What is http://port139online.com:139/ ?

• Port139online.com:139/ IS a website
• Port139online.com:139/ IS a protocol
• Port139online.com:139/ IS a service (a service that tells you if your ISP is providing a tampered, filtered, limited, and incomplete service.)

I started port139online.com:139 to annoy the tech support agents at Cox Communications. I subscribed to their business Internet service because the sales rep told me that absolutely NO port filters existed for business customers. I don’t know if the sales rep lied to me on purpose to meet a quota, or if she just didn’t have all the information.

After several phone calls to Cox support, I finally got them to admit which ports they filtered (both inbound and outbound). They offered to reduce my bill by 45 dollars a month, but they would not remove the filters. I’m now a Verizon Business FIOS customer and couldn’t be happier with my pure, unmolested Internet.

Shortly after my Shmoocon presentation, Comcast went before the FCC. An executive vice president for Comcast lied to the FCC commissioner and the rest of the panel, when he said:

“I’m going to say again, on the record in front of this Commission, Comcast does not block any Web site, application, or Web protocol, including peer to peer services. Period. Doesn’t happen.”

Oh really? Well http://port139online.com:139/ IS a website AND an application AND uses a WEB PROTOCOL… and guess what? Comcast IS blocking it.

Read more about it here:

http://arstechnica.com/news.ars/post/20080225-comcast-and-net-neutrality-advocates-clash-at-fcc-hearing.html

And listen to the MP3 here: http://arstechnica.com/news.media/fcchearing25feb08.mp3

Reference: Comcast does block websites, ports, and protocols: http://taosecurity.blogspot.com/2005/07/what-does-your-isp-block-only-low-cost.html

http://www.dslreports.com/forum/remark,15481407

**** NOTE ****

You can only visit http://port139online.com:139/ from Internet Explorer. Firefox blocks many ports.

I just got back from The Credit Union Information Security Professionals Association 3rd annual National event in Austin Texas where Rohyt and I were talking to the folks about www.PhishMe.com.
I have never attended a CUISPA event before and welcomed the opportunity. It was refreshing to see this industry work together. Credit unions don’t have the budgets larger institutions do and many of their technologists wear multiple hats. Security is a group effort. (as it should be)

Two major takeaways I had from the conference:

1.) Credit Union security professionals have a can-do attitude and value networking with their peers to solve their security woes
2.) Don’t show up to a Credit Union event dressed in New York-Financial attire (unless you enjoy looking like that creepy sales guy)

On the heels of the CUISPA event is a good white paper I saw on BankInfoSecurity.com titled The State of Information Security 2008 - Survey Executive Overview (Free signup)

Tom Field (Editorial Director) did a good job putting the overview together. The top security issues I heard the Credit Union folks discuss are the same ones captured in this survey. (It’s good to see that this paralleled what I saw in person at CUISPA … too often these days a whitepaper is just a synonym for marketing fluff.)

Of course the #3 issue “3) Training - Employees, Customers Need More.” grabs our attention as our http://www.phishme.com/ moves from beta and inches towards launch.
I’m beyond excited.
-higB

p.s. If you happen to attend my ShmooCon 2008 presentation please be kind with the Shmooballs.

Those close to us know that we’ve been working on a self-service portal designed to help organizations run mock phishing exercises aimed at raising employee awareness. Shortly after the recent news about Oak Ridge National Laboratory and Los Alamos being targeted by spear phishing was published, I was interviewed by eWeek.

Read the full article here: Phishing Drills Teach Employees to Dodge the Hook

-higB

There was an interesting update yesterday about last month’s story about a Swedish security researcher who released the password and login information for 100+ embassy and government workers.

(I’m going to take some liberties summarizing this)

A Swedish researcher released 100+ passwords claiming he wanted to expose that the practice of using pop3, imap, etc shows a lack of user awareness. This also shows a lack of care and regard from the government institutions that permit inbound plain text authentication.

Some called for the lynching of this “hacker” while others were more curious about how the passwords were obtained. My initial off-the-cuff guess was a web exposure or a password list carelessly left online for google to cache.

How the passwords were really obtained proved to be much more interesting. In a blog posting yesterday, Dan Egerstad, revealed that he has been operating TOR exit nodes and sniffing passwords. I’m absolutely not surprised some people think that using TOR magically fixes all clear text protocols. What did surprise me is that government and embassy workers are using TOR. Are these workers really using TOR? It’s true that Tor is effective at masking the origination IP address from the destination address.

I think the REAL story here is that 100+ accounts have been compromised for months (maybe years) and that the real attackers have been using Tor to mask their origin IP address. Without Dan Egerstad exposing this; hackers, spies, (and who knows) could have gone on accessing these government email accounts unobstructed.

-higB

Jack Germain interviewed me on the security implications of peer-to-peer file sharing programs. Excerpts from that interview can be found in this article that discusses the grilling of the LimeWire CEO by a congressional committee.

Personally, I stay away from P2P prgrams other than Skype voice chat. Yes, Skype voice conversations are peer-to-peer.

 -Rohyt