Posts

Showing posts from 2015

2015 Q3/Q4 Update

Image
This is another summary update as I've been very busy these past six months due largely to moving house.
It's important to me that I acknowledge the devastating floods that are currently happening at home. Christmas here has been ruined by unprecedented amounts of rain which have led to the worst floods anyone has ever seen. Nearly every place I've ever worked or lived in has been under water and with the clean-up under way, the rain has just returned. 
The response has been incredible, and my thanks go out to the emergency services and everyone that's involved in putting things right. It's in times like these you realise the true value of social media and the real-world difference it can make in people's lives. From alerts and warnings to the clean up and support efforts, it's all being coordinated via Twitter and Facebook. 

Maltangent (formerly 'macrosploit'), the targeted phishing platform I've been working on with @leighhall, is two thirds th…

Splunk on honeypots

Image
I last wrote about honeypots back in October last year when I published the results of a WordPress honeypot that I'd been running for almost 100 days. That was my first and since then I've always had a handful on the go. I don't usually use any sort of honeypot distro, rather I prefer to 'bake my own' or in some cases re-purpose or replace some and services within a network to make a sort of patchwork, distributed honeypot.

One practice which seems to have become almost a habit now is to install Splunk somewhere and use that to correlate (in the loosest sense of the term) the events observed. In the absence of a SIEM (an lets face it, a lot of companies just aren't there yet) it's a great way to convert those logs into intelligence and provide reporting as well as providing a user friendly interface for analysts and consumers to explore the data with.




Possibly the only *good* example of identity theft

Image
This isn't a security post per se... in fact, it isn't even close. I'm sharing this purely because it still makes me laugh a year after it started. I could labor to make some point about facial recognition or authentication factors but ultimately this is what happens when two security guys prank each other and one of them beats the other hands down.
At some point in the not so distant past, I started a *game* with my good friend Andy where we would set our Facebook profile pictures to one of each other and rename our accounts to match. As you can imagine, this got confusing for everyone who knew us both and hilarity prevailed. After a while I started to 'shop the profile pics to look more like me (above). It was fun for a while, but in the end Andy called time on it and I thought I had won. 

Time passed, and about a year ago to this day, I sat down for dinner with him and around twenty friends after an afternoon touring the bars of Leeds for my birthday. At some point…

2015 Q1/Q2 Update

Image
Time flies when you're having fun, or so the old adage goes. It also flies when you're busy which I certainly have been since Christmas. I'm taking the opportunity to write this summary update as I head out to an industry summit (ILTA LegalSec) being hosted in Baltimore.
So what's been keeping me so busy?
Primarily, I've been busy since starting a new job. In December I joined the security function at DLA Piper supporting the Global business in both a technical and compliance capacity.  With any new job comes new challenges and the world's largest law firm certainly comes with its fair share. Anyone whose known me for any length of time can vouch for my appetite for a challenge and the legal industry seems to have a lot to offer. The role is a good fit for me and it seems like I've joined the firm at just the right time. In addition to a raft of technical and operational projects I'm getting the opportunity to adorn my compliance hat again and contribut…

My 3 Big Predictions for Security in 2015

Image
2014 was an interesting year to be working in security. The bad guys showed us that they were still capable of capturing the headlines and that even technocentric companies, presumably with ranks full of security savvy employees and managers weren't safe (if they can't stay secure, who can?). Their links to organised (and more traditional) crime were highlighted through a series of enormous breaches, typically designed to steal credit cards and PII. These attacks found success with huge retailers and restaurant chains, and even banks. We became aware of 'regin', a form of advanced and presumably state sponsored malware which could exist within the registry of an infected host, sort of like a 'cyber ghost'. It may have been been doing the rounds (undetected) for almost a decade according to one vendor. The internet continued to move into the home and closer to the heart through the rise of home automation and a general increase in the number of 'smart' …