Howard Schmidt – My Thoughts

Hello All. It is a very sad day for the information security community. Howard Schmidt, information security pioneer passed away after a long battle with cancer on Thursday, March 2, 2017. I had the privilege of calling Howard a friend and was very honored to have known him. He was always full of great stories about all his past endeavors and was always there to lend a hand when needed. He will truly be missed.

CSO Magazine summed it up perfectly, “He advised both President Brack Obama and George W. Bush on cybersecurity. He was a CSO at Microsoft and a CISO at eBay. He led several industry groups, and wrote books on cybersecurity. But when security professionals remember him, it is not so much for his technical accomplishments as for the impact he had on the people around him. He is remembered as a mentor, a communicator, and an educator.”

Even with all his impressive roles and how well-known he was in the industry, Howard was always there to mentor the community – on the numerous occasions when I was running industry events, he would always make himself available to speak.

My heart goes out to Howard’s wife, Raemarie and his family including his grandchildren that he often spoke of – we will be thinking about you during this difficult time.

Extreme Ownership – Jocko Willink

Hello All. I wanted to share this really inspiring 14min TEDx talk from the TEDxUniversityofNevada delivered by former Navy SEAL Jocko Willink. It is about taking ownership over everything in your life and pushing on as a leader. It was told using the example of his experiences fighting in Ramadi, Iraq, where he served as commander of SEAL Team Three’s Task Unit Bruiser. This is so very inspiring and a great life lesson for everyone. It is a great message to teach our kids. Jocko Willink’s Twitter page can be found at https://twitter.com/jockowillink.

ISACA North America CACS 2017

cacs2017_na-175

Hello All. I have just been informed that I will be presenting at this year’s ISACA North America CACS 2017 being held from May 1-3, 2017 at the Cosmopolitan in Las Vegas. I will be presenting a session on the use of honeypots to improve detection of lateral movement on internal networks. Hope to see you there. More information on the event, can be found on their website – https://www.isaca.org/ecommerce/Pages/north-america-cacs.aspx

US Navy Hacked

Hello All. Latest breach information to affect the US government:

“The United States Navy got hacked, and the personal details of more than 134,000 sailors were accessed, according to a public statement released by US officials this morning. The US Navy revealed that 134,386 current and former US sailors were exposed by the breach, and the organization is now working on notifying those affected via mail, phone calls, and letters.”

To read the complete article see:

http://news.softpedia.com/news/us-navy-hacked-social-security-numbers-of-134-000-sailors-stolen-510466.shtml

POC Released for the Recent MySQL Vulnerability (CVE-2016-6663)

mysql_logoHello All. For those of you who support MySQL or its forks such as Percona or MariaDB and are affected by the latest privilege escalation vulnerabilities documented in CVE-2016-6663 and CVE-2016-6664, the researcher who identified the issue, Dawid Golunski (@dawid_golunski) has released a really good POC video.

The two vulnerabilities affect MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier, along Percona Server and MariaDB. The first vulnerability (CVE-2016-6663) could allow a local system user that has access to a database to escalate their privileges and execute arbitrary code as the database system user and potentially access all of the databases on the affected database server.

The second vulnerability (CVE-2016-6664) is a root privilege escalation bug that can be used in with the first race condition bug.

This is caused by unsafe file handling of error logs and other files. If the attacker has already gained MySQL system user access through a vulnerability such as the CVE-2016-6663 exploit they could further escalate their privileges on the system as root user. It is primarily the fault of the error.log file since it performs unsafe file operations that can allow it to be removed and quickly replaced with an arbitrary system file.

Patches have since been released by MySQL and Percona. Nothing yet from MariaDB. That being said, how fast do the majority of system owners update their tech?

The video can be viewed below. Thanks again to Dawid Golunski for this great finding and POC.