Heartbleed versus nmap

The quickest way to detect if your site, organizations sites or just sites you use are vulnerable to the heartbleed bug you can use one of the following:
Another way to check is to used nmap.  .
-nmap -or-zenmap
-authorization to scan*
-ssl-heartbleed.nse (http://nmap.org/nsedoc/scripts/ssl-heartbleed.html)
-tls.lua (https://svn.nmap.org/nmap/nselib/tls.lua)
Step 1.  Install nmap/zenmap
For Windows NT – 2K8
Latest release self-installer: nmap-6.40-setup.exe
Latest command-line zipfile: nmap-6.40-win32.zip
*ridiculously Windows Install instructions: http://nmap.org/book/inst-windows.html
Step 2. Install nmap heartbleed script & tls.lua
Download the file tls.lua (https://svn.nmap.org/nmap/nselib/tls.lua)
Move the tls.lua file to the nmap directory
download the file ssl-heartbleed.nse (http://nmap.org/nsedoc/scripts/ssl-heartbleed.html)
Move the file to nmap scripts folder
Step 3. Run the Command
nmap -sV –script=ssl-heartbleed <target>


Other SSL Testers
qualys overall ssl status: https://www.ssllabs.com/ssltest/
Android SSL testers:
Bluebox heartbleed scanner: https://play.google.com/store/apps/details?id=com.bblabs.heartbleedscanner
Heartbleed detector: https://play.google.com/store/apps/details?id=com.lookout.heartbleeddetector

GFI LANGuard – Review

GFI Languard Network and Security Scanner

I was given the honor of reviewing GFI LANguard network and security scanner. Right off the bat I notice that the interface is very intuitive & easy to use, which is important to a busy security professional that have better things to do with their time than fight with a messy
security tool.

The network scanning tool I normally use is called Retina.
When lining the two up, I have to say Retina is much more powerful, with many more options built in. It can drill way down and do intrusive scans where GFI LANguard v.9 is pretty vanilla. It gives you what you need and that is it.

The simplicity could be an advantage to a system admin doing a security job, because it really is straight to the point. The cost is definitely and advantage. GFI LANguard is about ½ the cost of the Retina Scan tool.

Retina Professional Edition 16 IP Pack – $995.00

GFI LAN Guard goes for about 300+ for 10 licences.

Nessus is considered one of the best network scan tools but its more expensive then both.

What I really like about Retina is that it allows you to scan in accordance with Department of Defense standards, SAN, and others. Languard does look at the SANS Top 20 report vulnerabilities.

If your looking for basic, down to Earth network & security scanner for your small to medium business needs, than GFI Languard is definitely the way to go because you will not beat the cost for the quality and support you get. Its going to give you a thorough assessment of the your systems and even tell you how to fix them. Buy this product!

You Hack US, We Nuke You!

The United States’ top commanding officer for the space and cyber domains told reporters last week that a cyber attack could merit a more conventional military response.

During a press briefing on Thursday, U.S. Air Force General Kevin Chilton, who heads the U.S. Strategic Command, told reporters that top Pentagon advisors would not rule out a physical attack on any force that attacks the United States through the Internet. Currently, the military’s networks are probed thousands of times a day, but the goal of attackers seems to be espionage, not to take down critical networks, he told reporters –

Security Focus

I don’t believe that military force is the equivalent action for a cyber attack. Arrest and/or apprehension is the physical response necessary for criminal hackers attacking from other countries. Cyber counter-attacks are the correct response for government funded & coordinated attacks.

I think if the U.S. reciprocates a cyber attack x10 when other countries are playing little games, we’d get our message across effectively. We should do so in a well funded and covert way in which the enemy has NO DOUBT that the face slap came from a U.S, hand, but no proof at all allowing plausible deniability. It should be black Ops hacks, very well coordinated, very well funded and full time.

I don’t think the US can be complacent or wrecklessly meek in matters of cyber warfare. Instead, it must be fair, quiet and heavy handed when it comes to one of its most valuable asset, information.

17-year-old accused of hacking into school computers

JEFFERSON COUNTY – A 17-year-old student at Golden High School has been arrested after police say he hacked into the school’s computer system and changed grades.

Police say charges could include forgery, computer crime and use of forged academic records.

Police believe the student hacked into the campus portal system, which is meant to give parents access to grades, schedules and attendance records.”

Everytime I hear about a kid trying to hack the school records I am reminded of Ferris Bueller’s Day off. 

read more | digg story

Former Pentester of FBI, hacks the FBI

This case is not the same as the Department of Veteran Affairs loss of records or the Department of Agricultures security failures.  In this case, a contracting consultant conducted a penetration test with out getting formal approval.  He expoited the FBI's vulnerabilities to gain elevated privledges.

Joseph Thomas Colon, 28, is a former employee of BAE Systems.  His pentest allowed him to obtain the passwords of 38,000 employees, including that of FBI Director Robert S. Mueller III.  According to Colon, the FBI field office in Springfield, Ill., he was attached to gave him approval.

However, every professional pentester and/or ethical hackers knows that you have to get formal approval from an authority. 

Colon's lawyer said in a court filing that his client was hired to work on the FBI's “Trilogy” computer system but became frustrated over “bureaucratic” obstacles, such as obtaining written authorization from the FBI's Washington headquarters for “routine” matters such as adding a printer or moving a new computer onto the system. 

As a result, Mr. Colon will likely serve about 18 months in prison. :(…

Pentesting and ethical hacking tools and techniques must be dealt with responsibly.  The bureacracies that might allow pentesting must be respected at all costs.  The first thing in Pentesting and ethical hacking that is taught is to ALWAYs, ALWAYS, ALWAYS get writen consent to procede from the owners of the system.