Have a Blessed Memorial Day

(Photo credit: John Moore, AP)

As our hearts and thoughts turn to those who have served our nation, CyberArms just wants to wish everyone a blessed Memorial Day. And a deep thanks goes out to our current troops and their families. You are all what truly makes America great! God Bless!


FBI: Al-Qaeda Video calls for Electronic Jihad against the US

A 6 minute Al Qaeda video translated by the FBI calls for extremist followers to perform cyber attacks against the US. According to Foxnews, the video states that US computer systems are as vulnerable to electronic warfare as airline security was leading up to the 9/11 attacks.

In the video those “with expertise in this domain to target the websites and information systems of big companies and government agencies“, are called on to join in the attack.

This is the clearest evidence we’ve seen that al Qaeda and other terrorist groups want to attack the cyber systems of our critical infrastructure“, said Senator Joe Lieberman who first saw the video last week in a Homeland Security meeting,”Congress needs to act now to protect the American public from a possible devastating attack on our electric grid, water delivery systems, or financial networks, for example“.

Unlike facing America’s military might on the battlefield, cyber warfare can be done on the cheap. According to Lieberman, “Al Qaeda and Al Qaeda in the Arabian Peninsula are focused on cyber warfare because it can be carried out, if you have somebody smart enough, at very little expense“.

This video comes on the heels of a report last month that stated Al-Qaeda was seeking cyber attack capabilities:

While it’s “accurate today,” that the terrorist group isn’t close to having such a capacity, “how fast that can change is my concern,” Rear Admiral Samuel Cox said at a conference yesterday in Arlington, Virgina.

We are used to what the current threat is, and we lose sight of just how fast that can change and go bad,” Rear Admiral Cox said, “They don’t have to build some technological thing.” They “could hire it, or blackmail it, or find the right person who has that skill set and be able to use that and rapidly increase their capabilities.

From the video it looks like they are taking the next steps and actively recruiting extremists with technical skills. The US will and should take this threat seriously.

Wireshark: Listening to VoIP Conversations from Packet Captures

I have never done a lot with “Voice over IP” or VoIP systems, but ran into this today and thought it was pretty cool. A lot of telephones and communication devices now use VoIP to communicate over the internet. I was wondering how hard it would be to listen to a VoIP phone call if you had a packet capture that included the call.

How hard would it be, I wondered, to scan a packet capture, find the calls and be able to somehow listen to the call. Well, come to find out, it is not hard at all. The feature is built into Wireshark!

And they also include a file capture on their website so you can try it out.

So…. Let’s do it!

1. Download the sample capture from Wireshark’s website.

2. Run Wireshark and open the packet capture.

3. Now all you need to do is go to the menu bar, select “Telephony” and the “VoIP Calls”:

4. Okay, a list of calls from the packet capture will show up. Pick the one you want to listen to, in this sample the first one is the only one that really has a conversation:

5. Okay, easy peasy, just select the call you want, click “Player” then “Decode”:

6. The player screen shows up and shows the Waveforms of the conversation. You will have two, one for each side of the call. You can listen to each side individually, or if you tick both check boxes you can listen to the conversation as it plays out:

That’s it, if the VoIP conversation is in a protocol that WireShark understands, and is not encrypted, you can very simply isolate the call and listen to it via WireShark.

As always, do not try these techniques on a network or on systems that you do not have permission to do so. Also, check your local laws regarding communication privacy and telephony before trying something like this in real life.

The Five Most Important Reasons to Perform Network Auditing

Network auditing plays a key role in the ongoing management and maintenance of your information systems. A proper network auditing program can help to maintain your systems security and your knowledge of what’s running on your network. It can also keep you from running afoul of any licensing issues. Here are the five most important reasons to perform network auditing:

  1. Vulnerabilities

Use network auditing to assess the security of your systems and identify vulnerabilities. These can include unapproved services, weak or blank passwords, or open shares, and can be used to assess both workstations and servers. Identifying these issues is that first critical step towards remediating them.

  1. Patch Management

Network auditing can play a key role in your patch management efforts as well. Use your network auditing reports both to identify those systems that need to be patched and also to confirm that patches have been deployed successfully.

  1. Hardware Inventory

Network auditing can help you maintain an up-to-date inventory of all the hardware on your network so you know exactly what you have  and can therefore enable you to easily make hardware related decisions, such as which systems are getting old and need to be updated to keep up with the ever increasing work load. Periodic hardware inventories can also be useful for security, as in the case of unauthorized devices such as rouge access points which can be a serious red flag that warrant immediate attention.

  1. Software Inventory

Speaking of software, knowing what is running on your workstations and servers is just as important as knowing what hardware is running. How many XP machines still need to be upgraded? Who is still running Office 2003 or hasn’t updated their PDF reader since 2009? Network auditing can give you a clear and complete view into what software is installed on your workstations and servers so you know just what you have, what needs to be patched, and…

  1. Compliance

…what licenses you need. One of the most useful things network auditing can assist you with is your compliance activities. You can quickly and easily ensure that all systems are compliant with your internal policies, and can also be sure that you have licenses for all the software in use on your network. Too often companies find out only too late that an open share enabled everyone in the company to install software that was only licensed for one or two users, and have to scramble to true up.

Network auditing may sound like an arduous task but, with the right tools and the right approach, it can be an easy to perform and critical aspect of your network management. If you are not yet performing regular network auditing, use these five important reasons to convince management it’s time to start.

This guest post was provided by Casper Manes  on behalf of GFI Software Ltd. GFI is a leading software developer that provides a single source for network administrators to address their network security, content security and messaging needs. Read more on the importance of network auditing

All product and company names herein may be trademarks of their respective owners.