You have probably heard by now that NSA Contractor Reality Leigh Winner used her access to leak classified information to The Intercept. The news media is covering the political angles here but there’s an excellent story on Operational and Information Security (OPSec and InfoSec respectively) that’s being largely ignored and some valuable lessons to learn […]
Why would I hire someone to ‘hack my stuff’, why are vulnerability assessments important?
Why would I want to hire you someone to “hack my stuff”? The technology infrastructure of most organizations, even smaller ones, can be extensive with a mix of employees, vendors and third party contractors all having varying levels of access to everything from the website to the firewall to leased printers and more. It can […]
The Cyber Defense Certainty Act, Active Defense or Hacking Back?
The Active Cyber Defense Certainty Act seeks to “…provide a defense to prosecution for fraud and related activity in connection with computers for persons defending against unauthorized intrusions into their computers, and for other purposes“. The [draft] bill seems well intentioned but overly ambiguous, leaving a lot of room for abuse (and for other purposes […]
Don’t forget the doors, physical controls are important too!
We talk a lot about technical controls but a recent engagement reminded me that physical controls are just as important and, if the physical controls fail or aren’t implemented, technical controls generally fall easily (if an attacker has physical access to an asset, most bets are off). The Gig: The engagement was a penetration test […]
Breach confirmed by InterContinental Hotels affecting 12 of it’s properties
According to articles from ThreatPost and DataBreachToday, InterContinental Hotels has confirmed a breach in systems used at 12 of it’s properties and notes that the systems were infected between August and December of 2016. According to both reports, cards used at the front desk of the properties were not affected but that the malware searched […]
A top-down approach to cyber security will not work, and here’s why
Recent computer / network security breaches combined with the fact that it’s an election year in the US has led to asignificant amount of focus on [information] security and technology and interesting responses from [mostly] politicians on what the appropriate solution should be. One of the solutions that I have heard tossed about in the […]
1 Million + Google Accounts Compromised
According to this article at Ars Technica and this one from Clark.com, attackers have compromised more than 1 million Google accounts using a new variant of the Ghost Push Android malware. The malware ‘roots‘ vulnerable devices to gain elevated access and then downloads and installs additional malware. What do we know? Based on the information […]
Information on 412 million accounts from FriendFinder published
According to this article from Threatpost, an attack on the FriendFinder network has left details on more than 400 million accounts exposed for sites including Adult FriendFInder, Penthouse.com and Stripshow.com and others. There’s a good bit of info in the linked ThreatPost and ClarkHoward.com articles but there were a couple of things that were glossed […]
Hacking back to defend against attacks. Good idea or Pandora’s box?
Following the recent attacks against DYN (and Krebs, OVH and others) by the Merai botnet, there has been chatter about ‘hacking back’ as a means of active defense. If you missed the story or aren’t really sure what happened, there’s a good video on it here from Threatwire to get you up to speed but, […]
Additional information on Friday’s massive DDoS against DYN (affecting sites like Twitter, Reddit, Amazon and more)
The Internet is just coming back to life after a massive DDoS attack against Internet Performance Management company DYN on Friday. The attack affected a number of high profile sites including Twitter, Reddit and Amazon as well as thousands of smaller sites that use DYN’s services. Details are still a bit sketchy but most are […]