NSA Archives - The Silicon Underground

Home » NSA

What to do about Petya ransomware if you already deployed MS17-010

Dave Farquhar Uncategorized June 27, 2017Air Force, Bo Jackson, breach, microsoft, NSA, Office Space 0 Comment

Got MS17-010 deployed? Good, that means you’re immune to the Petya ransomware. I still want you to do something.

Best wireless security mode

Dave Farquhar security January 3, 2017February 9, 2018AES, decent password, encryption, Megabit, NSA, Password, passwords, router, routers, WEP, wifi, wireless, Wireless security, WPA, wpa2, WPS, WRT

What is the best wireless security mode? There are only four choices, and only one worth using, WPA2. But there are some other settings you have to use in order to make WPA2 secure.

How a dictionary attack works

Dave Farquhar security September 19, 2016July 15, 2018cissp, cissp exam, encryption, NSA, Password, passwords, XKCD

A dictionary attack is a common way to steal a password. Here’s how a dictionary attack works, in layperson’s terms. More importantly, here’s how to beat the attack.

A dictionary attack is a much more efficient alternative to brute force hacking, but it requires a local copy of the user database to work. That usually means stealing the database first, if a bad guy is doing it. But nothing stops a company from doing a dictionary attack on its own user accounts to make sure people aren’t using insecure passwords. It’s unusual, but not unheard of.

High side vs low side

Dave Farquhar security January 14, 2016August 2, 2017contracting, contractor, gmail, leaks, malware, NSA, podcast, RFP, Top Secret

The other day I heard a reference to the “high side vs low side” of a computer system in a podcast, and the speaker didn’t stop to clarify. Worse yet is when you hear “on the low side” or “on the high side.” I came from the private sector into government contracting myself. I wasn’t born knowing this jargon either, so I’ll explain it.

What the NSA can crack, and how to protect against it

Dave Farquhar security October 20, 2015November 27, 2018AES, Cryptography, hard drives, leaks, NSA, RSA, Russia, SSL, TLS

Ever since the Snowden leaks, there’s been considerable speculation about what cryptography the NSA could break, and why. Finally, there’s a study that goes into deep detail about what it is the NSA probably can break, and why, plus how to protect against it.

New password advice from GCHQ

Dave Farquhar security September 17, 2015April 24, 2017breach, Cryptography, databases, life expectancy, NSA, Password, password database, passwords, sysadmin

The GCHQ is the British equivalent of the NSA. They recently published a new document containing the GCHQ’s new password advice in light of the things we’ve learned in the last few years. It’s worthwhile reading, whether you’re a sysadmin or a web developer or just an end user who wants to stay secure online.

Some of the advice may be surprising.

The workstation events you want to be logging in Splunk

Dave Farquhar security September 15, 2015September 15, 2016acrobat, Acrobat Reader, breach, CEO, chrome, excel, firefox, good security, internet explorer, java, NSA, SEIM, server, splunk

Every once in a while the NSA or another government agency releases a whitepaper with a lot of really good security advice. This paper on spotting adversaries with Windows event logs is a fantastic example. It’s vendor-neutral, just talking about Windows logs and how to set up event forwarding, so you can use the advice with any log aggregation system or SEIM. I just happen to use and recommend Splunk. But whatever you use, these are the workstation events you want to be logging.

I want to call your attention to a couple of items in the paper. Most breaches begin on workstations, and this paper has the cure.

Application whitelisting on Windows, even home editions

Dave Farquhar security August 5, 2015November 29, 2015antivirus, antivirus software, Australia, java, malware, microsoft, Microsoft Office, NSA, PDF, spyware, tweak, web browsers, Whitelist

One of the very best things security measures you can take is application whitelisting–limiting the apps that are allowed to run on your computer.

The Australian Signals Directorate–the Australian counterpart to the NSA–says doing four things cuts security incidents by a whopping 85 percent. You probably do three of the things. The fourth is application whitelisting.

use application whitelisting to help prevent malicious software and unapproved programs from running
patch applications such as Java, PDF viewers, Flash, web browsers and Microsoft Office
patch operating system vulnerabilities
restrict administrative privileges to operating systems and applications based on user duties.

SSDs, factory resets, and why you probably need encryption

Dave Farquhar Hardware, security May 25, 2015May 24, 2015AES, encryption, flash memory, NSA, ssd

After the story came out about factory resets not adequately clearing flash memory in phones and tablets, one of my college buddies asked me if a similar problem exists in SSDs.

Depending on the SSD, it definitely can.

Don’t e-mail yourself a list of all your passwords and bank account numbers to yourself from work

Dave Farquhar security, War Stories March 13, 2015April 16, 2017car payment, Credit card, DLP, excel, google, information security, mortgage, mortgage payment, NSA, Password, Password Safe, passwords, server, yahoo

So my buddy, we’ll call him Bob, runs Data Loss Prevention (DLP) for a big company. DLP is software that limits what you can do with sensitive information, in order to block it from going out of the company. The NSA wasn’t using DLP back when Ed Snowden was working for them; they probably are now.

Sometimes DLP blocks people from sending their own personal information. Doing so is their right–it’s their information–but from a security point of view, I’m really glad DLP kept them from e-mailing their entire life around in plaintext.

← Previous