Security Podcasts

To stay on top of the ever changing security landscape I listen to security focused podcasts during my commute into and out of the office. Not only does this keep my knowledge fresh it also gives me insight into bleeding edge information, events and other information I can share as part of my consulting and training.

Here is a list of podcasts I follow:

Cyberwire: https://thecyberwire.com/podcasts
Security Now: https://twit.tv/shows/security-now
Darknet Diaries: https://darknetdiaries.com/
Risky Biz: https://risky.biz/
Paul’s Security Weekly: https://securityweekly.com
SANS Stormcast: https://isc.sans.edu/podcast.html

Can you recommend any others?

OpenSSL – List Trusted Certificate Authorities

Unlike Microsoft Windows, which provides the Trusted Root Certification Authorities Certificate Store, Redhat and CentOS distributions do not provide a “straight forward” way in which to quickly check if a Certificate Authority is included into the Certificate Authority Bundle (CA Bundle).

During a recent project engagement I came across a simple CLI command which can be used to parse the CA bundle and list all of the CA’s included:

[m@srv /home/user]# awk -v cmd='openssl x509 -noout -subject' '
    /BEGIN/{close(cmd)};{print | cmd}' < /etc/ssl/certs/ca-bundle.crt

Alternatively the same command can be ran, piped through grep to identify a specific CA, for example “Entrust” –

[m@srv /home/user]# awk -v cmd='openssl x509 -noout -subject' '
    /BEGIN/{close(cmd)};{print | cmd}' < /etc/ssl/certs/ca-bundle.crt | grep Entrust

Whilst not complicated, this simple syntax saves a substantial amount of time manually searching CA bundles with a text editor.

Angry IP Scanner – Fast Network Scanner

Angry IP scanner is a very easy to use, fast network scanner – basically a cross-platform IP address and port scanner. It can scan IP addresses in any range as well as any their ports, it’s also very lightweight and doesn’t require any installation, it can be freely copied and used anywhere.

 

Angry IP scanner simply pings each IP address to check if it’s alive, then optionally it is resolving its hostname, determines the MAC address, scans ports, etc. The amount of gathered data about each host can be extended with plugins.

How it Works

Angry IP Scanner implements several different methods of detecting alive hosts (pinging).

As a rule, if hosts don’t respond to pings, they are considered dead and therefore not scanned further. This behaviour can be changed in the Preferences dialogue -> Scanning tab. In the same place, you can also select the pinging method:

  • ICMP Echo pinging – This is the same method used by the ping program.
  • ICMP.DLL pinging – This is Windows-only pinging method to compensate for the absence of Raw Sockets.
  • UDP packet pinging – This pinging method is preferred when you don’t have administrative privileges.
  • TCP port probe – This method tries to connect to some TCP port that is unlikely to be filtered (e.g. 80).

Features

  • Very fast (multi-threaded)
  • Scan IP addresses in any range
  • Scan for open ports
  • Cross-platform
  • Portable (doesn’t require installation)
  • Hostname Resolution
  • MAC address capture
  • NetBIOS information gathering
  • Computer Name
  • WorkGroup Name
  • Logged in User
  • Favourite IP ranges
  • Web Server detection
  • Customizable openers
  • Scanning results in:
  • CSV
  • TXT
  • XML
  • IP-Port List

You can download Angry IP Scanner here:

Or read more here.

Norton ConnectSafe

Norton ConnectSafe is a free public DNS service offered by Symantec Corporation that claims to offer a faster and more reliable web browsing experience while blocking undesirable websites.

Users can use Norton ConnectSafe by setting their DNS server addresses to those of the Norton ConnectSafe servers. Client software for Windows, Mac OS X, and Android is available to automatically configure devices to use Norton ConnectSafe.

DNS queries routed through Norton ConnectSafe are checked using the Norton Safe Web database to ensure that they do not point to malicious or inappropriate websites. Symantec thus seeks to block malware and phishing attempts, as well as pornographic and inappropriate websites if the user desires.

Policy A — Security

This policy blocks all sites hosting malware, phishing sites, and scam sites. To choose Policy A, use the following IP addresses as preferred and alternate DNS server addresses:

199.85.126.10
199.85.127.10

Policy B — Security + Pornography

In addition to blocking unsafe sites, this policy also blocks access to sites that contain sexually explicit material. Continue reading “Norton ConnectSafe”

Critical OpenSSL security exploit (aka Heartbleed)

Important: Critical OpenSSL security exploit

A serious vulnerability has been discovered in OpenSSL (the most popular SSL module used on Linux based servers). This exploit allows a third party to steal information that would otherwise be secured and encrypted with the SSL/TLS protocol.

If you have a virtual server (VPS) or dedicated server you urgently need to apply the latest OpenSSL patches. Instructions below –

cPanel/WHM:

  1. Login to WebHostManager
  2. Go to cPanel in the left hand menu
  3. Click Upgrade to Latest Version
  4. Follow upgrade instructions
  5. Go to Software in the left hand menu
  6. Click Update System Software
  7. Follow upgrade instructions

SW-Soft Plesk

  1. Login to the Plesk Control Panel
  2. Go to to Settings
  3. Run the Plesk Updater

For the CentOS operating system:

  1. SSH in as root
  2. Run the command ‘yum update’ from the command line
  3. Yum will update the at-risk packages

For Ubuntu or Debian operating system:

  1. SSH in as root
  2. Run the command ‘apt-get update && apt-get upgrade’

If you need assistance patching your systems consider contacting a technical services company such as Aorta Consulting.