General Security
Security for Educational Institutions
Friday, October 15th, 2010Couple good links for future reference: http://www.cosn.org/Initiatives/CyberSecurity/CyberSecurityInformation/UnderstandingtheIssues/EightAssessmentQuestions/tabid/5258/Default.aspx http://www.sans.org/reading_room/whitepapers/sysadmin/protecting-students-public-school-environment_1428
Seven Principles for Security Systems
Thursday, February 11th, 2010This is a very good report: Understanding scam victims: seven principles for systems security Frank Stajano, Paul Wilson August 2009 Archived here. While reading the example scams in the article, it becomes clear much like corporate fraud they depend on collusion. A team pulling off a social hack is far stronger then a single person [...]
Atlantic article on Cyber Attacks
Thursday, February 11th, 2010It is well-funded and pursued by mature individuals and groups of professionals with deep financial and technical resources, often with local government (or other countries’) toleration if not support. It is already responsible for billions of dollars a year in losses, and it is growing and becoming more capable. We have largely ignored it, and [...]
Rootkit Hunters
Wednesday, February 10th, 2010A few resources for finding rootkits: Linux: Rootkit Hunter Chkrootkit Windows: RootkitRevealer
Card Skimmers
Saturday, January 30th, 2010Photos from Mikko Hypponen, originally linked from Kreb’s On Security: Note how close the arrows are to the slot, that’s because there’s a skimmer inserted: Battery pack, pinhole camera to watch what PIN is typed in, and cell phone which would send the information from the card swipe + PIN as a text message live [...]
Failed Keyboard Logging…
Friday, March 6th, 2009Interesting failed attempt using nanny software: http://www.theregister.co.uk/2009/03/06/sumitomo_scam_sentencing/ Can you call someone a hacker / cracker who uses commercial off the shelf software? I wonder what the result would have been using either a custom written keylogger (to avoid AV signature hits), or if they had installed physical keyloggers on their keyboards? In any case, interesting [...]
Passwords and Data Mining
Friday, February 27th, 2009I believe the working assumption must be we’re under a persistent, long term attack by organized groups. This is not just organized crime, but I suspect organized criminal groups that are tolerated by states like Russia and China if not outright state sponsored. It’s not just those old “boogey men” either — there are many [...]
Rainbow Tables
Wednesday, December 5th, 2007Lovely http://www.codinghorror.com/blog/archives/000949.html Use a program like Ophcrack to launch a brute force attack using Rainbow Tables. Rather then using bandwidth to download a Rainbow Table, and so you can customize the table with salts, extra characters, etc…get a RT Generator like the rtgen utility in the original RainbowCrack. Ah, longing for the quaint old [...]
Security Articles
Saturday, October 20th, 2007The post is to serve as a library for good articles on general Information Systems security. ================= Scott Berinato, October 2007 CIO Magazine This series of three articles (plus a technical write up) contain an in-depth look at a sophisticated malware enterprise revolving around a piece of malware called “Gozi.” As an example of the [...]