menardconnect.com

Tech, Games, Blogging and Other Random Thoughts

Category: Technology

#IamCybersecUre: Threat Experts Summit

Posted on November 7, 2017  in Blog Experiences, Technology

Hi Friends!!!

Our company, Trend Micro is hosting a cybersecurity event called Threat Experts Summit for students!!! It will be this Friday, November 10, 2017 1:00 PM – 5:30 PM at the Hotel Novotel, Araneta Center, Cubao, Quezon City.

 

IT students, this is your chance to learn cybersecurity in-depth straight from the experts! We will be discussing cool topics like Cybersecurity, Machine Learning and lots of other infosec/geeky stuff so if you’re free, come and join our event!

 

Interested students can register HERE
For more details visit Trend Micro Pilipinas FB page (https://www.facebook.com/TrendMicroPH)

Before I end the post, the usual disclaimer/disclosure:
I work at Trend Micro. The information contained in this post is taken from Trend Micro Pilipinas Facebook Page.

To know more on what I do full-time, kindly visit my blog’s about page or visit my Linkedin page. To read my blog’s disclosure policy visit my disclosure page.

For other infosec, malware and tech (and not so techie) stuff, please follow me in Twitter 🙂

,

[Top]

Category: Technology

Trend Micro CTF 2017

Posted on June 21, 2017  in Technology

Hello Friends!!!

Our company is running a cool educational contest this summer that is worth checking out. It is a global competition intended to help build skills among young professionals and seasoned veterans in the area of cybersecurity.

This Trend Micro event, called Capture the Flag (CTF), will consist of challenges across 4 disciplines including targeted attacks, cybercrime, IoT, and SCADA. Winner gets JPY 1,000,000 (approximately US$8,700) plus much much more!!!

Trend Micro is also offering an amazing opportunity for the top 10 online qualifying teams and will cover travel expenses to Japan (up to JPY 200,000 / approximately US$1,810/ conditions apply) as well as three nights hotel accommodation. Even if you are not really interested in the prizes, this is a great opportunity for you to test your skills and learn!

With a global shortage of skilled cybersecurity experts, this is a great way for people to build their knowledge of this industry.

Think you have what it takes?

REGISTER NOW

Btw, I blogged about the Trend Micro CTF 2017 in my other tech blog 🙂 please check it  out  too 🙂

Before I end the post, the usual disclaimer/disclosure:
I work at Trend Micro. The information contained in this post is taken from Trend Micro press materials. The views expressed in this blog are mine alone and do not necessarily represent my employer’s positions, strategies or opinions.

To know more on what I do full-time kindly visit my blog’s about page. To read my blog’s disclosure policy, kindly visit my disclosure page

For infosec, malware and tech stuff, please follow me in Twitter

 

, ,

[Top]

Category: Technology

On Bitcoin, the Philippines and Coins.PH

Posted on June 1, 2017  in Personal Experiences, Reviews, Technology

I love bitcoins and cryptocurrencies and I wrote some articles about bitcoin here at menardconnect.com and in our company security blog some years back.

I also delved into mining crypto-coins but my electricity costs and my alt-coin mining difficulty is at odds so I re-assessed the situation and concluded it was not cost effective anymore. So I stopped mining some years ago and I monitored the bitcoin  scene and its infosec connection from the sidelines of social media.

This year, I read that Bangko Sentral ng Pilipinas (BSP) issued some guidelines on virtual currencies  and for me this is some sort keeping up with the times of BSP (hehe acceptance of reality maybe)  and is a long awaited good news overall. So I decided that the time is ripe for Philippines and Bitcoin so I searched what my friend Dexter of TechAthand.net and BestofRiyadh.com mentioned in one of his posts that a PH-based company is offering an easy way to buy bitcoins and do purchases and remittances with cheaper costs. So I researched more about that company (Coins.PH) and find that it’s very promising 🙂 . Luckily, a friend IRL mentioned that he is using Coins.PH too so this sealed the deal.

I registered at the Coins.PH website and downloaded the iOS app and tried using the Coins.PH services. And I am very happy to say that Coins.PH is very easy to use and is really promising as lot of merchants are using it to sell e-loads, pay bills (for telco/utilities like meralco) and allow sending of remittances. Payment is very easy too (via G-cash, 7-11 stores, Cebuana Lhuillier or bank transaction (online or OTC (over-the-counter). These are my top choices of payment but you can see other options in the website or app and use what is convenient for you. From my personal checking, the app and the website is secure, but of course I will be constantly be vigilant about this and will check it from time to time. I know that good security practices with your mobile phone and computing machines (PC/Macs) is a must for the overall security and safety of bitcoins transaction and other online financial activities. Update: I also had some good experience dealing with the support folks on some issues so this is another plus for them 🙂

To show my appreciation and support to Coins.PH and the bitcoin community around the world and in the Philippines I am doing this awareness post on Bitcoins and Coins.PH. I strongly recommend that you, my readers, friends (online and IRL) and supporters try Coins.PH too by registering using my Coins.PH referral link . Registration is FREE, but the good thing with registering using my Coins.ph link, we both earn 50 pesos each (credited to our Coins.PH wallet) when you complete the verification process. To complete the verification process they will require Identification (ID) card upload as to prevent potential abuse (hehehe shoutout to our friends at BSP and AMLC 😀 ). If you are not comfortable about uploading your ID and complete the verification it’s A-OK too, the only drawback is that you will have some daily transaction limit (P2,000) but still, the basic account can be a good way to try and have a hands-on feel on how to do wallet and bitcoin transactions.

Again I invite you to try Coins.PH  its FREE and SAFE. And as the saying goes… there is no harm in trying 🙂

Hope you like my bitcoin and Coins.ph post. If you like bitcoin and coins.ph too please feel free to leave a comment at the end of this post or leave some comments at our facebook page.

,

[Top]

Category: Technology

On Ransomware, PNP and Infosec

Posted on March 23, 2017  in Technology

“I’m so three thousand and eight
You so two thousand and late”
Boom Boom Pow, Black Eyed Peas

And so our beloved Philippine National Police Anti-Cybercrime Group (PNP-ACG) warned the Filipino citizenry about ransomware. Wow! I’m lost for words, so let me just sing a song from the the Black Eyed Peas instead

We have this quote/saying in Filipino “Huli man daw at magaling, naihahabol din!” So let me welcome the Philippine National Police, PNP-ACG to the Ransomware party! Habol na lang mga Boss Chief, kaya natin ito!

On the brighter side of things, I’m happy that our PNP finally gave some warning about the dangers of ransomware. I know they are doing their best in keeping up with the latest threats and cybercrime and as a responsible Pinoy infosec (information security) dude here in the Philippines, I support  them on these efforts.

On the geeky tech side of things, Ransomware started sprouting like mushrooms in the last 2~3 years (or maybe more). How do I know this one? I’m just lucky, because I eat malware for breakfast (almost every day) 🙂  I am very thankful that I am part of this wonderful team that helps protect the world from these types of online threats! I love you TM Team! 🙂

So when I read GMAnews article on PNP, Ransomware it brings back “senti” ransomware moments because if I remember it correctly, the first ransomware that caught my interest was the Bundespolizei Police Ransomware (around 2012). Bundespolizei is Germany’s Police force and that ransomware variant pretends to becoming from the German Police entity and it demands payments/ransom from the victims. More geeky details of the German police ransomware here . Police and ransomware always go together pala talaga! Hehehe!

I also promised on my some blogging thoughts  post that I will do something different on my blog this year so let me take this opportunity to launch (or re-launch) my infosec/security focused blog AVsecurityProductManager.com. I have posted a Ransomware inspired article there and this is a shameless plug so please visit me there too.

For more details about Ransomware please visit Trend Micro Ransomware info page

Before we end, some disclosure: I work at Trend Micro. The views expressed in this blog are mine and mine alone (and do not necessarily represent my employer’s positions, strategies or opinions). Read my about page on what I do.

[Top]

Category: Technology

WAUA: WordPress WP-ADMIN Bruteforce Attack

Posted on February 9, 2015  in Blog Experiences, Technology

We Are Under Attack!!!”

That is what the orcs will shout (in their very unique husky and grunty voice) when the enemies attack their orc base in Warcraft 3.

That is also my topic of this post:

“WAUA!!!”

No I’m now screaming about the attack on my blog. I have this good mindset about threats and attacks: I don’t panic. I am also not feeling kawawa or wawa (poor victim in loose filipino translation) in this situation. I think I survived the onslaught of the attack and to spread some good vibes why not share some useful tips here at menardconnect.com 🙂  OK enough of the intro. Let’s get it on:

Late last month, this blog experienced some form of attack from malicious actors who-must-not-be-named. We all know I’m using WordPress, and some dudes out there are trying to login to this blog’s WordPress administration panel and do some brute force attack on  guessing my password. Simply put, this means some bad guys (I will collectively call it hax0r) are trying to pretend to be me (me, the website blog admin) and try to get into the wordpress admin console so that they can control the website and blog. More basic info on brute force attacks here.
I will not delve into the technical details of the attack , but in tradition of my good old free six video and free six series, here are six easy to-do tips and tricks that users/admins can do to prevent or better prepare themselves (blog owners) against these WordPress WP-ADMIN Bruteforce attacks.

1. Update your WordPress core files as soon as possible
Just like any software, WordPress have its own security flaws and it needs to get updated from time to time. Admins are advised that they should always update WordPress to the latest version, for more info on this go here. When a new version of WordPress is available admins will receive an update message in your WordPress Admin consoles.

2. Update your WordPress plugins too
Just like the wordpress core files, plugins needs to get updated too. If your blog relies on many plugins, do not worry because when a new version of WordPress plugins are available you will also receive message in the WordPress Admin console that its time to update. There are also automated update settings if you want to try it out.

3. Do not use Admin as the username of the administrator account.

Yes the hax0rs are trying to login via the “admin” username, but as a basic security practice, I disabled it every time create a wordpress blog. I suggest the you be creative. Use NIMDA instead!

4. Do not use your name as the blog admin username account
This piece is quite a revealing one, the hax0rs are trying to get in via the username menard. My name is public info in this blog, so they are clever and they tried it too. But luckily I did not use that name so I avoided that loophole in this admin account issue.

5. Discard unused wordpress themes and plugins
If you are not using the wordpress themes and plugins, do not keep it.  Delete it asap. This one caused me some issues several years ago, but my advise here is if you are not using any theme or plugin that theme or plugin should be deleted ASAP because these are like low hanging fruits for attackers.

6. Have good WordPress security plugins installed
Just like security softwares (antivirus, antimalware, anti-threat) for your PC, Macs, iPads, smartphones and other devices, wordpress blogs needs some security tools too. There are some good free wordpress security plugins that works well but I will try to share two: Login Lockdown and Sucuri .

Login lockdown locks the admin console after several failed attempts, a good old trusted plugin. A recent good addition to my security plugin arsenal is Sucuri Security- Auditing, Malware Scanner and Hardening, a free plugin and it has helped me detect this attack. How? See this…

email alert by sucuri

 

So I’m giving the good folks at Sucuri some love link here in my blog. Kindly go visit them at Sucuri

That’s all for now, i will try to share other tips in the future. Hope you liked my free six tips and tricks to combat WordPress Admin Brute-force Attack

, ,

[Top]

Category: Technology

Shellshocked: Some Bash #Vuln Useful Links

Posted on September 28, 2014  in Technology

Last week, I was “literally” fooling around with the bash bug by reposting 9gag images about it 🙂

and mashing it up with old movie flicks:

but by the end of the week things are getting a little bit serious as my colleagues found some live malicious files in the wild

As part of the usual sharing of good tech info to my blog readers and friend and as part of public service of a responsible netizen, here are some cool links about this vulnerability:

Infographic from TrendLabs on the Bash Bug aka Shellshock vuln

Shellshock

Some useful links too below:

All image/link credits to Trend Micro, TrendLabs Security Intelligence Blog and CNN.

Before I end the post, the usual disclaimer/disclosure:
I work at Trend Micro. The information contained in this post is taken from Trend Micro website and TrendLabs Security Intelligence Blog. To know more on what I do full-time kindly visit my blog’s about page or visit my linkedin page. To read my blog’s disclosure policy, kindly visit my disclosure page.

For infosec, malware and tech (and not so techie) stuff, please follow me in Twitter 🙂

, ,

[Top]

Category: Technology

Twitter Analytics Online

Posted on September 1, 2014  in Blog Experiences, Technology

Twitter launched some cool features last week.

Going to analytics.twitter.com will give you great metrics about your tweets and your followers.
For followers stats, it shows data about your followers interests (Top Interests and Most Unique Interests), location, gender and list tweeps your followers also follow.

menardconnect-twitter-analytics

For the tweets metrics, it highlights your tweets impressions and engagement data. Good visualization given the data is free.

menardconnect-twitter-analytics-tweets-

For the followers stats, I believe it’s already there as you check it out, but for the tweets metrics, you need to somewhat enable it (or login once into the analytics page) to start the population of data.

We might argue that these are geeky data points, but my personal take here is that in this interconnected world of social media this is good and interesting data (and quite possibly profitable too *hint* *hint*) .

No security issues so far but I will try to update this post (and my soon to be re-launched tech blog) if I find something new.

[Top]

Category: Technology

TrendLabs Security Intelligence Blog: RSA Conference 2014: The Way Forward

Posted on March 18, 2014  in Technology

I recently attended an information security conference in San Francisco, CA, USA (hence some lull moments with the posting frequency for this blog late last month and early March). I was able to collect some insights and posted them in TrendLabs Security Intelligence Blog. TrendLabs posted it yesterday and so I am reposting it here at menardconnect.com:

RSA Conference 2014: The Way Forward

I attended the RSA 2014 Conference in San Francisco, which has held about two weeks ago. This year the conference offered new insights to today’s threat landscape, which will help us all plan for and protect users in 2014 and beyond.

Largest Security Conference of 2014

The attendance numbers for RSA are always impressive: this year had more than 25,000 attendees, 400+ sponsors and exhibitors, with more than 550 speakers. Such was the number of vendors that two large Exposition Halls – one each in the Moscone Center’s North and South buildings were used for vendor exhibits. The various sessions – including most of the technical track talks I attended – were in the Moscone West hall.

Earlier my colleague JM Hipolito shared her own thoughts about RSA; here is what I found most interesting there.

Opening Keynote: Finding a Path Forward in an Increasingly Conflicted Digital World

The Executive Chairman of RSA, Art Coviello, delivered the opening keynote. He gave his first public comment on the RSA and NSA controversy, as well as the need to separate the NSA’s offensive and defensive functions. But what I will remember most on his keynote is his call to governments and the security industry as a whole to adopt four guiding principles to help maintain a safer Internet for everyone:

  1. Renounce the use of cyberweapons, and the use of the Internet for waging war
  2. Cooperate internationally, in the investigation, apprehension and prosecution of cyber criminals
  3. Ensure that economic activity on the Internet can proceed unfettered and that intellectual property rights are respected
  4. Respect and ensure the privacy of all individuals

He also reiterated the need for the security industry and governments to work hand in hand to create a safer digital world that will benefit this and the generations to come. All of the guiding principles are all equally important, but I would like to highlight the first and second ones as being the most important.

The topic of cyberwar and cyberweapons is very sensitive, but I found the correlation between cyberweaponry and nuclear weapons compelling. I totally agree with Coviello’s statement that “we must have the same abhorrence to cyberwar as we do nuclear and chemical war.”

As for cooperation in prosecuting cybercrime, this is a topic where Trend Micro’s positions are well-known. We’ve frequently spoken about the need for researchers and law enforcement agencies to work together to prosecute the actual “threat actors”, as we believe that this is the most effective way to catch cybercriminals. These partnerships allow researchers and police to combine their strengths and ensure that Our efforts have netted effective results, most recently being the arrest of the creator of SpyEye.

Bitcoin Is Here: How to Become a Successful Bitcoin Thief

Uri Rivner of Biocatch and Etay Maor of Trusteer co-presented the one technical session at RSA dedicated to Bitcoins. They discussed the basics of cryptocurrency and how one can use it. They also discussed the usual use cases of Bitcoin: from creating a wallet and having your very own address, to filling the wallet with Bitcoins using an online Bitcoin exchange.

The highlight of the session for me was the a live demonstration of a hack using a SpyEye variant. In the demo, they performed a man-in-the-browser (MiTB) attack and stole the user’s Bitcoin from his wallet.

They also discussed the top cybercriminal activities that Bitcoin has been tied to. These include phishing attempts to steal Bitcoin-related website credentials, deploying RATs (Remote Access Trojans) to have direct access to desktop wallets, up to using botnets to mine Bitcoins (even though this is no longer particularly attractive).

They also explained why cybercriminals are interested in cryptocurrencies like Bitcoin. Because the cybercriminals believe that cryptocurrencies offers anonymity, they think that these will help in laundering money made from illegal activites. In addition, advanced services available in the cybecrime underground (like Bitcoin fogging services) may enable threat actors to further increase their anonymity tenfold.

In summary, the presenters said that Bitcoin is a new exciting frontier and encouraged everyone in the room to try and delve into it so that they understand its potential. They warned about the increasing phishing and malware attacks related to cryptocurrencies. They also pointed out that online Bitcoin exchanges and online wallets are low hanging fruit that may be a big opportunity for the cybercriminals. (The troubles of many online exchanges recently, including erstwhile leader Mt. Gox, have only reinforced this last point.)

The talk mirrored many of the points we have discussed. In December, we had discussed the possibility of Bitcoin’s then-record prices causing thefts of Bitcoin wallets. We had also earlier discussed how users can help secure their cryptocurrency. Overall, we share their sentiments: Bitcoin is the object of much potential, but is the subject of multiple threats as well.

Original Post from: RSA Conference 2014: The Way Forward

 

Definitely I will do a follow up post/s with my other insights on RSA, the keynotes and on Bitcoin. But not yet sure if it will be for menardconnect.com or my other tech blog.

Like my previous posts on RSA, I would like to convey my thanks to Jonathan and JM for their assistance with the article.

And of course some shout-out to my RSA 2014 buddies (Jamz, Malen, JM and Ian) for their ideas and thoughts that kept me sane in RSA. Another special shout-out to other pinoy AV dudes I’ve met in SF.

Lastly some disclosure:
I work at Trend Micro. The views expressed in this blog post are mine and mine alone and do not necessarily represent my employer’s positions, strategies or opinions.
To know more about me (work and other stuff), kindly visit my about page.
To know more about my blogs full disclosure policy, kindly visit my disclosure page

Until next post…

, , ,

[Top]

Category: Technology

Bangko Sentral ng Pilipinas Advisory on Bitcoin and Other Virtual Currencies

Posted on March 10, 2014  in Technology

And so the Bangko Sentral ng Pilipinas (BSP), the Central Bank of the Philippines already issued an advisory on bitcoin and other cryptocurrencies.

Bitcoin.svg

 

Image Credit: Wikimedia Commons

I believe it’s a good and timely move. But reflecting back, there is really nothing new with this announcement (ok maybe for me and other crypto coins dudes and dudettes out there). But I will reserve my other personal commentaries for a future post.

For now here is the full text of the BSP’s advisory posted at the Bangko Sentral ng Pilipinas official website (http://www.bsp.gov.ph/) last week:

Warning Advisory on Virtual Currencies

03.06.2014

It has come to the attention of the Bangko Sentral ng Pilipinas (BSP) that virtual currencies like Bitcoin are now being exchanged in the Philippines. The public is hereby warned that such exchanges are not regulated by the BSP or by any regulatory authority in the country at this time. Thus, there are no existing regulations which would specifically protect consumers from financial losses if an organization that exchanges or holds virtual currencies fails or goes out of business. Moreover, there is no assurance that the value Bitcoin or any virtual currency would be stable. In fact, its value can be highly volatile.
The BSP will be closely monitoring developments on these virtual currencies particularly on their possible use for money laundering and other illegal purposes, and will adopt appropriate measures as needed.

In the meantime, the public is enjoined to familiarize themselves with some basic information on the subject. Further understanding can be gained through personal researches on the internet and other forms of media.

What you need to know about virtual currencies

A virtual currency is a form of unregulated digital money, meaning it is not issued or guaranteed by a central bank. It allows purchase of both virtual goods (such as in online gaming environments and social network) and real goods and services (such as in retailers, restaurants and other establishments). Unlike electronic money, which is backed by cash for 100% of its stored value, virtual currencies are not backed by any commodity like cash, gold or silver. Rather, they are merely valued subjectively according to one’s ability to exchange them for goods.

Things to think about before buying, holding or trading virtual currencies

  1. You can lose your money through a virtual currency exchange – Exchange platforms are unregulated. If a virtual currency exchange loses or fails, there is no legal protection that covers you for losses arising from any funds you may hold on the said exchange. At present, there have already been a number of cases where virtual currency exchange platforms have gone out of business or have failed.
  2. Virtual currencies in your digital wallet can get stolen – When buying virtual currencies, the same are stored in a “digital wallet,” on a computer, laptop, PC tablet or smart phone. This digital wallet makes use of public and private keys or passwords that allow you to secure your wallet. Still, there have been a number of reported cases whereby consumers lost large amount of virtual currencies from their wallets through hacking. Further, since virtual currencies do not have central organizations that hold and re-issue keys or passwords, losing the key or password to your digital wallet would mean losing your virtual currency forever.
  3. You are not protected when using virtual currencies for payment –Payments made through virtual currencies like Bitcoin are immediate, direct and non-reversible. Further, since the use of virtual currencies is not regulated, there are no existing regulations to protect you in case of unauthorized or incorrect debits made from your digital wallet.
  4. The value of your virtual currencies cannot be guaranteed and can change quickly – The value of virtual currencies has shown several sharp increases for the past year, and several sharp decreases as well. If you buy a virtual currency today, it is quite possible for its value to drop sharply and permanently the next day.
  5. Virtual currencies may be used for money laundering and other illicit activities – Virtual currencies provide consumers with high degree of anonymity and therefore may be used for money laundering and other illicit activities. This illegal use can affect you, as law enforcement agencies may decide to close exchange platforms and prevent you from accessing funds that the platform may be holding for you.

Full text can be found here . Special thanks to Lee Chipongian (@leechipongian) for the link.

I will write more about bitcoin (and maybe other cryptocoins) here at menardconnect.com soon so this will be a good starting post on this topic.

In the mean time, if you want to read more about bitcoins and malware, kindly visit TrendLabs Security Intelligence Blog.

[Top]

Category: Technology

Repost: 9gag Lern How to Googel Mor Efectivly

Posted on September 18, 2013  in Blog Experiences, Technology

Reposting some cute and informative infographics courtesy of 9gag. My tweet:

 

9gag-

 

Original post from 9gag. Some link love to hackcollege.com

http://9gag.com/gag/a75dOge

[Top]