My buddy Aamir aka DrChaos.com wrote a interesting post defining what a Rainbow table is, when they are used and why salting passwords makes it hard to use Rainbow tables. The original post can be found HERE.
On the topic of breaking passwords, I often hear security professionals and a few other folks mention Rainbow Tables. I used to think a Rainbow Table was a set of pre-computed (pre-calculated) hashes from passwords…essentially a lookup table where a plaintext’s unencrypted password corresponds to a known hash.
However, this is not a totally accurate definition of a Rainbow Table. In reality, a reverse lookup table allows you create a second table consisting of the password hash of user accounts. Then you use a Rainbow Table consisting of hashes and guessed passwords to compare the two. You can see if the hashed password of compromised user account matches a hashed password in lookup table. Continue reading →
According to Darkreading (found HERE), more than 50 Sheraton, Westin, other hotel chains in North America affected by a data breach. The letter from Starwoods can be found HERE. I put the top part of it in the image above. Continue reading →
Networkworld wrote a interesting article on how Cisco is opening their development kimono and letting customers view how things are coded. The goal is to be more transparent about how things such as proving Cisco isn’t hiding NSA back doors in its technology. The original article can be found HERE.
Cisco’s suppliers have stronger security requirements, and customers will soon be able to inspect products before buying
Cisco is working to build the confidence of prospective customers in its products, two years after disclosures of spying by the U.S. National Security Agency seeded doubt, particularly in China. Continue reading →
Wired posted a very interesting article about how a startup named Zerodium did something unusual … they posted their zero day exploit catalog. Isn’t that the third or forth rule of fight club??? First you don’t talk about fight club and then you don’t publish what exploits you have publicly? Now selling exploits is public business? This can’t be good. You can find the wired article HERE.
THE TRADE IN the secret hacker techniques known as “zero day exploits” has long taken place in the dark, hidden from the companies whose software those exploits target, and from the privacy advocates who revile the practice. But one zero-day broker is taking the market for these hacking techniques into the open, complete with a full price list. Continue reading →
QualifiedHardware.com sent me a great post they provided about locking picking. (Original found HERE). Here is what they have to say.
You may associate lock-picking with a criminal in a ski mask trying to break into your house. But, the fact of the matter is, lock-picking is not always a criminal activity. You may be in a rush, and you may accidentally lock yourself out of your home or car. Learning how to pick a lock may actually save you time and money (as long as it’s only done on your locks). Continue reading →
RT posted about how Anonymous has taking down ISIS twitter accounts. Pretty awesome to see Anonymous is now getting involved. The original post can be found HERE.
Hacktivist group Anonymous has reported that more than 5,500 Twitter accounts belonging to Islamic State have been taken down. It comes after the collective declared a “total war” on the militant group following the Paris attacks.
Cisco just released the latest version of the Firepower software aka Firepower 6.0. You can now download this from Cisco.com or directly from your Firepower manager under the update section. A summary of new features include having all ASA models can now use ASDM to manage Firepower services for that individual ASA with Firepower (however best practice is using the centralized manager), SSL Decryption for ASA with Firepower, DNS sink holing, Identity services engine (ISE) integration and much more. Details on each new feature are found below. Continue reading →
If you are in the IT industry, most likely you will need to keep up with technology by obtaining a certification, attending a product training, attending a boot camp or a combination of these. I’ve gone through many different programs and have a few lessons learned that could help you with your future education planning. Continue reading →