Low Cost Open Source Wireless Hacking – HackRF Jawbreaker
I sat down with Jared Boone a local Portland hardware hacker to discuss HackRF, an open source project he has been working on with Michael Ossmann funded by DARPA. The combination of open source...
View ArticlePenetration Testing with Smartphones Part 2: Session Hi-Jacking & ARP Spoofing
In the first part of this series “Penetration Testing with Smartphones Part 1” we covered several network and vulnerability scanning applications that can be run from a smartphone. In this section we...
View ArticleThe Infosec Dunning–Kruger Effect: Confidence vs. Overconfidence
A key message at Tripwire moving into the next year is around true confidence. Confidence in IT security posture and information security’s position in the business. While reading Price Waterhouse...
View Article10 Signs You’ve Been Working In Information Security Too Long
When your mom calls you ask her three security questions to verify her identity Your pet’s name consists of at least 20 characters and contains a mix of numbers, uppercase letters, and at least one...
View ArticleSneakernets Never Say Die: Power Plants Infected with USB Malware
A few days ago the State Department made public in a report that multiple power plants in the United States were affected by USB based malware during the beginning of October 2012. One of the plants...
View ArticleSecurity Visualization: Meaning From Chaos
One thing I love about information security is its beautiful complexity, a complexity that calls upon multiple disciplines and requires both technical skills and creativity to solve real-world...
View ArticleSecurity Visualization: AfterGlow Cloud
One of the leading thinkers in the realm of security visualization is Raffael Marty, he literally wrote the book on the topic.“Applied Security Visualization” was published in 2008 and the material is...
View ArticleSouth Korean Attack & Malware Analysis
On March 20th an attack that brought down three major media broadcasters and at least two financial institutions computer systems in South Korea was launched. The Red Alert team which is part of NSHC...
View ArticleMobile Antivirus: FUD, Fact and Fiction
Is mobile antivirus just a myth? I would say it is more of a “legend,” where facts have been distorted, or exaggerated to craft a more sensationalistic story. A true “antivirus” for mobile devices is...
View ArticleTwitter Y U No Offer Two-Factor Authentication?
The power 140 characters can have was felt again today. The Associated Press had their Twitter account hacked and a fake tweet was posted, stating the White House had been attacked and that President...
View ArticleSecurity Visualization: VideoLAN DDoS Visualized As A Game of Pong
VideoLan was the target of a recent DDoS attack with more than 200 requests per second hitting their systems at 30Gbps. VideoLAN is experiencing a major DDOS attack targeting its mirrors...
View ArticleLivingSocial Hacked – 50 Million Records Compromised
It is being reported that LivingSocial has had a substantial data breach affecting 50 million customers. The known scope of the data compromised at this time includes names, email address, birth dates...
View ArticleU.S. Dam Data Breach and NERC CIP Standards
United States intelligence agencies have uncovered a data breach that targeted and compromised the U.S. Army Corps of Engineers’ National Inventory of Dams (NID) starting back in January. The database...
View ArticleGame of Pwns: Syrian Electronic Army and Information Warfare
The Syrian Electronic Army has claimed another victory by defacing the Financial Times website as well as several Twitter accounts run by the news organization. The group has had a run of luck recently...
View ArticleSecuring WordPress: Hardening Basics
WordPress has become one of the leading blog platforms, and many small to medium sized businesses even utilize it as their content management system. WordPress is available as a one-click install with...
View ArticleNSA and FBI Access to Verizon Phone Records
It is being reported by The Guardian that the NSA has been collecting phone records on millions of Verizon customer in the United States under an order by the Obama administration. The FBI was granted...
View ArticleAnalysis of Korean War Anniversary Cyber Attack and Malware
In both North Korea and South Korea, several websites were defaced and brought down via a DDoS attack on the anniversary of the start of the Korean War. The Red Alert (R3d4l3rt) team in South Korea...
View ArticleCarberp Botnet Lifecycle Infographic
Last week the source code for the “Carberp” botnet creation kit was posted online and released to the masses creating a huge problem for security teams around the world. Carberp is sophisticated,...
View ArticleAT&T Privacy Policy Change Risks and the De-Anonymization of Data
AT&T recently modified their privacy policy where they will be selling aggregated data of their subscribers usage information for marketing purposes. This is following in the footsteps of other...
View ArticleThere is a Lot More to Metadata than You Know
We have been hearing a lot about metadata the last few months thanks to the revealing of NSA surveillance tactics and partnerships. Many have stated “it’s only metadata.” however there is a lot more to...
View Article
More Pages to Explore .....