This Blog has Moved!

This blog is moving to


Thank you for visiting! Content will remain here for archival purposes.

URGENT! McAfee VirusScan Artemis False Positives!

I've been tipped off that McAfee VirusScan's Artemis Global Threat Intelligence is triggering numerous false positives.

I do not have details on this (and if anyone has further details please post them), but McAfee has made the following KB article available:

https://kc.mcafee.com/corporate/index?page=content&id=KB78993

According to sources online, Artemis is deleting numerous files making machines inaccessible.

DISA Gold Disk FOIA Request Sent

UPDATE: My FOIA request was denied, and these tools will remain lost forever.  Details here.

I have sent a FOIA request to DISA for public release of the DISA FSO Gold Disk.  It is my hope that this request will be rather painless, and that DISA will release all requested materials.

If/when DISA does release the requested materials, I will establish an open source project on either SourceForge or Google Code for continued development of the Gold Disk.

My letter is below. I should receive a response within 30 days.

Hello,
I am writing to you to request public release of the following:
DISA FSO Gold Disk binaries
DISA FSO Gold Disk source code
DISA FSO Gold Disk developer documentation
DISA FSO Gold Disk user/administrator manuals

Per http://iase.disa.mil/stigs/index.html
"The DISA FSO Windows Gold disk tool provides an automated mechanism for compliance reporting and remediation to the Windows STIGs. The FSO Windows Gold Disks are an unlicensed tool developed by the FSO, the use of this tool is completely at the user's own risk. Currently, the Gold Disk supports Windows XP, Windows Vista, Windows 2003, Windows 2008 R1. There are no plans to develop Gold Disks for future technologies or products, FSO will utilize the SCAP standards for compliance reporting for Windows 7."

Since the tool is unlicensed and developed by FSO, that puts the tool in Public Domain. Furthermore, the DISA FSO Gold Disk is no longer supported for use within DoD, and development has ceased, meaning the tool is no longer in use within the DoD.

This tool could be of great use to the private sector, and would help increase the security of our nation.

I understand that the DISA Gold Disk does contain IAVM information which is still FOUO. As such, I am agreeable to this information being sanitized prior to public disclosure.

Since this is a FOIA request for public interest, I would like to request that any fees be waived.

I look forward to your response.

Thanks,
Ken Buckler
Caffeine Security

How Vulnerable Is The Emergency Alert System?

I'm sure by now everyone has heard about the Emergency Alert System "Zombie Attack" incident. IOActive even released a security advisory about the vulnerabilities with DASDEC Emergency Alert System digital alert systems. However, the incident raises further concerns, such as "who in their right mind hooked up the Emergency Alert System to the Internet in the first place?"

If someone wanted to hack the Emergency Alert System, first they would need to know what hardware/software is out there. (Un)fortunately the FCC has already done part of this research and published a vendor list.


A Confession to my Twitter Users - And Thank You

I have a confession to all my Twitter users.  I've been using you all.

On my Twitter feed (https://twitter.com/CaffSec) you will see automated posts of news and new exploit code from Pastebin.  These automated posts are generated using RSS feeds and Dlvr.it.

Truth is, I don't have time to read all of those articles and exploits I'm posting. Instead, I've successfully crowdsourced my security news - I read what you reply to, favorite, and retweet. After all, if you found it interesting and worth reading, I should probably read it as well.

As I approach 2,000 followers on Twitter, I just want to say thank you to each and every one of you who follow me.  You help me more than you know.  Thanks to you all, I know what stories are important to read.

It's taken two years to get here, and I've gone a long way from my original 5 Twitter followers.  Best of all, I've even gotten back in touch with a few old friends, and made some new ones in the process.

So to each and every one of my Twitter followers, thank you for following me and interacting with my tweets!