Device Fingerprinting – What it is and defense measures

cookie1 Device Fingerprinting   What it is and defense measures

The people at webdesigndegreecenter developed a infographic covering device fingerprinting beyond standard cookie tracking. The original infographic can be found HERE. Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Am I Vulnerable To HeartBleed? Questions You Should Be Asking

heartbleed1 Am I Vulnerable To HeartBleed? Questions You Should Be Asking

Wow, what a crazy week! I’ve been slammed with questions about the heartbleed pandemic and thought I would provide a post answering “so what should I do?”.

For those that don’t know about heartbleed, read this post HERE. I found this cartoon a entertaining way of explaining heartbleed in non-technical terms. The original cartoon can be found HERE via xkcd.com

heartbleed explanation Am I Vulnerable To HeartBleed? Questions You Should Be Asking

What should you do? Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

OpenSSL Heartbleed Bug Impacting More Than Half Of The Internet

My buddy Aamir Lakhani wrote a great post covering the recently exposed security vulnerability that impacts more than half of the websites on the Internet. Its something everybody needs to be aware of. The original article can be found HEREheartbleed OpenSSL Heartbleed Bug Impacting More Than Half Of The Internet

Heartbleed is a serious vulnerability affecting OpenSSL cryptographic libraries. The Heartbleed vulnerability allows an attacker to steal information protected under normal SSL TLS conditions.

Here is what you need to know:

  • This is a very serious vulnerability.
  • It harms personal computers and everyday users. Attackers could possibly steal user information. 
  • Many popular websites, including social media, search, email, banking, and health sites are vulnerable.
  • The bug is found on most systems and has been present since 2012.
  • Most likely, attackers knew about the vulnerability, and may have been exploiting it for a long time.
  • Patching and updating systems will not protect owners from attackers who have already captured data.

Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

NSS Labs Breach Detection Systems (BDS) Comparative Analysis Report

nsslabs3 NSS Labs Breach Detection Systems (BDS) Comparative Analysis Report

NSS labs just released their Breach Detection Systems Report found HERE. The purpose for this report is based on the concept that there is a need for security solutions that extend beyond defense measures found in common security products such as Anti-Virus and IPS network appliances. NSS labs have developed a name for the feature designed to stop advanced threats known as having “Breach Detection” capabilities.  Its pretty much technology you would implement as a last layer in the event a threat breaches your firewall, AV and network security defenses. Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

The Imminent Demise of Bitcoin

Aamir Lakhani wrote a fantastic overview on Bitcoins. You can find the original HERE via www.drchaos.com.

Bitcoin started as a transparent open source currency that provided anonymity. It also provided advantages over traditional currency. Bitcoin is not bound to any organization or country. It is a peer-to-peer trading currency, so it is not subject to financial institutions such as banks, merchants, or payment gateways. A Bitcoin, in almost every way, is like real currency coins that you can use, spend, and save. However, like real currency, it can also be destroyed, lost, and stolen.

Bitcoin 1024x1024 The Imminent Demise of Bitcoin Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Next-Generation Intrusion Prevention Systems changing the game for Cyber

My buddy Aamir Lakhani wrote about how traditional security products such as Stateful firewalls and older IPS/IDS solutions are not cutting it for today’s level of threats. This post covers why the “Next-Generation” of security technology matters. The original post can be found HERE

Organizations are replacing their Stateful firewalls with Next-Generation firewalls (NGFW) and Next-Generation Intrusion Prevention systems (NGIPS).  Most traditional firewalls are nothing more than packet filters that keep track of who initiated the traffic to automatically allow response traffic back to originator. IPS vendors such as Sourcefire and McAfee (Intel Security) are rapidly adding advanced features to protect against insider threats, application vulnerabilities, mobile devices, and malware. One must wonder are the days of traditional perimeter security devices such as Stateful firewalls and single-pass IDS systems numbered?

Motivation 1024x634 Next Generation Intrusion Prevention Systems changing the game for Cyber Continue reading

VN:F [1.9.22_1171]
Rating: 4.0/5 (1 vote cast)

Stopping Both Attackers and Attacks – The Future of Network Security

image1 Stopping Both Attackers and Attacks – The Future of Network Security

The future of security must reach beyond the capability of an appliance. There are too many attack vectors that are continuously changing to detect with a silo solution. It basically comes down to this …. there are only so many signatures that can be checked against as well as behavior algorithms that can be put in place before you must let traffic pass. Odds are, a malicious attacker will eventually bypass detection based on the fact that there are hackers out there with a rack of all the latest vendor IPS, Firewalls, etc. in a lab designed to test how effective a piece of malware is against any enterprise security solution. So in a nutshell, you will only be able to stop the majority of attacks launched against your network. Something will eventually get through. This means detecting and preventing can’t be your only security strategy. Continue reading

VN:F [1.9.22_1171]
Rating: 4.0/5 (1 vote cast)

Chained Exploits compromise valuable Twitter account

Aamir Lakhani from drchaos.com wrote a good article on how chaining together social engineering tactics compromised a highly visible twitter account. The original post can be found HERE

Who can we trust? It’s a tough question. We think we can trust our friends, co-workers, mentors, and colleagues because they are people we see and interact with often as frequently as we do with our family members. Unfortunately, there is risk in trusting others, particularly when those we trust have privileged access to our accounts and sensitive information. When our trust and exposure extends to those who we work with, and incorporates intimate knowledge of our business concerns, corporate cultural developments, and technology secrets, we must face the reality of insider threats. Unlike external attackers, those we consider to be on the inside of our trust circles do not need to hunt for valuable information, nor do they need to exploit strong perimeter defenses; insiders already know what is valuable and where it is stored.

FTDCircle Chained Exploits compromise valuable Twitter account Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

How to Protect Children When Using Mobile Devices And The Internet

Katrin Deres is a passionate blogger, and works in a marketing team at a mobile tracking company. For more information visit mSpy. Here is a guest post with some of my input covering how to protect mobile devices used by children and young adults. 

kids smartphone How to Protect Children When Using Mobile Devices And The Internet

Smartphones have revolutionized the way we live and are an important tool that most of us depend on daily. With that being said, a smartphone in the hands of a responsible adult is very different from allowing children access to them. Giving smart devices to children without considering its impact can spell big trouble for parents! Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)