Casino

In business since 1995 as IT consultant – Systems Engineer

My education is as a Systems engineer (and is in my Blood :)

 

What is a systems engineer?

Applied Mathematics as well as engineering.

 

What sets Systems Engineering apart from standard IT?

waterfall

Notice the Waterfall approach in software development (I worked at as software company before starting my business in 1995) the Analysis comes before Design and then development and then testing.

 

Now Systems engineering approach:

systemsengineeringprocess

From University of Arizona: http://www.sie.arizona.edu/sysengr/whatis/whatis.html

Notice the basic closed feedback loop:

closedloopfeedback

From http://fas.org/man/dod-101/navy/docs/es310/Int_SysE/Int_SysE.htm

Which I studied intimately.

The similarity of a closed feedback loop and Agile Programming methodologies are uncanny.

agiledevelopmentprocess1

This is why I was able to pick up Agile Programming methods(in late 90’s), as it  is very similar to a closed feedback loop in Systems Engineering.

So why are we discussing this?

closedloopCEOprocess

It is because I am trying to create a Closed Feedback loop for the CEO/CFO

Customer needs are input into the “Company system”- IT department/ IT Security  and products get created.

Fixvirus will test and let the IT department know how to fix, while writing the report for the CEO/CFO.

 

Contact Tony Zafiropoulos 314-504-3974 to discuss your testing needs.

tonyz”@”fixvirus.com

 

 

 

 

 

Defend correctly or in time the criminals will force you to pay attention- Cryptowall 2.0

Hopefully you will not see this image on any of your computers:

cryptowall2.0message

But unfortunately there is no way to recover from this Cryptowall infection, the only hope is to recover the files,from a shadow volume setting which you hopefully had turned on before the infection. Of course if you still have WindowsXP – you have no methods of recovery except from any backups created.

Notice the criminal is also asking to be paid using an anonymous method with the TOR browser. Please do not pay this criminal. There are no guarantees that you will receive the unencrypt method.

This is the  text:

What happened to your files ?
All of your files were protected by a strong encryption with RSA-2048 using CryptoWall 2.0.
More information about the encryption keys using RSA-2048 can be found here: http://en.wikipedia.org/wiki/RSA_(cryptosystem)

What does this mean ?
This means that the structure and data within your files have been irrevocably changed, you will not be able to work with them, read them or see them,
it is the same thing as losing them forever, but with our help, you can restore them.

How did this happen ?
Especially for you, on our server was generated the secret key pair RSA-2048 – public and private.
All your files were encrypted with the public key, which has been transferred to your computer via the Internet.
Decrypting of your files is only possible with the help of the private key and decrypt program, which is on our secret server.

What do I do ?
Alas, if you do not take the necessary measures for the specified time then the conditions for obtaining the private key will be changed.
If you really value your data, then we suggest you do not waste valuable time searching for other solutions because they do not exist.

For more specific instructions, please visit your personal home page, there are a few different addresses pointing to your page below:
1.https://paytordmbdekmizq.tor4pay.com/12Uj7f4
2.https://paytordmbdekmizq.pay2tor.com/12Uj7f4
3.https://paytordmbdekmizq.tor2pay.com/12Uj7f4
4.https://paytordmbdekmizq.pay4tor.com/12Uj7f4

If for some reasons the addresses are not available, follow these steps:
1.Download and install tor-browser: http://www.torproject.org/projects/torbrowser.html.en
2.After a successful installation, run the browser and wait for initialization.
3.Type in the address bar: paytordmbdekmizq.onion/12Uj7f4
4.Follow the instructions on the site.

IMPORTANT INFORMATION:
Your personal page: https://paytordmbdekmizq.tor4pay.com/12Uj7f4
Your personal page (using TOR): paytordmbdekmizq.onion/12Uj7f4
Your personal identification number (if you open the site (or TOR ‘s) directly): 12Uj7f4

 

 

Do you want to get ahead of all the security headlines?

Yes it is possible to get in front of security problems.

First have a Security policy in place.

The policy will include patching all systems in a best possible method. I.e. cannot patch a system during production hours without testing first. But as soon as a patch is tested, then the production system should be patched.

Items as how to handle new USB drives is important.

Second have the best possible technologies in place which includes the following:

NGFW – Next Generation FireWall  – not just stateful multi-layer inspection, but an integrated Intrusion Prevention System that operates at layer 3 or layer 2.

Wifi access points with  WPA2 encryption

wiresinto-modem

We can help you size a firewall technology for your needs.  Contact Us  Tony Zafiropoulos 314-504-3974

 

New video – includes Kmart breach

Kmart had an IT department and still got a malware breach with the credit card numbers stolen.

We are attacked by 5 trillion scans per month?

JPMORGAN SPENT $250 MIL DOLLARS ON SECURITY DEFENSE – STILL HACKED. http://oversitesentry.com/?p=614

http://oversitesentry.com/?p=606    The post that explains the number of scans per month ( a USENIX conference paper)

If there are any weaknesses the hackers will find them.

Bash Shellcode and why test your IT department?

I am discussing the new vulnerabilities regarding Bash Shellcode, and make a not that Shellcode in general means a piece of computer code that is an exploit.

What makes the Bash shellcode so dangerous is that once the following is set “env variable= () {;:}” then some Bourne Shell (Bash) commands can be run to attempt a takeover of your machine.  The full breadth of this exploit has not been felt yet, as the hackers are busy attacking and probing all the vulnerable machines.

 

As has been noted on some of my blog entries:   http://oversitesentry.com/?s=bash&submit=Search  (searching with bash)

This kind of attack is easier to perform and can affect more systems on the Internet, as one has to hunt for the bash software and make sure it does not exist at all, before saying this system is not vulnerable.

shellcode-safe  one of the 6 CVE tests (in the image)

As you can see, this subject gets very complicated, and it strikes me how executives do not see the obvious fox in the henhouse situation.

Hypothetically your system has this vulnerability, even if you do not have credit card data on your server the hacker could take over your server and launch more attacks on other systems until the criminal amasses enough resources to attack higher value targets to make money.  Now your computer is attacking other computers, and because you did nothing, you could also be liable for attacks.

Testing the IT department is important, and must be done.  Who is verifying the tests? The same person?

 

 

Tony Zafiropoulos: “Testing and reviewing IT security is too important to leave to the IT department” – it must be independently verified.

tzsuittiny

Contact me to test your systems 314-504-3974

Certified Ethical Hacker

Prioritize exploitable Bash Shellcode systems

(this post is in reference to the 6 CVE’s created from a Bash shellcode vulnerability family)

 

First review any Linux or Unix system that has cgi-bin in the URL ( you can search for this in Google – just like the hackers)     search for  “filetype:sh inurl:cgi-bin site:yoursite.com ”  or just remove filetype:sh.

Find any system with cgi-bin even Microsoft Windows and OS X systems.

In these systems with cgi-bin technologies short-term review patching options

Long-term think about changing to another technology, as this issue will not leave us, it is a complex issue and will be with the IT world for a while.  Minimally change any bash calls to another scripting language. be careful that PHP or other techniques do not call bash in an indirect manner.

This problem will vex the IT security field for a while, and the sooner we mitigate this issue and go back to a less dire state the better.  test, patch and implement. Re-test to ensure no vulnerability is still there.

 

Contact us for help on your remediation strategies.

 

Bash Shellcode Vulnerability

Contact us to review if you are vulnerable to  the current Bash code issue Common Vulnerability and Exposure’s CVE-2014-6271 and CVE-2014-7169

I have posted on my blog (oversitesentry.com) where I review the test and some of the fixes.

 

Each company has to review their vulnerability and remediation plans for their Internet facing computer systems.

Contact us to discuss this 314-504-3974 – tonyz”@”fixvirus.com

 

What changed in the new PCI DSS compliance standards(Nov 2013) v3.0?

Here is the 11.3 Section PCI Data Security Standard v3.0  requirements:

  • 11.3 Implement a methodology for penetration testing that includes the following:
    Is based on industry-accepted penetration testing approaches (for example, NIST SP800-115)
    Includes coverage for the entire CDE perimeter and critical systems
    Includes testing from both inside and outside the network
    Includes testing to validate any segmentation and scope-reduction controls
    Defines application-layer penetration tests to include, at a minimum, the vulnerabilities listed in Requirement 6.5
    Defines network-layer penetration tests to include components that support network functions as well as operating systems
    Includes review and consideration of threats and vulnerabilities experienced in the last 12 months
    Specifies retention of penetration testing results and remediation activities results. Note: This update to Requirement 11.3 is a best practice until June 30, 2015, after which it becomes a requirement. PCI DSS v2.0 requirements for penetration testing must be followed until v3.0 is in place.

 

Penetration testing??  yes we do that:  Our Sigma test and Report

And Testing Procedures include the following in the report.

  • 11.3 Examine penetration-testing methodology and interview responsible personnel to verify a methodology is implemented that includes the following:
    Is based on industry-accepted penetration testing approaches (for example, NIST SP800-115)
    Includes coverage for the entire CDE perimeter and critical systems
    Testing from both inside and outside the network
    Includes testing to validate any segmentation and scope-reduction controls
    Defines application-layer penetration tests to include, at a minimum, the vulnerabilities listed in Requirement 6.5
    Defines network-layer penetration tests to include components that support network functions as well as operating systems
    Includes review and consideration of threats and vulnerabilities experienced in the last 12 months
    Specifies retention of penetration testing results and remediation activities results.

 

 

Independent review of your IT Security

What is the reason one hires an independent CPA to check your financial books?

fixvirus-logo-small

Unfortunately even where employees are trustworthy and capable, it makes sense to periodically review their work.

Even the PCI Security Standards Council has the following as “Testing Procedures”

6.1.b Interview responsible personnel and observe processes to verify that:
 New security vulnerabilities are identified.
 A risk ranking is assigned to vulnerabilities that includes identification of all “high” risk and “critical” vulnerabilities.
 Processes to identify new security vulnerabilities include using reputable outside sources for security vulnerability information.

Are you really performing this function with internal personnel? Can you ensure that it is done with accuracy and efficiency over the long term?

For an independent review to occur by definition it must be “Independent”

That is why we have developed a basic Alpha Security scan  to give information to the IT department and management so they can run more efficiently and with higher security.