They’re “armed”, they’re “dangerous”, and they’re “right around the corner”, depending on who you talk to.

Bookmark to:

Hide Sites

While our Guerilla-CISO heroes most likely will not be going to Shmoocon due to that “work thing” that always gets in the way, we will be sending a legion of LOLCATS to play.

Bookmark to:

Hide Sites

It’s a sad tale we all know too well:  our poor CISOs are tied down with red tape while the attackers have all the time in the world.  My only regret is that the hakker kitteh isn’t a siamese.  =)

Bookmark to:

Hide Sites

Yesterday I got a hasty call from Jon D about my server. He had checked out my blog from work and within an hour got a call from a Symantec SOC that he was looking at a web page that was part of a botnet.

So he called me.

Back 4 years ago I had set up an IRC network for a friend, including my server as one of the nodes. Over time the network died, as they do, and when I moved the server a couple of times over the course of several years, the ircd didn’t come back up.  The ircd.conf didn’t match up with the network interfaces on the box, so ircd would croak every time it tried to start up.

Well, I guess the last server move did something that the ircd did like because it came back up and stayed up.  Bah, that’s resiliency in action for you, kids.

When I got the call from Jon I knew exactly what it was.  It took about 2 minutes to ssh in,verify that there were 8 dirtballs squatting on my server, kill the ircd, and kill the line in crontab that restarts the server if/when it dies.  Problem solved, now back to playing zombie hack-n-slash games.

In an OS sense, there wasn’t a compromise or anything, just the greasies using the application like it was intended to be used, only with a different intent.

Bookmark to:

Hide Sites