Implementing a security.txt File on the NY Times Website

I finally did it — I achieved one of my lifelong goals: something I wrote was published on! Not exactly in the way you might imagine though, as the file that was published was a brand new security.txt file. You can read all about the concept and how it helps improve the security of The Times over at the Open blog, where the article I wrote was just published.

SpiceWorld Austin 2019: Learning from Failure

This past week I presented my talk “Learning from Failure: Tales of Incident Response Gone Wrong” at the 2019 SpiceWorld Conference in Austin, Texas. If you’re looking for the slides then I’ve got good news! They’re posted right here.

The full video of the presentation is also available on YouTube here:

If you’re interested in having me present this talk to your company, group, or conference feel free to reach out through the contact methods listed at the end of the presentation.

D-Link Security Cameras Using mydlink App Leak Passwords

UPDATE: This vulnerability has been assigned the Common Vulnerability and Exposure ID of CVE-2018-7698 by MITRE.

I’ve been testing out a beta version of an IDS (Intrusion Detection Sensor) that we’re planning to release sometime soon specifically for small businesses, tech savvy home users, and others. I currently have it running on my home network and the alerts I’ve been seeing have really made me much more aware of the potential risks we encounter every day. For example, a game my wife plays on her mobile phone has been triggering spyware and malware alerts thanks to the ads that constantly pop up.

Continue reading “D-Link Security Cameras Using mydlink App Leak Passwords”

Resolving Domains with Private IPs Behind a pfSense Firewall

Having all of your devices on a single subnet is easy and convenient. You can access network resources simply by using their hostname, and everything just works. But that kind of configuration also makes it easy for attackers to break into your systems and steal all of your critical data since there’s very little stopping them from jumping from one system to another.

Continue reading “Resolving Domains with Private IPs Behind a pfSense Firewall”

Installing LibreNMS on a Raspberry Pi 3 B+

LibreNMS is a fantastic and FREE network monitoring tool that can be extremely useful. Whether you’re a home user who wants to monitor their small network or an enterprise user tracking connectivity between multiple datacenters LibreNMS is a tool that can track all of the metrics you’d like and provide real-time intelligence to make sure everything is working perfectly.

But how exactly are you going to run this new tool? The good news is that if you’ve got about $60 and a few hours to tinker you can get it up and running on a Raspberry Pi 3 B+.

Continue reading “Installing LibreNMS on a Raspberry Pi 3 B+”

IDS Configuration for Beginners (BSides San Antonio 2018)

This past weekend I presented a talk at BSides San Antonio titled “IDS Configuration for Beginners.” Here’s the abstract from the conference website:

Whether you’re securing your home network or a corporate campus an Intrusion Detection Sensor (IDS) is a great tool to detect and identify threats on your network such as brute force attacks, malware infections, and active intrusions by malicious actors. In this talk we will discuss where to place your IDS for maximum effectiveness, a brief discussion of some IDS solutions on the market, and walk through a basic IDS configuration live on stage.

Continue reading “IDS Configuration for Beginners (BSides San Antonio 2018)”