Researcher. Builder. Hacker. Traveler.

Year: 2013

Felonies People Asked Me To Commit This Year

Tags Publish Date148 Views

I wanted to do a year end blog post and couldn’t come up with a good topic so I figured I would just list all the federal felonies people asked me to commit for them this past year by hacking the following:

Bosses Gmail account
Blog of a business rival
Multiple wireless networks
Twitter account of LeBron James
Target
Many, Many Facebook accounts
My son’s Marvel game so that he would never die.  (Ok, I actually tried to do this one).

Seriously… I am not built for federal prison so please stop asking me to commit federal crimes for you.  In most cases I can’t do it and in the rare case I can the need to not get jumped in the shower will stop me from helping you.

My Security Christmas List

Tags , Publish Date97 Views

I have been asking my son for the last month what he wants Santa to bring him for Christmas.  After many discussions and a huge list I had to tell him Santa only takes list of 5 items or less and that he would have to figure out what he really wanted.

It got me thinking about what my letter for Security Santa would look like  and here is what I came up with:

Dear Security Santa,

I hope everything is well at the North Pole and your big brother has stopped cyber-bullying you about wanting to be in security and not follow in the family business. Did you remind him that he one time let an Elf become a dentist?!?!

Anywho I have been a very (mostly) good boy this year.  Much, much better than my friends at the NSA have been!  So hopefully you can see it in your heart to give me these five things:

Painless Patching Kit
It is 2013 right? Keeping a Windows machine up-to-date shouldn’t take a network administrator. If you somehow could take the idea of Secnuia PSI and make it a workable solution you would be my hero! Think of the number of problems you could solve if Flash, Java and Reader automatically updated themselves correctly!

Security Conference Cloud.
I go to my fair share of conferences a year but I never see all the talks I want to see.  You need to invent a company that travels around and records all the security talks and hosts them behind a pay wall.  I would pay $100 a year for a membership and I know there are a lot of other good Security professionals who can’t go anywhere that would also.

Less Basements and More Boardrooms.
I have some incredibly intelligent friends who I would love to see break out of their IT Crowd thinking and move out of the basement and into real security leadership roles in their companies.  Help them understand talking to people who wear a suit everyday isn’t that hard!

World IT Department Peace
I ask for this every year but I still talk to a lot of security professionals who see their role as chief adversary officer in their IT department.  Think about how much further we could move security if everyone actually tried to work with the developers and the system admins in their companies!  

A Puppy
I really want a puppy and I have asked the real Santa for one for the past couple of years but I think him and my wife are in cahoots to stop it from it happening.  So I figured I would go all shadow IT on them and ask you!

As you can see I don’t think I am asking for much this year so if you could please bring me all this stuff (mostly the puppy) that would ROCK!

Yours Truly,

Jerry

Tags , , Publish Date114 Views

Life is not a dress rehearsal. There are no do overs or second takes. Whatever you are going to do you better do it now and do it right.

Dell World: Chrome Books, Foosball Tables, Hacktivist and Michael Dell.

Tags , Publish Date110 Views

Yesterday was my 2nd day at Dell World and I spent a lot of to time talking to some really smart people about the future of the company.

One of the coolest things I did was get some hands on time with Dell’s new ChromeBook the will come out next year.

I also spent some time walking around the expo until the live music got to migraine inducing level and I had to leave.  In a blog post for Dellwold.com I asked if they were really going to be the world’s biggest startup, I am not sure yet but they do have Foosball tables.

Someone will have to explain to me what “Out-Connect the Hacktivists” means.

I also got a chance to talk to Michael Dell (or M.C. MD as I like to call him, Please dont tell him.)

 

Dell World: Capitol Visit and #vBBQ

Tags , Publish Date153 Views

Yesterday was my first full day in Austin.  I took some time early in the day to walk to the Capitol and discuss some security related issues with a  friend of mine who works there.

In the evening I was lucky enough to hop on the Dell DP bus and attend the #vBBQ at the Salt Lick in Driftwood.

Scott Hanson (who works for Cisco?!) did a great job putting this together:
(Small Rant: The fact that the #vBBQ isnt an “official” Dell World event is crazy!)

I dont think you are allowed to go to the Salt Lick without posting food porn:

Over all it was a great day at Dell World hanging out with old and new friends.  I am really looking forward to the rest of the week!

Dell World: The Journey Is Half The Destination.

Publish Date94 Views

I am lucky enough to be an invited guest of Dell this week at DellWorld.  They picked up the flights and hotel this week so I can share with you guys as a “social influencer”.   

I was scheduled to fly to Austin this morning but due to an ice storm in Dallas on Sunday my flight was canceled but thanks to some fast thinking by the travel team at Dell they were able to get me a seat on a flight last night.  

One of my all-time favorite travel quotes is:

The journey is half the destination.

That is definitely true for getting here last night.

1)      My plane was delayed for 2 hours before even boarding.

2)      Once we got on the plane we had to get off so in the words of the captain they could “reboot the plane to get the lights to work”

3)      Once in Dallas we had to sit on the tarmac for about 30 minutes waiting for a gate as the lady next to me started to cry.  She had been trying to get home for the last 4 days and just missed the only flight home due to not getting to the gate in time.

We did finally get to Austin a little after midnight last night and I caught 4 hours of sleep and this beautiful south Texas sunrise.

Thanksgiving, after all, is a word of action.

Tags , Publish Date109 Views

Thanksgiving, after all, is a word of action. – W.J. Cameron

I stumbled across this quote late last week and it has kind of stuck with me while I get ready for some much needed time off and some quality family time.   

I don’t spend enough time heading that call to action beyond some basic lip service. I am blessed beyond what I fairly deserve and don’t take the time to tell the people who helped me get here how thankful I truly am for their help and guidance.   So don’t be surprised if you get an email, phone call, text message or carrier pigeon from me in the next couple of days.

I am going to be a little less Peppermint Patty and a little more Linus this Thanksgiving.

Tags , , Publish Date117 Views

Successful leaders see the opportunities in every difficulty rather than the difficulty in every opportunity.

I helped a local company pay off hackers.

Tags , , Publish Date87 Views

From time to time I get called by small organizations, law firms and companies in my local area to do some consulting on security issues.  Yesterday afternoon <redacted organization> called me and told me they were getting this pop up on one of their computers:

image

That pop-up is known as CryptoLocker and once your machine is infected with CryptoLocker it will then begin to scan all physical or mapped network drives on your computer for common picture and office files and when it finds these types of files it encrypts them with a basically unbreakable encryption and gives you 72 hours to send them $300 or they will destroy the key to unlock your files.

I had a hard time figuring out what to suggest <redacted organization> do.  They only backed up their files on Friday evenings and so they were looking at loosing 3 full days worth of work if they didn’t pay.

After a lot of back and fourth they decided that it was worth a $300 gamble to try to pay off the hackers knowing that it might not work.  So they went down to WalMart and bought a Green Dot MoneyPak loaded with $300 and followed the somewhat complicated instructions to transfer the money.

<redacted organization>’s IT guy called me this morning when he got back into the office and said their files had been decrypted successfully and they removed the infected machine from the network. 

I think this is a turning point in Security.  There were some steps that <redacted organization> could have done to protect themselves better:

  • Better Share Managment
  • Better E-Mail Filtering
  • Better AV
  • Better Backup Schedule
  • Security Awareness Training

Overall <redacted organization> is just a normal small company though.  They try to be security aware but they dont have the time or resources to do everything the way they should and in the end it made sense for them to pay $300 to recover their files.

If I had to guess Cryptolocker is just the start of a wave of malware that holds your files hostage until you pay.  I dont like it but I doubt this is the last company I help pay off hackers.

Older Posts

Site Footer