All Posts By

Noah

Presented HIPAA Compliance in the AWS Cloud at IndyAWS!

By | Uncategorized | No Comments

Recently, my colleague Justin Kittle and I had the opportunity to present/discuss HIPAA Compliance in the AWS cloud with the Indianapolis Amazon Web Services (IndyAWS) meetup. We had a great time, especially with the good amount of healthy discussion and questions that were asked.

Justin serves as the IT Operations Manager for OurHealth, and I serve as the Director of Information Security. Our presentation covered the following topics:

  • Healthcare and HIPAA definitions
  • HIPAA requirements
  • HIPAA eligible AWS services
  • The AWS Shared Responsibility Model
  • Meeting AWS’ compliance model

Links to the presentation materials are below:

Thanks!

-Noah

2017 Cisco Champion for Security!

By | Uncategorized | No Comments

Well, for the third year in a row, I am pleased and humbled to announce that I was named a Cisco Champion for Security!

Here was the text of the email I received from the folks at Cisco that run the program:

Because of your impactful and valuable contributions to the IT community, you have been chosen out of hundreds of nominees to be part of the 2017 Cisco Champions program. Congratulations!

Cisco Champions is a global group of highly influential IT technical experts who enjoy sharing their knowledge, expertise, and thoughts across the social web and with Cisco. The Cisco Champions program encompasses people with interests across Cisco’s technology portfolio, including Data Center, IoT, Enterprise Networks, Collaboration, and Security.

I have truly enjoyed being a part of the Cisco Champions program over the past few years, including guest hosting the Cisco Champions Radio podcast, collaborating with other Cisco Champions on the Cisco Forums and in our Spark channels, and more!

Read More

2016 Cisco Champion for Security!

By | Uncategorized | No Comments

Well, it’s official. I was pleasantly surprised to find out that for the second year in a row, I was named a Cisco Champion for Security!

Cisco Champion Logo

Here was the text of the email I received from the kind folks at Cisco:

Hi Cisco Champions,

Because of your impactful and valuable contributions to the IT community, you have been chosen out of hundreds of nominees to be part of the 2016 Cisco Champion program. Congratulations!

Cisco Champions are a group of highly influential IT technical experts who enjoy sharing their knowledge, expertise, and thoughts across the social web and with Cisco. The Cisco Champion program encompasses a diverse set of areas such as Data Center, Internet of Things, Enterprise Networks, Collaboration, and Security. Cisco Champions are located all over the world.

I am humbled and honored to be named a Cisco Champion for Security in 2016. My original blog post regarding the 2015 announcement can be found here.

I truly enjoyed working with Cisco as part of the Champions program last year, including guest hosting the Cisco Champions Radio podcast, collaborating with other Cisco Champions on the Cisco Forums, and more! I look forward to doing more this year.

Read More

Updating Neato XV21 Rev 113 (Cruz) Firmware Offline

By | How To | 6 Comments

I started writing this blog post, but the same day another user on the Robot Reviews forum (djos) provided his method of updating a Neato XV Rev 113/Cruz board to the latest firmware in a much easier manner.

So, while I am still posting this to share my method and details of how I came about it, I STRONGLY suggest using djos’ instructions on the Robot Reviews forum for setting your Neato XV to a Vorwerk VR100 system ID via the command line.

Djos’ method is available here: http://www.robotreviews.com/chat/viewtopic.php?f=20&t=19005


 

Original method and details on how I came about it are below for reference:

As of November 2015, Neato has stopped providing firmware updates via their previous online updater. I recently replaced the Rev 113/Cruz main board in my XV21 and the new one shipped with firmware version 2.4.

Unfortunately, version 2.4 does not include many of the newest features of the latest XV firmwares, such as corner cleaning/”Corner Clever”. Details on the different versions of firmware are available on Wikipedia here: https://en.wikipedia.org/wiki/Neato_Robotics#Firmware

I did find an offline updater for the Rev 64/Binky version under heXor’s NeatoControl Bitbucket here: https://bitbucket.org/heXor/neatocontrol/downloads. However, I made the mistake of using that on my Rev 113/Cruz board and… bricked it. Oops…

So, with that in mind, I figured that the offline updater files provided by heXor gave a good starting point… If I could only find firmware files for Rev 113/Cruz somewhere. Fortunately, I saw this note on the XV11 Hacking wikispace (https://xv11hacking.wikispaces.com/Hacking+with+Neato+v3.0) – “The Neatos that are delivered with Firmware 3.0 are a different hardware revision compared to previous models. Previous versions (incl. the Vorwerk VR100) are codename ‘Cruz’.”

With that in mind, I found multiple firmware files on the Vorwerk website here: http://kobold.vorwerk.de/de/service/software-updates/saugroboter/vr100/#. Only problem was – All of the ZIP files on the site were password protected, with no password to be found. After a bit of digging, I found this tweet, which happened to have the password for the ZIP files (VORVR100!%) –

Armed with that, I took each firmware file from Vorwerk’s site, and created an update ZIP file based on heXor’s offline update script for each of the firmware files provided by Vorwerk. I tested each of them on my own XV21 and they worked for me personally. However, I take no responsibility if these cause any damage to your Neato if you so choose to use them. Upgrade at your own risk!

To Upgrade:

  1. Download the necessary file corresponding to the version you’d like to update to from my Github, available here: https://github.com/NoahJaehnert/Neato-XV-Series-Cruz-Rev-113-Update
  2. Connect your Neato to your computer via a MicroUSB cable
  3. Download and unzip the respective firmware ZIP file from this github repo
  4. Double click/execute run.bat

2015 ISC2 America’s Information Security Leadership Award Recipient

By | Uncategorized | No Comments

I am honored and pleased to announce that on September 30, 2015, I was presented with the 2015 ISC2 America’s Information Security Leadership Award (AISLA) in the Up and Coming Security Professional category!

AISLA Award

Per ISC2’s press release:

“The Americas ISLA program recognizes the achievements of outstanding cyber and information security professionals who have led an industry initiative, program or project resulting in a more proficient, resilient workforce in Central, North and South America.”

(ISC)² CEO David Shearer says, “I’m proud to recognize deserving cyber, information, software and infrastructure professionals for improving industry workforce standards. We had an impressive pool of candidates this year. In fact, the submissions we received in the Senior Information Security Professional category were so outstanding that the judges chose three exceptional recipients. Congratulations all of the recipients, finalists and nominees who were a part of our fifth annual Americas ISLA program.”

Full press release can be found here: Press Release – Americas ISLA 2015 Recipients

More details on the AISLA program can be found here: https://www.isc2.org/aisla/default.aspx

Additionally, shameless plug, but I have posted this to my LinkedIn page as well.

Gitrob – Open Source GitHub Sensitive Data Search Tool

By | Uncategorized | No Comments

Another day, another awesome looking tool. This time I’d like to introduce Gitrob, a tool that searches GitHub for sensitive company data.

As the developer/author Michael Henriksen points out in his blog post introducing the tool:

Gitrob is a command line tool that can help organizations and security professionals find such sensitive information. The tool will iterate over all public organization and member repositories and match filenames against a range of patterns for files that typically contain sensitive or dangerous information.

Much more detailed information, including how it works, is available in Michael’s blog post: http://michenriksen.com/blog/gitrob-putting-the-open-source-in-osint/

Not surprisingly, Michael has hosted the Gitrob code on GitHub here: https://github.com/michenriksen/gitrob

-Noah

WireEdit – Full Stack WYSIWYG Network Packet Editor

By | InfoSec, Tools | No Comments

Yet again, the Twittersphere pointed out another neat looking tool, WireEdit.  I first noticed this via @Cyberarms’ tweet:

WireEdit appears to let you edit network packets at any OSI Model layer, via a WYSIWYG editor. Looks neat, but I have not had the opportunity to play with it yet. If I do, I’ll be sure to update this post.

Click here to visit the WireEdit webpage. 

-Noah

ThreatWatch – Open Source Intelligence Dashboard

By | InfoSec, OSINT, Threat Intelligence, Tools | 2 Comments

I’ve spent some time lately researching Open Source Intelligence feeds, dashboards, etc.  I was trying to set up the Collective Intelligence Framework (CIF) and the Kibana dashboard associated with it, but ran into some snags. Namely, anytime I enabled the Kibana dashboard on my Ubuntu VM, it caused the CIF command-line tools to fail.

While troubleshooting (via my very best Google-fu), I came across ThreatWatch, a project that already has this implemented, running, and even added a large amount of additional feeds to what the Collective Intelligence Framework has.

A full list of feeds/data sources contained in ThreatWatch is available here: http://www.threatwatch.ie/feeds

A link to the ThreatWatch dashboard is available here: https://feeds.threatwatch.ie/#/dashboard/file/default.json. An example screenshot of the dashboard is below as well:

ThreatWatch Screenshot

-Noah

2015 Cisco Champion for Security!

By | InfoSec | One Comment

I haven’t updated this blog in quite some time, but on December 3rd, I was given quite a good reason to. I received a very nice email from the folks at Cisco, which stated:

Dear Noah,

Because of your excellent contributions to the IT community, you have been chosen out of hundreds of applicants, to be a member of the Cisco Champions team in 2015. Congratulations!

Cisco Champions are seasoned IT technical experts and influencers who enjoy sharing their knowledge, expertise, and thoughts across the social web and with Cisco. The Cisco Champions program encompasses different areas of interest, such as Data Center, Internet of Things, Enterprise Networks, Collaboration and Security. Cisco Champions are located all over the world.

Read More

Convert Gift Cards to Cash Using Square’s iPhone Card Reader/App

By | How To, iPhone | No Comments

Last night I was perusing Twitter as I sometimes do when I get bored. I came across this Tweet:

 

After reading it, I realized I have had three gift cards (two Visa and one Amex) sitting in my wallet for quite some time. They haven’t done me much good, though, as I could never remember how much was actually on them. So, I never used them…

Read More