Security Scene Blog: July Edition

Estimated reading time: 2 minutes

By Adair Thaxton, Internet2 Cyberinfrastructure Security Engineer

Happy Independence Day! With fireworks celebrations around the country being canceled, if you choose to shoot off your own fireworks, please be mindful of pets, vets, and children who are trying to sleep. Also, be mindful of your own safety — you don’t want to have to retrain yourself to type with nine fingers!

Paul Howell, Internet2’s chief cyberinfrastructure security officer, noticed this link on Reddit the other day. Scapy can be used to do nmap-like host and service discovery, but it can also do a lot more and is more flexible than other packet-crafting tools.

This online workshop walks you through crafting packets with Scapy and interpreting the results — Scapy doesn’t just tell you if a port is filtered (there are a number of reasons why a port can seem to be filtered). It tells you what response it received that would suggest the port is filtered. Error codes, y’all!

Now, onto one of my favorite words – steganography! (Stegosaurus was my favorite dinosaur, so steganography reminds me of stegosauruses.)

I usually think of steganography as hiding messages in pictures, but this article discusses hiding messages in text, using Zero Width Characters, and encrypting them. The article explains in a very accessible manner how that’s accomplished, and the steps the authors have taken to make it secure.

Steven Wallace’s IRR Office Hours seemed to be very useful for the community — each session saw him individually help different members to understand more fully what they needed to do. If you need help, please email irr-help@internet2.edu and let us know.

If you haven’t filled out the survey about the potentiality of a virtual TechEX/another online event this fall, please do! This survey is expected to remain live until July 15.