De-Coder’s Ring

Software doesn’t have to be hard

Category: cybersecurity (page 1 of 4)

WannaCry over WannaCry :(

Information is developing faster than we can keep up, but, the UK health system was hit by a huge wave of Ransomware today.   The WannaCry campaign has devastated hospitals and trauma centers.  Patients are being refused.  Records are inaccessible.  The only work being done is high level emergency work to save life and limb.

Ongoing information can be found here:

Hospitals across England hit by large-scale cyber-attack from worldnews

Some language, some frustration, but this is real life.   There is every expectation that life will be lost due to this ridiculous cyber attack.

If it turns out to be a pissed off kid who couldn’t get some vicodin from his doctor, heaven help him.

This is a good time to point out that the Emerging Threats Pro rule set apparently will trigger on the traffic that caused the exploit:

ET EXPLOIT Possible ETERNALBLUE MS17-010 Echo Response

I won’t make any money if you buy an ET Pro license, but, I recommend it.

Patch your systems!  This is information about the exploit found in Windows… fixed a few weeks back.. Hospitals are notorious for having old and unpatched devices..


I Spy on You

I spy on you, it’s my job.  

I build tools that monitor your computer network.  

They will get installed at your employer and because of that, we have 100% visibility into what you’re doing on your network…. and you should be glad!

Cybersecurity is a hard ‘thing’.   It’s a constant arms race for new exploits, new tool kits to take advantage of those exploits and new defenses on how to stop those exploits.  It’s not a new game, and the game will never go away.  The rules are pretty simple.   There are people out there who want to impact your computer network.  Then, there are people who try to defend your network.   Pretty straight forward eh?

The attackers have various reasons they want to attack.

  1. Personal education, figuring out how to break things
  2. Bragging rights, so they can seem cool in their dark circles
  3. Theft, stealing your personal/customer/employee data 
  4. Reward, getting paid to attack, corrupt, encrypt, etc

Why I need to Spy on You

In order to understand what’s going on, we need 100% visibility into a network.   We need to see how data flows.   Need to see how address lookup (DNS) works.  Need to see what web sites are visited, URLs and files are loaded.    Is your computer talking to a known bad web site?  A  known exploited file got downloaded?  We need to log everything.  It’s like CSI..   but network forensics.

…  just remember, I don’t care how much time you spend on Facebook.  I don’t care about your, eh, OTHER online browsing habits, as long as they don’t infect your computer!  



Slow Down: Wrong Cables

I made a bone head move this week.   I went onsite to a new customer, who we love, to install a new network sensor.  It’s been a crazy hectic few weeks with the growth we’re having @ Perch Security, but that’s not really a valid excuse.  I’m owning up to my mistake, and reflecting on it.. thankfully, our customers are super cool and they get it.

Normally, I label our sensors for easy installation.

Dang, look at that sticker

That way, our customers know which port to plug into their management network, and which port is going to be watching their mirror/span/tap.  The installation went well.  The sensor was talking to my cloud.  The problem was, the sensor was only seeing broadcast data.  No typical network traffic (HTTP, SMTP, etc.  see:  post ).  Obviously it was a mirror configuration problem.  After all, if the sensor has an IP address and can talk out, the management port CAN’T be plugged into the mirror port.  It’s not my problem, it’s the switch!    (Uh oh, bad assumption right there, it turns out).     I would have known that, if I had the right ports plugged into the right ports on the switch.   Ugh.

Of course, this time we had a lot of new things

  • New hardware build, so unfamiliar with layout of the back
  • No stickers (cause it fell off in transit, argh!)
  • No indicator on the back of the sensor to which port is which

All of these things were in place because I was rushing around like a dying chicken.  That’s a thing, right?

Now it’s time to reflect.   How do I set us up for success going forward?     I have instructions.  I have labels.   I have the know how to do it all.

I just need to slow down.  Slow down.  Slow down.

(( Thank you for reading my self reflection for the week.  If you don’t hire me some day because of this post, that’s OK.. I ain’t perfect  ))


Law Enforcement Backdoor – Wide Open Spaces


The news this past week has been all about the terror attacks in London.  This is a horrific event.  The pointless loss of life can never be allowed and law enforcement needs to do all it can in order to stop it.   Law enforcement / governments should be asking for a back door in encryption technology.  They should be trying to crack it.

We as citizens and technologists, can not allow them to succeed.   We certainly can’t give them a back door to read all encrypted traffic!

Some of you may be thinking, “wait, those two statements are contradictory!”.   I disagree.  We, the general population, have a different set of motivations than the federal government.   They’re not necessarily competing, but they’re not the same.   The government should be trying to break encryption.  If this stops some nut job countries who are trying to launch ICBMs at us, then yes! Stop them!

If they’re using broken encryption to spy on US citizens , then heck no, we won’t go.

What is encryption?

Encryption is  a mathematical scheme that allows data to be transferred between two or more parties.  Typically, modern encryption for the web involves a private and a public key.    Party A (me) will share my public key with you.   Party B (you) will share your public key with me.   Within apps like WhatsApp or Signal handles the keys behind the scenes.  The math allows me to alter data, using your public key.  Then, I send you the data that you can use your private key to decrypt.  It’s big math, that I definitely don’t understand, but it’s near uncrackable.  The longer the keys, the harder it is to decrypt.

That sounds bad for law enforcement, let’s give them a back door

A backdoor is a short cut. It’s a ‘universal’ key that allows the key holder to read the contents.   Think about it like a letter in the mail.  I drop a letter in the mail, and since I glued it shut, no one else can read it (bear with my on this analogy).  Now, law enforcement wants to make sure they know we’re not doing anything illegal.   They want to peek into your envelope.  They want a secret code to open a secret flap on your envelope that only they know how to open.

Genius, right?

Ultimately, putting the back door in place for Law Enforcement is an awful idea and will only open the doors to the wrong people using the back door.

Imagine this.  You’re at home, and the police department calls you.   “Hey Mr Jones, we want a back door so we can know when some one is robbing you.  We want to prevent rape, murder, pillaging etc.   Just build a new entry way, and hide it.   Only we’ll know where it is”.   They  make that call to everyone in the neighborhood, and everyone complies, because you know, “we have nothing to hide!”

All goes well for a year or so.. then all of a sudden, things go missing in everyone’s house.   Identity theft goes on the rise and we can’t figure out what happened.

Remember that law enforcement back door?  Yeah, the little hoodlum down the street found it on your house.   Then your neighbors house.  Then all the houses.

Think about it from the law enforcement agency (and this may be getting real, in today’s society).   Since they have the back door, they can now log all encrypted internet traffic for finding later.  Remember that bad thing you said about the president elect?  Now he’s president…. and doesn’t like people who say bad things against you.   Once he does a search to find who said bad things.. then.. he’ll do bad things *

Long story short, backdoors for law enforcement can sound good to some people.  If they’ll prevent terror attacks or stop crimes ‘before’ they happen, then that’s awesome.  The problem though, is that we would lose our privacy.  That’s a non-starter.


from –


  • This is not a real scenario in the US.. Thank God on that…. let’s pray that it doesn’t ever get to that.
Older posts

© 2017 De-Coder’s Ring

Theme by Anders NorenUp ↑