Tommorow I fly up to Seattle for The 13th Colloquium for Information Systems Security Education.  I will be participating in Monday’s SCADA Panel discussion, which I’m excited to be a part of.  My contribution to this panel discussion will (hopefully) be to discuss how recent control system vulnerabilities provide us with great educational opportunities and case studies to present classic and theoretical principles to students in security classes.  There are many skills and concepts that educators can expose their students to in the SCADA realm that are useful whether you wind up protecting critical infrastructure or not.

I have run the recently released 60-day Cyberspace Policy Review through the Stanza converter for my iPod Touch, to read it on the long hop from ATL to SEA.  I have a feeling it will be a focal point of many discussions at CISSE (and countless other conferences), so I’m looking forward to becoming familiar with it.  I may share any insights I have after reading it at the conference, and possibly on this blog.

On the outside chance that anyone reading this blog will be there, I should be easy to find.  Please feel free to contact me ahead of time, or track me down there!


…they’re already training up their user base for you.  Here’s how you’d want your email to look:


Yeah, it’s a legitimate email.  It appears that after a year of inactivity, the “My UPS” service will disable/deactivate/expire/do-something to your account.  Are they trying to save a row’s worth of space in their database?  I don’t know.

The problem is that every time you send a legitimate email to your users asking them to update or log into an account, you’re conditioning them, and not in a good way.  Users who may normally be suspicious (and rightfully so) of emails asking them to update their account will be less cautious if it is known to them that the service normally sends out that kind of mail.  Phishers can cash in on this familiarity by mimic’ing real “update your account” messages, instead of having to make official-looking ones up out of thin air.

This is why myspace/facebook phishers are so successful.  You already get tons of legitimate email from them.  It’s easy to craft an evil one that slips right in with the rest.

In this case, UPS has made a wise decision in not directly including a link in the “simply log in to My UPS…” text.  This may condition users into going to the UPS site on their own to log in, rather than trusting wherever a link would send them.  However, with all of the other links in the email, an additional link to log in added by a phisher would not look out of place.

In conclusion: don’t help the phishers out by negatively training users in this way, especially without good reason.  It would probably be better to either keep the accounts around indefinitely, or delete them quietly.  After all, I’m obviously not getting a lot of use out of this one.


Script kiddie forum pic of the day:


Naughty avatar censored, but I kept the language in case you want to try and make any sense of this chunk of thread.  PsyKon-X’s contribution is particularly hard to read through:

Perl does indeed work my friend but the coders in which the perl hack was designed for are being patched faster than the hacker is making the perl scripts, and also depends on if the person using the script for example is using phpbb and hasnt patched it with the new version this is vulnrable

Diagram that sentence.

All of you whitehats posting scripts to milw0rm are killing the perl hacking scene ;-) .


I’ve set up an IRC channel for McGrew Security on, and you’re welcome to join up and idle alongside me.  I’ve placed a more permanent link to IRC info on my sidebar over <–there–, but here’s basically what you need to know:

  • Server:
  • Channel: #mcgrewsecurity
  • I’m cs_weasel

It’s on freenode mostly because I’m already idling there in the local Linux User’s Group channel, #bullylug (slogan: “The LUG that takes your lunch money”), and the Exotic Liability podcast’s channel, #exoticliability.  EFnet is definitely more l33t, but I’m already on freenode, and I like not having to work hard to prevent channel takeovers.

I’m on IRC inside of a screen session, so if I don’t respond to you, it’s probably because I’m detached from it.  I’ll reattach and respond when I’m at-keyboard.

Feel free to idle, basking in pre-web-1.0 goodness, chat with others (and me), and just hang out.

Hold on to your butts

This morning, I had the urge to change the look of the site.  I have changed the theme of the site (for the better, I think), and I’ve put some of my static pages under the control of WordPress so that I can manage them from its control panel. Things might be broken for a little while, but I think it’s already under-control.


If you read my review of Stealing the Network: The Complete Series Collector’s Edition, then you’d know that the only real additional content in the new edition is a new chapter by Ryan Russell: “The Final Chapter”.  I liked Ryan’s conclusion to the story, but I doubt that many people who already own the other Stealing the Network books would want to purchase the compilation just for that.

Now, and if you act fast, you won’t have to.  It turns out that the Windows Secret Newsletter is giving away a PDF which contains the entirety of “The Final Chapter” (preceded by a sample of 5 pages of text from another chapter).  It’s only available until May 6th, though, so you’ll want to go ahead and act if you want it.

All you have to do is subscribe to their newsletter, and you’ll be given a link to download the PDF.  They don’t even verify your email address before giving you the link, so I’d advise just punching anything that works into the field:


© 2012 McGrew Security Suffusion theme by Sayontan Sinha