INFOSEC/COMSEC Security isn’t a part-time job. It isn’t a 9-5 job. It is a 24/7 fight for survival. Still, for those DIYers, this page will be of use to you.
Malware Information & Removal
This is a great place to start to look for information to what malware may be affecting your computer(s). In their words, “Our goal, is to turn your #$@!* computer that never does what you want it to do, to one that you praise as a well tamed tool.”
This is malware scanning tool that has a viable *Free* version. This is a good tool to have on your computer. Just make sure you update the definitions every two weeks. At the first sign of trouble, like strange popups, unusual browser behavior, unusual authentication requests (like to Google or Facebook), or computer sluggishness, kill all of your browser windows and run this tool. Follow this rule and most people will not get into trouble. I prefer the commercial version of Super-Antispyware over MalwareBytes because I think it gives you a little more “bang for the buck”.
This is one of the oldest removal tools out there and they have a *Free* version. This is a good tool to have on your computer. Just make sure you update the definitions every two weeks. At the first sign of trouble, like strange popups, unusual browser behavior, unusual authentication requests (like to Google or Facebook), or computer sluggishness, kill all of your browser windows and run this tool. Follow this rule and most people will not get into trouble.
If your computer has already been toasted and Bleeping Computer was of no help, this site might help you. The “No More Ransom” website is an initiative by the National High Tech Crime Unit of the Netherlands’ police, Europol’s European Cybercrime Centre and two cyber security companies – Kaspersky Lab and Intel Security – with the goal to help victims of ransomware retrieve their encrypted data without having to pay the criminals.
Computer Forensic and Cleanup Tools
This program frees up tons of wasted disk space. It also blows out Web Cookies, especially of the tracking and transaction variety. This program was originally called “Crap Cleaner” and AFAIK existed prior to Windows XP. It was re-branded as simply “CCleaner” under the Piriform umbrella of software products. Run the *Free* version once a week to keep things running smooth.
Nirsoft provides an assortment of White Hat/Black Hat tools that can be used to recover product keys, application and network passwords, catalog and inventory network devices, system driver information, file unlockers, among other things. They also make “BlueScreen View“, a useful tool for determining the problem(s) that caused a computer to reset.
Recuva is another tool from Piriform, like CCleaner. This is useful for recovering files that might have been deleted. In the normal life of a file on a Windows machine, a file is moved about the disk. Those remnants of the file continue to exist as unmarked electromagnetic fragments on the disk, until such a time when those particular locations are overwritten with new file information. This program can do deep scanning- finding, and then reassembling those fragments for a particular file(s) that has been lost.
The Intelligence Community
Cryptome welcomes documents for publication that are prohibited by governments worldwide, in particular material on freedom of expression, privacy, cryptology, dual-use technologies, national security, intelligence, and secret governance — open, secret and classified documents — but not limited to those. Documents are removed from this site only by order served directly by a US court having jurisdiction. No court order has ever been served; any order served will be published here — or elsewhere if gagged by order. Bluffs will be published if comical but otherwise ignored. This is a little raw, but has good information nevertheless.
Cartome, a companion site to Cryptome, is an archive of news and spatial / geographic documents on privacy, cryptography, dual-use technologies, national security and intelligence — communicated by imagery systems: cartography, photography, photogrammetry, steganography, camouflage, maps, images, drawings, charts, diagrams, IMINT and their reverse-panopticon and counter-deception potential. Up through the mid-90s, I’d been in, around, and under most US classified rocks. There’s so many more nowadays.
WikiLeaks specializes in the analysis and publication of large datasets of censored or otherwise restricted official materials involving war, spying and corruption. It has so far published more than 10 million documents and associated analyses. WikiLeaks cites 100% accuracy of its documents, but that is simply not the case; especially since they are a common target of disinformation campaigns. One thing is certain, when they publish active software exploit code, we should all take note.
Vulnerabilities, Exploits, and Exposures
CVE is sponsored by US-CERT in the office of Cybersecurity and Communications at the U.S. Department of Homeland Security and managed by The MITRE Corporation. You can see how crappy any Adobe product (especially Flash) is, or shut up your friend that touts the great security of the Google Chrome.
US-CERT strives for a safer, stronger Internet for all Americans by responding to major incidents, analyzing threats, and exchanging critical cybersecurity information with trusted partners around the world. Originally created by the US GSA as FedCIRC, but now managed by the US DHS.
Threatpost, The Kaspersky Lab security news service, is an independent news site which is a leading source of information about IT and business security for hundreds of thousands of professionals worldwide.
Microsoft Security Advisories, a supplement to the Microsoft Security Bulletins, address security changes that may not require a security bulletin but that may still affect customers’ overall security.
This is a very informative site provided by Microsoft’s Troy Hunt. He collects breach information from sites all around the world. His database is comprised of over 3.7 BILLION credentials! Just enter your Email address and find out if you are at risk from breaches you haven’t even heard of. Everybody should check this site out periodically to see what comes up. You may need to change login credentials accordingly. It is a donation site. If your email appears in his list, at least buy him a Cappucino 🙂
As an American independent cryptographer, I can image that Bruce got his fair share of mysterious phone calls and maybe a visit or two from Government types telling him what he can and cannot do; at least in the 90’s and 2000’s. Towards the end of the 2000’s, word “on the street” was that the Government was then only interested in those communications that were encrypted. My original partner (Big Bill) and I used to encrypt using Blowfish. We didn’t engage in any nefarious activity, but figured that if the NSA wanted our stuff, they’d have to tool up special, just for us. Security Blogs are usually pretty boring, including Bruce’s. But he has the most active forums of the ones I’ve seen; filled with genuine specialists, deep thinkers, conspiracy-theorists, and the occasion whack-job. He takes on a lot of Government and State-Sponsored issues.
Brian Krebs has outed (“doxed”) more hackers than you can shake a stick out. And it is amazing the stuff he has had to endure. This is really my “dream job“, but it takes some really deep pockets to do that kind of work. From his days at the Washington Post it is obvious that he has Beltway connections, but his work is more centered on hackers and hacking groups. As such, it is a much better read for most IT-centric people. It is much more personal. I’ve nothing but respect for the man.
This is blog of Matthew Green, cryptographer and professor at Johns Hopkins. Educator that his is, he does a good job of explaining things for the common man. Naturally, he accepts his tips with crypto-currency!