Blog Posts Tagged with "Network Security"
Maritime Cybersecurity Low to Non-Existent
January 24, 2012 Added by:Joel Harding
Instead of buying a ship for the relatively cheap price of $15 million, one could simply take control of the ship remotely and guide it into a target from thousand of miles away. Imagine the boom that 135 million cubic yards of natural gas could make if an LNG ship were run aground...
Comments (12)
Roadmap to Exploitation: The OIG Imperative to Publish or Perish
January 23, 2012 Added by:
The majority of OIG organizations publish highly sensitive information as if they were assisting the agency. Just the opposite. They are ensuring a more rapid penetration of cyber defenses. Whose side of the equation here are you on? Why does this need to be public information?
Comments (9)
Cyber Espionage: A Buzzword-Term Often Overused
January 23, 2012 Added by:Scot Terban
The Cuckoo’s Egg”, which happened in 1986, is the first "documented” case of computer espionage that is not classified. Cliff Stoll was asked to look into an accounting error on a University system and ended up finding and tracking an asset for the KGB...
Comments (0)
The Criticality of Attribution in Volatile Situations
January 22, 2012 Added by:Rafal Los
Imagine when a kinetic act causing loss of life is falsely attributed to a group, and because of the situation, human nature takes over. Assigning responsibility even when it's false is all the "evidence" we need to go to war or retaliate. Same with a hacked website...
Comments (1)
More Exposure to SCADA Devices Through Shodan
January 22, 2012 Added by:Bob Radvanovsky
Wile I am certain that the majority of this membership knows what Shodan is, honestly, it represents slightly more than an automated port scanner reporting back on some of the more common open ports (HTTP, SNMP, telnet) that appear to be pingable throughout the Internet...
Comments (3)
Dutch Council on Int'l Affairs' Advice on Digital Warfare
January 22, 2012 Added by:Matthijs R. Koot
In December 2011 the Dutch Advisory Council on International Affairs published an advisory entitled "Digitale Oorlogsvoering" (English: "Digital Warfare") intended for the Dutch government. Below is my translation of the conclusions and recommendations of the advisory...
Comments (0)
The Proliferation of Cyber Janitors
January 20, 2012 Added by:
What we really need in this industry is a complete shake up. We need true innovative thought that uses cyber intelligence, counterintelligence and active defense and offensive measures in our programs. No more sitting around waiting for the penetration...
Comments (3)
TeamSHATTER: Analysis of the January 2012 Oracle CPU
January 18, 2012 Added by:Alexander Rothacker
This time ere are only TWO fixes. This is the lowest number ever since the CPU program has started in 2005. Oracle, what happened? Did you throw in the towel on DBMS fixes? I know it’s not because the Database is finally fixed for good and is now suddenly secure...
Comments (0)
That a Phone in Your Pocket or Are You Scanning My Network?
January 16, 2012 Added by:Malgorzata Skora
Smartphones have become much more powerful over the past few years. Combine this power with the right applications and you can scan a network from the inside in seconds, along with performing several other new types of attacks for information gathering...
Comments (1)
Kolmogorov Complexity, Natural Language Programming and the Bash Shell
January 15, 2012 Added by:Kyle Young
In this post we will be treating strings as objects in a similar sense of Kolmogorov complexity. Then we will apply an alias name or function name to the object which then the alias/function name can be perceived as a natural language sentence...
Comments (0)
First Documented Case of Cyber Espionage?
January 15, 2012 Added by:Richard Stiennon
Thanks to a hacker group in India, Infosec Island has source material that demonstrates wide spread cyber espionage on the part of the Indian Government which the hackers may publish. This is a historically significant development for those of us who track cyber espionage...
Comments (12)
Zappos.com Hack: 24 Million Customer Records Breached
January 15, 2012 Added by:Headlines
A source has provided Infosec Island with a copy of a message they received while logging in to their account regarding a "security update". The message advises customers to change their password, but makes no mention of the massive data loss event...
Comments (2)
The Next Generation Search Engine Hacking Arsenal
January 14, 2012 Added by:Pierluigi Paganini
LulzSec and Anonymous use Google Hacking as a means of identifying vulnerable targets, as it provides a complete and regularly updated source of sensitive info. Developers and sysadmins who want to deploy applications on cloud infrastructures should be aware...
Comments (0)
Hash Types for John the Ripper
January 14, 2012 Added by:Rob Fuller
Pentest Monkey is a great resource for a lot of things. You can take this a step further and create a hash mangler script that takes a clean hash and adds the few prefixes and suffixes that are common on Pentest Monkey's list to get the most odds at John picking it up...
Comments (0)
Exclusive: Interview With Hacker YamaTough
January 13, 2012 Added by:Anthony M. Freed
Update: “The Lords of Dharmaraja” claim to have released the source code for Symantec's Norton Utilities as was threatened earlier today. The alleged data dump has not been confirmed, and company officials have not yet released a statement. Exclusive interview with YamaTough here...
Comments (3)
Why Do We Pen Test?
January 13, 2012 Added by:Robb Reck
When we get deep into the weeds of any pentest, the results are not going to be pretty. Some systems don’t get patched like they should. Some servers get stood up outside proper change controls. These types of exceptions cause pentest findings and look bad. They are gotchas...
Comments (0)
- Improving Security by Failing Faster
- BYOD: Should It Be the Wave of the Future?
- Trend Micro Discovers "SafeNet" - a New Targeted Espionage Operation Online
- Managing My Company’s Security is a Nightmare
- Bridging the Cybersecurity Divide, Why Security Innovation Must Lead the Way
- The Evolution of Industrial Control System Information Sharing
- ATM Security (And Really Learning from the Past)
- Complimentary IT Security Resources [May 13, 2013]
- Steps Toward Weaponizing the Android Platform
- Mobile Security Processes Could Be Applied to Medical Devices: Bluebox