So Long, And No Thanks for the Externalities: The Rational Rejection of Security Advice by Users
A research paper published under Microsoft Research by Cormac Herley, on why users reject much/most/all of the security education and advice given nowadays by security researchers and professionals alike.
Here're the links to the page, PDF [original] [mirror] and Google Docs viewer. What's below are just my summaries (of the paper) and thoughts on this, if it's of any interest anyway.
Weird outgoing IP accesses…
Found out by accident (plenty of "accident"s happening with me recently) that one of the home computers has been connecting out to some weird China IP amongst others, all of which are blacklisted according to robtex...
Starting to get quite concerned, since there was a lot of stuff that was previously installed, like those that you "need" to install in order to view online videos.
Will start to do some verbose logging to gather more info, but this isn't looking good so far. How this came up was because of the way the computer tried to connect to the site, apparently it tried to make too many connections at the same time, causing the router to think that there's a SYN flood attack going on lol.
Culprit #1 - 221.238.197.38 [robtex report]
Fun with Splunk: SSHD
Thought I'd share a bit on the tip of the iceberg, on what can be done with Splunk. Linux command line tools are still much needed for raw log analysis (since we can't have the luxury of having a Splunk installation around and ready whenever we need it), but if setup and running properly, Splunk can be pretty helpful (and not to mention faster) for some things.
(This post is pretty unpolished, partly because I can't be bothered to fiddle around with fitting the search strings into the width of the post, etc. Nonetheless, comments/discussions are always welcome heh)
One of my favourite tasks with log analysis is to get information on those people/bots which are brute forcing SSHD, so let's start with SSH attacks as an example.