching it does and how much you want to contribute to the network as a whole.

There are several other great search engines that help make up the other 2% of the market share. This list is to highlight those that have unique features that aren’t found or commonly found together on other search engines. Wikipedia has an article of search engines (past and present) in a timeline format of when they were released.

Recently, one of my co-workers and I were tasked with reconfiguring a Check Point Appliance for use as the main firewall in a lab environment we are building for some internal testing. Because we both are recent hires (and thus, the low men on the totem pole), we were not given passwords to the devices or any other useful information regarding their previous configuration. We were expected to learn how to manage the devices, reload the Check Point software, and configure the equipment entirely from scratch. Unfortunately, the Check Point devices refused to play nicely and cooperate with our mission, instead insisting on throwing fatal exceptions whenever we attempted to reload the software. With our attempts to reload and configure the devices properly crippled, we were forced to seek an alternative solution. Our minds quickly turned from reinstalling the software to hacking into the password-protected devices instead.

A Check Point appliance is a purpose-built server. It contains a CPU, memory, and hard drive, along with multiple network interfaces and a USB port. Optical media is accessible via a USB drive. Unfortunately, the appliance is lacking one critical feature that would make administration much simpler – a video output. This is done by design – normally, once the device is configured, there is no reason or need to view the output of the device itself. All of the administration is handled through the web interface or management server application. This, however, was neither a typical nor a normal situation. A lone serial interface would provide our only method of accessing the device.

On any Linux-based system with an unencrypted hard drive, it is possible to completely overtake a system once you have gained physical access. Often this is easily accomplished with a live CD distribution, such as Backtrack or Ubuntu, and some command line tools. Unfortunately, most live CDs are not designed with a serial console in mind – instead, they rely on a graphical user interface, which would not work on the hardware we had. But just because something is not easily done does not mean it is not possible.

Some creative thinking, judicious Googling, and an Ubuntu 8.04 Server CD provided the answer. This version of Ubuntu supports installation via a serial console (other versions might work as well, but we had one of these CDs laying around in the lab). However, the first steps of the installer still expect a video display to be connected, and do not output via the serial console by default. To work around this condition, we connected a USB cable to the appliance, and used the following sequence of keystrokes to (blindly) advance the installation to the point where we could see the serial console output:

1) Enter (for language selection)
2) F6 (for specifying command line installation parameters)
3) Backspace three times (to clear out the end of the installation parameters string)
4) Typing “console=ttyS0,115200n8 — ” (to specify the serial console location and connection settings)
5) Enter (to start the installation process)

A few moments later, low and behold, we were greeted with the initial screen for a new Ubuntu installation displayed in our minicom session. At this point, it was a simple process of dropping into a root shell, mounting the Check Point partition and chrooting into it, and running the passwd command (/usr/bin/passwd) to reset the passwords for the device’s administrator accounts. Upon reboot, we had successfully regained full access to the device – no reinstallation required.

There are several lessons to take away from this experience. First and foremost, physical security is paramount when seeking to protect any device or server, including your firewalls. Without physical access, we would not have been able to compromise the device in this manner. Second, when attempting to gain access to any device, know the underlying technology and its operation. Since the Check Point operating system is based on Linux, we were able to apply the same techniques to attack this device as one would use when seeking to compromise a Linux system. Finally, when faced with a challenge, don’t rule out novel approaches for solving your problems. Your initial plan of attack may result in failure, but failure does not mean that success is unreachable – and you might even learn something new in the process.

How to Read and Search the Support Life Cycle Documentation
This series of links can help you plan for a Check Point implementation, as well as an upgrade or refresh of a current Check Point infrastructure. Due to a long-standing product history, and having gone through a couple of different licensing models, figuring out hardware can sometimes be difficult with Check Point. Hopefully this information can help ease that process.

Using these links, you will find Check Point’s supported versions, and when applicable, their recommended upgrade path.

Check Point Enterprise Support Life Cycle Policy
http://www.checkpoint.com/services/lifecycle/index.html

Check Point Software Support Timeline
http://www.checkpoint.com/services/lifecycle/support-periods.html

Check Point Appliance Support Timeline
http://www.checkpoint.com/services/lifecycle/appliance-support.html

How to Find Out What Check Point Products are Supported on Your Hardware
http://www.checkpoint.com/services/techsupport/hcl/all.html
Check Point currently supports hardware from a specific set of vendors, apart from their branded appliances. An up to date list of supported platforms can be found here, including models from: Dell, HP, Fujitsu, IBM, Kontron, Lenovo, Sun, Supermicro, and Toshiba. Note that some models are only supported for certain functions or products, so pay attention to this list when deciding what hardware to choose for your Gateways, Management Servers, Connectra or Eventia hosts, etc.

How to Look Up Your NIC and Other Hardware Related Information
This tends to be more of an issue when ensuring the NICs in your chosen server are listed in the compatibility list, or for instance when you need to add more NICs to a host. On a typical *nix installation, you can run the command ifconfig to see a list of details on your host’s interfaces. The section you will want to note is: HWaddr f0:de:f1:xx:xx:xx

From the MAC address, we can see that this is an ethernet interface on a Lenovo machine, manufactured by Wistron InfoComm Co. According to the Hardware Compatibility List the NIC in my Lenovo laptop is not officially supported for Check Point installations.

A handy resource to find out exactly who made your Dell or HP or Sun server’s NIC is here (http://hwaddress.com/) Input the first three segments of your MAC address, and it will query the known manufacturers and provide the info.

If you’re not familiar with MAC addresses, they’re the “hardware address”, “burned-in address”, “layer 2 address”, etc. Basically, it’s a unique ID that is only on your one specific piece of hardware.

Using the example MAC address aa:aa:aa:bb:bb:bb, we see that: Each MAC address has two sections; the first is comprised of the first three segments and are used to identify the manufacturer of the hardware. So we could see that aa:aa:aa indicates this NIC was made by “NIC Builders 1234, INC”. The last three segments simply are a combination that the manufacturer has not yet used with the particular manufacturer ID. Obviously, manufacturers can have multiple MAC prefixes (Cisco is listed at 159) so this gives them a wide range of MAC address space.

There may also come a time when you need to find a hardware serial number while remotely connected to a machine. The more important item here is to know that Check Point ties licensing to primary NIC MAC address, so if you can run ifconfig, you have what you need. But if you also happen to ever need your system’s serial number, you can try this:

dmidecode | grep Serial

This will show your system’s main serial number usually as the first entry, and depending on how your hardware vendor has laid out their information, may also show you the serial for the baseboard for other
components.

Using both the software support timelines and the hardware compatibility list, you can achieve a couple of key goals: you can get as much life as possible out of existing hardware, and you can plan future installations or upgrades to get the best possible combination of features and long term viability.

Raise your hand, how many of you have Googled yourselves recently? I knew it – you haven’t! I believe you should do it right now. Why, you ask? Because that’s what other people are doing to learn more about you. Shouldn’t you be the one who controls what anyone sees and discovers about you when searching online?

Looking for a job, hiring a new employee, meeting new people, and finding classmates for a reunion are simply a few of the reasons people may be googling your name.

What will they find? Type in your name and many things will come up: Your Facebook account, your Twitter account, and any other social networking accounts, all of your pictures and personal profiles full of your personal information that Internet Search Engines have collected about you. If you are job searching, employers will Google your name to discover what you are up to online. Not just professionally on sites like LinkedIn, but personally as well. You need to carefully monitor what you say online because even though you are tweeting with just your friends, everyone can read it and make professional decisions simply based on what you have posted.

To discover exactly what information I could find out there, I Googled a good friend from high school. I found his address, phone number, family members, where he went to school, the value of his house, a variety of activities that he participates in currently, petitions he has signed, and donations he has made. All public information! But he’s also a quiet guy who doesn’t participate in online social networking sites, so I didn’t find the pictures I expected. That was surprising, as I know I would have found more information about him easily if he did have a social networking account.

Google a college student you know. Are they keeping their online profile professional or are they simply posting anything and everything they are doing? While it may be fun to tweet with your friends, it is public information. When these friends graduate and go out searching for a permanent job, will anything they have posted stop them from getting it? Or will it stop them from wooing customers if they choose to start a business? They should definitely check it out before it comes back to haunt them.

What would I have found if I had Googled you? Check it out now and find ways to delete any unwanted information that you discover. Taking a proactive stance in your online profile will help you now and for years to come.