Network Access Control
Secure Communications in Harsh Environments
October 02, 2012 Added by:Patrick Oliver Graf
For a long time, hackers only targeted the IT systems of offices or individuals. This, however, has changed as the bad guys more frequently go after unconventional targets, like industrial and oil plants, refineries of all kinds, power grids or water utilities...
Comments (0)
Old School On-Target NBNS Spoofing
September 30, 2012 Added by:Rob Fuller
So it turns out that Windows Firewall talks IP addresses just like any other firewall, so if you configure FakeNetBIOSNS to tell everyone that the IP address for whatever they looked up is YOUR IP, guess what, no need to bypass the spoof filters...
Comments (0)
Raising Zombies in Windows: Passwords
September 13, 2012 Added by:Rob Fuller
List the tokens available with Incognito, your new user will be there, steal it and you're done. You now have the ability to user that account/domain token on any of the hosts you've compromised on the network, not just the ones they happen to have left themselves logged in...
Comments (0)
The OTHER Problem with Passwords
August 29, 2012 Added by:Wendy Nather
Organizations are motivated to prioritize ease of use over security if they feel their target audience won't be able to use advanced features without support. The result is that the password reset process to an address of record is the easiest way to get into an account. And of course attackers know this too...
Comments (1)
Is a Password Enough? A Closer Look at Authentication
August 16, 2012 Added by:Robert Siciliano
Yahoo and LinkedIn were recently breached and usernames and passwords were stolen. These sites did something wrong that allowed those passwords to get hacked. However passwords themselves are too hackable. If multi-factor authentication was used, then the hacks may be a moot point and the data useless...
Comments (0)
Why is a Password Manager Not Yet a Hot Selling App?
August 13, 2012 Added by:Gurudatt Shenoy
What is the solution to preventing security Armageddon if passwords are not going away soon and people are going to use the same password for all their accounts? I did find a solution for this couple of years back. It is called a password generator and will generate a unique password for storage and management...
Comments (5)
The Weakest Link in the Security Chain: Is it in Your Controls?
August 11, 2012 Added by:Tripwire Inc
Rather than brute-forcing the account, the hackers gained access by doing some creative social engineering by contacting Apple customer support. The problem is that we often turn over our data to 3rd-party providers without understanding what protocols they have in place to keep our data safe...
Comments (0)
Go Ahead and Write Down Your Passwords
August 07, 2012 Added by:Boris Sverdlik
Another day, another password hack, and yet another reason not to reuse passwords... Here is a simple bash script to generate strong passwords. Port it to Python or even something more platform independent. Also, don't forget to set Auto Dismount to 15 minutes, so you don't leave it up and running...
Comments (14)
Billions of Hashes per Second with Multiforcer Password Cracker
August 07, 2012 Added by:Dan Dieterle
So what does it take to reach cracking speeds topping 154 Billion hashes per second with multiple hashes? The tool was created to help out pentesters who need to crack passwords, but can not submit hashes obtained to online cracking programs due to auditing agreement restrictions...
Comments (0)
Army Translator Re-Sentenced for Possession of Classified Docs
August 06, 2012 Added by:Headlines
The defendant took classified documents from the U.S. Army without authorization. While assigned to an intelligence group in the 82nd Airborne Division of the U.S. Army at Al Taqqadam Air Base, he downloaded a classified electronic document and took hard copies of several other classified documents...
Comments (0)
Red Flag On Biometrics: Iris Scanners Can Be Tricked
August 02, 2012 Added by:Electronic Frontier Foundation
Among all the various biometric traits that can be measured for machine identification, the iris is generally regarded as being the most reliable. Yet Galbally’s team of researchers has shown that even the method traditionally presumed to be foolproof is actually quite susceptible to being hacked...
Comments (0)
An Urgent Message to My Supporters
July 27, 2012 Added by:ʞɔopuooq ʇuıɐs
On this first day of Defcon, it appears my @th3j35t3r twitter account has been suspended. Coincidence? Probably not. We all know I have some pretty desperate enemies who will stop at nothing to see me inconvenienced, discredited or otherwise annoyed. So here’s the upshot...
Comments (0)
DEUCE: Bypassing DLP with Cookies
July 19, 2012 Added by:f8lerror
DEUCE went from simple concept to a multi-encoding and encryption DLP bypass tool. The program simply takes an input file and creates a cookie for each line. DEUCE has the ability to encrypt via AES, hash with MD5 or use a custom multi-encode with a 3 times replacement cipher...
Comments (0)
Yahoo and Billabong Password Dumps Analyzed
July 19, 2012 Added by:Dan Dieterle
Wow, not one, but two massive password dumps in one day. Hackers leaked a very large number of Billabong and Yahoo passwords in plain text with no need to try to crack them. We looked at the passwords using the analysis tool Pipa, and here is what we found...
Comments (0)
NIST Releases Federal ID Security Standard Draft for Comment
July 12, 2012 Added by:Headlines
The document is the next step toward updating Federal Information Processing Standard (FIPS) 201. Among its requirements are that all PIV cards contain an integrated circuit chip, a personal identification number and protected biometric data—a printed photograph and two electronically stored fingerprints...
Comments (0)
Cyberoam DPI Vulnerability Alarms Tor Project
July 10, 2012 Added by:Pierluigi Paganini
Tor Project found a vulnerability in Cyberoam DPI where all share the same digital certificate and the private key is the same for every device. The implications are serious, as it could be possible to catch traffic from any user by extracting the key and importing it into other DPI devices for interception...
Comments (0)
- Five Things Your InfoSec Team Should Do in the Next 30 Days
- The Disclosure Debate Continues….. (part 1,453, 769) to be Continued
- The Danger of Mixing Cyber Espionage with Cyber Warfare
- Improving Security by Failing Faster
- BYOD: Should It Be the Wave of the Future?
- Trend Micro Discovers "SafeNet" - a New Targeted Espionage Operation Online
- Managing My Company’s Security is a Nightmare
- Bridging the Cybersecurity Divide, Why Security Innovation Must Lead the Way
- The Evolution of Industrial Control System Information Sharing
- ATM Security (And Really Learning from the Past)