security

image thumb141

Interesting geographic attack vector from a Russian launched cyber counter-attack

I love the Russians. I know, strange to hear that from an American in modern day with a new “cold war” (seemingly) beginning to gain steam. Let’s say, I respect them. Their hackers in particular. Their response to a cyberattack is to launch a full-on offensive attack against the attacker, quite a different response from the Chinese who tend to just block attackers, or the Americans, who never even notice an attack is taking place.
image thumb6

14 days running a secret Dark Web pedophile honeypot (and why I now think Tor is the devil)

Before discoursing the lengthy analysis of the Dark Web honeypot (the pedophile honeypot in particular), let’s answer the question that is surely on everyone’s mind – did the honeypot allow me to reveal the true identity of the person visiting the site?
image thumb441

Interesting list of Chinese filtered words, banned domains, and potential username/passwords

That China filters their Internet traffic is no secret – their societal system (many believe) requires that information be filtered. What is more interesting, are the *words* that are filtered. Several research groups have studied China’s walled-off Internet infrastructure (via search engine results, reverse engineered software and hardware products, leaked router or firewall settings, etc.) and compiled lists of words and phrases that are banned or filtered inside China. Here is a large sample of their findings.
image thumb21

JPMorgan Chase security breach not what you think – military attack against key financial institutions turns over keys to the kingdom

Although I’m disappointed that JPMorgan Chase delayed the disclosure of the breach that touched more than 83 million U.S. households (they knew about it at least four months ago), I’m even more upset at what they disclosed – that key customer financial data was not stolen. JPMorgan may tout the expertise of their security team who bravely stopped the attack before the hackers could get their mitts on customer accounts and passwords, I see a pretty good indication that this was *not* what the attackers were after. At this point, there’s a pretty good clue that the attack was a government or military-sponsored endeavor, likely originating from Russia.
image thumb331

Shellshock (Bash bug) vulnerability – critical security vulnerability discovered in Bash (Bourne-Again Shell)

If your Linux/Unix (or Apple Mac OS X) applications are running with root permissions and call on the shell, this vulnerability (called “Bash Bug” or “$hellshock”) is huge as it allows an attacker to remotely execute shell commands by attaching malicious code into environment variables used by the OS. The flaw is present in GNU Bash versions 1.14 through 4.3 (yup, this bug’s been around for 22 years now). Basically the flaw allows the attacker to create environment variables that contain trailing code – and the code gets executed as soon as the bash shell is invoked. And yes, it’s exploitable over the network.
image thumb221

How to secure your Internet connection using a secure VPN through a secure VPN

If you are suspicious of Tor, tired of the laggy connection, or simply want a more stable means to ensure your connection is encrypted and secure, you can easily create a VPN connection through a VPN connection which ensures anonymity and hard-core encryption of your network stream (with kill switches to protect your identity if the VPN connection is dropped).
image thumb851

Winds of change – Britain toughens up cyberattack laws – life sentences for some hackers

The UK government has said it wants to hand out life sentences to anyone found guilty of a cyberattack that results in loss of life, serious illness, serious injury, or serious damage to national security (or a “significant risk thereof”. The plan, which frighteningly, is broadly written, is proposed as an update to Britain’s Computer Misuse Act 1990 and would also hand out harsher sentences to any hacker carrying out industrial (commercial) espionage. Even minor hacking crimes can result in sentences up to 14 years.
image thumb91

Heartbleed OpenSSL (SSL/TLS) vulnerability – analysis of a mind-blowingly simple bug

The OpenSSL encryption flaw, known as the Heartbleed bug, is being called one of the biggest security flaws ever seen on the Internet. One security analyst called it “catastrophic” and said that on a scale of 1 to 10, the vulnerability was an 11. The newly discovered vulnerability isn’t “big news” because of its complexity, but for the fact that the amazingly simple bug existed for two years before anyone noticed allowing millions of servers to remain vulnerable and open to hacker attacks.
image thumb851

Real-time global security attacks shown while they happen

Kaspersky Labs recently launched this beautiful interactive global map that shows online threats around the world as they happen. Data used to drive the map comes from Kaspersky’s malware monitoring software. The different colored lines represent various attack vectors that are being detected through their software. For instance, pink lines represent an IDS scan while blue represents web vulnerability scans.
image thumb31

Due to recent events, Def Con says Feds are not welcome at this year’s hacker conference

For the first time in the 21-year-old history of the famed hacker’s convention, government employees are being asked to stay away from the DEFCON event. Def Con has always catered to hackers, researchers and others interested in security research and employees from the CIA, FBI, and NSA have always been welcome and in fact, regularly attend the annual event. General Keith Alexander, the head of National Security Agency, even gave a keynote speech at last year's event. Alexander was asked at the time whether the government was snooping on its citizens and denied that the NSA was gathering information on all Americans. But there will be no federal speakers this year. Def Con is asking all federal employees to stay away from the event entirely.
image thumb21

Whoops. IRS accidentally uploads tens of thousands of private social security numbers in public database

PublicResource.org, an organization that specializes in publishing government archive, had to make an embarrassing call to the IRS this week. Apparently the IRS IT department does not have a filter installed to monitor for errant data uploads which allowed a regularly-refreshed IRS database report of the nonprofit industry to be uploaded with a smattering of unintended data. The IT mistake allowed the database to be uploaded with tens of thousands of private Social Security Numbers included in the public reports. The IRS quickly shut off public access to the database, hopefully before wily hackers caught whiff of it. PublicResource noted that this was not the first time the IRS mistakenly published the database with embedded private data.
image thumb1141

Man arrested after trying to board airplane wearing this cool watch – TSA thinks it’s the bomb

Steampunk rears its ugly head again. An Oakland artist and teacher was arrested at Oakland International Airport for wearing a suspicious watch. Geoffrey McGann, 49, was arrested at 7:45 PM on Thursday after airport security found him wearing a watch with wires, toggle switch, and fuses protruding from it. Airport security thought the watch looked like either a bomb or a timing device for a bomb and called in the bomb squad to investigate. After handing the watch around amidst a chorus of “oohs” and “aahs”, the watch was deemed safe and classified by TSA as “pretty cool”.
image thumb851

Department of Homeland Security to form “CyberReserve” volunteer cybersecurity army made of civilian hackers?

According to sources, the Department of Homeland Security was advised last week, to create a “cyber skills task force” that would act as a reserve army of cyber specialists in order to mold top-notch cybersecurity talent to address U.S. cybersecurity emergencies. Called the “CyberReserve” and similar to the National Guard program, CyberReserve would ensure professional “hackers” are on hand to respond to security-related national emergencies.

Start typing and press Enter to search

Shopping Cart

No products in the cart.

Signup now!

25%

Sign up for
our newsletter
and Get a Discount

Get notifications of new products, insider industry news, science and tech features, and more.