You Should (Probably) Turn Off Wi-Fi Assist

If you do not have unlimited data on your iOS device you will want to turn off Wi-Fi Assist in iOS9. Wi-fi Assist uses your data connection when you are on a slow Wi-Fi network.

To turn it off go to Settings > Cellular > Wi-Fi Assist > Off.

MotionPie – The RaspberryPi Security System

I have been looking for sometime to get a few security cameras setup around my house.  I have thought about the dropcam and oco options but they were both fairly expensive and didn’t have the options that I wanted. 

What I did have was a raspberry pi 2, two old web cameras and a 6 year old who likes to build stuff.   We spent some time this weekend working with a project called MotionPie based off of MotionEye this weekend and we really like it. 

It does take a fair amount of computer, network and linux knowledge but if you have a raspberry pi and google I am sure you could figure out.

I hope to see added (and help since it is an open source project):
Dropbox support.
Ability to select motion detection area.
Ability to change the theme colors. 

Here are a few pictures from the project.

The 10 Minute Free* Private VPN

People ask me all time what the one thing they should do to “stay safe” on the internet is.  If I had to pick one it would be to use a VPN when you are on a network you dont own or trust. 

It has always taken a little bit of technical skill to setup a private VPN but my friends at WebDigi have done an amazing job of making setting up a free (if you dont use it too much) private VPN on AWS easy. 

Here is the blog post on how to set it up. 

Here is the projects github page. 

Here is the walkthrough video:

Here are some tips from me: 

  • Use LT2P and not PPTP.  It is safer. 
  • Try to delete and rebuild the image twice a month to delete the logs and get a new IP address (Yes, I am paranoid).  
  • It is free to start but if you send a lot of traffic through the VPN it can end up costing you a few bucks a month. Setup billing alerts. 

Surviving and Thriving at Blackhat

Since it is that time of the year for all good security professionals to get ready to fly to Vegas I decided to put together my own “Surviving Blackhat” blog post.

Make a Friend.
Being in security is sometimes a thankless job. You are going to a place with 30,000 other professionals who do the same thing you do and know the struggle is real.

Sure, someone may try to social engineer you into you telling them your mothers maiden name but you might find a friend who does forensics that you can call at 0200 when you think you are 10 minutes away from being fired.

Have A Meal With An Important Security Partner. 
The companies that help you secure your company are at blackhat and want to hang out with you. Take advantage of it. 

Have A Meal With Some Friends (That You Pay For). 
Pick a night (I suggest Tuesday) and make plans with a group of friends to have an amazing meal somewhere in Vegas without a vendor (unless you are really friends with a vendor). 

I would suggest the Italian American Club for an affordable and amazing dinner. 

Do Not Go To Every Party! 
Seriously… there is no way to attend all of these.  Pick one or two that you really want to go to.  I would suggest the Nike Party and the RiskIQ party

Dress Like An Adult (for meetings).
Save the Black T-shirts and Flip-Flops for DEFCON.
To quote Jay-Z:

I don’t wear jersey’s. I’m 30 plus gimmie a crisp pair of jeans and a button up.

image

Get Swag And Give It Away. 
Pick up way more swag then you need. You have co-workers that are covering for you.  Nothing says “Thank you” like showing up on the 10th with a book bag of T-Shirts from companies you never heard of. 

Get Smart! 
90% of the smartest people in the industry are going to be within 4 miles of each other for 168 hours.  LEARN.AS.MUCH.AS.YOU.CAN.

Have Fun! 
Part of the reason you are in Vegas is to recharge your batteries and have fun. Do that. 

RandomMAC.py

I spend a lot of time working in the starbucks near my office.  It is a great place to slip away from the office for an hour when I need to do some heads down work but dont want to be completely anti-social. 

Even though I always use a VPN one thing that always bothered my was that Starbucks was grabbing my MAC address every-time I logged in:

I am not a big fan of being tracked like this so this weekend I wrote randomMAC for OSX to quickly change my MAC address.

So now when I log in at Starbucks I am passing it a random MAC:

Disable Frequent Location Tracking in iOS 9

I have been using the iOS 9 Public Beta 2 and one of the things that I do not like (and has really been freaking me out) is the Frequent Location Tracking. 

I was getting alerts like this:

image

This made me have the following thoughts:

  • I am not going to Columbia right now.
  • Am I going to Columbia right now?
  • Why does my phone think I am going to Columbia right now?
  • Wait… why does my phone think I am going to Columbia?

The answer to this is a new-ish feature in iOS 9 called “Frequent Locations” and it does a stalker quality job of keeping track of you:  

image

You can and should turn this and Location-Based Alerts and Location-Based iAds off in: Settings > Privacy > Location Services:

image

Compare Two Files

At work this week I needed to compare two files to see if they had the same MD5 or SHA256 hash.  After spending way too long trying to get hashdeep and md5deep to work correctly and not finding anything else to easily do this I wrote compare.py today. 

image
image

This script is the definition of utilitarian but I hope it can help you also.

Just Say No To Security By Listicle!

I see these types of listicles on LinkedIn or Twitter a few times a week: 
5 tips to protect your business against cyber crime
Ten ways to prevent a data breach and protect your small business
3 tips to keep your company secure from hackers

They are written by *security experts* and they say effective security is as easy as:

  • Running  su -c ‘yum update’ every week.
  • Picking a good password. 
  • Blocking  everything from China.

The only way to respond to these articles is: 

image

The truth is SECURITY.IS.HARD! 

When an *expert* writes an article based on the premise that effective security is achievable by following a canned security framework they devalue the whole security industry. Implementing security in any organization is about performing the unique risk analysis and that cant be achieved through a checklist. 

So the next time you see one of these listicles just say…

image

Site Footer