Chattanooga
Unix
Gnu
Android
Linux
Users
Group

 

Hot Topics:

Sponsoring:

Has anyone ever heard of SiteLock?

From: Jonathan Calloway 
------------------------------------------------------
All,

I got an email and my ‘customer’ got a phone call from a security analyst and SiteLock.  They claim that my site has been infected with malware.  They’ve placed a text file on the server that shows all of the files that are supposedly infected.

When reviewing the files and comparing them to a recent backup, I noticed two things:  1)They didn’t exist before (at least within the last 2 weeks) and 2) They’re all the same; 98 lines of stuff like this:  

formalization= 'd'; $diffusing='d';$democrats= '$';
$gregor= 'a)EP

[OT] iPhone for sale

From: asg 
------------------------------------------------------
I have two iPhones with cracked screens a 5s and 5c. A DIY screen repair =
is $129 and I don=E2=80=99t want or need to spend the money to repair =
them. If anyone wants them, make me an offer. The 5s is 16G and the 5c =
is 8G.

Thanks,
--
Stephen Haywood
Owner: ASG Consulting
423.305.3700
stephen@averagesecurityguy.info




OT: Network Admin Job

From: Nick Smith 
------------------------------------------------------
My employer is looking for a good network admin.

If your interested or know someone who is, get your info over to me.

Normal job description below:

POSITION SUMMARY:
=E2=80=A2 Responsible for designing, organizing, modifying, installing, and
supporting a company's computer systems. Designs and installs LANs, WANs,
Internet and intranet systems, and network segments.

MINIMUM REQUIREMENTS FOR POSITION
=E2=80=A2 High school graduate with some college course work in computer sc=
ience
required.
=E2=80=A2 Considerable (5 years) and current experience as an Administrator=
 on a
medium sized network of servers, desktop systems and communications devices
using current technologies.
=E2=80=A2 Cisco Certified Network Associate (CCNA) a plus.
=E2=80=A2 Previous work with financial institutions a plus.
=E2=80=A2 Working knowledge of LAN and WAN topologies and architecture, inc=
luding
Multi VLAN architecture. Must be able to construct, operate and maintain
LAN and WAN Networks. A complete knowledge of Gigabit and Ethernet topology
interfacing with network IP phone systems. Must be able to research and
solve associated problems
=E2=80=A2 Must have knowledge and experience with network firewalls. (Cisco=
 ASA is
Preferred.)
=E2=80=A2 A strong knowledge of DNS and DHCP.
=E2=80=A2 Extensive experience with VMware, vCenter Virtualization of Serve=
rs.
Certifications and SRM experience a plus.
=E2=80=A2 Some working knowledge of Linux, Windows and associate OS-Level n=
etwork
IP configuration. Midrange system knowledge of i5 OS a plus.
=E2=80=A2 Excellent communication skills and ability to interact with other=
s to
solve problems.
=E2=80=A2 Good organizational skills.
=E2=80=A2 Ability to adapt to emerging technology and learn new skills as n=
ecessary.
=E2=80=A2 Ability to maintain composure in stressful situations.
=E2=80=A2 Ability to perform heavy lifting.
=E2=80=A2 Ability to work flexible hours including occasional weekends and =
holidays.

ESSENTIAL FUNCTIONS:
=E2=80=A2 Install and support LANs, WANs, network segments, Internet, and i=
ntranet
systems.
=E2=80=A2 Install and maintain network hardware and software.
=E2=80=A2 Maintain integrity of the network.
=E2=80=A2 Maintain data security in a financial environment.
=E2=80=A2 Manage additions and changes to DNS and DHCP systems.
=E2=80=A2 Develop and maintain disaster recovery strategies as it pertains =
to the
network and the bank.
=E2=80=A2 Responds to banking office and/or department requests for assista=
nce and
installations; accurately documents such requests and their resolutions
though the IT work order system; regularly communicates with benefactors of
open work orders until resolution.
=E2=80=A2 Troubleshoots a variety of problems and resolves immediately when
possible; refers unsolved problems to appropriate third party vendors;
monitors problems through ultimate resolution.
=E2=80=A2 Maintains effective working relationships with a variety of outsi=
de
vendors and Bank employees.
=E2=80=A2 Within the areas of assigned responsibility, maintains the integr=
ity,
security and continuity of Bank computer systems though careful attention
to the following details:

Stringent Security Administration, Patch Management and System Upgrades,
Routine Systems Maintenance, Performance and Availability Monitoring,
Detailed Deployment Documentation, Routine Procedures Documentation,
Testing and Verification of Complete and Reliable Backups

=E2=80=A2 Maintains an acceptable level of expertise within the areas of as=
signed
responsibility; participates in scheduled training as well as seeking
continuous self-education though any available IT and banking industry
resources; utilizes knowledge and experience by training other IT team
members as required.
=E2=80=A2 Maintains orderly work and storage areas; ensures the accessibili=
ty of
supplies, tools, parts and equipment, software masters and other IT
resources by returning these items to secure organized repositories when
not in use.
=E2=80=A2 Maintains a working understanding of, and complies with, applicab=
le
banking regulations, operating procedures and security guidelines.
=E2=80=A2 Regular and predictable attendance.

NON-ESSENTIAL FUNCTIONS:
=E2=80=A2 Prepares non-standard management reports as requested.
=E2=80=A2 Recommends constructive improvements to procedures.
=E2=80=A2 Performs other duties as assigned.
=E2=80=A2 Maintains a working understanding of, and complies with, applicab=
le
banking regulations as well as internal policies and procedures.

SPECIAL REQUIREMENTS:
=E2=80=A2 Valid driver=E2=80=99s license.

PHYSICAL DEMANDS:
Employees may experience the following physical demands for extended
periods of time

=E2=80=A2 View computer monitors
=E2=80=A2 Keyboarding
=E2=80=A2 Motion of fingers/hands/wrists/elbows
=E2=80=A2 Sitting
=E2=80=A2 Working from ladders
=E2=80=A2 Stooping and bending
=E2=80=A2 Use of power tools
=E2=80=A2 Lifting computers and related equipment weighting up to 50 pounds=
.
=E2=80=A2 Travel to other locations.

Employees in this job are required to travel to banking office locations,
other company divisional locations and vendor office locations. Some travel
may require planned or unplanned overnight stays.

WORK ENVIRONMENT:
Work is performed in an operational office environment. Occasional
situations may require installation and deployment work in areas under
renovation or new construction.

--=20
--------------
Nick Smith
nick at nicksmith dot us

Kaspersky for Mail Server Antivirus

From: David White 
------------------------------------------------------
Does anyone have experience running the Kaspersky KLMS (Kaspersky Security
8.0 for Linux Mail Server)?

According to official documentation, the software requires a minimum of 2
GB of RAM and 4GB of swap. That seems utterly ridiculous to me.

I just finished installing a trial version of it into a CentOS 7 machine
inside Virtual Box with 1GB of RAM and no swap. Granted, this VM doesn't
have any users, but I can confirm that all of the various kaspersky daemons
and such are running, and there's still no load.

Given that my mail server infrastructure has very low volume (at max on a
busy day, it probably handles less than 500 legitimate emails in a given
day), I'm thinking I'm going to give it a try.

I just recently became a Kaspersky reseller, so have access to 1 year of
free licensing. Would probably be better than ClamAV.

-- 
David White
Founder & CEO

423-693-4234
@developCENTS 
https://developcents.com

*Develop CENTS*
Computing, Equipping, Networking, Training & Supporting for small
businesses and nonprofits
Providing: Web Hosting, Technical Support & IT Consulting

*Signup to our Newsletter at
https://developcents.com/contact/
*

Anyone at BSides Knoxville?

From: Bret McHone 
------------------------------------------------------
The subject says it all. Is anyone here at the BSides Knoxville cyber
security conference?

Thanks,
Bret

Chattanooga cybersecurity job opportunities

From: Know Juan 
------------------------------------------------------
My company is currently recruiting for a few full time cybersecurity
positions that are open in my group.

Competitive compensation and pretty solid benefits.

If you're interested, or know anyone who might be - please contact me off
list for full details.

Docker Question

From: "Kite, Mike" 
------------------------------------------------------

Friends,
  I have a close friend who's recently widowed and her hubby was a web developer.  He was hosting several websites, we think using Docker.  After his death, a couple of power-failure events knocked all of them offline.  I have to think they were being manually started.  And I think they're hibernating on his iMac.  He was too good at security, so getting this much info took me too much hacking, which is not my forte, nor are web-apps, I'm a sysadmin.

So, anybody got advice as to how to find these docker-ized web apps?  Start them?  Move them to another host?


Thanks all!

OT: Security Analyst Job in Nashville

From: Stephen Haywood 
------------------------------------------------------
I've got a friend looking for a Security Analyst in Nashville, details are
here:
https://www.premisehealthjobs.com/job/franklin/security-analyst-1/1388/1834=
168

Requirements

   - 4+ year=E2=80=99s work experience
   - 1+ years as Security Analyst
   - Experience in Linux administration
   - Basic understanding of TCP/IP networking, such as: IP addressing,
   subnet masks, basic IP routing, TCP/UDP
   - Strong understanding of security operations concepts: perimeter
   defense, BYOD management, data loss protection, insider threat, kill cha=
in
   analysis, risk assessment, and security metrics
   - Strong understanding of IT operations: help desk, end-point
   management, and server management
   - Ability to analyze data and communicate findings to users, technical
   staff and upper management.
   - Attention to detail
   - Good written and verbal communication skills
   - Ability to effectively network, participate in interdepartmental
   teams, and develop key working relationships

Preferred Qualifications:

   - BS degree in Engineering, Computer Science, Information Security, or
   Information Systems preferred
   - Professional certifications such as Security+, Network+, CCNA, CEH,
   GCIH, GCIA, CCNA, or CISSP
   - Experience with 1 or more programming or scripting language such as
   Python, Bash, VBScript
   - Strong understanding of basic visualization techniques
   - Advanced Expertise in at least one of the following: o Splunk,
   Arcsight or other SIEM and logging technologies o Incident Response o
   Malware Reversing o Network Forensics
   - Hands-on advanced level experience with both closed and open source
   SOC technologies to include: o Log management, analytics, and correlatio=
n
   platforms o SIEM solutions o Forensics toolsets o Pen-Test Frameworks &
   Toolsets o Vulnerability Management Solutions (Nessus, Qualys, Nexpose,
   etc.) o Endpoint Security Toolsets o UTM products
   - Experience in an incident detection and response oriented security
   monitoring environment
   - Knowledge of installing, configuring, and maintaining network and
   security monitoring solutions
   - Experience with Windows PowerShell and Perl scripting
   -

--
Stephen Haywood
Owner, ASG Consulting
CISSP, OSCP
423.305.3700
asgconsulting.co

OT: Secure Application Development

From: asg 
------------------------------------------------------
All,

  The company I work for offers secure application development training =
classes. The class can be be run as a 2-day on-site class or as a =
web-based class. The theory of the class is language agnostic but the =
examples are all in .NET or Java. I know a number of you are developers =
and you or your company may be interested in doing a class like this. =
You can get more details here: =
https://www.appsecconsulting.com/training/secure-web-application-developme=
nt/

Thanks,
--
Stephen Haywood
Owner: ASG Consulting
423.305.3700
stephen@averagesecurityguy.info




Rural Technology Fund

From: asg 
------------------------------------------------------
All,

  A guy I know in the infosec community, Chris Sanders, started a =
non-profit to put technology into rural schools. In particular, they =
give raspberry pi kits to teachers in rural classrooms. If any of you =
are upgrading your RPis from 2 to 3 and would like to donate your RPi 2 =
please get in touch with them.

http://ruraltechfund.org/raspberrypi/#
http://ruraltechfund.org/contact-us/

You can follow @RuralTechFund on Twitter if you do that sort of thing.

Phil Shapiro, this could make a good story for you and help them spread =
the word about what they are doing.

Thanks,
--
Stephen Haywood
Owner: ASG Consulting
423.305.3700
stephen@averagesecurityguy.info



StartCom Feedback From Eddy Nigg

From: Mike Harrison 
------------------------------------------------------

Chugalug, 

It may not address all of your/our concerns, but StartCom and Eddy Nigg (and probably actually was Eddy, we’ve chatted before..) directly answered my request about the FUD website (Kimchi) and auth server in China. It’s a better answer than you’ll get from anyone else in that position. 


------------------------------------------------------------------------------------------

Dear Mr. Harrison,

Thanks a lot for your comments that truly come from your love to StartCom.

But don’t panic, like every big company (IBM, Cisco, Oracle, Microsoft etc.) that has set up branch offices and R&D centers in China, StartCom is the No. 6 biggest CA in the world and today has also setup branch office and R&D center in China, our Chinese R&D team chose Qihoo 360 to provide secure hosting service since this company is the No.1 Antivirus and web security provider in China and in the world that public listed in NYSE.

We are always trying to improve and try support continued growth which isn't always easy to sustain. With that we hope to provide you and all our customers a useful service.

-- 
Regards 
 
Signer: 	Eddy Nigg, COO/CTO StartCom Ltd.

Sudo Auditing

From: asg 
------------------------------------------------------
Any of you guys know of a tool that can audit a sudoers file for stupid =
mistakes? Things like a user or group having ALL:ALL permissions or no =
password. Or groups like www-data having sudo permissions?

Thanks,
--
Stephen Haywood
Owner: ASG Consulting
423.305.3700
stephen@averagesecurityguy.info




Separate Network for iSCSI Traffic

From: Stephen Haywood 
------------------------------------------------------
Since I'm actually participating in the Chugalug discussion today, I
thought I'd throw this out there. I'm doing a pentest right now and the
client has an iSCSI server with no auth on the internal user network. My
test box is also on the internal user network. I was able to mount the
iSCSI LUN on my Linux box.

After accessing the LUN I realized it was holding VMware VMs for their ESXi
server. I was able to download the Domain Controller VM to my box mount the
vmdk files and pull out the ntds.dit and SYSTEM files. From there I was
able to extract the Domain hashes.

Moral of the story: iSCSI should be on a PHYSICALLY separate network for
security and performance reasons. If you have no choice but to have your
iSCSI on the same network, then use authentication.

--
Stephen Haywood
Owner, ASG Consulting
CISSP, OSCP
423.305.3700
asgconsulting.co

ICS Security Summit 2016

From: Know Juan 
------------------------------------------------------
Any of you guys(/gals?) planning on going to this?

https://www.sans.org/event/ics-security-summit-2016

Linode Password Reset

From: Dave Brockman 
------------------------------------------------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

https://blog.linode.com/2016/01/05/security-notification-and-linode-mana
ger-password-reset/

I know a couple of you on list have Linodes, I haven't received my email
notification as of yet, but this came across my screen...

Regards,

dtb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBAgAGBQJWjBQQAAoJEMP+wtEOVbcd9M0IAK43kUzqOvt7fzio5d+lggo2
us1MjazY8xvEEs3O4l8Xf0YE8bbgnJzhkwavyyNkD84oboNflJPTYIe2ktTIhCaK
ud5cmrYZnRS8xKxPpxmcoULNuvBms9rYyVu9WwLKw0ykdv+xDCpJ6hZKfgJtVbGY
3YlOvPzJ5QVmELPa/DgXpRsCE8Z5YuqAyUxPxW1GiV3YytyM0oCe2nfXzmq0skcR
L2PL5ZhDOBI1w5Y2TRjAQpyUGTcxBm3spBS8ZqnvbjPWcI/JpKrSSt+nAKAq1siv
ZI8ErydOvIMPQ7GEiU/IoO55+eXjT4jSRlA+kpC/n6oHk2ET7JswoEZ2lPMsBrc=
=1rAr
-----END PGP SIGNATURE-----

Upstart Help

From: asg 
------------------------------------------------------
I=E2=80=99m working through this tutorial, =
https://www.digitalocean.com/community/tutorials/how-to-serve-flask-applic=
ations-with-uwsgi-and-nginx-on-ubuntu-14-04,  and I=E2=80=99m stuck on =
the Create an Upstart Script section. I=E2=80=99ve written the script =
but when I try to sudo start zkm, I get a generic Job Failed to Start =
message. I=E2=80=99ve looked in /var/log/upstart but there is not a log =
file for my service. I=E2=80=99ve added console output to the .conf file =
but it still only displays the generic message. I=E2=80=99ve also =
checked the .conf file syntax with init-checkconf and the syntax is ok. =
Are there any other log files to check or any other methods to find out =
what is causing the service to fail to start?

Here is the .conf file I=E2=80=99m working with.

description "uWSGI server instance configured to serve zkm."
console output

start on runlevel [2345]
stop on runlevel [!2345]

setuid www-data
setgid www-data

env PATH=3D/var/www/zkm
chdir /var/www/zkm
exec uwsgi --ini zkm.ini

Thanks,

--
Stephen Haywood
Owner: ASG Consulting
423.305.3700
stephen@averagesecurityguy.info




Mozilla foundation thinking kicking thunderbird to the curb.

From: Rod-Lists 
------------------------------------------------------

I like this post on slash about. Some think Mozilla trying to kill XUL in favor of HTML5 tech.
Others seem to think that Microsoft and Google funding them that those two mail providers may have something to do with it.


http://news.slashdot.org/comments.pl?sid=8417651&cid=51036971
Mozilla, I have actually donated to you in the past, but I have to admit my faith and continued donations are really starting to waiver lately.

Don't get me wrong; its not because of the Australis and UI changes that many people complain about. I actually enjoy those changes, the cross-platform consistency it brought. That's not the issue.

The issue to me is that I feel like you're slowly abandoning your principles:

Incorporation of 3rd party proprietary services such as Pocket and Hello (the calling through Telefonica) seem to give up on principles of open source and control of data
Including ads in my new tab window is annoying, and possibly a privacy/security risk depending on where those ads are sourced from (they're not hosted on mozilla servers I'd guess; so do you trust the servers you're pulling from?).
Support of the DRM plugins/codecs for video. I know the argument was that you didn't really want to do it but were forced to, but how about principles? What can we do as a movement to try to push for open codecs again? I haven't received email updates on what you're doing to support that.
Now, giving up on Thunderbird, which is not just well known and liked, but I think its key selling point is ENCRYPTED PRIVATE email. By necessity, you can't do crypto (encrypted and signed emails) unless its in a mail client. If you want to send a webclient your private key, you're missing the point.
If you need money, tell us how it is. Lay out your plan for the next 3 years (a very specific vision!), estimate a figure of money, and maybe we can crowdsource it to happen. I think people are less likely to donate if they can't get clarity into what the money is used for (I know I'm that way).

I think that plan/vision needs to say more specifics like: we're campaigning against all kinds of ads, especially ones that track you and hurt your privacy; we're abandoning 3rd party proprietary things built in to our browser; we're re-focusing on our needs on your security and privacy. We're going to have the most secure browser on the planet, implementing the following list of protocols and standards, we're researching some new protocols and standards and working with the community on them. We're going 64 bit on Windows to take full advantage of performance and security extensions in modern OSes. We're going to make crypto more easy and transparent, both TLS in the browser, but especially we're going to refocus our efforts on Thunderbird and making your email safe with built in idiot-proof PGP encryption and signing. We're also going to work with web vendors to start implementing their own encryption, meaning when you get a notice from your bank, we expect it to be signed by your bank's encryption key and it all happens automagically to keep you safe.

If I don't start seeing more concrete things like this working for the betterment of the internet and my security and privacy on the internet, then my donation dollars will start looking for other projects. I want to know you're working for me, and not using me only to generate money.

Headless VM Server

From: asg 
------------------------------------------------------
I=E2=80=99m building a new VM server and want to try to use Ubuntu and =
KVM. Can anyone recommend a good web-based KVM manager?

Thanks,

--
Stephen Haywood
Owner: ASG Consulting
423.305.3700
stephen@averagesecurityguy.info




EPB Gigabit

From: asg 
------------------------------------------------------
Yesterday, I upgraded my EPB account to 1Gbps instead of 100Mbps. EPB =
made the changes on their end and said they wouldn=E2=80=99t take effect =
until midnight. This morning I=E2=80=99m still running at 100Mbps. The =
tech person at EPB says the equipment is provisioned properly but that =
it is auto negotiating a 100M link with my router. I have a Ubiquiti =
EdgeRouter Lite so I know it is capable of 1Gbps. I plugged my laptop =
directly into the EPB jack in my house and the laptop negotiated a 100M =
connection as well. When I plug my laptop into my gigabit switch, it =
negotiates a 1Gbps connection. Any other things I should try before =
calling EPB back?

Thanks,
--
Stephen Haywood
Owner: ASG Consulting
423.305.3700
stephen@averagesecurityguy.info




Ubiquiti Networks and their gear

From: "Alex Smith (K4RNT)" 
------------------------------------------------------
Hello guys,

I'm doing some consulting for a friend who is moving into a trailer on
their parents property, and I would like to suggest a wi-fi bridge using
Ubiquiti products.

Any suggestions on what I should look at from their product line for a
point-to-point bridge? No special security is required, I'm just looking at
the hardware and CPE.

So far I'm looking at the Rocket M, the NanoBeam M and the LiteBeam M5.

I haven't asked the distance from the house the trailer will be, but I'm
assuming it's less than 500 meters, too long for an Ethernet trunk and a
fiber link will probably be out of the question, since that would involve
digging a conduit.

Thanks in advance for the advice.

" 'With the first link, the chain is forged. The first speech censured, the
first thought forbidden, the first freedom denied, chains us all
irrevocably.' Those words were uttered by Judge Aaron Satie as wisdom and
warning... The first time any man's freedom is trodden on, we=E2=80=99re al=
l
damaged." - Jean-Luc Picard, quoting Judge Aaron Satie, Star Trek: TNG
episode "The Drumhead"
- Alex Smith
- Kent, Washington (metropolitan Seattle area)