Tag Archives: security

Bitcoin Security

If you have been hearing the news lately there has been a lot of media attention about Bitcoin.

 

bitcoin security

What is bitcoin ?,

Bitcoin is a cryptocurrency that is digital and has no central body governing it which also means there are no middlemen such as banks or other financial institutions.

Whatever your reasons for investing in the currency there are some things that you should know from a security perspective.

Since there is no middleman or institution that is governing your currency aka coins you are responsible for being your own bank.

You are responsible for keeping your money safe and there is no one to scream at if your security fails.

If you have been following the news and other reports I am sure you have heard of people who have had their cryptos stolen in hacks either at Bitcoin exchanges or their personal computers being hacked

See these 2 examples

Bitcoin mining marketplace NiceHash loses tens of millions of dollars following hack

http://www.bbc.com/news/technology-42409815

Protecting your coin takes some knowledge of how the coin works and being paired with how to protect your self-using best practices.

Bitcoin works almost like PKI (Public Key Infrastructure)  there a PUBLIC key and PRIVATE keys  I am sure I don’t have to say which one of these keys you need to protect at all costs ….the PRIVATE one of course.

See below for a image that explains how a Bitcoin transaction works

bitcoin transaction

Lets first talk about how these keys are created these keys are referred to as Wallets the place where you can send a transaction to store the coins there are a few types of wallets each with their own level of security.

 

Hot wallets these wallets are usually mobile apps or wallets that reside on websites they are always connected to the internet the private key is stored either on the device you are using or the website’s servers. You can already see the issue with this you see the public key is used to receive transactions and it is fine to let everyone know what that is just like the public key of an SSL certificate. The PRIVATE key is what is used to spend your money so, in essence, the PRIVATE key is your money.

If your PRIVATE key is hacked or leaked bye bye money now with something that sensitive its best to get it as far away from the internet and third party hands as possible.

Now it can be ok to leave small amounts of money for trading and spending on these HOT wallets for convenience and they are not all bad but if you are looking for the highest amount of security it is not found in a HOT wallet.

this is very evident just look at some of the exchanges that are hacked and where many people have lost money these are examples of hot wallets.

hardware wallets these are interesting you use hardware to store your keys in a highly encrypted form someone would need to steal your hardware wallet to hack it the keys are stored on the hardware

Check out Ledger how makes a hardware wallet for bitcoin and other coins.

Now of course when buying a hardware wallet it is best to buy directly from the manufacturer to avoid possible tampering with the device hardware wallets offer some of the highest security you can get.

 

ledger hardware wallet

You can also use the Apricorn Aegis secure USB stick that you can use but offers a little less security as it is still a drive that can be read from and if the system you are on is compromised there is a chance your keys can be stolen as there are malware strains in the wild looking for bitcoin wallets.

One of the other options is a paper wallet

A paper wallet is literally a piece of paper with your keys printed on it and a QR code to scan when its time to use see below for an example

 

paper wallet

 

Above is a  paper wallet  paper wallets can be generated via a web browser there are websites such as https://walletgenerator.net/ 

that have an online utility you can use via your web browser to generate a wallet for your coin but there is a risk with this as the keys have been on a foreign server and have been online also if your computer has been compromised there is a possibility that your keys have been recorded.

To have the most secure wallet you would download the software that is available on the site and create the wallet offline even one step further is to run the software in a VM that has never been online. For most people running the software offline with your network disconnected works fine.

You then would print this on a piece of paper even better use a printer that is a dumb as possible as some new printers have memory that can be used to reprint at a later time.

Remeber this may sound ridiculous to go through but you have to think like a bank as you are your own bank !.

One more wallet to look at is a warm wallet this is a wallet such as COINOMI   Which is a mobile application that stores your private key locally on your phone they claim that your private key never leaves your phone. This can be a good option as well for most people it best that you use a phone that you can dedicate to this such as an old phone with no SIM card and not connected to the internet.

This prevents you falling victim to downloading a malware mobile app that can compromise your phone. I would also suggest encrypting your phone and use regular best practices to ensure your device is safe

speaking of safe you may choose to store your paper wallets and even hardware wallets in a safe or safety deposit box at a bank for an added level of security

 

Do you have bitcoin or other currencies? what apps or security mechanisms do you use? let me know in the comments.

 

 

 

 

Awesome DDoS Lookup tool

In my day to day Job, I have been responsible for mitigating DDoS attacks and making sure that they are detected in a timely manner.

The company I work for has an awesome platform to mitigate DDoS attacks which have an alert system and analytics but I came across a public tool that you can enter an IP or domain into and check if there has been a DDoS against that target.

Check out https://ddosmon.net/

ddosmon front page

 

DDoS Mon gets data from telecoms and other sources around the world to compile a list of DDoS attacks. I have personally used this tool and compared it to known real attacks and let me tell you this tool is very accurate. It’s great to be able to quickly search for attacks also it’s easy to use the URL to search for an attack

For example, you can use https://ddosmon.net/explore/4.2.2.2 to search for attacks against 4.2.2.2(level 3 DNS servers)

There is also an API that requests some JSON data so you can parse the data and you need to create an account to get API access.

When searching for attacks against this IP we see the below result

ddos mon attack view

 

 

The latest attack was a UDP style attack against this IP

The site also provides valuable insights into DDoS traffic on a global scale check out https://ddosmon.net/insight/

Here is a snippet of some interesting data there is much more on the site

                                                                             ddos insights

 

In conclusion this tool is very useful and can be incorporated as another tool in a SOC environment or for any business who suspects they may have experienced attacks but don’t have the resources to check.

This tool is also great for research purposes.

I would like to know what you think about this tool !  send me a email with you thoughts or leave a comment !

Have a good day !

Sean

 

Why is IOT a threat to internet security ?

IOT

 

The new wave of the internet is among us we are now in the era of IOT “Internet of things”  sensors and devices that connect to the internet from home IP camera to your fridge. This wonderful new era comes with a new challenge for security  professionals

Some of the questions you need to ask yourself as a security professional

How do we protect these devices?

How to check for vulnerabilities in the software?Where are these devices located i.e publically reachable or in your corporate network ?.

Where are these devices located i.e publically reachable or in your corporate network ?.

The growing concern is facing the home user why you ask?

Take the example of the home user the user wants a home security system because they want to monitor what happens at their home they purchase a DVR with IP Cameras. the user setups up the cameras attached to their wifi connection then allows access over the internet for the DVR. Here is where the problem starts and this is what we have seen time and time again  some users if not a majority of them don’t think to change the passwords on the cameras or put an ACL to prevent  connection;s to the camera now that home user has just contributed to the IOT issue just look at what Mirai has done  by scanning the internet for devices such as cameras with weak or default passwords to exploit them to be used as a node on a botnet.

Now comes another issue with the average home network its self-most home users and some small business use consumer grade off the shelf routers  well most home routers from manufactured like Dlink, Belkin etc have been found to have major security holes check out this link  http://www.wsj.com/articles/rarely-patched-software-bugs-in-home-routers-cripple-security-1453136285 which offers insight into this big problem
.

Now unlike your operating system that automatically updates router firmware is usually a manual process. This is not always an easy task especially for a home user then comes the problem of the manufacturers not patching the holes in the first place.

So add poor security practices with vulnerable equipment and a lack of awareness. This is a recipe for disaster and we are starting to see the effects of it now that last massive DDoS attack against DYN  was found to be traffic from many IOT devices.   Check this link for a good article on the details of  the findings.

 

At the end IOT is here to stay so we need to adjust our ways in thinking about security.  Many of these issues were here before IOT like the poor use of passwords and default settings. Poorly written software causing security risks have been around for a long time but the difference now is that there are a huge amount of devices. Now you usually have more Ip cameras and gadgets for example than computers.The vast amount of devices is making attacks such as DDoS exponentially more powerful.

 

How do we fix this?

  • Better security awareness for the home user
  • Better written software that is regularly checked and patched for holes
  • Devices that have a randomized default password such as the MAC  or serial that forces the user to change the password before the device works

The above is a starting point but is not the full solution every case if different.

 

Let me know what you think !.

 

 

 

 

Introducing and thoughts on DARKtrace “The Enterprise Immune system”

darktrace

 

So it has been a few days since I was at the conference and I came across a few companies and products that I have not have the opportunity to see.

One of the products that caught my eye was Darktrace they sell their product as the “Enterprise Immune System” essentially they are smashing Big Data and network analysis together to get a picture of what is normal on a network and what is not.

The company was started by mathematicians from the university of Cambridge and former Mi5 works  the company is based out of the U.K

I had the opportunity of speaking with  2 of the reps at the conference and they were very knowledgeable about the product.

they were very willing to share info on the product and have kept in touch with me since after the event which is always good.

So what is Darktrace?, Darktrace is a device that sits on a span port or network tap preferably on the core and  it listens to all the traffic that passes through the core to get an analytical view of what happens on the network.

Under the hood there is some advanced mathematical  algorithm that is used for the analysis   the system records things such as URL’s and requests out to the internet  this is a wonderful tool in security since things such as Malware infections can be flagged when they perform certain calls out of the network  for certain URLs or files that have never been seen on the network. This can help detect unusual activities this is a concept known as machine learning which the system heavily uses to perform these tasks.

The User Interface looks like something out of a Scifi movie

DarkTraceUi

This is the future of security we need to embrace predictive analytics and machine learning to really listen to what is going on in the network every detail is important and Darktrace is right up there at the forefront of the new age.

The legacy approach is not as effective as it once was things like ransomware and APT  are becoming some advanced so quickly it’s going to take more than just the usual to stay ahead of the game.

I spoke with a rep from Darktrace and she provided me with a play by play article on how Darktrace was able to help an online casino secure their after a ransomware breach see the article here https://threatpost.com/diary-of-a-ransomware-victim/117877/

Also, they provided me with an awesome white paper on their automation and machine learning technology

 

My thoughts

A company built by spies and mathematicians? sweet

On a serious note, this product and those like it are the future of security more and more vendors are releasing products based on analytics instead of traditional solutions.

Darktrace has a very informative team and website with all sorts of case studies and the facts speak for themselves more and more threats are flying around the internet that has been caught first with analytics and machine learning.

Here is a link to a page of  whitepapers from Darktrace https://www.darktrace.com/resources/

As I have mentioned in previous posts Big data + security is the future and I am happy to see solutions coming out that embrace this new era of security

The only issue I see is the behavioral analysis and I have recently sent this question into Darktrace so I am waiting for an answer.

my concern is what happens when I bolt this solution into my network that has already be compromised ?. Will that traffic be white-listed and considered as normal? what happens if a comprise happens during the data gathering stage will that also be seen as normal?

I am waiting for an answer on that I will update this post when I get it

-Update check the comments for an answer to the above question

 

 

 

 

My Day @ Toronto Tech Security Conference by Data Connectors

Its been and awesome day at the Toronto Tech Security Conference. I got to speak with alot of vendors and see some of the new stuff that is on the market. It is always good to come these events to stay current with the solutions that are in the market

The Trends are clear in the security market Big data and SIEM are the big focus now along with APT and threat intelligence along with network visibility

I saw some cool platforms and I tend to review them as I have some time as each one deserves their own spot

All I can say for now is the security market is making a big shift the traditional mechanisms are not cutting it anymore. The concept of network boundary is no more with IOT and BYOD new mechanisms need to be implemented to secure our networks and devices

See you soon
Sean