Better Together: The Role of Women in Securing Our World
During a fireside chat last fall, Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly summed up the forward-looking stance that’s come to characterize her tenure. “We need to look at the possible,” she told audience members. “We’re all in this together.”
This philosophy of togetherness is what underpins the events of Cybersecurity Awareness Month each October. Every year, government agencies and the cybersecurity community come together to encourage individuals to play a more active role in keeping every aspect of our digital lives safe.
But this year’s Cybersecurity Awareness Month has been a true inspiration — and not just because it’s the 20th anniversary year. This October CISA also announced its new, enduring cybersecurity awareness program, “Secure Our World.” This exciting initiative was designed to encourage greater cyber-awareness across the U.S. by sharing ways that individuals, families, and small- and medium-sized businesses can minimize threats to our online universe.
With Secure Our World, Easterly and her team have done an amazing job of distilling a highly complex set of concepts into a powerful, bite-sized story. Some of the messages may be a bit oversimplified for those with working knowledge of cybersecurity, but given how uncommon this sort of knowledge still is, it’s definitely a step in the right direction.
Information security has been designated a government-wide high-risk area since 1997, and the federal government has focused on protecting critical cyber infrastructure since 2003. At no point in the 20 years since then has there been such a concerted and ongoing effort, globally or across the United States, to educate everyone about the importance of cybersecurity and our role in keeping our lives, and our families’ lives, secure. Dare I say it took a woman at the helm of CISA to help tell that story?
This sort of unique perspective is one of the reasons why it’s important to encourage women to enter the cybersecurity field. Today, the industry is only 25% female. And while that’s up dramatically from the 10% in 2013, women are still highly underrepresented.
This is unfortunate not just because women can bring so much to the cybersecurity community, but also because cybersecurity can offer such a fulfilling and enjoyable career. It certainly has been for me: I got my start with the Sourcefire marketing team, just after they were acquired by Cisco. The team — including then-CMO Marc Solomon, CP Morey, Jennifer Leggio and the company’s badass threat research team — welcomed me in.
While cybersecurity has its ups and downs like any industry, it’s been more than a dozen incredibly educational and rewarding years, and I’ve never looked back. Now that I’ve joined the team here at SonicWall, I’m super excited to bring my industry knowledge to a company with a rich history spanning decades. I joined SonicWall because of its phenomenal culture and established place in the cybersecurity industry, and because of its loyal partners.
I wholeheartedly agree with SonicWall’s vision. SonicWall is elevating its game, both in terms of empowering our partners and in upleveling our product and solution offerings. I’m excited for the chance to do my part to help further that journey.
It isn’t just a pivotal time for SonicWall, though. It’s a pivotal moment for cybersecurity in general. My work in cybersecurity has opened my eyes to so many dangers that a lot of people don’t even think about — and these risks are growing and expanding to some unexpected places.
I have a five-year-old and, unlike many of their friends, they don’t have a tablet. This might sound extreme, but I believe that if you leave online connected devices anywhere in your house, you’re basically letting a stranger into your home. From baby monitors that can be hacked to allow strangers to watch your children, to (often poorly secured) devices that track things like biometric data and the layout of your home, you can never be sure who’s watching what — or what they’ll do with the info they have.
This lack of visibility is just one of the reasons that initiatives like Secure Our World are so important. While there are so many benefits to the online world, risks abound. As end users, as employees, as parents — as citizens — we have to be more diligent about how we go about our digital lives. We can’t afford to see cybersecurity as “something tech workers do.” It must become something that all of us do.
That’s why, as a woman working in cybersecurity, I’m so excited to see what the future of CISA’s awareness initiatives holds. If this program someday becomes as well-known as, say, “Click It or Ticket” or “Safe to Sleep,” imagine how much more informed and safer the world could be!
Figure 5: A known method of obfuscation is using ‘call-push-ret’
Figure 13: The ASCII plaintext has a ‘hwid’ indicating the encoded system name
Figure 16: Each green arrow represents a decision tree where the program can terminate
Figure 17: Partial list of decoded commands
If the SOCKS5 server is delayed in its response, the curl state machine returns with the local resolver selected, but the next time the curl state machine is called, it has no knowledge of the hostname’s length. It now tries first to resolve the name using the remote resolver by building a protocol frame in a memory buffer assuming the name is less than 255 bytes and then copying the destination hostname to the too-small buffer. It\’s also important to consider the conditions which allow this code path to be taken. libcurl uses a variable named CURLOPT_BUFFERSIZE to determine how large to allocate the download buffer. By default, the curl tool sets CURLOPT_BUFFERSIZE to 100kB and is therefore not vulnerable. An overflow is only possible in applications that do not set CURLOPT_BUFFERSIZE or set it smaller than 65541. 
Running the same setup with the addition of GDB monitoring curl, it is possible to see the backtrace and exact vulnerability conditions. This highlights that the vulnerability exists within the resolvers. 
A segmentation fault occurs when the contents of register $RDI are attempted to be resolved as a pointer. Consider the disassembly from GDB below at the point of the segmentation fault: 
By inspecting the value of $RDI, it is possible to see the heap buffer overflow has caused the register to be overwritten. 