OpenSSL Heartbleed Bug Impacting More Than Half Of The Internet

My buddy Aamir Lakhani wrote a great post covering the recently exposed security vulnerability that impacts more than half of the websites on the Internet. Its something everybody needs to be aware of. The original article can be found HEREheartbleed OpenSSL Heartbleed Bug Impacting More Than Half Of The Internet

Heartbleed is a serious vulnerability affecting OpenSSL cryptographic libraries. The Heartbleed vulnerability allows an attacker to steal information protected under normal SSL TLS conditions.

Here is what you need to know:

  • This is a very serious vulnerability.
  • It harms personal computers and everyday users. Attackers could possibly steal user information. 
  • Many popular websites, including social media, search, email, banking, and health sites are vulnerable.
  • The bug is found on most systems and has been present since 2012.
  • Most likely, attackers knew about the vulnerability, and may have been exploiting it for a long time.
  • Patching and updating systems will not protect owners from attackers who have already captured data.

Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

The Imminent Demise of Bitcoin

Aamir Lakhani wrote a fantastic overview on Bitcoins. You can find the original HERE via www.drchaos.com.

Bitcoin started as a transparent open source currency that provided anonymity. It also provided advantages over traditional currency. Bitcoin is not bound to any organization or country. It is a peer-to-peer trading currency, so it is not subject to financial institutions such as banks, merchants, or payment gateways. A Bitcoin, in almost every way, is like real currency coins that you can use, spend, and save. However, like real currency, it can also be destroyed, lost, and stolen.

Bitcoin 1024x1024 The Imminent Demise of Bitcoin Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Open App ID: Cisco commits to open source and application identification

bart os Open App ID: Cisco commits to open source and application identification

My buddy Aamir wrote a summary of the open source announcement by Cisco at RSA last week (original post can be found HERE). Cisco also announced integrating FireAMP with Cisco email, web and cloud security products. FireAMP gives Cisco products the ability to detect infected files by searching for known hashes, sandboxing unknown files and other detection means. More on the FireAMP capabilities can be found HERE. Another source for these announcements is on the Network World blog found HERE Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Next-Generation Intrusion Prevention Systems changing the game for Cyber

My buddy Aamir Lakhani wrote about how traditional security products such as Stateful firewalls and older IPS/IDS solutions are not cutting it for today’s level of threats. This post covers why the “Next-Generation” of security technology matters. The original post can be found HERE

Organizations are replacing their Stateful firewalls with Next-Generation firewalls (NGFW) and Next-Generation Intrusion Prevention systems (NGIPS).  Most traditional firewalls are nothing more than packet filters that keep track of who initiated the traffic to automatically allow response traffic back to originator. IPS vendors such as Sourcefire and McAfee (Intel Security) are rapidly adding advanced features to protect against insider threats, application vulnerabilities, mobile devices, and malware. One must wonder are the days of traditional perimeter security devices such as Stateful firewalls and single-pass IDS systems numbered?

Motivation 1024x634 Next Generation Intrusion Prevention Systems changing the game for Cyber Continue reading

VN:F [1.9.22_1171]
Rating: 4.0/5 (1 vote cast)

Chained Exploits compromise valuable Twitter account

Aamir Lakhani from drchaos.com wrote a good article on how chaining together social engineering tactics compromised a highly visible twitter account. The original post can be found HERE

Who can we trust? It’s a tough question. We think we can trust our friends, co-workers, mentors, and colleagues because they are people we see and interact with often as frequently as we do with our family members. Unfortunately, there is risk in trusting others, particularly when those we trust have privileged access to our accounts and sensitive information. When our trust and exposure extends to those who we work with, and incorporates intimate knowledge of our business concerns, corporate cultural developments, and technology secrets, we must face the reality of insider threats. Unlike external attackers, those we consider to be on the inside of our trust circles do not need to hunt for valuable information, nor do they need to exploit strong perimeter defenses; insiders already know what is valuable and where it is stored.

FTDCircle Chained Exploits compromise valuable Twitter account Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Target: Data Breach Overview

Aamir Lakhani wrote a fantastic article on the recent data breach of Target’s network. If you recently shopped at Target, you really should read this. The original article can be found HERE

target192way 59259122cb5b170fd6847a03201f6d798cc05c30 s6 c30 300x224 Target: Data Breach Overview

Anyone who swiped their credit or debit card between Nov. 27th through Dec. 15th may have had his or her accounts breached. Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

What is Cryptolocker and how to protect yourself

My buddy Aamir wrote a great post on Cryptolocker. The original can be found HERE.

Cryptolocker is malware that is categorized as ransomware. According to Wikipedia, “Ransomware comprises a class of malware which restricts access to the computer system that it infects, and demands a ransom paid to the creator of the malware in order for the restriction to be removed” (Wikpedia).

Cryptolocker is dangerous because if you are infected with the malware, you are in danger of losing all your files that are local to your machine, including attached storage (USB drives) and connected network drives. The network drives or any other mass storage media that shows up as a drive letter could be corrupted by the malware. Continue reading

VN:F [1.9.22_1171]
Rating: 4.0/5 (2 votes cast)

The Ultimate Installation Guide for Kali Linux

My Buddy Aamir Lakhani wrote a awesome Installation guide for kali Linux. This is a updated version of what is available in our book. Check out the original post HERE via www.drchaos.com

Introducing kali Linux

The creators of BackTrack have released a new, advanced penetration testing Linux distribution named kali Linux. BackTrack 5 was the last major version of the BackTrack distribution. The creators of BackTrack decided that to move forward with the challenges of cyber security and modern testing a new foundation was needed. Kali Linux was born and released March 13th 2013. Kali Linux is based on Debian and an FHS-Compliant file system. Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)