Iran Training Female Ninja Assassins

As things continue to heat up between Iran, Israel and the United States, the headlines are full of stories of hacker attacks and bombings. At some point the United States will most likely put boots on the ground in Iran. But Iran is aware of this and is training a secret force to repel the infidel attackers.

During the war with Iraq, the US faced off against Iraq’s best troops, the Republican Guard. News has come out today that Iran also has a highly trained force that the US will need to contend with if they do enter Iran.

The special force? Ninjas!

And not just any old Ninja’s, female Ninjas!

According to the Telegraph, over 3000 women from age 5 to 56 are being trained as lethal Ninjas:

“We train women to have strength and ability. We have to do everything in our power to protect our homeland,” said Akbar Faraji, who runs the school.

One of the fighters who has been training for over 13 years said, “Our aim is for Iranian women to be strengthened and if a problem arises, we will definitely declare our readiness to defend our Islamic homeland.”

Though Ninja’s are cool, I am not sure how well a force of sword wielding 5 year old kids or 55 year old grandmas in black pajamas will hold up against the US Special Forces, M1 Abrams battle tanks and Apache attack helicopters.

This is all said tongue-in-cheek of course, but to be serious for a moment, it is interesting to see that Iranian woman are able to openly participate in a public sporting activity. Especially since Iran is not renown for woman’s rights.

Shmoocon Stratfor Password Analysis

Chris Truncer presenting at Shmoocon with an interesting analysis of the Stratfor password dump. When Strategic Forecasting Inc (Stratfor) was hacked, the Hacktivist group Anonymous released hundreds of thousands of user’s accounts, including user names, credit card numbers and hashed versions of the user’s passwords.

At the recent Shmoocon security conference, (Video above) Chris Truncer presented a short analysis on this password dump. Using oclhashcat-plus Chris was able to decode about 70% of the password hashes that were publicly released. He then analyzed the cracked passwords with the password analysis program Pipal, which searches password lists and returns several statistics, like most used passwords and character use percentages.

Though the top ten passwords used didn’t seem to match the top passwords from last year, it is interesting to note that when users received a password from Stratfor, apparently many never changed it, or worse, many changed it to something less secure.

7 Reasons to Use a Patch Management Solution

Do you use a patch management solution? If your network is like many others out there, you probably have half a dozen or more different Windows operating system versions, two to four different Office suites, and dozens more software applications scattered throughout the various workstations and servers on your network. You say to yourself every Patch Tuesday that this is the month you will finally get a handle on patching, but then find yourself overwhelmed and not even sure where to begin. Take heart; you are not alone. Like so many of your peers, you simply need a patch management solution.

A patch management solution can make short work of what can be a Herculean task, simplifying and automating patch management. With the ability to go beyond just the operating system and your Office suite, a good patch management solution can also take care of all those vulnerabilities that things like Windows Updates and WSUS cannot. Here are seven reasons why you need a patch management solution today:

  1. Deploy patches quickly and easily

Patching should be a regular process, not a time consuming one. A day to review, a day to test, and a day to deploy sounds about right for most situations, and a good patch management solution will let you accomplish that. Anyone that needs a week or more to do patching should find a patch management solution provides positive ROI as soon as it is installed.

  1. Patch third party applications

One of the best reasons to invest in a patch management solution instead of using free Microsoft tools is that patch management software can patch third party applications. PDF readers, media players, FTP clients, compression utilities; the nearly endless list of apps on your users’ desktops can present huge risks to your network, but are easily kept up-to-date with a patch management solution. No more all-nighters every time there’s an Adobe zero-day.

  1. Deploy third party applications

Speaking of third party applications, did you know that the better ones are multitaskers? They don’t just patch, they can deploy, and that means that when you have to roll out a new piece of software, your patch management solution can do it for you. No more sneaker net or trying to write logon scripts for every type of machine on your network.

  1. Can manage non-domain members

We all have machines that are not joined to a domain. They can be in the DMZ, special purpose, or just for testing, but all are beyond the reach of the GPOs that WSUS uses to get domain members patching. Patch management solutions can use agents or simply a local administrative account to patch and maintain all those DMZ machines as easily as it does the internal systems.

  1. Auditing and reporting

It’s not enough to take patching on faith; you have to be able to confirm all systems are up-to-date. You also need to be able to budget for upgrades for both hardware and software. Auditing and reporting can confirm patch levels; ensure that your license counts are accurate, and also let you know how many machines need a RAM upgrade before you can deploy the next version of your Line Of Business application.

  1. Remove unauthorized applications

Patch management solutions can also remove unauthorized software, making it easy to keep machines in a supported state, to remove software that a user installed without a valid license, to uninstall software from every machine before you push the upgrade, or when you decide not to renew.

  1. Vulnerability reporting

Patch management isn’t just about pushing or pulling software, it’s also about managing your risk. Good patch management software can perform vulnerability assessments as well, generating reports of all your systems so you know which patches are needed, and which are not, and so you have a full understanding of just what’s out there.

So make the next Patch Tuesday the one where this time you really do get a handle on your patching needs, take care of all those third party applications and start reporting up to management on all the great work you do. Your new patch management solution is just the thing to let you look at both patching and compliance as easy.

This guest post was provided by Casper Manes on behalf of GFI Software Ltd. GFI is a leading software developer that provides a single source for network administrators to address their network security, content security and messaging needs. Learn more about the right patch management solution.

All product and company names herein may be trademarks of their respective owners. 

US Confirms Iran did not Hack Drone

A congressional official has confirmed that Iran did not bring down the US Stealth drone with it’s “cyber warfare” skills. That the downing of the drone in fact was due to a malfunction, according to a Foxnews article:

We have looked at this eight ways to Sunday. I can tell you it was a U.S. technical problem. The information (data) was not lining up and it was not the result of Iranian interference or jamming.”

This confirms what we stated in December, that Iranian “Cyber Commandos” most likely did not bring down the drone.

Information from a 10 week CIA review seems to point to a malfunctioning data stream. Information from the faulty stream may have led the drone operator to land the UAV, though this has not been confirmed. Also, and more importantly, because of information gleaned from the stream, the UAV may have not correctly dumped classified data.

The RQ-170 is programmed to dump sensitive data in cases of malfunctions or crashes. Though the information is encrypted, and Iran most likely could not retrieve the data on their own, this could still be a major blow to the United State’s UAV program.

Meanwhile, Iran’s Press TV, claims the Foxnews article a victory:

The report supports Iran’s claims that the reconnaissance was cyberjacked by the army’s electronic warfare unit and eased to a safe landing while deep in Iranian territory on December 4.

Apparently the Iranian Press only read a couple paragraphs from the article. I find it odd that they didn’t include a link to the Foxnews article. Maybe Foxnews is filtered out by Iran’s online censorship program?

On December 12th, President Obama asked Tehran to return the drone. We have found out that Iranian craftsman are hard at work duplicating the drone. And though they will not return the original, they will return one that they have made directly to President Obama. The will send him… a pink one:

“The models began release this week, and the makers say they have already set aside a pink one for President Obama – who has asked for Iran to return the original US craft.

“He said he wanted it back, and we will send him one,” Reza Kioumarsi, the head of cultural production at the Ayeh Art group was quoted as saying on Iranian state radio.”

How nice of them…