General
Bore Them With Death-by-Awareness: That’ll Teach em!
May 08, 2013 Added by:Lee Mangold
As security professionals, we have to understand that not everyone has a passion for security. In fact, most people don’t. Given that we know “they” don’t share our passion, and we know they are the most vulnerable attack vector, why do we continue to bore them with homogenous and irrelevant training?
Comments (0)
Could the AP Twitter Hack Have Been Prevented?
April 26, 2013 Added by:Gianluca Stringhini
This is the first time that people realize that Tweets can have a large effect on financial institutions. The question that people are asking is: could this compromise have been avoided?
Comments (0)
Google: Black Hat or White Hat?
April 23, 2013 Added by:Larry Karisny
Google has a perfect opportunity to be a leader in cybersecurity. Google’s recent network -- and acquisitions and hires -- in Austin, Texas, is an opportunity to do security right the first time.
Comments (1)
Digital Natives, Digital Immigrants, Exo-Nationals and The Digital Lord of The Flies
March 29, 2013 Added by:Krypt3ia
There seems to be a disconnect within the psyche for kids where their actions are just not real because it happens online. Some of these kids that I tracked online due to recent events with the attacks on Brian Krebs that leads me to believe some of them may in fact be on the road to sociopathy.
Comments (1)
So APT Is China *snicker* Now What?
February 28, 2013 Added by:Krypt3ia
As RSA comes to a close and the corridors of the hall stop ringing with the acronym APT, I find myself once again looking at the problem as opposed to the hype.
Comments (0)
New York Times Says It Was Infiltrated By Chinese Hackers
January 31, 2013 Added by:Infosec Island
The New York Times said it had fallen victim to hackers possibly connected to China's military, linking the sophisticated attacks to its expose of the vast wealth amassed by Premier Wen Jiabao's family.
Comments (0)
The Importance of Sample Size in Social Engineering Tests
January 16, 2013 Added by:Matt Neely
Information security has a problem. We make far too many decisions without having reliable data to assist in our decision making process. Because of this, far too many information security professionals use what I call Gut 1.0 to make decisions based on gut feel...
Comments (0)
Are You Faking It?
January 06, 2013 Added by:Rebecca Herold
A few weeks ago I got a text message from a phone number I didn’t recognize, with a rather odd message. I sent a text back asking, “Who do U think U sent ur txt 2?” The response, “Myrtle!” I’m not Myrtle. Turns out they were using a phone number they had found online that was associated for the Myrtle they knew.
Comments (0)
Do Better Technical Controls Increase People Focused Attacks?
December 16, 2012 Added by:Simon Moffatt
Social engineering can be seen as a more direct approach to exposing real security assets such as passwords, processes, keys and so on. Via subtle manipulation, carefully planned framing and scenario attacks, through to friending and spear phishing, people are increasingly becoming the main target...
Comments (0)
Reflected Glory: Revealing one of my self-created social engineering tricks
December 11, 2012 Added by:Will Tarkington
What is reflected glory? To do this trick you need someone with a high social status that you can be associated with. It doesn’t have to be a close association just one that is known. You then simply state with authority your own opinion once the relationship has been recently established...
Comments (0)
Weaponizing the Nokia N900 – Part 4.0 – A Three Year Anniversary!
November 25, 2012 Added by:Kyle Young
I still believe the best phone for hackers is the Nokia N900 and it is a shame that Nokia decided to go the way of Microsoft. I personally believe that Nokia should have gone the route of an Android/Linux hybrid mobile operating system, but that’s just my opinion...
Comments (1)
Money Laundering Scenes In -The Digital World
November 20, 2012 Added by:gaToMaLo r. amores
By denying terrorist and criminals groups access to their money, authorities can stop them buying munitions and paying for suicide bombers. This approach has been highly successful in identifying and dismantling terrorist networks. Now they need to adapt and learn how this new DC works because it cannot be stopped...
Comments (1)
The Female Social Lever
November 16, 2012 Added by:Will Tarkington
In my ongoing expose on Social Engineering techniques I bring to you one of my favorites I call “The Female Social Lever.” A technique that takes advantage of social geometry and complex female group hierarchy. For this example we are going to use a party because it is where I developed this particular technique...
Comments (0)
You Believe It Because "I" Wrote It
November 14, 2012 Added by:Jim Palazzolo
Besides sheer entertainment, my objective is to practice my ability to create deception. It has been my observation that security personnel must be able to spot deception. Whether it’s covert channels or fake ID’s, deception is a very powerful tool that can be used both offensively and defensive...
Comments (0)
I lost my theory of mind… or Where my mind at?
November 13, 2012 Added by:Will Tarkington
Without the theory of mind everything that social engineers do or attempt to do would fail. The theory of mind is basically one’s ability to differentiate perspectives. From perspective comes intention, from intention comes reaction, and from reaction comes reward (or failure)...
Comments (1)
Why traditional approaches for securing Industrial Control Systems Fail
November 09, 2012 Added by:Mikko Jakonen
Criminals or 'adversaries' do not care about your papers. Period. Only a skilled set of controls, wisdom, and discipline in management secures the environment. Attackers will utilize every means to gain access your beloved environment...
Comments (2)
- Managing My Company’s Security is a Nightmare
- Bridging the Cybersecurity Divide, Why Security Innovation Must Lead the Way
- The Evolution of Industrial Control System Information Sharing
- ATM Security (And Really Learning from the Past)
- Complimentary IT Security Resources [May 13, 2013]
- Steps Toward Weaponizing the Android Platform
- Mobile Security Processes Could Be Applied to Medical Devices: Bluebox
- The Emperor Is Naked!
- Infographic: Keeping Web Applications Safe
- Do You Have a Vendor Security Check List? You Should!