Home Fun

2014 was an interesting year. I think I saw more vulnerabilities exposed in 2014 than I have ever before in my life. But I guess that could be due to my age and career path that I was more aware of it.

Actually, lets put Nessus on hold for a second.

I really want to know how 2014 compared.

Some code
import xml.etree.ElementTree as ET
from plotter import GenerateChart
tree = ET.parse('allitems-cvrf.xml')
root = tree
years = {}
for country in root.findall('{https://www.icasi.org/CVRF/schema/vuln/1.1}Vulnerability'):
    CVE = country.find('{https://www.icasi.org/CVRF/schema/vuln/1.1}Title').text
    TITLE = country.find('{https://www.icasi.org/CVRF/schema/vuln/1.1}CVE').text
    year = TITLE.split("-")[1]
    try:
        years[year] = years[year]+1
    except Exception, e:
        years[year] = 1

years_keys = sorted(years.keys())
years_values = []
for i in years_keys:
    years_values.append(years[i])

print years_keys
print years_values
g = GenerateChart(years_keys, years_values)
# Source for GenerateChar on my github

Code to generate the graph

A pretty chart

img

{
1999: 1578,
2000: 1242,
2001: 1573,
2002: 2433,
2003: 1598,
2004: 2777,
2005: 4893,
2006: 7253,
2007: 6757,
2008: 7314,
2009: 5143,
2010: 5320,
2011: 5323,
2012: 6686,
2013: 7424,
2014: 9546,
2015: 1482
}
Back to why I started this post

We (the intended audience of this post) among our differences, Linux, Windows or Mac, vim vs Emacs, 2B or !2B, share one thing in common. We all have a home lab.

Home labs are great but dangerous if left alone or setup without thought.

My first home lab featured a honeypot which STUPIDLY shared a subnet with the rest of my house among with many many many more mistakes.

Yep, you guessed it; my hackable OS got hacked and the dude/dudet found his/her way through my network and took some 50 GB of data before I noticed.

Luckily, the only thing I did right back then was log everything and the data taken was nothing more than archives of freeware.

I keep archives to play with vulnerabilities after they've been pached. They can have every version of adobe reader, flash, chrome and firefox :)

Home labs are dangerous when left alone because they are development environments and are insecure by design and even if you do everything "right":

  • Segregate the "lab" network from the home network
  • Block all externally born connections into the lab subnet [unless its a honeypot, but then put it in its own segregated subnet]
  • LOG
  • Log everything
  • Keep logging

But eventually our real jobs and life make us ignore our labs and "shell shocks create heart bleeds"; sorry, was trying to be funny.

As you can see from the chart above, I can not keep up with vulnerabilities to personally check and patch for each one. That is why I think its very important that we regularly scan our homes.

Tenable has created some amazing tools for checking the "heath" of your home network; its free for home use too. Below is what it looks like when you leave your network alone for 6 months.

I was too embarrassed to show what the scan of my lab came up with. But take my word for it, I will be running this scan monthly.

img


December 10 2014