Archive for February, 2011
Romantic Scams

I have to speak out loud now because its eating me inside what I thought was a true relationship which continued for several months until mid beginning of December which questioned myself about the relationship I met someone on the British online dating site called meetic, I was going to close my account when I saw this gorgeous guy on site just the type I was looking for, I sent a wink and he winked back, then We started chating, he gave me his email address so We can communicate more as far as I knew this guy Kyle Maclaren this was his name was born in Aberdeen just up north of England he was just what I was looking for anyway, I asked what he did for a living he said he dealt with gems, I asked what do you mean ? he said precious gems oh I see, he said he had his eight daughter over weekends as he was divorced and they go to church and they were cooking dinner, he said he was trying to get full custody, anyway a few weeks along he says he is going to Ghana on business and will contact me when he got there, when I hear from him again he says his laptop has been stolen at the airport and ask me if I could send him a top of a range laptop, I thought Ive only just got to know this guy and he is asking me for a laptop I told him I couldn’t do it his English typing was terrible for a businessman I hadn’t fallen yet, anyway he asked me a favor again banks where so so we the bank he needed favor he needed 1000 pounds so silly me goes send him the money I said I would send it to his personal bank account he insisted western union under the name of Stephen before, when he asked me again because he had to go to the states to get a loan as he had brought into the gold mining business and sent me a two different types of certificate a sworn affidavit approving the sale of some land forestry, week later he asking me for more monies this time he equipment he has sent over from Houston, Texas which he had gone with a close friend helped him to get this loan, then I questioned my self if he got a loan for this equipment surely he has enough to cover any expenses, his excuse was the mining equipment was held at customs in Ghana a shipment from the states another from china, could I help him out I declined as he was already owing me 2000 pounds and I wasn’t going to put myself in any further date he pleaded with me and said he would pay me back with interest I declined and told him I couldn’t do it, he said he wouldn’t let money get between our relationship and he would sort it out himself, when I spoke to him he was always in a business meeting he was always going to church, or he was always driving, months went by and our conversations grew less he was too busy, he then asked me for two mobile phones again top of the range,one for him another for the security guard looking after his equipment, I go along with it once again, I last spoke to him on Dec 4th 2010, that was the last time he was selling his business up I asked for the monies back once he sold his business, I never heard from him, I rang his mob number and some stranger answered it I asked for him and said what are you doing with his mobile, where is he, he declined to answer I asked him again he said he had gone to south Africa, I asked if he was coming back he was in decisive said don’t know, I rang the number he used to speak to me from the states the old woman who answered it didn’t know of Robert who was his friends number, I came to realize he was a scammer for sure this man needs to be stopped he uses Kyle Maclaren, kyle love, kyle dean
I should have heard alarm bells ringing but he had me reeled in for the catch I feel so stupid and the biggest fool alive I thought he was so genuine he deceived me real good he need to be stopped now he could be scamming some other woman this minute, please pass this on to the authorities he belongs behind bars with his accomplices.

SSL and S-HTTP: “Website Security for sending confidential information over World Wide Web”

SSL is the short term for Secure Sockets Layer. It is a protocol designed to enable applications to transmit information back and forth securely. Applications that used Secure Sockets layer protocol inherently know how to give and receive encryption keys with other applications, as well as how to encrypt and decrypt data sent between the two. While the S-HTTP is an extension protocol of HTTP to support sending data over World Wide Web. Not all Web browsers and servers support S-HTTP. SSL and S-HTTP have very different designs and goals so it is possible to use the two protocols together. Both protocols have been submitted to the Internet Engineering Task Force (IETF) for approval as a standard.

Some applications that are configured to run SSL include web browsers like FireFox, Internet Explorer, and Google Chrome, email programs like Outlook, Mozilla Thunderbird, Apple Mail app., and Secure File Protocol programs, etc. These programs are able to automatically receive SSL connections. To establish a secure SSL connection, however, your application must first have an encryption key assigned to it by a Certification Authority in the form of a Certificate. Once it has a unique key of its own, you can establish a secure connection using the SSL protocol.

These Technologies are mostly used in e-commerce and banking sites to avoid stealing information from the user. Web browsers automatically notify users when connections are insecure. Your potential E-commerce customers and online banking transactions are used to secure shopping and banking process, and will NOT send their private information unless their browser assures them it’s safe to do so! You cannot offer secure authentication to your customers without an SSL or S-HTTP Certificate. There are cheap SSL certificates out there; you can search over the internet.

Here is some information that might help you to determine whether the website you are browsing has a secure connection.

• When you are logging in at yahoo the left side of your address bar is in colour blue, try to point the mouse over the blue area and it will appear that the website was verified by DigiCert Inc.
• In google, it is also colour blue and was verified by Thawte Consulting (Pty) Ltd.
• In other websites, like website of a bank it has a lock icon on the left side of the address bar.

You can easily notice if the site you are browsing is not verified and has no certificate because it will appear an X on the upper left side of the browser. It means it is not safe to feed confidential information. So I hope this will help all of you.

Cisco Cert Beginner Part-1: where to start

Since I failed the Cisco Certified Entry Networking Technician (CCENT) (lol), I have decided to get smart on Cisco again. I have been out of it a long time doing mostly DoD Certification & Accreditation work. I used to be a network engineer with a CCNA, until I found a career that pays better with less competition. So now, I am just doing Cisco stuff for fun.

After failing the CCENT, I talk to my resident networking GURU’s (a CCNA Security, a CCNP and a CCIE). I wanted to know what was the best approach on attacking the CCNA again. They told me what they did.. set up a Cisco lab in the house was he most common answer.

The book they recommended to start with was CCNA-CCNENT ICND1. Its really not the most fun book in the world to read, but if your starting out or starting over with this stuff it should be like your networking bible. Among technical Cisco books, its a solid first start.. which is much more than I can say about any of the first start Cisco’s 5500 ASA books– there is just now such thing. You will be expected to have a solid understanding of networking, the OSI model and TCP/IP. If you have a Comptia Network+, the CCENT might be the logical next step. If you do networking pretty regularly, have been doing it for about a year and are familiar to Cisco equipment, you might be better off going straight to the Cisco Certified Network Associate (CCNA). If you’re going for the fully blown CCNA, the book to get is the CCNA ICND2. I have been warned that you need to very, very good at subneting!! The CCNA is much harder than it was when I took it in 2001. I would even say that the CCENT is harder than the CCNA used to be.

In addition to getting the right books to read, the Cisco Gurus told me to set up a lab.

When does a DoD Information System require a re-accreditation

How do you determine when a DoD Information System should have a full re-accreditation?

We are not talking about the obvious:
-3 year expiration
-completely new version and/or overhaul of a system

We are talking about a single client on within an Information System getting an upgraded operating systems, or a firewall being upgraded or the addition of 4 Cisco internetworking devices and a VLAN change.

How do we know what is a basic sustaiment change, a configuration management changed (approved by the Configuration Board members) or a full blown 100,000 dollar re-accreditation.

You would think there was some kind of matrix that could match up modifications to a DoD IS with what actions must be performed. If there is one, I have not seen it.

All we have is high level regs that tell us IA Workforce peons (who must deal with details, schedules and limited funds) almost nothing we don’t already know.

Assessing the IA Impact & Maintaining Situational Awareness:
DoD 8500.2, Information Assurance gives us IA Controls such as
DCII-1, dealing with IA Impact Assessment. Its states, “Changes to the DoD information system are assessed for IA and accreditation impact prior to implementation.” The DoD instruction also tells us the we are supposed conduct comprehensive annual reviews of our systems process, procedures and IA Control status.

How are we supposed to monitor “Changes to the DoD information system?

We know that we are supposed monitor all DoD IS’s to keep track of the baseline. And according to the regs, we are supposed to do this by a configuration management process (DCPR-1, CM Process). That configuration management process is supposed to have a “configuration control board that implements procedures to ensure a security review and approval of all proposed DoD information system changes, to include interconnections to other DoD information systems.”

So Configuration Management gives us oversight on changes to DoD IS but who within the CM process determines whether changes to a system should have a re-accreditation?
IA Control DCCB-2, Control Board tells us that” all information systems are under the control of a chartered Configuration Control Board that meets regularly according to DCPR-1.” Is also tells us that the Information Assurance Manager (IAM) is a member of the CCB.

From my interpretation of these high level statements, the IAM is the subject matter expert who has a lot of say so on the IA impact of modifications to a given DoD IS.

But the question remains.. HOW DO WE KNOW WHAT NECESSITATES A RE-ACCREDITATION?

I did not find anything for that in 8500.2 so I moved on to CJCSI 6510.01, but it only says the same things that 8500.2 says (Configuration Management, CCB, having a baseline). But it did say this:

“Ensure a configuration management (CM) process is implemented and establish appropriate levels of configuration management to maintain the accredited security posture. The security impact of each change or modification to an information system or site configuration will be assessed against the security requirements and the accreditation conditions issued by the DAA..”

Still pretty high level, but we are getting closer since the instruction is telling us: “..security impact of each change or modification to an information system or site configuration will be assessed against the security requirements and the accreditation conditions issued by the DAA“.

I thought that the only way to get more insight is to look at the lower level regulations within specific branches. Air Force’s Certification & Accreditation Program, 33-210, for example talks specifically about reaccreditation. It states, Information system owner (ISO) “Alerts AFNetOps of any changes to the topology or software affecting the security posture of the enclave boundaries so that the gateway package can be reaccredited if necessary. (3.8.6.6.4.)” And in table 3.2. it states “PM/SM/ISO will enter information in EITDR, host an initial stakeholder meeting, and initial security review to determine if a new version is to be created.” It mentions different reaccreditation actions for Networked and Standalone systems. Its goes on say that “if changes will not affect the security posture of the IS, the PM/SM/ISO will annotate the outcome of the meeting and make necessary edits to the C&A package.”

The Army’s AR 25-2, Information Assurance regulation, has an entire section on Accrediation & Reaccreditation (5-5), but offers still no specifics. The Army does have AR 380-19, AIS Information System Security and it is pretty specific (see excerpt below).. but it is now OBSOLETE and replaced by AR 25-5.

All regulation and instructions are inline as far as the need to reaccredit if there is an IA IMPACT, but no specifics on what constitues an “IA Impact”. 8510, DIACAP mentions that the IA posture of an IS must remain acceptable, in order to retain its Authorization to Operate (ATO). If I were the IAM for a day.. I would hang my hat of this important statement.

We have to work with what we have!!
Based on what we have:
Changes in a DoD IS’s IA Controls determine whether or not a system will need a reaccrediation. There is no specifics on what can force a reaccrediation. So we must conclude that there is no “magic bullet” that will instantly create the need for a reaccreditation. In other words, no modifications to a certain hardware or software or certain subsystems or even the changes to network architecture will be the reason for reaccreditation every single time.

Significant changes to IA Controls are the only thing we can really put our finger on.

So lets say that IA Control, DCCS-2, Configuration Specification was changed on an Information System. This IA Control deals with making sure the all IA Enabled and IA Products have the DISA Security Technical Implementation Guides (or equivalent) applied. Maybe an example will help us understand the process of determining reaccreditation: A DoD Information System Owner requests the addition of four new storage devices to the system enclave. Lets say, that these storage devices will have an adverse affect on the security posture of the overall system because they are not in compliance with DCAS-2, Acquisition Standards… so the storage devices have not gone through NSA/Common Criteria. Additionally the storage devices will not be compliant with DCCS which means they will not have security in accordance with DISA/NSA checklists and guidance.

Prior to being implemented or even tested the request for this change should go through the configuration management process where the IAM will tell the Program Manager and System Owner (or is representative) the security impact to the over all system. He or she would have to explain to them that the change may affect the current ATO, because they will now be non-compliant on two (possibly more controls) that were previously compliant. The IAM would also be wise to get in contact with other subject matter experts such as the system administrator and/or IAO would be in charge of implementing and testing the system. The IAM might also contact the Certifying Authority (or representative) to determine if such a change would create the need for a reaccreditation.

One thing the IAM does NOT want to do is simply sign the Program Managers and System Owners up for some changes to the system that would jeapordise the Authorization to Operate. The IAM should do their homework and present the real risk of the modifications to the system owner. CYA is paramount.

Once the IAM determine the impact, and the modification are made:
According to DoD 8500.2, 5.8.5. “ensure that IA-related events or configuration changes that may impact accreditation are reported to affected parties, such as Information Owners and DAAs of interconnected DoD information systems.”

Some older regulations are more specific. AR 380-19, AIS System Security for example:
3-6. Reaccreditation

a. All AIS, except those designated as nonsensitive, will be formally reaccredited within 3 months after any of the following occurs:

(1) Addition or replacement of a mainframe or significant part of a major system.

(2) A change in sensitivity designation (para 2-2a).

(3) A change in security mode of operation (para 2-2b).

(4) A significant change to the operating system or executive software.

(5) A breach of security, violation of system integrity, or unusual situation that appears to invalidate the accreditation.

(6) A significant change to the physical structure housing the AIS that affects the physical security described in the accreditation.

(7) Three years has elapsed since the effective date of the existing accreditation.

b. Reaccreditation will include the same steps accomplished for the original accreditation; however, those portions of the documentation that are still valid need not be redone.

AR 380-19 has been replaced with AR 25-5 which is pretty high level.

What is Autorun.inf?

What is AutoRun.inf?
What exactly is an autorun.inf? Is it a virus or just a file that needed by other application in our computer to run? Have you ever gotten alerted by your system anti-virus application that autorun.inf was detected as a threat to your computer?

AutoRun.inf is a primary instruction file associated with Autorun function. Autorun.inf is just a simple text-based configuration file that tells the operating system which executable to start or which icon to use. In other words, Autorun.inf simply tells the operating system how to deal on the programs or executable files and how the operating will treat the contents of a CD or any removable disks that is plug to your computer.

Autorun.inf is not a malware, but a virus might use autorun.inf to get access to your computer programs and files. Common virus like bacalid, ravmon.exe and even Trojan virus hides in autorun.inf to easily spread to your computer. These viruses save themselves in the root directory of the infected hard disks and will run themselves every time you double click the drive. Usually if a USB stick or a CD was infected by a virus, once it was plugged to your computer the device automatically runs itself especially with the device where autorun was enabled.

If autorun.inf was detected by your anti-virus as a threat to your computer but not yet tried to make an action then here are some tips to remove autorun.inf which are infected by virus.

You can disable autorun.inf for all drives by configuring the registry of your computer. First you need to open the registry by typing regedit.exe to the command prompt or you may execute it in run. Then look for this registry: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
Double-click the NoDriveAutorun DWORD entry and type the value HEX: FF (255 in Decimal). (If the NoDriveAutorun does not exists, you can create it by right-clicking the right side area of the regedit window, then click New->DWord Value -> type NoDriveAutorun) Close the registry and restart the computer. This procedure will disable all the autorun for all drives of your computer and at least will prevent the autorun function of infected USB drives or CDs and avoid the infection of viruses like the Bacalid and RavMon.exe.

Another procedure to disable or delete autorun.inf that has been infected by virus is by using the command prompt, type cd\ then press enter. You may type the letter of your USB drive or CD drive, for example F: then press enter. Type this attrib –h –r –s autorun.inf then press enter, type del autorun.inf.That’s the easiest way to avoid spreading virus from your computer especially using sutorun.inf. If you have any questions, you can comment on this post, thank you!

Filipino Date Scammers

“Necessity is the mother of all invention” so its no wonder that countries with unstable economic conditions and decent access to the Internet have an disproportionate number of scammers, liars, con artists and criminals online. Its all about survival.

This post is one man’s assessment of certain member’s of on dating site.

The dating site filipinocupid is full of desperate people. Some desperate for love, some for companionship, and some desperate for money… I am certainly that not talking about all the members on Filipino cupid. Its actually a great site with many great people to meet. But the level of desperation and online panhandling on the site is something that must be mentioned.

I ran across several types of people on the site:

Real ladies looking for real relationships: Typically, will not ask for money and will get PISSED if you compare them to other ladies who do that. They usually have a decent job and are doing alright for themselves. Sometimes they will have a degree or be a professional in some career field. This is certainly not always the case. They are usually looking for stability, companionship, love…

Desperate ladies: They are really in need of help and will say anything to get you to help them. There is no telling how they got in their situation or how much of what they are saying is the truth. Some will scam you and there is just no way of telling whether or not they are being truthful. Some of these ladies are ladies are desperate for stability.

Ladies Desperate for Stability: They might already have a relationship with a local filippino guy but they are not able to pay bills, not able to buy much food, and need support. They seek support with ANY western guy. They are not usually choosy. I am not saying there are not good women here. And I am not saying that its bad for them to want stability. You should just be aware of this… to make a good decision before you commit to anything.

Before you decide to play Mother Theresa, consider this:
1) If they are so desperate how do they have Internet services?
2) How do they afford the utilities and rent of the place they are in?
3) How do they have a computer?
4) How can they have a webcam?

Very Good Very Truthful ladies looking for a Long Term Relationship: If you find one, consider yourself lucky. The economic situation in the Philippines makes very difficult to be a good person when you are in real need of help. As of 2010, unemployment is high in many provinces and the wages for many jobs are really not much compared to western standards. So the good ladies here are not just good, they are the best in the world. Consider this: they are willing be good for the sake of being good ahead of their own real needs. These are REMARKABLE women.

Webcam girls: Aside from the very good honest ladies, Web cam girls are my favorite. They are about business. They want money and they are honest about it. They need to figure out who you are so they will flirt to see what you are after. They will then mention that they really need help with money. Then when the moment is right, they ask if you want to see them naked. Not all of them are scammers, but since its an honor based system, if you pay first, you have to realize that there is a chance you will never see them again. Yahoo Messenger is the instant messenger of choice.

Date Scammers: These are people that hang around dating sites to trick you out of your money. They put a false profile to draw people in. Once they are talking with you they will attempt to quickly gain your trust by being very nice or saying that they are from your area and wish they could get home. Sometimes they will just tell you how very desperate they are to eat (remember the 4 points listed above before playing Mother Theresa). To be perfectly honest, unless you get to know them of a long period of time or have it on good faith from someone else that they are who they say they are, you just don’t know. And you should not give them anything. In a perfect world it would be nice to help those in real need, but the truth is that their profile is not real, they just took several other people’s money and are laughing all the way to the bank.

Transfer fund Email Scam

Recently, I received an email coming from someone whom I do not know. Below is the email I received:

“My Dearest in christ,
My name is (MRS RITA GUNTHER)a nationality of Kuwait. I am married to late (MR NGOSSAN GUNTHER) who worked with Kuwait embassy in Ivory Coast for nine years before he died in the year Octorber 2005. We were married for twenty years with a child. He died after a the illness that lasted for four days. Please I know this may come to you by supprise , because you did not know me, I needed your assistance that was why I write you through divine direction, it is my desire of going into relationship with you.
Before his death we were both born again Christians.When my late husband was alive we deposited the sum of (Ten Million U..S.Dollars) with one of good company here in Cote d’Ivoire Presently, this money is still with the company. Recently my Doctor told me that I would not last for the next three months due to my cancer problem,Though what disturbs me most is my stroke. Having known my condition I decided to donate this fund to church or better still a Christian individual that will utilize this money the way I am going to instruct here in.I want a person or church that will use this fund to churches,orphanages, research centres and widows propagating the word of God and to ensure that the house of God is maintained.
The Bible made us to understand that blessed is the hand that giveth. I took this decision because I have a child that will inherit this money but my son can not carryout this work only because i and my late husband decide to use some of the money to work for God and live some for our son to have a better live.our son is just (17 year old) now and been grow up in africa, he have low manterity and my husband’s relatives are not Christians and I don’t want my family hard earned money to be misused by unbelievers,I don’t want a situation where this money will be used in an ungodly manner.Hence the reason for taking this bold decision. I am not afraid of death hence I know that I am going to be in the bosom of the Lord. Exodus 14 VS 14 says that the lord will fight my case and I shall hold my peace.
I will like you to understand that my contact to you is a divine direction from God , I don’t want any of my husband family relatives to recieve this money but I know that With God all things are possible. As soon as I receive your reply I shall give you the contact of the Finance/company . I will also issue you a letter of authority that will empower you as the new beneficiary of this fund. I want you and the church to always pray for me because the lord is my shepherd. My happiness is that I live a life of a worthy Christian.Whoever that wants to serve the Lord must serve him in spirit and truth,Please always be prayerful all through your life. Any delay in your reply will give me room in sourcing for a church or Christian individual for this same purpose. Please assure me that you will act accordingly as I stated here and Please I will like you to contact me Immediately you receive this mail so that I will instruct the company to ship this box of the money into your country for me and my Son to start coming over there because since now we are having a very big problem in Abidjan for political crisis so we need this transaction very urgent.but the company did not know that the content of the box is money
Remain blessed in the name of the Lord.
MRS RITA GUNTHER AND SON JOHNSON.”

This email went directly to my spam folder.
Now, what exactly is a spam? According to Wikipedia Spam is “the use of electronic messaging systems including most broadcast media and digital delivery systems to send unsolicited bulk messages indiscriminately.” Spam is often used to scam people. Typically, the distributor/creator of the message will send you a message just like the email above to collect information about you. The bait is usually a large sum of money that needs to be transferred to your account. They will ask for personal information such as your home address, contact number, bank account, and other information about you. Once you give all the information they need, they will start asking you large amount of money in order for them to transfer the money to your account.. but of course, there is not money transfered to you after you’ve paid them.. they vanish and you get ripped off. So if you received one of these scam emails, it is important that you DO NOT respond. The Scammers are likely to act upon any response from those they see as potential victims. The people behind these scams are criminals.