We have a logo!

We made a lot of progress on SecurityDocs this week. We made some enhancements to the the look and feel that you may not notice. Of course the big change is our new logo, what do you think?


Another big change this week has been with comments. We’re now using Disqus. They look stunning and they are easy for most people to use. But although I am happy with them I am not sure if we’ll keep it. Not controlling our own comments makes other areas tricky and it may limit us in the future.

As always we continue to add new papers. We have all of the SANS reading room, all of the old SecurityFocus content (that was sent to the elephant graveyard of Symantec Connect), most years of Blackhat, and several other sources queued up. We have 4,000 papers now, but I can imagine us doubling that this month. We’re getting a little behind on editing and attaching relevant thumbnails to papers so if you are willing to lend a hand moderating we’d love you forever.

Regarding original papers, I have six writers that I am working with. But I will be honest, its hard to find a technical person who wants to write. If you are interested, please go here, you’ll get a free $50 Amazon gift card and our love. So far I have one really strong candidate. I’m asking him to write as fast as possible ūüôā

I’d love to have feedback about the site. We’re a small team and we’re really excited about sharing SecurityDocs with the world.


SecurityDocs is much more functional


I’m not sure who would care to read about the process of starting a website, but I certainly enjoy it and seeing as how this is my blog, here’s the story ūüôā

I’ve been collecting (hoarding) security content for as long as I can remember. Before the web was very usable, I used to take copious hand written notes and then collect (hoard) the notebook.

Some time later I made a website. I believe I used Microsoft Front Page, or some other old crappy software. It was all manual. If I wanted to add a paper I would need to FTP an html file to the server.

Once I misspelled the domain name in the footer. But it wasn’t really a footer, ever html document stood on its own. So in order to fix that mistake I would need to touch every file I hosted. I left the misspelling,

Later I found some cheap PHP script, I believe it cost me $29 for a perpetual license. In order to use the script I needed to host a Linux server, install Apache, and MySQL. All of these things were new to me and it didn’t go well for the first year.

Eventual I started getting into more advanced topics like CSS. I didn’t understand CSS at all when I started so I randomly made changes until most colors matched. It may not have been the color that I would have chosen. but it was good enough.

Over the next several years SecurityDocs grew quite an audience and I learned how to host a web application. Eventually SecuityDocs was purchased by a large “white paper” company that left it to rot, only wanting its google keyword rankings.

As luck would have it, the company that purchased SecurityDocs let the site stop working completely and then the domain name expired (which your’s truly was happy to get back)

A lot has changed about SecurityDocs in the past 10 years. We went from a $29 php script to costume Python/Django and a CDN. I’m really really excited about how the site is coming together. I can’t wait for you to join me in submitting papers and watch as the community grows.

POS Malware uses ElasticSearch for Command and Control

Two point of sale (POS) malware families have been abusing thousands of publicly accessible ElasticSearch nodes for command and control (C&C) purposes, Kromtech security researchers warn.

Malicious files discovered on the ElasticSearch deployments referenced to the AlinaPOS and JackPOS malware families, which are well known for their wide use in credit card data theft campaigns. Both threats have been designed to scrape credit card data from computer memory.

More here

DHS Orders removal of Kaspersky Software from All Government Computers

I don’t know how I feel about this. I love Kaspersky products and research, but I also worry that the government knows something that we don’t and that is included in their reasoning here.

While Kaspersky may not be ¬†compromised by the Russian Government now, they could be in the future if enough pressure is applied to them. I’d love to have more information on this topic.


Google to deprecate Symantec (certs)

This is good news for the internet. PKI and TLS are the foundation of trust on the internet. But in the past issuers could get away with poor practices because none of the major browsers ¬†wanted to lose market share by “breaking” websites.

Trust of the internet is a far more important to Google than browser market. They’ve also correctly anticipated that the internet community takes security more seriously now than they did during the IE vs Firefox browser wars.

Mozilla, to its credit, has followed Googles lead generally and occasionally takes on a more strict interpretation in some instances.


Malware authors leverage Facebook CDN servers to bypass security solutions

This is almost as scary as using DNS records to issue command and control signals.

Cybercriminals use to send spoofed emails that pose as official communications from local authorities. The messages include a link that leads to Facebook CDN. The link point to URL related to files uploaded by the gang in Facebook groups or other public section. More here


Watch-Out for Hurricane Harvey Online Scams

Phishing is usually the path of least resistance for the bad guys to get the sensitive data they want without being detected.

The Better Business Bureau is advising donors to be wary of these techniques which should set off alarm bells:

1. Don’t fall for copycats.

2. Be wary of emails and social media.

3. Don’t provide personal information.

4. Do your homework. Visit give.orgto review the BBB Charity Report and to verify that a charity meets bureau standards for accountability.

5. High pressure.Be leery of a charity that insists on immediate relief help. Legitimate charities will be glad to accept a donation later on.