PlanetBravo

6e3e645c1046654775d840adbead28bc

Ok, I said I was going to talk about SSL¬†in my next series of blog posts, but before I do that (starting next week), I wanted to briefly mention PlanetBravo. Tonight was “back-to-school” night for parents and my son’s kindergarten teacher (yes, school starts next week). Aside from talk about the usual curriculum – religion, reading, math, and a host of other topics – there was mention of a new technology-based program provided by an organization called PlanetBravo. It remains to be seen how effective their program will be as this is their first year at St. Margaret Mary, but they’ve been providing technology-based curriculum for K-8 grades in Los Angeles for close to 15 years. They will engage the kids into modern tech, including teaching them basic programming and coding for the higher grades. Seems very cool and hoping this gives the kids foundational knowledge which they’ll need far more 20+ years from now.

This should be exciting for the kids and hoping this is successful for the school this year and years to come. Getting young Catholics into technology early is what we need for the future, especially as the world becomes more embedded in a culture of tech and social media.

 

A Busy Day and SSL Certs

It has been a longer work day than usual, so no real opportunity to blog today. However, I want to note that I’ve been learning much about trusted certificates (for SSL) so for the next series of blog posts I’d like to touch on this topic extensively. There was much misunderstanding on my part and writing about this will help to solidifying my knowledge. I hope it also helps others as well.

Black Hat 2017

My company is at Black Hat USA this week (would’ve been a great learning experience to attend since I’m still very green on security, but next time), looking to promote our tech to thousands of security professionals.

Perhaps have a little fun in Vegas as well.

Now in its 20th year, the desire to know and need security will only make the conference ever more popular. Some interesting news stories to note from BH:

A Crash Course in Linux

linux-journey

Having worked in the Microsoft/C#/.NET space for almost ten years prior to my current job, I didn’t work with Linux and Bash all that much. I worked with Linux primarily as a hobby back in college. Of course, when you work in this industry, many skills can transfer over to different tech stacks. However, since my current position is primarily all about working with CentOS Linux and open-source software, I had to take a refresher before doing my interviews and supporting the platforms I’m working with.

For those who want to get their hands dirty a bit with Linux and Bash, I recommend Linux Journey. I had much prior knowledge working with Linux, so this site was more for “fine-tuning” my knowledge a bit, but if you want to gain a useful skill, this is the site to use – and it’s free! Don’t expect to be an expert overnight, but rather think of it as laying the foundation as well as gauging your interest in working with the most popular open-source platform on the planet (remember that Android is built off the Linux kernel).

It’s worth a try and it might be valuable career knowledge later on.

Understanding CybOX

Going through a transition from CMS/Commerce platforms to cyber security/big data, there are many technical aspects of security I’m still trying to grasp. One of them is is CybOX or Cyber Observable eXpression. It is a “standardized language for encoding and communicating” cyber observables. An observable, by definition, is a dynamic variable that can be measured so cyber observables are used for analysis and detection in the following domains:

  • Threat assessment & characterization (detailed attack patterns)
  • Malware characterization
  • Operational event management
  • Logging
  • Cyber situational awareness
  • Incident response
  • Indicator sharing
  • Digital forensics
  • And more…

In my work, cybOX cyber observables are used for setting conditions so that certain events will trigger “behaviors”that will alert analysts of potential threats in their network. There is, however, much more complexity and flexibility than how I’ve described it, but that is the gist of it. Reading only the CybOX about page is a bit difficult to digest on its own.

Those familiar with XML will immediately understand the schema of CybOX observables. Here is one simple example for detecting file patterns via regex:

<?xml version="1.0" encoding="UTF-8"?>
<cybox:Observables xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns:cybox="http://docs.oasis-open.org/cti/ns/cybox/core-2"
    xmlns:cyboxCommon="http://docs.oasis-open.org/cti/ns/cybox/common-2"
    xmlns:FileObj="http://docs.oasis-open.org/cti/ns/cybox/objects/file-2"
    xmlns:example="http://example.com/"
    xsi:schemaLocation="
    http://docs.oasis-open.org/cti/ns/cybox/core-2 ../core.xsd
    http://docs.oasis-open.org/cti/ns/cybox/objects/file-2 ../objects/File_Object.xsd"
    cybox_major_version="2" cybox_minor_version="1" cybox_update_version="1">
    <cybox:Observable id="example:Observable-9769042a-294d-4f2c-963b-579702df0472">
        <cybox:Description>
            This observables specifies a pattern for a file with a file name that fits a certain pattern.
            The file name starts with &apos;bad_file&apos;, ends with &apos;.exe&apos;, and has
            between two and five numbers in it.
        </cybox:Description>
        <cybox:Object id="example:Object-dae8802e-b0df-4989-9ac3-d816b153842b">
            <cybox:Properties xsi:type="FileObj:FileObjectType">
                <FileObj:File_Name pattern_type="Regex">bad_file[0-9]{2,5}\.exe</FileObj:File_Name>
            </cybox:Properties>
        </cybox:Object>
    </cybox:Observable>
</cybox:Observables>

So a dev could use this schema for whatever purpose in his application, such as generate an alert if some process generates this file pattern.

I’m still trying to wrap my head around the depth and numerous use cases for cyber observables, but from my understanding this is a good place to start if you want to get a better understanding what cyber security analysts are using and relying on, especially when security has become much more important for many large and enterprise-level companies and organizations.

July 4th Week Break

I hope everyone had a celebratory and fun Fourth! Taking a break this week, so here are some links of interest for “summer reading”:

https://www.darkreading.com/mobile/copycat-malware-infects-14-million-android-devices/d/d-id/1329286

https://www.darkreading.com/perimeter/hacking-the-state-of-the-isis-cyber-caliphate-/d/d-id/1329293

https://www.bleepingcomputer.com/news/security/man-who-hacked-kremlin-elites-gets-two-years-in-prison/

https://www.macrumors.com/2017/07/06/apple-bug-bounties-dont-pay-enough/

https://mspoweruser.com/microsoft-cutting-3000-jobs-part-major-reorganization/

Why Do Apps Need to Change Their UI Every Two Weeks? – A Brief Rant

<rant>

I exaggerate that “every two weeks” part, but it seems that there is annoying tendency in mobile application development to constantly change the user interface and/or experience. Two primary examples for me are Skype and Pokemon GO for iOS.

Previous iOS skype:

skype-bot-ios

New iOS Skype (with some card notifications that don’t make any sense):

IMG_1395

Old Pokemon GO Gym UI:

Claiming-a-Gym-Pokemon-GO

New Pokemon GO Gym UI (which looks fancier, but so much crap going on you can’t make sense of it):

IMG_1396

Maybe I’m getting old enough that major UI overhauls are incredibly disruptive and just plain annoying, especially if you have an older phone – and thus an older GPU – that can’t handle the fancier animations as smoothly as you’d like. Why does Skype need to emulate Instagram, which its new UI instantly – no pun intended – reminded me of? For P-GO, the new gym features themselves are nice, but the implementation is confusing at best as the new features are not straightforward to figure out. It seems like change for the sake of change without regard for veteran users of a platform.

That’s why – as a another prime example – ¬†Windows 7 is still the perfect desktop OS. It just makes sense from a UX perspective and simply works.

</rant>

// Totally my “Get off my lawn” tech moment.