Monthly Archives: August 2015

More Internet Scumbags to Report On

I just got an email forwarded to me from another employee within my company (she doesn’t work in IT). This is a scam that’s been around a long time…first via regular snail mail, and now via email. The problem, though, is it still works and it’s very easy to do. Just send a bunch of letters and emails to as many people as possible, stating that their domain names are expiring, and just send a check (or visit a website) to renew. Take a look at this…

Email example notifying me of domain expiration for "search engine submissions"

Email example notifying me of domain expiration for “search engine submissions”

Yes, the wording is simplistic, but it does look nice, and the cost is rather insignificant compared to all the other day-to-day invoices that crosses a employees desk. And you know what? A lot of people just pay this, without even thinking about it.

As for the link to make the payment, it points to the domain:  confirmation5408.com

WHOIS results

WHOIS results

A simple whois shows that this is located in China, and the domain was just registered in early July. (Yeah, I know…I’m so shocked that this is located in China!!)

So…what to do? Ignore these letters and emails, and make sure that your employees forward any IT related invoices to you for approval. Lots of companies fall prey to this, but with your diligence your company won’t be one of them.

Saturday Snapshot – Biscuits and Gravy (YUM)

I was born and raised in Georgia, and there is nothing better than biscuits and sausage gravy for breakfast. YUM! So recently, I noticed this in a local store…

Lays Southern Biscuits & Gravy  --  in a bag??

Lays Southern Biscuits & Gravy – in a bag??

Can it really be?? Did Lays figure out how to miniaturize my favorite breakfast into chips, and put it all in a very portable bag?

Of course I had to buy it and give it a try. End result?? Disappointing. But it was a good try…

Cisco Security Alert – ROMMON Firmware Hack

Cisco Security Alert

Cisco Security Alert

Well, it looks like the hackers are at it again. (BTW…I use the term “hackers” as my preferred term “slimy dog-poop scum” is too wordy…but either one works just as well.) Cisco just released a security alert concerning a hack which replaces the ROMMON firmware (the boot firmware) with malicious ROMMON code. This code does work, in terms of booting the router/switch properly, but it also contains malicious code. Fortunately, you do need either privileged access or physical access to the device. Note the credibility level…”Confirmed”.

Check out Cisco’s security alert here.

Using Whois to Find Domain Ownership

Over the last several days, there has been a bit of a media skirmish concerning a report from the Global Energy Balance Network, a non-profit science group dedicated to preventative education to reduce obesity. A recent report of theirs stated that lack of exercise is primarily responsible for the dramatic upswing in the obesity rate here in the US, and not necessarily what we eat (such as sugary drinks). All well and good, and I would tend to agree with them…we have become a nation that sits on it’s butt.

However, news then surfaced that the report was funded in part by Coca-Cola Company. Hmmmm…that could tend to tarnish the report a bit. I heard that the domain name for Global Energy Balance Network (gebn.org) was registered to Coca-Cola. So last night (Tuesday 8/11), before I went to bed, I did a “whois” lookup on my Linux system, and sure enough…the domain was registered to Coca-Cola. Very interesting.

So, at work today (Wednesday 8/12) I ran another whois so i could screen capture it and put it in my blog as an example. Well guess what…the registration had changed. I was surprised. Here is what I found today…

Current WHOIS for GEBN.ORG

Current WHOIS for GEBN.ORG

As you can see, registration was updated this morning around 14:52 UTC (around 10:52 AM EDT). So, why the University of South Carolina? I’m guessing there is a relationship between the non-profit and the University…which is fairly common these days. Also, if you go to the website and check out the “About” page, there is a disclaimer stating that part of their funding is from the Coca-Cola Company…so they are not trying to hide anything.

Now, I’m just pointing this out as an example of domain name registration and some of the gotcha’s to be aware of…and for the use of the “whois” command, which is part of Linux.

Disclaimer:  Yep, I guess I need to fess up a bit too…being a good ol’ Georgia boy, I do love drinking my Coke and Dr. Pepper. I have a joke I tell friends that when I go to the doctor’s office and give blood, it fizzes.

Security Certifications – In High Demand

This should be obvious, but security certifications are in HIGH demand, let me tell you. Just look at all the high profile hacks over the last several years…and all of that is just the tip of the iceberg. So if you have a strong understanding of networks and protocols, and enjoy the security side of things, then I would suggest you pursue some security certifications. And start getting some experience within the security field, perhaps even where you are currently working. The security field is already going strong, and will only get stronger in the years to come. And…did I mention the pay is excellent??!!

Take a look at this ComputerWorld article on the top 8 security certs that are in demand.

The CISSP and SANS certs probably pertain most to the network side of things. (Disclaimer: I attend SANS conferences on a some-what regular basis, and I hold a SANS GSEC certification.)

Summary:  Security is vitally important in the network field, so do your career a favor and learn it!

The Sony Hack – With Plenty of Drama

I just finished reading a lengthy and interesting story surrounding the hacking of Sony’s network and related services. Yes, the hackers were nasty, and yes, Sony did not have the needed security measures in place. But what really hit me in reading this story was all the drama surrounding the events leading up to and after the hack. My goodness…I thought I was back in junior high school. It was both funny and sad…all at the same time.

Anyway, I would encourage you to read the whole story. In the midst of all the fluff and drama, you will find tidbits of good security information…things you should check and verify at your work. Remember…we might not be Sony (and all that that entails), but at the same time we don’t want to make the evening news…even if it’s just the local stations.

The story is in 3 long parts…it will take time to read, so I would suggest grabbing a good beverage of choice (for me, Dr. Pepper!!), and enjoy…

Fortune:  Sony Hack Part 1
Fortune:  Sony Hack Part 2
Fortune:  Sony Hack Part 3