Friday, May 19, 2017

GroundRod 1 & 2 Idaho, June 1-4 Update

The GroundRod Primer course for CDA, Idaho is completely full and we have 2 seats left for GroundRod 2.

If you did not make it into this class we have some upcoming dates in the Northwest:

- June 15-18    Eugene, OR

- July 6-9         Prosser, WA

- July 14-17     Buffalo, WY


Outside the NW:

- July 29-30        LasVegas, NV  (after Blackhat 2017)

- August 10-13   Scranton, PA

Reserve your spot before they fill up.

Wednesday, May 17, 2017

Update on Intel AMT Exploit

As many of you are aware, a rather onerous firmware exploit was discovered in February that affects most modern Intel processors. The exploit has been dubbed "Silent Bob Is Silent" and can grant an adversary remote access to your computer beneath the OS level. This not only affect Windows machines but Mac and Linux as well.

“The exploit is trivial, max five lines of Python, could be doable in one-line shell command. It gives full control of affected machines, including the ability to read and modify everything. It can be used to install persistent malware (possibly in firmware), and read and modify any data. For security servers, it may allow disabling security features, creating fake credentials, or obtaining root keys. …  IT folks, KEEP WORKING THROUGH THE WEEKEND, DISABLE AMT NOW or block access to it. This can get ugly.”

Read the full piece HERE

The linked post will cover some methods for determining if your system is vulnerable. It should be noted that the Intel vPro model CPUs are most vulnerable.

I should point out that the SEPIO laptops are not vulnerable to this exploit.

Note:  A quick fix you could employ while waiting for a patch is to block the following ports in your router/AP firewall: 16992, 16993, 16994, 16995, 623, 664. This will block it for the time being. I would also disable IPv6 as it uses random IPv6 ports.

Friday, May 12, 2017

Be Careful What You Click

Those leaked NSA TAO tools have been in the wild for a few weeks now.....and now we have this.

"According to CrowdStrike's vice president of intelligence Adam Meyers, the initial spread of WannaCry is coming through spam, in which fake invoices, job offers and other lures are being sent out to random email addresses. Within the emails is a .zip file, and once clicked that initiates the WannaCry infection.

But the most concerning aspect of WannaCry is its use of the worm-like EternalBlue exploit. "This is a weapon of mass destruction, a WMD of ransomware. Once it gets into an unpatched PC it spreads like wildfire," he told Forbes. "It's going through financials, energy companies, healthcare. It's widespread."

Given the malware is scanning the entire internet for vulnerable machines, and as many as 150,000 were deemed open to the Windows vulnerability as of earlier this month, WannaCry ransomware explosion is only expected to get worse over the weekend."

Read the whole piece here WannaCry exploit


The WannaCry malware currently is wreaking havoc with the  UK healthcare system.

This attack uses the leaked Eternalblue malware from NSA and is a nasty one. Yet another reason to move away from Windows and into a Linux based distro (preferably a hardened one).

BlackHat 2017 Convention & GroundRod

Blackhat 2017 Info

I will be attending the 2017 Blackhat convention in Vegas July 22-27. If there is interest I can schedule a GroundRod course in Las Vegas to run right after the conference.

Any interested parties email me and we will see if we can make it happen.

Thursday, May 11, 2017

More Shenanigans from the No Such Agency folks

"A very important question remains: What exactly could WindsorBlue, and then WindsorGreen, crack? Are modern privacy mainstays like PGP, used to encrypt email, or the ciphers behind encrypted chat apps like Signal under threat? The experts who spoke to The Intercept don’t think there’s any reason to assume the worst.

“As long as you use long keys and recent-generation hashes, you should be OK,” said Huang. “Even if [WindsorGreen] gave a 100x advantage in cracking strength, it’s a pittance compared to the additional strength conferred by going from say, 1024-bit RSA to 4096-bit RSA or going from SHA-1 to SHA-256.”

Translation: Older encryption methods based on shorter strings of numbers, which are easier to factor, would be more vulnerable, but anyone using the strongest contemporary encryption software (which uses much longer numbers) should still be safe and confident in their privacy."


Read the full article here Intercept Article and make sure you grok the implications.

- You are using strong passwords/passphrases, right?

- You are using minimum RSA-4096 (and getting comfortable with ECC non-NIST curves), yes?

- And of course you are dating/replacing your passwords and PGP keys on a regular basis?

Privacy/Encryption is a dynamic sport.....don't ever forget that fact.

Wednesday, May 3, 2017

GroundRod in Central Oregon and Central Florida

There will be a GroundRod Primer in the Bend, OR area on May 13-14.  There will also be a GroundRod Primer in the Fort Meyers, FL area May 27-28.

Contact me if you wish to register for either course.