Jon's Network

Finding pcAnywhere in your Organization

Jon — Fri, 27 Jan 2012 14:36:06 +0000

Symantec announced that hackers have had the source code for remote access software pcAnywhere since 2006. It can’t be trusted until they issue a patch. Some organizations may be anxious to see how many of their machines have pcAnywhere installed. If you have an application aware firewall like Palo Alto Networks, you can see if there is pcAnywhere traffic on the network easily. To find out where it’s installed but not in use, most are probably using software like Altiris, Tivoli, etc.

One tool that can find pcAnywhere (or any software for that matter) is Tanium – and it can do it for you in 15 seconds. For example, you could ask a question looking for a file or registry key and the endpoints are directly queried and the responses come back in 15-30 seconds, even if the machines are scattered around the world.

It’s great for tiger teams doing incident response.

Tanium

Disclosure: Digital Scepter is a Tanium distributor and a Palo Alto Networks Platinum partner. That means if you’d like to learn more, you can hit me up at (888)299-3718 or by email.

Note on M86 Authentication

Jon — Sat, 05 Nov 2011 00:00:42 +0000

M86 authenticator and web-based authentication should work fine side by side. If you are using web-based authentication ONLY for ipad/iOs devices, then use Tier2 instead of Tier3 as it does not include Java Applet. Instead they configure authentication session retention time in the filter i.e. keep profile active for 60 minutes once authenticated. In WFR 4.2, you will be allowed to select Tier 3 Web Based Authentication so PC/Macs running java can leverage the session based authentication, while iOS/Android devices will fall back to the Tier 2 setting.

Here’s what you need to know about WF Web Based Authentication:

http://www.screencast.com/t/6aNS7CNxOyi7

TinEye

Jon — Fri, 21 Oct 2011 03:38:19 +0000

TinEye

TinEye is a reverse image search engine. You can submit an image to TinEye to find out where it came from, how it is being used, if modified versions of the image exist, or to find higher resolution versions. TinEye is the first image search engine on the web to use image identification technology rather than keywords, metadata or watermarks. It is free to use for non-commercial searching.

USB to Serial Driver for Mac OS X Lion

Jon — Wed, 19 Oct 2011 04:14:31 +0000

I use and highly recommend MacWise for connecting to network devices via a console on a Mac. The driver I had for the USB to Serial device I have stopped working after my recent upgrade to Lion. The following fix worked like a dream:

OS X Lion PL2303 Driver

Find Files with No User or Group

Jon — Sat, 20 Aug 2011 23:21:30 +0000

This command can yield some interesting information:

find / -nouser -o -nogroup

Learned about it while playing with NeXpose today.

Mobile Security Webcast

Jon — Sat, 16 Jul 2011 05:29:14 +0000

Here is a recorded webcast by Daniel Miessler:

http://t.co/Zf5GhL8

Bank Robbery Analysis

Jon — Thu, 14 Jul 2011 06:31:08 +0000

Interesting article that applies the OSSTMM to a famous diamond heist.

http://www.isecom.org/Bank_Robbery_Analysis_OSSTMM3.pdf

Internet sales tax: Online retailers to start collecting sales taxes in California

Jon — Thu, 30 Jun 2011 23:24:23 +0000

Well, this just sucks.

http://www.latimes.com/business/la-fi-amazon-tax-20110630,0,4344787.story

$1 Billion That Nobody Wants

Jon — Thu, 30 Jun 2011 03:35:56 +0000

http://n.pr/ilLcLO

No one wants to use the dollar coins the government is minting and they are piling up in a warehouse. They keep minting them though because of congressional mandate.

Sophos Free Encryption Tool

Jon — Wed, 29 Jun 2011 19:14:48 +0000

Protect your confidential files

This free tool lets you secure your data easily and quickly without any central infrastructure in place. Individuals and businesses alike can easily protect selected files for email communication without building up a back-end PKI infrastructure.

Quick and easy encryption for all your data

Sophos Free Encryption creates password-protected encrypted archives so you can share confidential data quickly and easily. Create or extract a secure archive simply by a right clicking on a file in Windows Explorer.
The tool integrates with most email applications to automatically create a new message with the selected encrypted archive already attached.
Sophos Free Encryption’s integrated compression efficiently packs the archive, saving time and money in data transfer costs.
Features like the password vault, self-extracting archives and scripting for process automation simplify handling data.
When used in combination with Sophos’ flagship encryption product SafeGuard Enterprise, Sophos Free Encryption can use SafeGuard Enterprise’s keyring to handle passwords on archives.

For Windows users only.

Download Sophos Encryption Tool