Why and How my Facebook News Feed is Empty.

Below is a screenshot of my news feed from Facebook. Despite having about one thousand “friends”, at this point I have chosen to not follow any of them. I found that the argumentative nature and constant insults of public figures to be too much for me. I was also tired of the intellectually lazy forwarding things to my news feed that were fraudulent, erroneous, and not vetted.

Facebook as a company does very little to keep the news feed from being an angry circular cesspool. They don’t stop it because clicks make money, and the more inciting an article is, the more likely we’re likely to click on it.
I could go on with the why, but you know if Facebook’s news feed isn’t helping you. If it’s not, then stop following each of your friends and groups. If you have a small group of people to un-follow, that is good. Facebook doesn’t make it easy. For one at a time instructions, google un-follow a user from Facebook

Perhaps you could use a power tool. I found this script https://gist.github.com/renestalder/c5b77635bfbec8f94d28 that will allow you to unsubscribe in groups of about 25. You’ll have to do a little bit of work, but it does work. The instructions on 3/27/2020 worked today, 5/4/2020.

There are good people on Facebook, really. I’ll look them up one at a time, and when they earn my trust, I’ll put them back into my feed. But right now, the only things on my news feed are tumbleweeds.

The NSA Tools Hack… It’s More Than Windows, it’s Linux, Unix, and Mac too.

 A lot of press has been given to the release of several hacking tools from the NSA by the Shadow Brokers, the hacking group responsible for the leak.  The main focus in the press has been with Windows Hacking Tools, some of which allow backdoors into the most widely used desktop operating system. This is a legitimate bonafide set of serious tools, that can cause serious destruction, damage, and theft of corporate assets and custom information.Unfortunately, many of us have become numb to hearing these warnings, (and the subsequent breaches), over and over again.

The good news is that Microsoft has patches available to fix the vulnerabilities associated with tools that exploit them. The bad news.is the:

1) patches are for Windows 7 and greater, and

2) a lot of organizations take their time patching.their systems.

The Shadow Brokers had originally put the toolset up for auction, but in a rather cryptic article on Medium,  offered the tools zipped with an unlocking password for free.

I think it’s necessary, in addition to the exploit kits for Windows, we explore the implications of the Linux tools that were released as part of this breach.

While the focus has been on Windows tools, the Shadow Brokers stolen tools cache,  located on GitHub, shows a significant quantity of tools for the ‘Nix’s – Linux, Unix, and their cousin OSX. Since the “Nix family is arguably dominant on the web, these tools have the potential of being more disruptive than their Windows brethren.

These tools exploit all manners of vulnerabilities, providing several ways to execute remote shells, escalate privileges, and gain command control of Linux servers through vulnerable applications and files. There are also a set of tools to hide the tracks of the hacker.

If your organization is running a number of Linux servers  (healthcare, finance, utilities) it makes sense to evaluate tools that look at memory integrity in addition to those tools you have that perform file integrity management functions. A properly executed exploit could leave tools running in active memory while it appears that file integrity has not been compromised. This could be done by evading inspection times for file integrity, or injecting a rouge application right into memory through tools that already reside there.

My company, Forcepoint,  offers a tool, Forcepoint Linux Threat Protection for Linux which resides in memory to catch rogue applications running in memory, alerting your security team quickly to the problem. This product is ideal for clients who run mission critical servers, whether on premises, in the cloud, or hybrid. Threat Protection for Linux

 

There’s some great information on Forcepoint Threat Protection for Linux online. If you are interested in this technology, I’d encourage you to take a look at both the datasheet for the product, as well as the whitepaper Finding Threats in Linux® Memory – The Value of Memory Integrity Verification.

If you think you need the protections of Forcepoint Threat Protection for Linux, and you want further information, give me a call at 1-410-740-3490 or send me an to me at pmisner@forcepoint.com.

In the interest of full disclosure, I am a salesperson for Forcepoint. This article was written by myself, with no editorial comments from my employer. I have a technical background, but I know enough to be dangerous. Please let me know if there is anything I need to amend to be more factually correct.

Please share if you think this article merits it.

How Bob became an insider threat at his company…


… and what could have been done to prevent it.

It was about 12:30 in the afternoon when Bob got the call from Barry, the marketing person in charge of competitive intelligence at his company. Barry’s tone was serious. “Bob, we just managed to get one of  Xyz’s internal papers with a competitive analysis of our products. They mentioned a fault with our product, and sourced your website. Do you know what’s going on?” Bob didn’t, and asked Barry to send him a copy of the document.

What Bob saw turned him white.He was guilty, knew exactly what happened, and why it happened.  Xyz had a footnote into their document which sourced his personal website as follows:
http://www.mywebsite.com/c:\users\me\documents\thenastyfile.pdf

At the time, Bob’s company had no backup policy. He used Webdrive, a program to map ftp sites as drive files, to backup his files to a local server for archiving. He also used Webdrive to work on his personal website.  Bob was multi-tasking, and instead of backing up his  files, he posted them to his website.

Bob was sick. Visions of losing my job were at the front of his mind. Bob called his boss, confessed, and was in turn told to call the Chief Security Officer.

The CSO asked Bob to get the logs from his personal website. What the CSO found, in addition to the document described above, was that a document called “customers.csv” was accessed. Fortunately, it was just a list of prospects that Bob had gathered, and not his true customer list. Still, Bob’s competitor now had an idea of what accounts he was going after.

Bob didn’t lose my job, but learned a big lesson a very hard way. Do not handle sensitive corporate data in an insensitive way. As stated above, Bob was multi-tasking, trying to quickly get a backup in while watching a webinar. He should have been more precise and focused when performing a backup.

Bob admitted his mistake, but there are ways that my company could have prevented this mistake.

  • There was no security education program at the time for end users.
  • The company did not do their own backups on laptops, so I had to do my own.
  • Data Loss Prevention could have been used to mark the files as sensitive, and warned or prevented Bob from sending them.
  • FTP use could have been restricted.
  • User behavior analytical tools could have been deployed to identify the change in my activity.

(BTW, some of the same tools could have been used to catch Edward Snowden)

I work at Forcepoint, a leader in user behavior analytical tools, data loss prevention, and web and email security. The tools we have help prevent this type of threat.

Have you thought about similar situations at your company. Are you vulnerable as well? If you think so, let’s talk. 1-410-470-3490 or send an email to pmisner@forcepoint.com

 

Infosec Blab Recording- Mike Miller Tanager and Myself Discuss Insider Threat Security Programs

Well, if you missed it, here it is. The recording of the Inaugural Insider Threat Blab, which occurred on June 3, 2016. Mike Miller, COO of Tanager, Inc. and myself discussed setting up an Insider Threat Security Plan.

We lost a lot of people on the first blab, because authentication at the original conferencing site was not functioning. For all other Blabs, I’ve moved the conference to a new location.

 

Living in the Salesforce.com Matrix, Why It’s Bad, and How it Can Be Better.

matrix

I’m going to step away from my usual writings on security, and talk about the other side of my job this week, the sales side.

I think that I have given Salesforce.com and their app enough leeway over the years. They started out in 1999,  when HTML was a crude tool, and it was difficult to really have the flexibility that their software based competition  had when they started. However web development languages, like HTML5, Java, and APEX had time to develop over the years, and  SFDC now has the ability to make itself better for the end user, the salesperson.  SFDC does a lot less than they should be doing at speeding up the lead generation process and the process of reaching customers faster.  SFDC is not the only guilty participant in the CRM industry, pretty much all of their competition has the same or similar issues. But for the rest of this article, I’m going to single out SFDC.

What SFDC provided to the industry was, and still is, good. It’s an Application as a Service, centralized repository of lead, customer, and opportunity information, that provides insight into the organization. In exchange for this centralization, part of most every salesperson’s day is now devoted to data entry. It’s a compromise that has a lot of benefits, but the salesperson in turn, should be able to use the app in a way that speeds up the ability to sell.  It’s in the area of speedier sales that SFDC has failed the sales person miserably.

One only needs to try the SalesForce 1 Android App to see how this works in practice. One one side, this is an incredibly rich app. It’s so rich that it is unusable for any serious salesperson. Getting a telephone number of a lead or contact takes several clicks, records take more.

One way to judge SFDC’s speed of operation is to compare it to using the same data in excel. When it’s easier to pull a report, transfer the data to excel, use the spreadsheet manually, then either enter by hand or copy and paste data back into SFDC, then it should be pretty obvious that SFDC isn’t meeting the needs of the salespeople who are forced to use it.

For example, let’s lake at a typical, activity sheet from SFDC.

It would make sense that you could add comments and status about a call right on this page, but by default, anything you need to record on the Activities page has to  open another page.  Emails are worse. If a task is listed as an email, clicking on it does not open email like it should, but you just have a reminder that you have to write an email, which needs to be deleted if you use SFDC’s internal email, or now you have two activities logged.

The “Related To” field is another problem. Not only does one need to identify if the activity is associated with an account, opportunity, ticket, case, etc. (my version of SFDC lets me only related to one)(, it doesn’t do this automatically. For example if John Smith works for Acme, if I choose John Smith, SFDC should know that John Smith works for Acme, and pre-propulate the field. SInce this field is pre-populated, SFDC shouldn’t even ask me to do this association. It should always be done.

Another example. Why, in 2016, when more Americans have cell phones than home phones, does SFDC not put a dropdown, or list both the office and mobile numbers listed on the call task page? Only the office number appears. If you need to get the mobile, you have to go back to the contact information.

Everyone of these unneeded clicks slows down my day as a salesperson.  Pulling reports and repopulating data takes time away from my company, or my family, (any many of us are forced to choose the latter).

Seriously, I could do a two hour video on everything that makes SFDC an unnecessary ball and chain on the sales making activities of a salesperson.  I’m not going to do that video, or write that book today. What I’m going to tell you is why we are stuck in the SFDC  “Matrix”.

Red_and_blue_pill

There are two reasons why we’ve stuck with the Blue Pill of conformity with respect to SFDC.

  • We have used it so long, and we no longer realize how bad it is.  We have gotten so good at working  (and working around ) an inefficient product, that we have become numb to it’s major design flaws.
  • We aren’t the ones who pay for, or make a decision to buy SFDC.  In fact, we are probably given very little consideration. There’s a general feeling out there that salespeople naturally oppose tools like this, and therefore any real complaints are perceived as whining.

It’s amazing to me that a whole cottage industry of Sales Development Tools are now on the market to address the gaps in SFDC. Some are standalone, pulling leads completely out of the system, most integrate at some point with SFDC. Any volume sales development shop would go out of business if they used the stock SFDC tools solely, because it would slow them to a crawl.  My point is, these tools should not exist, because they are filling a niche that SFDC should have in the core product.  

SFDC (and the rest of the CRM industry), we realize that we are stuck in the Matrix. It would be nice if you help us too. And a little secret, here. You’ll ultimately be helping our bosses, because we’ll be able to deliver better numbers quicker.

Everybody falls the first time, right, Trin? —The Matrix

Are you happy living the SFDC Matrix? Are there ways to make it better? Am I wrong?  I’d like to hear from you.  Your comments are welcome.

Bitnami- Free and Easy Open Source Application Stacks

bitnami

Since I work on a very limited budget, I’m often looking towards Open Source projects to meet my needs.  There are a number of projects out there, so many that it’s necessary to find a filter to find the best ones. Plus, setting them up with the appropriate stack applications can get tedious, especially for me, someone who knows enough to be dangerous.

I love Bitnami (http://www.bitnami.com) because they answer both of these problems. Bitnami offers free, preset, application stacks for Open Source applications that can run on Windows, Mac, and Linux, and in dedicated virtual machines. If you use the cloud, Bitnami provides simple installation to AWS, Google, and Azure.

Bitnami’s applications include

  • HRM
  • CRM
  • Bulletin Boards
  • Chat
  • E-Commerce
  • E-Learning
  • Programming Tools
  • Development Environments
  • Business Applications

and many, many, more. Go to https://bitnami.com/stacks to see a detailed list of applications available.

If you can run a virtual machine, or do an install of a Windows application, you have what it takes to run a Bitnami stack. If you do run into trouble, the forums and documentation online are excellent.

So, what’s the catch? If you use the VM’s, Mac, or Linux applications, there is none. It’s free (really). If you decide that you want to go to the cloud, you can take advantage of Bitami’s management console. You can try it out for free, running one small or medium server in the cloud. (Remember the cloud service providers will charge you to run servers and storage on their cloud).

I tried the management console, and love it. It’s user friendly and powerful. It provides options to build multiple applications on one stack, and allows you to run the application on your cloud service provider of choice. If you’re a serious user, (more serious than me) you should really consider using it.

Bitnami gives you access to the best open source applications, pre-configured at a great price. Check them out before you spend thousands on your next application.

 

 

Sendy- a Way to Send High Volume Emails on the Cheap

sendy-report

 

If you want everything done for you, services like Mailchimp and Campaign Monitor are great choices for you. But if you send a lot of emails, and are willing to use a bit of IT elbow grease, then Sendy can save you hundreds of dollars on each email run.

Sendy is an PHP email script that can be hosted on your own server or a shared server. I use a dedicated Sendy server on AWS. A T-2 Micro instance running LInux costs me $75/year.

Sendy uses AWS’s Simple Email Service or SES to send out emails over SMTP. Between Sendy and AWS with a little bit of tweaking, you can send up to 10,000 emails a day with the regular quota, at a price of only $.10/1000. That’s no typo. 10 cents allows you to deliver 1,000 emails. The Sendy application itself only costs $59, and if you can beat your way around a Linux server, you can get up and running. And once they know you, Amazon will raise your quota, up to 100,000 users.

Sendy offers a great array of reports, autoresponders, and handles bounces, unsubscribes, and complaints on AWS through the use of Simple Queing Service.

Problems?? Check the Sendy forums. They are robust and helpful. To get your hands on a copy of Sendy, go to www.sendy.co

Also, I found out there is a service for Sendy hosting called http://easysendy.com. They’ll set you up with a server, and do a one click configuration for you, for as low at $19/month.

P.S. Make sure you read the the FAQS on Amazon about DKIM, as Google will soon be using it to verify emails.

If you send out smaller volumes of mail, (100’s) then PHPList on a small or shared server is another great choice. I’ll renew that one in the near future.

Cybrary Makes IT Training Free (Really)

cybrary

 

According to the Bureau of Labor Statistics, there are over 209.000 unfilled cyber security positions, the number of positions has increased 74% in the past five years, and the number of cyber security jobs is expected to increase 53% by 2018. The movement to the cloud, mobility, and the Internet of Things, coupled with increased hacking, malware, and advanced persistent threats are all increasing the need for highly trained security professionals.
In the past, cost and time have been major barriers to getting the skills required to enter this growing field. Bootcamps can cost from $2,000 to $5,000 a week, and require students to take time off of work. Massive Online Open Courses (Moocs) like EdX and Coursera have only addressed information security in the periphery, and are slowing adding options that have effectively raised prices. University Programs in CyberSecurity are often very costly, requiring a two year commitment. Until very recently, the only low cost option to get fully trained was to get a book and do it yourself, on your own time, or through a study group.
Cybrary (http://cybrary.it) is changing the game, by offering web based training for certification and advanced information security skills for the low cost of nothing. Zilch, free, as in beer, zero. Oh, yeah, there’s an app for that, too! !!Android only right now)
These are not just lightweight courses, they are for all levels of security proficiency. Some recommend that you bring to the counter multiple years of experience.
Cybrary currently offers the following security-related courses:

  • CompTIA Security+
  • Cryptography
  • Ethical Hacking and Penetration Testing , EC-Council’s CEH.
  • Computer and Hacking Forensics CHFI certification from the EC-Council.
  • CompTIA Advanced Security Practitioner (CASP)
  • ISACA Certified Information Systems Auditor (CISA) –
  • Certified Information Systems Security Professional (CISSP)
  • Post Exploitation
  • Social Engineering and Manipulation
  • Python for Security Professionals
  • Metasploit Malware Analysis and Reverse Engineering
  • Advanced Penetration Testing

In addition, Cybrary offers courses in Network and Systems administration, rounding out their security offerings. All that’s required is registration to the site. The site also has an area which provides a user profile which has a list of completed classes. Most of the serious modules tend to be about a 1/2 hour in length. You’ll probably stop the slides once in a while to take notes. The instructors seem to know their stuff. One cool thing about the site is that there are options to earn points that can be used on the site by completing activities.

I spoke with Trevor Halstead, the Project Manager for Cybrary, at a recent Maryland CyberSecurity conference.
Trevor-first of all, why did you start Cybrary?
Cybrary was started around the most fundamental idea that education should be available for everyone for free. The cybersecurity industry is unlike any other. It is evolving at an unfathomable rate and is highly volatile. Our traditional education methodology is unaffordable, inaccessible, impractical, and simply does not allow us to keep up. We are seeing the effects of this evolution on the demand front, and feeling the impacts of our inefficient training programs when you look at our talent supply. By making information on, arguably, one of the most critically important industries, accessible; we are allowing people to feed their curiosity, and have access to information that can help, not only, protect them online, but also, kick-start a new or existing career.
I noticed that there were a number of donate buttons on the site. Are you planning on donations being the main source of revenue for Cybrary?
We have great connection to our users. We make a point to respond to every question or request, and interact with them on a daily basis. As a result, our users show their appreciation, of the service we are providing, by donating to our site. That being said, donations and ads can only go so far. Our plan is to grow into the daily active site for cyber security professionals; and with a site, at that level, there are more than a few ways to produce revenue. At the moment, however, we are currently focused on EDU and Enterprise platforms for larger organizations; as well as, building out our Talent Services division. With a quickly growing community, featuring over 260,000 registered users, we believe that bringing employers into the fold will help to curb the industry shortage. Our Talent Services platform will allow employers to post jobs and have access to the profiles and resumes (at a price, of course) of people from all around the world. In addition, we hope to be able to work with them to develop their own talent pipelines (those short of a certification, but actively working on the site to earn it, for example) which will be mutually beneficial to, both, employers and applicants, alike. While we are not there yet, we strongly believe that Cybrary will evolve from more than just a free cyber security training website, and into the premiere recruiting platform for cyber security talent.
The course quality is great, but I did not notice testing modules on the site. Was that something I missed? Is this a planned add-on?
Yes, we get asked about that on a pretty frequent basis. We are in the midst of developing end of module/end of course quizzes & tests. In addition, we are eyeing integrating full test simulations that our users will be able to take advantage of. While folks can find these elsewhere online, we want to provide our users all the tools they need to start and grow a career in cyber security. Even more we do have plans on integrating these “results” into our users’ professional profiles on Cybrary. This will help employers, searching for talent, have a better means for quantifying that professional’s knowledge and skill level.
What additions in course content can we expect to see in the coming months?
We have some really great course content in the pipeline. Within the next 30-60 days, we are looking to have classes posted on the Metasploit Framework, Malware Analysis/Reverse Engineering, and CSSLP (by ISC2). Quarter 1, we are eyeing Web App Pen Testing, Secure Coding, and Threat Intelligence.
Are you seeing investor interest in the project?
We launched, officially, in January 2015 and have just eclipsed 260,000 registered users; so, from a growth perspective, I’d say, we are a little past “project” status. In August, we received $400,000 in our seed round led by Justin Label of Inner Loop Capital. If you are not familiar with Justin, he has over 15 years of experience working with private companies as a venture capital investor and advisor. Prior to his current involvement in developing Cyber Security companies, along the Cyber Corridor (SourceFire, SafeNet, Mandiant, and Tenable…just to name a few), he worked at Bessemer Venture Partners in Silicon Valley, where he was involved in most of their cyber security investments. Justin has worked with and grown some terrific companies, and we are really excited to have his support in Cybrary.
You’ve got nothing to lose, and a lot to gain, by trying Cybrary. They currently host positions from 5 companies including: CyberPoint International, PRISM Inc, Raytheon Blackbird Technologies, Apex Systems Inc, and SAIC; and, are currently reaching out to companies, providing 1 complimentary posting, to show just how impactful posting a position in front of the largest online cyber security community can be. Give it a look at http://Cybrary.it . as well as their jobs pagehttps://www.cybrary.it/cyber-security-jobs/ and let me know your thoughts. Oh, do your LinkedIn techie friends a favor, and please share this article with them.

Why the Clinton Email Server is a Big Deal.

I watched the debates the other night, and was surprised to hear Bernie Sanders give Hillary Clinton a pass on the email scandal, by saying that people don’t care about that and want to hear the issues.  I agree that issues other than the home email server are more important to the country, and some people I spoke with felt it was a magnanimous gesture on the part of Mr. Sanders. I also think that Ms. Clinton’s usage of a personal email server for State Department business is not a trivial matter for a number of reasons, and I’m troubled that Mr. Sanders is trivializing it. To me, it’s a sign that Mr. Sanders might not be up to speed on the technology related issues that the future president will need to address.

Here are my reasons for believing the Clinton home email server was a serious problem.

  • State Department conversations often involve very sensitive information. Diplomatic conversations are prime candidates for interception and analysis by foreign nation states.
  • The email server had open remote access ports. This flies against common security rules for information of this type.
  • It does not appear that archiving or backup were in place. This goes against government policy.
  • Personal conversations were intermingled with business communication.  If Ms. Clinton wanted to keep her personal communications private, she should have used a separate email account. She shouldn’t have the luxury of determining after the fact which communications were personal,

I could go on, but that’s enough. I’m a progressive, but I’m also a security guy. I try to call them like I see them, and this should be one mistake that doesn’t happen again.