Hey everybody. I added a new section to this blog for asking questions (see the menu section Ask A Question). This will help organize the various types of questions I see and hopefully morph into a wiki type page you can search for answers. I’ll moderate questions to remove SPAM so anything is game as long as it makes sense for this blog.
Many people believe the Sony breach was caused by North Korea’s Cell Bureau 121. As a follow on to my last post on the Sony incident, I am adding a fantastic post from The Independent covering Cell Bureau 121. The original post can be found HERE.
With North Korea’s ability to hack the most sophisticated computer systems in the world under scrutiny, a secretive cyber-warfare cell called Bureau 121 has come to light.
The Computer Science department at Florida State University is offering free computer security class lectures. You can find the entire CIS4930 and CIS5930 courses online HERE. These are the Spring 2014 classes so the content is pretty current. There are 26 lessons ranging from lock picking to launching attacks with Metasploit. Videos include lecture slides to download. Continue reading →
Cisco announced yesterday that they intend to acquire Neohapsis. Neohapsis is a security, risk and compliance company, which is a very interesting move by Cisco. Many people not only want data from security reports, but also desire how that data will impact their business. This means how changes or risk can impact compliance to mandatory regulations as well as how much impact could a vulnerability have to a system. Neohapsis is a services based company so this seems to be a security services play yet could also trickle in Cisco products.It would be really cool to see more compliancy based reporting in future Cisco products as an outcome of this acquisition.
The Verge has done a fantastic job covering the Sony Pictures Hacked story (found HERE). Below is a summary however you should go to the Verge.com to see each article showing the timeline of the attack.
A successful attack on Sony Pictures’ computer systems threw the entire studio into disarray in late November. The hijackers’ identity and motivation remain unclear, though in the days following the attack, evidence has surfaced to suggest it originated in North Korea. Rather than attempting to steal money or otherwise profit from the information it obtained, this hack seems to be focused on making life difficult for Sony Pictures employees. They have been subjected to threats from the hacking group, which has posted much of the data it collected from the studio’s servers to the web. Follow this storystream for the latest developments to the story.
The Telegraph posted a really cool article on the mysterious online organization called Cicada 3301 that has be posting puzzles for skilled cryptographers to crack. Is it a government organization such as NASA or CIA recruiting tactics or elite underground hacker group? What happens when you break all of the puzzles? You can read the original post HERE.
Here is the story from the Telegraph:
For the past two years, a mysterious online organisation has been setting the world’s finest code-breakers a series of seemingly unsolveable problems. But to what end? Welcome to the world of Cicada 3301
Typically I post about security topics on this blog however I want to share my experience trying to learn Mandarin. I spent the last 1-2 years trying both Rosetta Stone and later Pimsleur dedicating at least an hour a day towards learning. Both of these options offer completely different approaches to learning a language. My personal opinion is I learned a lot more from the Pimsleur approach verses Rosetta Stone based on my learning style. Here is a breakdown of my experience with each offering. Continue reading →
Cisco acquired the leader for identifying day zero threats ThreatGRID around may of 2014. ThreatGRID’s statement “The First Unified Malware Analysis and Threat Intelligence Solution” sounds like a mouthful however represents its purpose of going beyond what most “sandbox” technologies accomplish in this market space. What is also interesting is this technology is being moved into other Cisco security offerings now that they are part of Cisco’s breach detection strategy. Continue reading →
The Internet Security Research Group (ISRT) along with Mozilla Corporation, Cisco Systems, Akamai Tech, Electronic Frontier Foundation and IdenTrust will be offering a new free certificate authority service this up coming 2015 summer (learn more HERE). The concept is the Internet is a dangerous place and enabling protection is a hassle for many businesses. The reason behind this is enabling basic server certificates can be painful involving multiple steps and a cost. Lets Encrypt is offering the following principles to simplify the process. Continue reading →