crypticwun - Slashdot User

Comment Re:It feels like (Score 1) 193

by crypticwun on Friday November 19, 2010 @12:51PM (#34282780) Attached to: New Bill Would Put DHS In Charge of 'Critical' Private Networks

Wow! Way to pull out the 3 year old report featuring Capitol Hill theater!
Of course, I would be more comfortable if they would explicitly state that TSA, a part of DHS, was precluded from having any (cyber) authorities.

Comment ICS-CERT (Score 1) 227

by crypticwun on Monday November 08, 2010 @11:08AM (#34161300) Attached to: Evaluating Or Testing Utility SCADA Security?

Start with ICS-CERT (Industrial Control Systems - Cyber Emergency Response Team). Note: While they use the "us-cert.gov" domain, they are NOT a part of US-CERT.

Specifically, take a look at their "Recommended Practices: section: http://www.us-cert.gov/control_systems/practices/Recommended_Practices.html

Comment Re:FUD (Score 2, Insightful) 86

by crypticwun on Thursday September 09, 2010 @10:44AM (#33521706) Attached to: DHS CyberSecurity Misses 1085 Holes On Own Network

Actually, reading the report tells me that the problems were almost certainly Windows desktop systems lacking a cohesive patch management solution. Also, if you read further the IG even states that as of the time this report was published all the problems were already remediated including acquisition and deployment of a "software management" solution. Further, the IG claims that NCSD is not following FISMA. NSCD is not a legally recognized entity (agency) under statute, so that means *DHS* is the responsible party for FISMA reporting. FINALLY, US-CERT != the troubled network. US-CERT uses that network, but has no control over the operations of that network. Both the IG and Wired go out of their way to NOT make the distinction on that.

Comment Re:Not so awesome as you might think (Score 1) 259

by crypticwun on Tuesday August 10, 2010 @08:58AM (#33203020) Attached to: The Brain's Secret For Sleeping Like a Log

Do you snore or have other signs of sleep apnea? I am a heavy sleeper, but when my apnea was left untreated my sleep behavior was exactly like you described above.

Comment Re:They're not seeing a primary source. (Score 1) 112

by crypticwun on Thursday March 25, 2010 @02:23PM (#31614752) Attached to: US Not Training Enough Cybersecurity Experts

Search for "2210", "1550", or similar "interdisciplinary" cyber jobs within DHS NPPD:
JobID=86515922 JobTitle=INTERDISCIPLINARY+(CYBER)
JobID=86667657 JobTitle=INTERDISCIPLINARY+(CYBER)
JobID=86642799 JobTitle=INTERDISCIPLINARY+(CYBER)

Comment Re:Entropy depletion (Score 3, Interesting) 64

by crypticwun on Tuesday February 02, 2010 @11:19AM (#30995586) Attached to: Botnet Targets Web Sites With Junk SSL Connections

1) The code function does NOTHING with any data returned by the server.
2) This version of pushdo is using SSLv3 to phone home (HTTP over SSL) to its C2 (Command & Control).
3) When looking purely at netflow records or using tcpdump/wireshark, you will see 30+ SSL connections taking place at once. Only 1-2 of those connections is to the C2.
3.5) Many admins don't set up matching PTR records in DNS, so you won't easily be able to map back the IPs to the "common"/well-known hostnames.
4) ... ?
5) profit!
The idea is to make it HARD, not impossible to identify the C2 systems. Note well that the C2's might never connect back to the botnet client systems. Instead another tier of slightly more disposable hosts are likely to perform that function.

Slashdot Top Deals