Previous month:
June 2013
Next month:
August 2013

July 2013

Motly Python: A "Hacker Madness" Script

With apologies to Monte Python: The Witch Script

Prosecutors: We have found a hacker! (A hacker! a hacker!)

Incarcerate her! incarcerate her!

Prosecutor 1: We have found a hacker, may we incarcerate her?


Judge: How do you known she is a hacker?

Prosecutor 2: She looks like one!

Judge: Bring her forward

(Prosecutors present woman to the Judge)

Woman: I'm not a hacker! I'm not a hacker!

Judge: ehh... but you are dressed like one.

Woman: They dressed me up like this!

All: naah no we didn't... no.

Woman: And this isn't my nose ring, it's a false one.

(Judge unclips Fake Illusion Clip-on Nose ring)

Judge: Well?

Prosecutor 1: Well we did do the nose ring. The nerdy T-shirt, shorts and flash-drive earrings are hers.

Judge: Only the nose ring?

Prosecutor 1: ...And the Mohawk, but she is a hacker!

(all: yeah, incarcerate her incarcerate her!)

Judge: Did you dress her up like this?

Prosecutor 1: No! (no no... no) Yes. (yes yeah) a bit (a bit bit a bit) But she has got carpal tunnel!

(Prosecutor 3 points at wrist splint)

Judge: What makes you think she is a hacker?

Prosecutor 2: Well, she pwned me!

Judge: Pwned you?!

(Judge studies Prosecutor 2, who pauses, eyes darting furtively about)

Prosecutor 2: I reinstalled from original media.

(pregnant pause)

Prosecutor 3: Incarcerate her anyway! (Incarcerate her Incarcerate her Incarcerate!)

(Random Head of State walks in)

Random HoS: There are ways of telling whether she is a hacker.

Prosecutor 1: Are there? Well then tell us! (tell us)

Judge: Tell me... what do you do with hackers?

Prosecutor 3: Incarcerate ‘em! Incarcerate them all! (incarcerate incarcerate incarcerate)

Judge: What do you incarcerate apart from hackers?

Prosecutor 1: More hackers! (Prosecutor 2 nudges Prosecutor 1)


Prosecutor 3: Pirates!

Judge: So, why do you incarcerate hackers?

(long pause)

Prosecutor 2: Cuz they're… PIRATES?

Judge: Gooood.

(crowd congratulates Prosecutor 2)

Judge: So, how do we tell if she is a Pirate?

Prosecutor 1: Unlicensed copies of music!

Judge: Ahh, but can you not also make copies of software?

Prosecutor 1: Oh yeah...

Judge: Will unlicensed copies of music play in iTunes?

Prosecutor 1: No

Prosecutor 3: No!

Prosecutor 1: Let's play her music on my iPhone! (yeah yeah ya!)

Judge: What also does not play on iPhones?

  1. Random HoS: Apps!

(all look and stare at HoS)

Judge: Exactly! So, logically...

Prosecutor 1: If she writes an app that doesn’t play on iPhone then her music is unlicensed so she’s either a pirate…

Judge: Or…

(wait for it)

Prosecutor 3: A hacker! (Prosecutor 1: a hacker)( Prosecutor 2: a hacker)(all: a hacker!) hacker! incarcerate her incarcerate her!!


10 Tips for Better Administrative Client Hygiene

Whether your data or applications are in a cloud, a remotely accessed datacenter, or your local network, an infected or rooted administrative workstation is a nightmare scenario for any organization, government, or critical (e.g., SCADA) infrastructure.

Malware accidentally downloaded visiting websites, email attachments, or removable media that contain malicious executables, and file shares left accessible to other infected machines on your network, are problematic enough when the target is an end user. But these can be catastrophic when an administrator’s workstation is similarly compromised: rootkits, APTs, keyloggers on management consoles, or admin workstations give attackers the keys to your data, your applications, your kingdom.

This may seem obvious to experienced administrators, but some recent and noteworthy penetrations of critical infrastructure from power plants to USB drives suggest it’s not obvious to everyone.

What is obvious is that bad things happen when administrative workstations are used for general purposes, or when they aren’t segregated from general purpose computing populations. Here’s a checklist of ten administrative workstation hygiene measures you should consider to protect your datacenter against unauthorized administrative access:

  1. Harden your administrative workstations. Run only those services and virtual machines (e.g., Java) you absolutely need. Follow Linux or Windows OS hardening guidelines (ample resource exist beyond these as well).
  2. Use security measures available for web browser of choice, and review any extension or plug-in before you install.
  3. Create unique user accounts for administrators. Do not allow guest or general user accounts. Restrict root privileges.
  4. Apply the Principle of Least Privilege to every account you create.
  5. Restrict (white list) the systems and networks that administrative workstations are able to access.
  6. Consider implementing a Response Policy Zone (RPZ) as part of your name service (DNS) deployment to protect against malicious URLs or host file poisoning.
  7. By policy and configuration, only allow the installation of applications that are necessary for administration: no Office, no games, no software to manage a mobile phone, no music players. Conduct a security review of all scripts or custom applications before installing and using these. Do not use scripts that require you to execute remotely (at a third-party hosting site).
  8. Set auditing to stun. Seriously, enable event logging at as high a level as performance can tolerate. Implement forms of monitoring and notification that are sufficient for you to learn of unexpected or suspicious activity quickly.
  9. Protect against Sneakernet attacks by configuration or through the use of removable media security software.
  10. Isolate (segment) administrative workstations from the general user population so the workstations are not vulnerable to blended threats or infections transmitted within a local LAN environment.

This list is not exhaustive. Consider physical workstation security and authentication as well. Mobility adds other attack surfaces to consider, but let’s save this for another post. However, by implementing these measures, you will greatly minimize your risk of compromise.

Originally posted at The Transformed Data Center 19 April 2013.