Sunday, March 31, 2019

Urgent - malware can affect humans!

CP alert, 01.04.2019 

Check Point Research Team is about to release an article concerning new and somewhat terrifying development in the world of malware. Apparently, they have discovered a strain of malware affecting not only computers and mobile devices but also humans.

Similar to what has been described in Neal Stephenson's Snow Crash novel, a computer virus sends some seemingly random sets of digits to GPU causing it to show short timed "garbage" images between the regular frames.

This is believed to be a side effect of GPU crypto-jacking attempts.

Normally those images are not registered by human mind, but if one's screen refresh rate is set to 60 frames per second, there is a risk of exposure.

Our source claims that at least one of key researches has been affected.

Symptoms can include nausea, headaches, seizures, and blackouts. In a long term, malware can lead to psychic and personality changes, causing anti-social behaviour, addiction to loud rock and rap music, desire to ware baseball caps, grow a beard, or to ride a heavy motorcycle at high speed.

If you experience any of these symptoms, contact the author of this blog for further investigation. Do not panic, damage can be reversed, but requires immediate attention.

Thursday, July 26, 2018

Future of this blog

To all my readers, subscribers, colleagues and friends,

In July this year, I have re-joined Check Point Software Technologies as a Cyber Security Evangelist. My new role is about developing and running CheckMates communities and live events in Europe and Asia.

I have started this blog as a convenient working notes format, and then with your support and assistance it became much more than that. I have dome my best to share my expertise, knowledge and understanding of security practices in general and Check Point approach in addressing them in particular. I have met with some of you on my workshops, seminars, training events and also on CPUG and CPX events.

Now it is time to take it to the next level.

I am running several Check Point related groups on LinkedIn. In my new role, I have also assumed admin role at CheckMates. I will be going around to meet some of you during CheckMates User Group regional events. I am already having some dates booked for this year around Europe, and there will be more.

However, it is no longer practical to run this particular blog as an independent discussion board. I will keep it alive, of course. But if you want to stay in touch, please follow me on LinkedIn and CheckMates, please.

Thanks a lot for your support and trust, that means a lot.

Thursday, June 7, 2018

Malwaretec vs FBI - all shades of grey

There is a new development in the FBI vs Marcus Hutchins case. The young fellow is now facing another charge, about lying to FBI.

Marcus's arrest and detention in USA the last year was widely publicized, and his campaign to raise money for his defence is quite successful.

I do appreciate his lawyer's vigour. There is a huge outcry now about how FBI has no case and keeps adding charges to the case. This is a reasonable strategy, however if we want to see the the real picture, it is also good to hear the other part of the story.

There is of course, FBI's indictment papers, but it is not a fun read, and a very long one. Instead I suggest you reading quite compelling research Krebs did on Marcus the last year. If FBI is half as good as Krebs, I would be concerned about the actual outcome of this case. It seems to me there is no back in white in this specific situation, but lots of grey in too many shades.

Friday, April 20, 2018

GuardiCore scores 5 awards on RSA conference

I am happy to share with you that GuardiCore has received 5 (five!) prizes at RSA conference recently. Here is the short list:

InfoSec Magazine Awards:
Cloud Security - Best Product
Microsegmentation - Most Innovative

InfoSecurity Global Excellence Awards:
Innovative Company of the Year (Security)
Cloud Security
Deception Based Security

Proud to be a guardicorean!

Friday, March 30, 2018

Cloud security concerns and ways to address them

It is common today for cloud services to be compromised for months without detection. Remember that Tesla cloud case, where hackers were able to mine moneros for at least a month before being detected? Similar things may happen to others.

Today MyFitnessPal has sent a notification to its users that their accounts are compromised. The hack as discovered five days ago, but the actual hack happened at least a month ago. 150 million accounts are affected.

In light of GDPR coming into effect in May this year, I would expect many companies to review and eventually report personal data breaches more often.

Let's face it: cloud requires elaborate and agile security tools. It is not enough to through an expensive FW on the perimeter anymore to feel safe. If at least one VM or container is compromised, the whole environment is pretty much a goner, unless you have ability to detect and mitigate penetration on time.

Cloud security solution should combine elasticity, effective micro- and nano-segmentation abilities, application integrity control and effective breach detection that would help to avoid a situation when hackers are sitting at your cloud for weeks and months without being detected.

GuardiCore Centra is probably the only one solution today that combines dynamic deception, deputation based detection, effective segmentation technology and unprecedented visibility for virtualised and cloud based data center environment.

Feel free to contact me if you want to learn more.

Saturday, February 10, 2018

UserCenter battle continues as Check Point account services are still failing to do their job properly

In my previous post I have already mentioned that my old account came back online. I have also received several notifications from CP account services.

The first one was hilarious. They have asked me to update my email with Pearson VUE before transferring my certifications that are already granted. After asking them if this is a joke, they reported that they have transferred certification history. Well, I had to check. Guess what...

Two out of 14 certificates were lost in the process. Every time account services answer, they are also closing the open case. I have had to reopen it twice already.

So far nobody picked up a challenge about email address change. Too bad, as all this hustle would be avoided completely, would I be able to change that bloody email myself.

However, I would like to ask one more question. What is wrong with account services and Check Point? Why are they failing to perform a simple task?

Update: The issue is finally resolved. 6 days and two escalations. For a simple email change. Fantastic job, Check Point, really well done

Thursday, February 8, 2018

Changing jobs? Brace yourself for impact of losing your UserCenter access

Probably the most annoying part of having and account with Check Point UserCenter is that you cannot change your email address.

Which is, please allow me to say it plainly, utterly stupid.

8 years ago the company I was working for, Dimension Data, had gone through a re-branding phase. All emails where changed from 'name'@'region' to 'name' Considering hundreds of accounts for all company employees around the globe, the impact was huge.
Old email accounts were discontinued, so to fix this, we have approached Check Point with a request to re-assign logins to new new email domain. Guess what was the answer?

- No can do.

So hundreds of DD engineers, sales and accounting guys have had to re-create email alliances to continue working with Partners' portal and UserCenter. They are still using this method now, after those 8 years. It was easier to keep all email addresses afloat than redefine manually tons of dependencies and details.

That was about business. On a personal level there is also lots of pain. If you are changing jobs, be ready that Check Point will sever your access even if you ask them not to do that.

In my case, I have left Dimension Data at the beginning of 2018. One month before that I have opened a case with account services to move my certification details, CheckMates account and UserCenter access to another email address. Once more, the answer is:

- We cannot do that. Please open a new UserCenter account and ask to move your certificates there. 

They have also assured me that my old account will not be closed automatically. Guess what... It is no longer working.

The main implication with changing your email with UserCenter this was is that you lose your history and your CheckMates access. You will appear as a new user everywhere. You will have to wait till they figure out how to move your certification. And I suspect recovering expert access to UserCenter resources will also be a story.

I do not even want to speculate why an established security company cannot figure our how to change an account ID without killing it altogether in the process.

However, this is the reality we are facing today. If you are planning to change your job, make sure you download all your valid certificates and bookmark your CheckMates threads. Because you will not be able to keep all that intact after moving to another email address. Bugger...

I dare Check Point admins to name me a single reason why I cannot change my email address on my account.

Anybody out there up for the challenge?

Update: My old account is operational again. Whoever is responsible, thanks a lot. The issue of transferring the access level and certification history to a new account is not yet resolved. So the challenge stands.