Lesson Learned: Never Ask Strangers About #DefCon - #Lulz Edition

I think part of it is definitely a generations thing. There are plenty of younger people who would still sound as clueless as some of the people you talked to but as these people who are growing up with the internet and especially all the hacktivism in the news, eventually the perception will change.

A perfect example, I just saw a story today about a 10yr who was at Defcon, who found iOS and Android security bug. Gizmodo story

There will always be misconceptions and uneducated assumptions by people who have no interest in learning the reality. I think eventually that will change with the generations growing up with more technology. A personal example, I first got access to the internet when I was 17 and I learned how to do a lot of basics with using code via IRC without any realization the application of learning it beyond inserting sounds, going invisible, and bunch of other misc things into IRC chat. So of course when i stopped using IRC I didn't retain that information after not using a computer for months upon entering the military and had no idea that I was already building a foundation for my eventual career in IT.

Most of us who work in IT know how the perception is with family and friends who assume you have the magic pixie dust to fix all their computer problems and how, provided they can retain it, showing them some of the basics demystify using the computer and/or internet.

The biggest obstacle has been and will always be breaking that perception to people who have zero interest in anything computer/IT based. Eventually they will be the minority and it won't be as big of a deal as it still is.

Read More

Christian Drug Treatment Program

A Christian drug treatment program provides spiritual reflection with faith-based rehabilitation by using Biblical principles in helping the patient overcome drug and alcohol addition. These programs use scriptural teachings to center in on healing, where healing of the mind, body, and spirit is the concept. Family counseling is also provided through these programs because the effects of a chemical addiction rebound upon the entire family unit when one family member is suffering. Scripture teaching through a Christian drug treatment center can work to bring hope and healing for a bad situation.

Some counselors offer professional skills that have helped others overcome addictive powers. With proven and tried methods that have brought relief to others suffering from addictions, participating in a Christian drug treatment program is a good decision. A Christian drug treatment center provides education in chemical dependency and takes the patient through a step-by-step program that will bring empowerment. Group activities can enhance faith-based teachings, while the patient learns of the experiences of others within the group.

These treatment centers are often located in peaceful surroundings. With the belief that a peaceful environment will help in bringing peacefulness to a troubled situation, the Christian drug treatment center will focus on the element of nature to help bring an end to chaos through chemical addiction. At the same time, the Christian drug treatment program counselors and ministers can provide teachings from Genesis on the creation of the world and nature to develop a patients faith in God, as Creator of the universe and Savior of the world.

Organizations that practice healing of addictions through God will combine the teachings from faith-based scripture, relying on the power of the Holy Spirit and prayer to minister to each patient. Each patient goes through a step-by-step process, showing positive results before proceeding through to the next step. With individualized attention, each patient is given the attention necessary to successfully complete the Christian drug treatment program. The involvement of the family unit in the Christian drug treatment center provides further encouragement to the patient to put forth necessary effort to bring about liberation from chemical addiction. Through Christ-centered therapy, one will be reminded of, "How God anointed Jesus of Nazareth with the Holy Ghost and with power: who went about doing good, and healing all that were oppressed of the devil; for God was with him." (Acts 10:38). Faith in God and trust in His healing power are very powerful and should not be forgotten by those who have been healed from addictions, diseases, and other problems.

Read More

Fetal Alcohol Syndrome Treatment

Fetal alcohol syndrome treatment is needed for a child whose mother has ingested alcohol during the pregnancy. FAS is the leading known preventable cause of mental and physical birth defects in the United States and one in every 750 children is born with enough symptoms to be characterized as having FAS while another forty thousand are typed with fetal alcohol effects. Children who need fetal alcohol syndrome treatment show a number characteristics, some physical and some mental in nature. Sadly, many children who will grow into adults are condemned to bear the price of their mother's poor judgment for their entire lives. FAS is often spotted early after birth because of certain physical abnormalities such as a low birth weight, small head circumference, the inability to gain weight, smaller eye openings, flattened cheekbones and an indistinct philtrum (the groove between nose and upper lip). It should be mentioned that normal children may have one or more of these physical characteristics also so a trained medical professional needs to make the final determination if fetal alcohol syndrome treatment is required.

The mental detriments brought on by FAS are the real tragedy of the mother's poor choices made during pregnancy. Children with FAS will be saddled with many emotional and mental burdens throughout their entire lives including epilepsy, poor coordination, a lack of socialization skills, learning difficulties and behavioral issues. Now while not every FAS child will have every mental struggle mentioned here, there is a clear body of evidence that denotes a lifetime of problems for children with FAS. The term "fetal alcohol syndrome treatment" is a misnomer in some ways, because there hasn't been anything that could really be done for a child in pre birth developmental stages who has ingested alcohol from the mother. However, recent studies from Duke University may be on the verge of a break through treatment for unborn children in the years to come. It appears from preliminary studies with laboratory fish that cholesterol supplements given to these fish embryos appeared to restore normal development in the embryo. But these preliminary studies mean that there will be many years before actual help may be on the way for moms who have chosen to ignore the welfare of their unborn children.

If a child has been born and diagnosed early with some of the characteristics of FAS, then the quicker the child can begin to receive special education and the needed fetal alcohol syndrome treatment from social services, helping the child to be better off later. Remember that the FAS child will have an IQ between 70 and 80, and that alone denotes a lifetime of being on the service side of employment with low wages and often an accompanying low self esteem. Helping to instill in these children early a sense of worth and value through accomplishment is important in combating the many hurdles they will face as they grow into mature adults. Children with FAS will struggle with academics because of attention deficit, poor organizational abilities, memory issues, poor math skills, speech delays, an inability to understand cause and effect and with abstract concepts. Their behavior in school will probably be inappropriate a great deal of the time because of the failure to understand social consequences. One of the outstanding qualities of children needing fetal alcohol syndrome treatment is their boundless enthusiasm and outgoing personalities, yet there are times when they are seen as intrusive, overly talkative and extremely hungry for attention.

Never would a mother ever wish on her children what many FAS children must face as they grow up and mature. Yet just a few drinks during the pregnancy, especially at the wrong time of development will cause an FAS sufferer to probably plateau academically in high school. So many of these students drop out of high school after the ninth or tenth grade and many will never be able to hold a regular job. Fetal alcohol syndrome treatment for these students will be special education classes where basic life skills are taught. These skills will include money management, interpersonal skills and learning safety issues. Vocational school is often a great place for these students to be placed with the hope that some vocational spark might be ignited that will carry them into adulthood.

Child care experts who speak on authority remind parents that the extra care that an FAS child needs is far beyond that of a normal and fully healthy child. Part of the FAS treatment for the parents will come in the form of support groups to encourage love, understanding, energy and a whole lot of extra patience. The power of parents getting together who all face the same challenges cannot be understated. Additionally, there are a number of fetal alcohol syndrome treatment resources from social service agencies which can help families who often must find help for their child apart from the norm. Mom, if you are carrying a heavy burden of guilt over those poor choices made when you were pregnant, it's time to move on because it's over and done. "Whatsoever things are true, whatsoever things are honest, whatsoever things are just, whatsoever things are pure, whatsoever things are pure, whatsoever things are lovely, whatsoever things are of good report, if there be any virtue and if there be any praise, think on these things." (Philippians 4:8) There is forgiveness, grace and all the strength you need in God's love to give your child the care he or she needs.

Read More

P0wn-to-Own: Using Out of Office Messages & Social Media

If you think the recent attacks on companies like RSA & HBGary are one-in-a-million attacks that can't affect your organization, think again.

Today's pen-testing activities against a client revealed that companies still have a lot to learn about what information they freely provide to the public via out of office e-mail messages, voice mailbox messages, and popular social media sites.

Your Mission: Send a Message to the CIO From One of Our Work E-mail Addresses

My client was very paranoid about the recent attacks highlighted in the news, and wanted me to try similar attacks on his company. As a CSO, he has spent countless hours and dollars providing security awareness training to his thousands of employees. My mission (which dictated my potential compensation bonus) was to gain access to an employee's work mailbox and send his boss (the CIO) an e-mail message.

Challenge Accepted

I really expected this engagement to take a few days. It took a few hours.

I immediately did some research via Google and located nearly the entire management team's full names, phone numbers and e-mail addresses. This was easily found from social media sites like LinkedIn, press releases, interviews, etc. Once I accumulated this list, I called every number from a throwaway phone number. It took four phone calls to locate a voicemail box of a male senior member of management that was away on vacation for the next week, and was kind enough to give me their assistant's full name and number to contact in the event of an emergency. In the next 30 minutes, I located another few members of management that were on FMLA, on PTO, or out of the country on company business.

More Recon

Once I had an inventory of potential people profiles to abuse, I quickly located their webmail portal. Sadly, it was easily found at https://webmail.companyname.com. To make matters worse, at the very bottom of the landing page was the phone number to the 24/7 help desk!

The Ruse

I listened to my first victim's voicemail several times until I was confident that I could do a marginally acceptable impression. I then researched the victim on http://www.pipl.com, http://www.linkedin.com (using a bogus profile with 500+ connections), and a few google searches. Using my accumulation of knowledge on my victim, I called the 24/7 help desk. This is a summary of how the conversation went:

HD: "Help desk, how can I help you?"

ME: "Hi, this is John Victim. I can't remember my e-mail password and I'm afraid I'm going to lock myself out again. I'm on vacation and need to be on some conference calls and I can't reach Janet Assistant. Can you help me please?"

HD: "I'd be happy to help you John. For verification purposes, I need you to answer your security question. Your question is 'What year did I graduate grad school?'"

At this point, I quickly scanned John's linkedin profile and found the answer to be 1989.

HD: "Thank you. I am going to give you a temporary password. Once you login to mail, you'll need to select a new password. Your temporary password is 'AQ597KLB'. Can I help you with anything else?"

ME: "No, thank you. I'll send a note to Bill HelpDeskManager letting him know how helpful you were."

(I took a risk here, but noted (according to LinkedIn and the company's management team profile page) that the help desk manager for the company had been employed by Client for almost 7 years.)

HD: "Thank you! Have a great evening."

Mission Accomplished

I logged in to John Victim's email account, and fired off an e-mail to the CIO and cc'd the CSO.

"Hi, This isn't John. This is Chief, and I believe you owe me a bonus... and a coffee."

What Went Wrong?

1) Security awareness training should extend to enforcing a corporate policy on voicemail box and e-mail out-of-office messages. The training should ensure that:

No specific information is given in the message. The voicemail message should say something like "I am unable to take your call, if you need immediate assistance dial x1234". E-mail out-of-office messages should say something similar.Do not indicate your title in the organization, or provide another name and title for assistance.

2) Social Media profiles should be properly secured to ensure that only those that have a need-to-know can see important data points about the employee. Furthermore, employees should resist the urge to provide specific data at all that could assist in a social engineering attack.

3) Identity verification at the help desk level should require multiple levels of verification, ideally at least one question that the employee does not select, and one that the employee creates themselves. Training should be provided to ensure that this data is not easily found on social media sites.

4) Self-service portals that utilize multi-factor authentication (such as a token) are a great way to stop these types of attacks in their tracks.

5) Help desk numbers should not be provided on a public-facing portal!

6) Try to keep employee portals relatively hidden when possible.

Now would be a great time to perform a risk assessment on your organization. Do you have this type of situation covered? What are your obstacles to shoring up your defenses against this type of attack?

If you'll excuse me, someone owes me a coffee...

Chief

DID YOU KNOW?

You can read all of SecurityMonkey's case files!
Find them here.

You can also read all of SecurityMonkey's
'Banana Cupboard' stories here.

You may not get a lot done for a few hours... or even days.

The reviews are in...

"Completely addictive... suspenseful and informative at the same time!"
"A mix of classic detective scripting, timing, and technology..."
"Cleverly injected humor makes these case files easy to read and hard to put down!"

Read More

CWE/SANS Top 25 Most Dangerous Software Errors Released

Between Java, .NET, and Ruby on Rails and probably a host of other frameworks that all have SQL injection proof database access as the preferred method, it's hard to imagine why SQL injection is still the highest form of breach.

Read More

Heroin Addiction Treatment

Because of the nature of the drug, heroin addiction treatment is necessary for the addict who wants to recover. It is a highly addictive drug, and many are gripped in its tight grip and cannot escape on their own. Tragically, many of these addicts have gone from injecting the drug to snorting or smoking it because that way they can get the advantage of increased purity. Some of these people believe that using the substance in these forms will not lead to becoming an addict, but they are seriously misinformed. The substance is processed from morphine, which comes from the seed pod of the Asian poppy plant. When it is processed, it looks like a white or brown powder. Other names for this substance are "smack," "H," "skag," "junk," or "Mexican black tar." Fortunately, there are many places that provide heroin addiction rehab for those who have gotten tangled up in the addictive web of "smack."

One reason why heroin addiction treatment is so essential is that the drug is associated with dangerous health conditions. Many people who use end up getting a fatal overdose. Also associated with the use of this substance are spontaneous abortion, collapsed veins, and infectious diseases. Some of the more common diseases associated with "smack" are HIV and AIDs and hepatitis. These diseases often spread through multiple use of needles or contaminated drug paraphernalia. When a person injects a dose, the effects disappear after a few hours. Therefore, the "high" that the user wants doesn't last very long. This "high" feels like a sense of euphoria with a feeling of warm, flushing skin, dry mouth, and the sense that the arms and legs are very heavy. When the euphoria disappears, the user feels first wakeful and then drowsy. Thinking is clouded because the central nervous system is not functions properly. When a user continues to inject for a long time, other side effects begin to appear. Veins may collapse. This makes it difficult for emergency room personnel to administer life-saving treatments if a user comes into the hospital. An infection may attack the heart lining or the heart valves. Abscesses, cellulitis, and liver disease may also occur. The lung may also suffer by contracting pneumonia and a loss of good respiration. Some of these long-term effects may be helped by heroin addiction rehab, but if the organs are damaged and cannot repair themselves, the long-term effect may be serious.

Another serious problem for drug injectors is that the substances pickede up on the street may not be pure. The users do not know who or how the material has been processed, and sometimes impurities are present in the powder. This can lead to clogging of blood vessels of the lungs, liver, kidneys, or brain. Patches of cells in these vital organs may die as a result. In this case, heroin addiction treatment cannot reverse the problem. In fact, this drug is the cause of the second most common deaths in our country. The deaths attributed to this substance are on the rise. Unfortunately, the more of the substance that users ingest, the more tolerance they build to the medication, and so the more they must use to get the same high. As more is used, the addict becomes even more addicted, and the physical dependence becomes even tighter. And if the user stops giving himself drugs, the withdrawal symptoms can become very severe. That's why an addict must turn himself into a heroin addiction rehab to be able to resume a normal way of life and save himself from sure death. Withdrawal is a real physical effect. After a few hours after the last injection, the person feels cravings, restlessness, muscle and bone pain, sleeplessness, diarrhea, vomiting, cold flashes, and kicking movements. This lasts between 48 and 72 hours and continues in a lesser effect for about a week. If a person is in poor health, sudden withdrawal can be fatal because the physical effects on the body are so severe.

Most addictive substances affect the mind. That's how they lure people in and why the habit is so hard to break. These medications are basically pain killers that allow people to forget their problems and their worries. But they also change the way a person thinks. People aren't as aware of their surroundings when they are under the influence. This may continue long after the physical effects of the injections have worn off. Heroin addiction treatment has to deal with both the physical effects of the use and the mental effects. A user finds a certain reward in being high, and this focus must be changed to help the user find rewards in more appropriate activities. A good heroin addiction rehab will help the drug user to change lifestyle attitudes and activities that encourage drug use. Otherwise, the affected person will go right back into old habits and go right back to the addictive behavior.

An addict finds that his mental processes are completely opposite of what it once was. He no longer abhors illegal activities, but uses them to acquire more of the substances that he craves. The apostle Paul tells us in Philippians 4:8, "Finally, brethren, whatsoever things are true, whatsoever things are honest, whatsoever things are just, whatsoever things are pure, whatsoever things are lovely, whatsoever things are of good report; if there be any virtue, and if there be any praise, think on these things." This is the goal for heroin addiction rehab, to change the thinking and become pure once again. Good heroin addiction treatment will not only address the problems with the body, but also with the mind.

Read More

Christian Grief Counseling

Christian grief counseling includes the idea that a loved one is in Heaven and strategies for conducting life on earth without that person. Depending on the faith of the deceased person and the way in which they passed certain techniques for life management may be necessary for the continuation of a productive life. Bereavement counseling may offer the same types of counsel even if belief in Heaven is absent. Christian counselors may offer counseling to non-Christians in order to share faith with otherwise faithless people. Death is probably the most questionable and debatable issue facing Christians and non-Christians alike. Taking the opportunity to answer questions for a non-believer may lead to faith further on down the road for survivors, however this route should not be aggressively pursued due to the sensitive nature and vulnerability of the situation.

Support can come from many different types of people. Basically counseling can come from anyone who is willing to listen, however specific questions about faith, the afterlife, and end times may be better handled by an educated pastor. This person will have education in biblical studies at least to the Masters level. Education at this level enables a grieving person to receive bereavement counseling from a person with deep compassion for humans as well as provide education concerning what the Bible says about faith, death, and the afterlife. Understanding where a specific person goes after death on Earth is difficult to determine even in the seemingly most faithful people. Deep conversation and trust established while they were on Earth may strengthen a persons confidence in where the deceased party is spending eternity. Other issues that may arise are how the survivors will conduct their lives in order to reach the same destination. Sometimes the death of a loved one opens the doors for Christian grief counseling to change life drastically for survivors. Carefully research the background of anyone offering support or advice. This research includes the persons background of beliefs, ethics, and professionalism. Even though a counselor has been practicing for 30 years, their personality and lifestyle may not match the person needing Christian grief counseling.

The understanding of the grieving process is crucial in tracking progress and noting changes that may need to take place. In some cases the glue that held the family together is the person who has passed. This creates a difficult situation for the survivors. Family support with concentration on how to function as a unit may be more serious than the actual coping initially. Survival most certainly overrides emotional feelings if destruction amongst survivors occurs. Reflection on how the deceased affected daily life may aid in determining a plan for successful living. Understanding the roles and responsibilities this person had will additionally aid in determining the roles that need to be filled. In addition to more successful survival, the family, co-workers, or neighbors may develop a better appreciation of the contribution this person made on everyones lives. Christian grief counseling may not directly help with the problem of survival, but will additionally create confidence in the survivors through self-concept and organizing memories.

Pastoral counselors are the only type of religious counselor that is not affiliated with a specific church. This means church membership, tithing, and a specific set of beliefs are not necessary in order to receive these services. Other types of religious counsel are usually found within a church and require membership in order to make use of. This is difficult for people that are not sure which denomination they are suited for or even if they believe in God at all. Most people increase spiritual curiosities when someone in their life has died. Some pastors offer up free days at a church for counsel in order to serve the community and increase church membership. Though membership is not an obligation, the pastor hopes this will be the outcome. Finding a pastor with sincere motive toward helping people receive quality bereavement counseling is the most honorable effort. Some churches may even offer classes or regular support groups that the public can attend. In most cases these classes are reserved for members and occur on Sunday mornings, but if the need were really there then the company would be warmly welcomed.

Dealing with the loss of a loved on is a delicate place to be in life and can certainly be very lonely as well as scary. Certain changes may be required past the help of Christian grief counseling. This may include financial assistance or budgeting, legal services, moving services, organizational efforts, and employment opportunities as well as bereavement counseling. Though this is a sad and confusing time in any persons life the idea of the new may motivate a person to be their best. With the plethora of people running their own businesses nowadays a person can find someone to do almost anything they need. These contractors should be carefully examined and interviewed due to the sad ethical state of our world, but most are honest hardworking people needing to make some extra money. Some of these people will likewise offer Christian characteristics and create an environment of warmth, security, and trust no matter whether they are moving furniture or delivering a pizza. The point is that asking for help does not necessarily put a grieving person in a vulnerable position but rather open sincere hearts and efforts to show Gods love. In uncertain times it is important to hold tight people that are sincerely interested in the well-being of those that they serve.

Read More