The Lazy Genius

Security News & Brain Dumps from Xavier Ashe, a Bit9 Client Partner

  • Subscribe

  • Xavier’s tweets

    Error: Twitter did not respond. Please wait a few minutes and refresh this page.

  • Goodreads

  • Enter your email address to follow this blog and receive notifications of new posts by email.

    Join 1,186 other followers

  • Blog Stats

    • 52,270 hits

Archive for January, 2013

Extracting data with USB HID

Posted by Xavier Ashe on January 27, 2013

As I get more into my Bit9 job, I will be doing a lot more endpoint security. I’ve been on the network side of security for so long, I have some ramping up to do. A very common request is to secure USB devices. Here’s a good article on getting data off a locked down system.

High security workstations have some pretty peculiar ways of securing data. One of these is disabling any USB flash drives that may find their way into a system’s USB port. Security is a cat and mouse game, so of course there’s a way around these measures. [d3ad0ne] came up with a way of dumping files onto an SD card by using the USB HID protocol.

We’ve seen this sort of thing before where a microcontroller carries an executable to extract data. Previously, the best method was to blink the Caps Lock LED on a keyboard, sending one bit at a time to a microcontroller. [d3ad0ne]‘s build exploits the USB HID protocol, but instead of 1 bit per second, he’s getting about 10kBps.

Hack-a-Day: Extracting Data with USB HID

Advertisements

Posted in Security | Tagged: , | Leave a Comment »

Impressions of Windows 8 for the family

Posted by Xavier Ashe on January 25, 2013

I’ve been running Windows 8 on one my laptops since it’s release and put in the kitchen for my family to use.  It’s a powerful laptop, i7, 12 gb RAM, nice graphics card.  I’ve used it, as has my wife and my three elementary age kids.  My teenagers have their own PCs and laptops.  I’m now replacing this laptop (need to give it back to IBM) with another.  It has Windows 7 on it.  Note, neither laptops have a touchscreen.

My first thought was to reformat with a fresh Windows 8 install, since it will be the new family machine.  Windows 8 has family controls built in to the OS, has PIN logons, and the Metro look and feel is very nice.  But I started thinking about how many family uses it.

My wife was constantly frustrated about trying to get stuff done on it.  The Metro version of IE has some shortcomings, mainly not running flash unless Microsoft approves it.  She googled how to recreate a Start button, and if she uses this machine, she goes directly to the desktop.  She never used one of the Metro apps, but she also has her own laptop with Windows 7.  She installed Chrome and stopped using IE 10.

My boys (ages 6 and 8) love the Bing app.  They can spend hours just searching various star wars names and looking at the image results.  But IE has problems with various sites like starwars.com and lego.com.  I put a Chrome icon on their Metro home page.  It of course runs in the desktop.

My 10 year old daughter does a lot of homework online.  Half of her sites don’t work in IE 10, so she uses chrome, too.  My 8 year old boy attends an online school.  Again, IE 10 doesn’t work.  Word processing is via Symphony, on the desktop.

Even though I installed a bunch of free Metro games for the kids, they don’t use them.  They want the games on PBS, Star Wars, Lego, American Girl, and other web sites.  They each got their own Android tablets for Hanukkah, so all those Metro games have similar ports on Android and are more fun to play on a touchscreen device.

The only positive things out of Windows 8 is the Bing Search app, parental controls built it, and my kids learning how to use the new OS.  But in the end, most just go to the desktop and launch Chrome.  The new laptop has a fingerprint scanner, so there’s no reason for a password or PIN.

I think I will leave Windows 7 on the new family laptop.  I get my new work PC next week.  I will contemplate putting Windows 8 on there for a while and see how it works for work.

Posted in Other Technology, Personal Note | Tagged: | Leave a Comment »

Moving On and adding some Bits

Posted by Xavier Ashe on January 11, 2013

As of February 1st, I will be leaving IBM.   It’s been a great 7 years.   I never thought I could enjoy working for a large company, or working so long in the same position.   Man was I wrong.   IBM really has some great people, and I had the best quality of life during my tenure.   Even though I was in the same position, life was rarely dull with constant acquisitions (nearly one per year that affected me!).   I started off working with NeuSecure/TSOM, then TDI, then TCIM, then TSIEM, then AppScan, then Proventia and SiteProtector, then BigFix/TEM, and finally QRadar.   That’s a busy seven years!

Well, what’s next?  I have accepted a position at Bit9 as a client partner. I am excited about this on several fronts.   One, I think the technology is amazing.   I’ve never been a big supporter of virus scan products.   They just never seem to offer adequate protection.   Bit9′s approach is to whitelist the good stuff as opposed to trying to find all the bad stuff.   I really think this is a better way to secure endpoints.   I’ll be posting more on my security philosophy soon.

Secondly, I’m excited to be moving to a small company.   Not only is moving to a start-up* exciting, the people there are too.   Everyone I’ve talked to so far seems to be on the same page as me when it comes to security philosophy, business philosophy, and look to be very fun to work with.   I was lucky to find a good crew at IBM, and it looks like my luck continues at Bit9.

Also the client partner role looks to be very fulfilling.   When I look back on my time at IBM, I really enjoyed the time that I could form long-term relationships with my customers.   That’s also where I found the greatest success.   This position looks to mix engagement management, relationship management, and technical account management. I’m also planning on doing some evangelist work too.

I am so excited to get started at Bit9 in February.   I will have to spend some time deprogramming myself as an IBMer, but I think this is a good move with a good company with a great product.

* Bit9′s been around for about 7 years and can hardly be called a start-up anymore.   But every company seems like start-up when coming from IBM.

Posted in Bit9, ISS, Personal Note | 4 Comments »

 
%d bloggers like this: