Chinese Cyberspies Appear to be Preparing Supply-Chain Attacks

First and foremost, attackers appear to favor spear-phishing individual targets, preferring to collect credentials and then entering accounts without utilizing malware for establishing an initial foothold.

We have observed spear-phishing campaigns that target human resources and hiring managers, IT staff, and internal information security staff, which are generally very effective,” 401TRG experts said about the 2017 campaigns.

Hackers focus on collecting network credentials and then spreading laterally inside a company.

Attackers then use a technique known as “living off the land,” which refers to the use of locally installed apps for malicious purposes. Tools often used in these intrusions include standard Windows utilities, but also penetration testing utilities such as Metasploit and Cobalt Strike. Malware is only deployed if necessary, attackers fearing detection, which often implies losing their foothold on a target’s network.

(Via BleepingComputer.com)

First, don’t forget the ‘supply chain’ isn’t just raw materials or parts or assemblies or their ilk. It’s the HVAC and fish tank maintenance companies, too.

I like the phrase LotL (“Living off the Land”). I think, tho need to check, it translates well.

Tl;dr: Orgs with strong security & defense-in-depth can still harbor blind spots & inaccurate assumptions.

Continue reading

Shinjuku, Tokyo, Japan

Also on:

There’s a great post by Rob VandenBrink over at the ISC Handler’s Diary about embedded devices that are hiding in plain sight in your data center.

I was recently in a client engagement where we had to rebuild / redeploy some ESXi 4.x servers as ESXi 5.1. This was a simple task, and quickly done (thanks VMware!), but before we were finished I realized that we had missed a critical part – the remote managent [sic] port on the servers. These were iLO ports in this case, as the servers are HP’s, but they could just as easily have been DRAC / iDRAC (Dell), IMM or AMM (IBM) or BMC (Cisco, anything with a Tyan motherboard or lots of other vendors). These “remote management ports are in fact all embedded systems – Linux servers on a card, booting from flash and usually running a web application. This means that once you update them (via a flash process) they are “frozen in time” as far as Linux versions and patches go. In this case, these iLO cards hadn’t been touched in 3 years.

So from a security point of view, all the OS version upgrades and security patches from the last 3 years had NOT been applied to these embedded systems.

This is a thorny issue as systems often need downtime to patch these systems. Check out the thread there for how others are handing or mitigating this.

Oh, and I’ll throw in Sun’s LOM (Lights Out Management) to the list.

via ISC Diary | Silent Traitors – Embedded Devices in your Datacenter.

On a Unix/Linux/BSD device /tmp tends to see heavy usage. I’ve moved mine into RAM to ever-so-slightly improve performance and more significantly reduce SSD I/O.

To do this I edited

/etc/fstab

as root with my favourite editor. I added the following line at the end:

tmpfs           /tmp            tmpfs   defaults,noatime  0       0
tmpfs           /var/tmp        tmpfs   defaults,noatime  0       0

You can reboot at this point and you’re all set. You could manually mount this but it could cause problems with your system.

UPDATE: Ubuntu and Lotus Notes for Linux don’t like mounting /tmp as nosuid and noexec.

Let me know if you do this and how it works for you.

Mrxvt is a great Unix/Linux/BSD terminal client. It is light weight and supports tabs. I’m still waiting for Unicode & UTF-8 support. If non-Latin support is more important than tabs check out rxvt-unicode/urxvt. These are both based off of a beta of the wonderful but languishing rxvt terminal.

Anyway, one of the things I’m trying to do is make my various systems as keyboard consistent as possible. Mrxvt doesn’t support keyboard copy and paste out of the box. I found a post that details how to set it up.

This tip makes use of my newest favorite CLI tool: xclip. Here’s how.

On Ubuntu 12.04, install xclip:

sudo apt-get install xclip

Then using your favorite editor edit (or create) the file

~/.mrxvtrc

Add the following lines at the end of your file:

Mrxvt.macro.Ctrl+Shift+v:            Paste CLIPBOARD
Mrxvt.macro.Ctrl+Shift+c:            Exec !/usr/bin/xclip -o | /usr/bin/xclip -selection clipboard

Save the file and restart your Mrxvt.

Viola!

Let me know if this works for you. If you get this working under rxvt or urxvt, let me know!

I hadn’t heard about hybrid suspend until reading this article at WebUPD8.org. I’d used the standard sleep mode most of the time. I enabled hibernate on my laptop as I mentioned here.

This hybrid sleep is pretty great. I put the laptop to sleep normally, either by command or closing the lid while unplugged from power. After 15 minutes by default the laptop will go into hibernation, saving battery power.

Some comments on the original post have mentioned there could be a risk if you have a traditional hard drive versus SSD. This could indeed cause an issue if your laptop is moving (in a bad, under an arm, etc.) while it transitions into hibernation mode. Use at your own risk.

Also, you must have a swap partition of sufficient size. If you followed the default at install you’re probably safe. If you opted for no swap (a mistake in my opinion) this will not work.

Here are the steps, paraphrased from WebUPD8.org:

From the CLI, execute:

sudo pm-is-supported --suspend-hybrid && echo "hybrid suspend is supported" || echo "your system doesn't support hybrid suspend"

Depending on how the command returns you can proceed.

You need to create a file as root called

/etc/pm/config.d/00-use-suspend-hybrid

Here’s what you need to put in it:

# Always use suspend_hybrid instead of suspend
if [ "$METHOD" = "suspend" ]; then
METHOD=suspend_hybrid
fi
# time in seconds until hibernate (suspend to disk) occurs; 900 means 15 minutes
# Edit this value to your preferred delay
PM_HIBERNATE_DELAY=900

And that’s it! If your laptop doesn’t support hibernation at all this will not work.

Some folks in the comments thread mentioned a risk of overheating, but I’m skeptical that there is any real concern there.

Let me know how it goes for you!

One of the reasons I still use Firefox as my primary browser is because of the reconfigurability of it. Intrigued by articles about Firefox on widescreen displays I read years ago, one from lifehacker.com and another here I implemented their recommendations. Today you’ll find some of their tips out of date but the concept remains sound. Here’s what I’ve done since then.

Wide screen usage with Firefox is superb. With it I can reduce the horizontal and vertical space taken up by tabs and menu bars. Thus I maximize the space for what I want – the content. I also make extensive use of keyboard shortcuts, so extra menus and bars aren’t needed. I also don’t want extra windows popping up or blank pages when downloading attachments.

Here’s the recipe so you can make use of it this way, too. Many of these tips work on Windows, Linux, and Mac OSX. Windows has the full widescreen experience. I’ve used variations on this for the last two or three years. I’m running Firefox 15 at the time of writing.

Widescreen Firefox Recipe

First, install the latest Firefox. I make it my primary browser everywhere except on my work laptop where “the job” requires IE.

Next, install the following add-ons:

Download Statusbar

Turn on “Mini Mode” to replace the Downloads pop-up window. I move the icon into Nav Bar toolbar at the top of the Firefox window.

Nav Bar on Titlebar

This Windows-only add-on (at the time of writing) moves the main Nav Bar to the window’s title bar. There are a few settings one can configure but I keep it to the default.

Stylish

Stylish allows for script installs, scripts that alter web pages’ appearance as well as configuration elements to change the overall appearance of the Firefox interface. The one I use for maximizing Firefox is “Hide Forward/Back Buttons When not Needed“.

One other one I like is “Google Reader Readable” as I’m a heavy Reader user. It’s not required.

Head to UserStyles.org to see a huge collection of scripts you may find useful.

Tab Mix Plus

This extension possesses configuration options about tabs, sessions, and a multitude of tweaks. Spelling them out or even attaching screen shots of every possible tab would push this post even longer than it already is.

Instead, my config is here: TMPpref. You can import it into your TMP. Adjust for your own tastes.

Tiny Menu

UPDATE: Windows has the orange Firefox button. Ubuntu Unity embeds the menu in the top menu bar. Mac OS X does something similar. In all other cases or if you disable those you want Tiny Menu. With it and some toolbar customization you can minimize the vertical space you’d otherwise waste, putting the navigation and tool bars onto one while keeping the horizontal usage in check.

Vertical Tabs

This moves the tab bar from along the top horizontally to along the side vertically. You can drag the tab bar to the left which is where I prefer it. You can also resize the width, which I do. I make it wide enough to see the tab icon.

Final config

Move icons around so the few add-ons you need and some informational icons are on the one title/nav bar. Some might be on the status bar at screen bottom.

Close the status bar when you’re done.

Result

Here’s the final look. Note I have other add-ons installed.

If you’re able to make use of this and it works for you, please leave a comment below. I’d also love to hear about other tips and tricks to maximize browser space.

Johannes Ullrich wrote up a nice article on Teredo, the IPv6 tunneling protocol built in to all modern versions of Windows. If you’re not sure what terado is,

The protocol tunnels IPv6 traffic from hosts behind NAT gateways via UDP packets, exposing them via IPv6 and possibly evading commonly used controls like Intrusion Detection Systems (IDS), Proxies or other network defenses.

This is an excellent read for how to detect and analyze the traffic.

Over at the How-To Geek, Jason Faulkner wrote up a nice piece on using TrueCrypt, one of my all-time favorite multi-platform security tools:

Just about any self respecting geek always has a flash drive handy. Whether it is on your key ring on in your purse, having the ability to access certain files and utilities anywhere can really come in handy at times. However, if you were to lose or have this flash drive stolen, depending on what is stored on the drive, you could be setting yourself up for a completely preventable disaster.

With the help of TrueCrypt, you can easily protect the data stored your flash drive so that if it is lost or stolen, nobody will be able to get to your sensitive files.

Read the whole article here.