I’m happy to share that Stony Brook University (SBU) is once again supporting National Cybersecurity Awareness Month 2018 as a Champion.

SBU will be joining a growing global effort among businesses, government agencies, colleges and universities, associations, nonprofit organizations and individuals to promote the awareness of online safety and privacy.

A multi-layered and far-reaching campaign held annually in October, NCSAM was created as a collaborative effort between government and industry to ensure all digital citizens have the resources needed to stay safer and more secure online while also protecting their personal information. As an official Champion, SBU recognizes its commitment to cybersecurity, online safety and privacy.

We have some exciting things planned for this month to help raise awareness about this important topic. Stay tuned and stay on the lookout for more information. And as always, also stay on the lookout for the baddies trying to steal our data and take a few minutes to review these important tips in honor of NCASM 2018.

I’m happy to share an article I wrote for Enterprise Security Magazine. It should be running in print as well in next month’s issue. Check it out!

Information Security and Higher Ed: How one CISO is able to leverage an MSSP as aprt of a modern approach to managing risk

The dark side is strong, but the force has awakened <gratuitous Star Wars reference>. Jedi knight and security analyst, Eric Johnfelt, stumbled upon a find that we feel is worth shouting from the proverbial rooftops. Shodan.io, for those that don’t know, is like a search engine for internet-connected systems. Shodan allows you to quickly see what systems and applications are exposed to the internet within your network range. It finds more than just servers, but I will let you explore the other features on your own.

I know what you’re thinking. “Cool! The good guys can check their own network ranges and see if something is inadvertently exposed to the internet!”

To that I say, “Correct! And guess what? The bad guys can check your network ranges and see if something is inadvertently exposed to the internet!”

But, alas! All is not lost thanks to Shodan’s owner, John Matherly. The good guys have the upper hand for a change. He is willing to upgrade any EDU user to a full account for free! As in, $0 instead of $49. Plus, it includes an API plan that normally costs $99+ a month! This is not a brand new offer, but certainly worth mentioning for those of us who didn’t know this previously. It includes the following:

– All add-ons (HTTPS, Telnet, view up to 10,000 search results)
– 100 Export Credits
– Improved API plan (access to up to 20 million results/ month)
– Shodan Maps (https://maps.shodan.io)
– Shodan Images (https://images.shodan.io)
– Free access to the Complete Guide to Shodan book

When I asked him why he is offering this deal, he revealed that he used to work at a University before starting Shodan, and “…it was a pain to get funding for anything!” I can’t imagine what he means by that <insert sarcastic grin here>. To take advantage of this offer, sign up for a free account and then send an email to support@shodan.io from your EDU email address and tell them what your username is.

In any case, thanks to John and the Shodan crew for making this awesome tool free for EDU folks! One word of caution, though. Use Shodan responsibly and do not abuse your newly granted power. Don’t allow the dark side to seduce you. If you visit any of the discovered devices without authorization, you could be breaking the law.

May the force be with you.

https://flic.kr/p/7zLt8y – Public Domain

Have you used Shodan before? In what ways have you found it useful? Let me know in the comments below.

Thanks for reading and don’t forget to subscribe.

As I dive deeper into the world of cyber, I tend to quote my father about once a week, “If I knew then the things I know now!” I have been trying to share some of these worst kept secrets from time to time and here’s another one. A single tool that I can’t believe I lived without for so many years.

The tool’s name is…drumroll please…

WMIC.

If you already know about it, awesome. You’re legit. If not, learn about it right now and start to think about how you can use it. WMIC can query just about anything about your system and tell you what’s really going on.

Two commands in particular you should commit to memory right now:

wmic startup list full | more will show you every process that runs at startup. Hugely valuable for finding evil processes or even just troubleshooting performance.

wmic process list full | more is like task manager on steroids. And this command is a kernel-level command, so evil processes have to work harder to hide from it. There is one portion of this output that is just priceless. Look closely and notice the line “ParentProcessID.” It actually identities what process spawned each subsequent process. So, if you are suspicious about a particular process and find out that the parent process id is iexplore.exe, you might be on to something. Or maybe you find that the parent process id is explorer.exe, then it’s probably something you double clicked…DOH!

And YES, wmic can be used to query computers across the wire, just use the /node:%computername% switch. Wmic is extremely powerful and its usefulness is only limited by your imagination. But step one is knowing it exists! Now you can proceed to step 2.

The SANS Windows Commandline Cheat Sheet gives some more detail about this command and several others. Be sure to check it out.

What other commands do you know about that are under utilized or desperately in need of some more attention? Let us know in the comments below.

Thanks for reading and don’t forget to subscribe.

Hello All:

In honor of cyber security month, Educause allowed me to be one of their guest bloggers. Pretty cool!

Read it Here:  Keep Your Digital Home Secure In the 21st Century

Thanks for checking it out.

Another breach, you say? Yawn.

How many this time? 10,000 records? 20,000? 1 Million?

No, those numbers are small potatoes. How about 15 million? Caught your attention yet? Probably not. But stay tuned from some breach irony!

Experian, was breached. They are a large credit check company. Perhaps you’ve used one of their websites before, namely freecreditreport.com, an Experian company. Have no fear if you did! You are likely unaffected by the breach, unless of course you are also a T-Mobile customer. You see, T-Mobile used them to credit check their potential customers, and those individuals make up the list of victims this time around.

GREAT NEWS THOUGH! If you are one of those poor saps, you have qualified for TWO COMPLETELY FREE YEARS OF CREDIT MONITORING by…ahem…am I reading this right??? Ahh, I love the irony…

How many free years of credit monitoring have you accumulated? Share some details in the comments below.

Thanks for reading and don’t forget to subscribe.