June 27, 2015

Interesting analysis' of US OPM data breach

If you are interested in the recent US Office of Personnel Management (OPM) data breach you'll want to check out the following articles and blog posts.  For those not familiar with this breach, see here.

Richard Bejtlich has a great blog post regarding what Einstein and Continuous Diagnostic Monitoring (CDM) does and does not.  He talks about a debate going on in the Federal govt. about CDM and the misconception they have about it.  Statements are being tossed around that CDM searches for nefarious actors once they are already in networks.  Richard rightly points out that CDM does not do this but rather it is a vulnerability management program which searches for known cyber flaws.  Read more about this here:
http://taosecurity.blogspot.com/2015/06/continuous-diagnostic-monitoring-does.html (link)

Richard has a follow up post to the CDM debate where he talks about the House of Representatives' OPM breach hearings.  One of the witnesses testimony incorrectly talks about CDM providing real-time anomalous behavior detection.  Read more here:
http://taosecurity.blogspot.com/search/label/cdm (link)

Arstechnica article Why the "biggest government hack ever" got past the feds:
http://arstechnica.com/security/2015/06/why-the-biggest-government-hack-ever-got-past-opm-dhs-and-nsa/ (link)

February 8, 2015

Chrome's weird DNS lookups


SANS ISC Handler Bojan Zdrnja has a great post on the ISC diary about how Google Chrome performs DNS prefetching lookups in order to speed up browsing.  I hope you find the post as interesting as I did.

https://isc.sans.edu/diary/Google+Chrome+and+(weird)+DNS+requests/10312

Adding to Bojan's post I found a tip on how to disable the function:
http://hanxue-it.blogspot.com/2014/04/how-to-disable-dns-prefetching-in.html