Tag Archives: hacking

May 16, 2013

SSL Strip – Breaking Secure Websites

Aamir Lakhani wrote a overview of how to perform a ssl strip attack. The original post can be found HERE

SSLSTRIP LAB

Before beginning the lab, make sure you have Backtrack 5 R3 VM imported into VMWare Player/Workstation/Server/Fusion, or what ever Virtual machine environment you have chosen to utilize.

The following is an excerpt from the VMWare “Getting started with VMWare Player” VMWare Player 4.0 user guide.

Import an Open Virtualization Format Virtual Machine

You can import an Open Virtualization Format (OVF) virtual machine and run it in Player. Player converts the virtual machine from OVF format to VMware runtime (.vmx) format. You can import both .ovf and .ova files.

OVF is a platform-independent, efficient, extensible, and open packaging and distribution format for virtual machines. For example, you can import OVF virtual machines exported from VMware FusionTM into Player. You can import OVF 1.0 and later files only.

You can also use the standalone OVF Tool to convert an OVF virtual machine to VMware runtime format. The standalone version of the OVF Tool is installed in the Player installation directory under OVFTool. See the OVF Tool User Guide on the VMware Web site for information on using the OVF Tool.

Procedure

In Player, select File > Open a Virtual Machine.
Browse to the .ovf or .ova file and click Open.
Type a name for the virtual machine, type or browse to the directory for the virtual machine files, and click Import. Player performs OVF specification conformance and virtual hardware compliance checks. A status bar indicates the progress of the import process.
If the import fails, click Retry to try again, or click Cancel to cancel the import.

If you retry the import, Player relaxes the OVF specification conformance and virtual hardware compliance checks and you might not be able to use the virtual machine in Player.

After Player successfully imports the OVF virtual machine, the virtual machine appears in the virtual machine library.

Your Lab

In this Lab, we are using Virtual Machine based attack hosts. The Hosts are Linux based Backtrack 5 R3 (based on Ubuntu Linux). The reason for using backtrack is that all of the modules, and associated dependencies for this lab are preloaded with the distribution. The module dependencies for SSLStrip are (these are already loaded with Backtrack):

Python >= 2.5 (apt-get install python)
The python “twisted-web” module (apt-get install python-twisted-web)

Additionally to utilize SSLSTRIP you need (Again already in Backtrack):

Arpspoof or Ettercap (this lab we use Arpspoof, Ettercap has issues with wireless)
IPChains / IPtables
Netstat

Additionally when using backtrack or any Ubuntu distribution, it is a good idea to run APT to updates the existing packages. Backtrack has several custom distribution resources pre configured.

#Use this command to update: apt-get update && apt-get upgrade -y && apt-get dist-upgrade –y

Getting Started

Once your Backtrack virtual machine is installed and booted use the following credentials to log in:

Username: root
Password: toor

Start the desktop environment by issuing the startx command from the terminal session:

Note: It is not mandatory that you utilize a GUI desktop. But for the purposes of this lab it is recommended. Those not as familiar working in a Linux command shell will likely find it simpler to switch between the multiple terminal windows needed to perform the upcoming operations.

You should now see an environment similar to the following:

For the purposes of this LAB we will only be using a single interface, your virtual machine might be configured with multiple Ethernet interfaces. We will need to check if there are multiple (virtual) Ethernet interface enabled.

In the upper left hand corner of the desktop click on the Xterm link.

When see a terminal window open on the desktop you are ready to continue.

Use ifconfig to determine what interfaces are on the virtual machine.

Ifconfig | grep “eth”

This command will filter out all the miscellaneous and just show us the Ethernet interfaces, like below.

If we do indeed have more then one interface enabled issue the command ifdown with the interface name to disable it. If there is an interface named eth1 like shown above issue the command:

Ifdown eth1

The output should be like what is shown below.

Continue reading →

Rating: 5.0/5 (1 vote cast)

5 Steps to Take Right After Suffering a Cyber Security Breach

Thanks to my guest writer Kyle Olson for this post. Kyle’s bio is below.

Security breaches on your website hosting servers and any other server based online assets are no laughing matter. Suffering one of these breaches can mean anything from the theft of data for fraud related purposes to the total destructive erasure of all your information just for the fun of it (Hackers aren’t exactly known for always being motivated by money)

Whatever the case may be, you as the hard working owner of a site you spent months or years building, can enjoy the fun position of watching everything you built come crashing into zero in less time than it takes you to have lunch. This is not something you want, and especially since it can be avoided through some fairly straightforward security procedures that would have saved you nicely.

Anyhow, what’s done is done, you’ve been hacked, and the only thing left to do is save what you can. Let’s cover how you can do that with 5 essential and effective steps.

1. Don’t Panic, Be Methodical

This is the first and most basic thing you need to do; calm down and proceed methodically. Yes, a hack is a severe thing that needs to be dealt with quickly, but running around like a headless chicken won’t solve anything. If you calmly assess the situation, go through the possibilities and the steps we’re about to cover, you’ll have a much better chance of successfully countering any damaging effects than if you work randomly or just freeze up, waiting for the situation to improve on its own.

2. Check in With Your Hosting Provider

Contact your Hosting provider as soon as you’ve noticed that your site is down, redirecting to suspicious third party sites, or showing unmistakable signs of serious malfunction. Do the same if you can’t access key parts of your back end admin such as servers, cpanel or CMS login. For one thing, your hosting provider has the tools and expertise to help you with resolving your hack or saving your data, and secondly, they can help you uncover vital information about the hack, such as how many people it’s affecting and how it might have occurred.

3. Make a Record of Everything and Save All Suspicious data

As soon as you start to notice something wrong with your servers or site, also start noting things down. Make a record of everything you saw, experienced and the times at which you saw it. Additionally, save copies of any malicious or suspicious code, files and processes. Even if you need to destroy them as part of your damage control, first save all such data on a remote medium such as USB. This saving also includes (when possible) making a mirror copy ISO of your entire drive or server.

Just as if you’re dealing with a police crime scene, creating a record of events and a chain of evidence will help you more clearly understand and possibly resolve your hack source.

4. Shut Your Site and FTP off then Start Backing Up Your Data

Back up everything in your servers and all associated files to a remote storage medium. Don’t worry if some of it is still contaminated with malicious code –you can later scan and clean it of everything abnormal—for now the key thing is to save as much of your site data as quickly as possible.

Before you start your backup process up, disconnect your site from all remote access. This may mean taking it offline and cutting off access to all FTP accounts. You can also later change all of your server/site access passwords in these FTP profiles and elsewhere.

5. Download Everything Again

Once you’ve performed a thorough backup of all your data, cut your site off from outside access, changed all your access passwords and stopped as much malicious activity as possible, you can now download fresh programs for any third party applications that were supporting your site on the server. These may include LAMP software (Linux, Apache, MySQL, PHP), plugins like Java, Flash and Adobe or a CMS bundle like WordPress.

Having downloaded the newest, cleanest copies of all these applications to your newly secured server, you can start re installing all your salvageable backed up data from the site before it was hacked.

When all else fails, you can always contact a company that will perform digital forensics tests to determine the cause of the incident.

About the author: Kyle Olson has written for the tech industry for over 10 years and has operated his own small business in the industry. When he’s not writing poignant articles, you can find him covering civil engineers in Boston or working on his forthcoming novel.

Rating: 0.0/5 (0 votes cast)

PART 2 “The Attack” – THE SOCIAL MEDIA DECEPTION PROJECT : How We Created Emily Williams To Compromise Our Target

Last year Aamir Lakhani and Joseph Muniz developed a fake identity known as Emily Williams with the purpose of compromising a specific target using social media. We created Emily Williams based on research from Robin Sage, which showcased how a fake identity could obtain sensitive information from social media resources. We wondered if a similar approach could be used for targeted attacks and developed Emily Williams for that purpose. More information on developing Emily Williams via Part 1 of this project can be found HERE.

Emily Williams and Robin Sage

This Part 2 post explains WHY the Emily Williams project is important to understand. Yes, it was humorous watching people endorse a fake person’s technical abilities and receive job offers based on a posted IT background (or possibly just because Emily is attractive) however those are not the worst outcomes from social media threats. Part 1 concluded with our lovely Emily Williams having friends with multiple parties from our target such as Human Resources, IT Support, Engineering and Executive Leadership. People were sharing information and considering Emily Williams an employee based on the profile we created. The information alone was very valuable however that was just the beginning.

Stage 3 focused on obtaining access to host systems through social media. There are many options to do this such as the very popular Blackhole exploit kit however we did not want to use any method that could potentially harm our target’s system based on personal ethics. Blackhole is the most prevalent web threat seen today leveraging a malicious payload that we felt wasn’t safe for our target’s systems. We chose to use The Browser Exploitation Framework (BeEF) based on our feeling that compromising browsers was not as evil as using malware.

Blackhole Exploit Kit Screenshot

Browser Exploitation Framework (BeEF) Screenshot

BeEF leverages browser vulnerabilities to assess the security posture of a target. BeEF “hooks” targets as beachheads for launching direct command modules. Different browsers have various vulnerabilities, which means the more vulnerable a browser is, the more unique attack vectors become available to the hacker. We installed Backtrack 5R3 on a server and developed a BeEF hooking server that was public facing. We tested systems by accessing our BeEF server, hooking systems and launched commands such as taking a screen shot capture. More on building a BeEF system can be found HERE.

The next step was luring employees of the target to our BeEF system. There are many methods hackers accomplish this such as offering free media sites (IE download music, movies, etc. … see more on why this is risky behavior HERE), phishing emails and fake URLs designed to look and feel like something else. We decided to post virtual holiday cards on Emily William’s social media pages and direct invites to specific targets. The goal was having a user click the holiday card, wait for the card to pop up and have our system probe the browser for vulnerabilities during the waiting period. Once we hooked the target, we would look for passwords and insider information to gain access to the target agency. We launched three campaigns targeting systems during Thanksgiving, Christmas and New Years. We were able to figure out domain credentials to create an inside email address for Emily Williams, VPN passwords to gain internal access and other methods to compromise our target.

Our research demonstrated a few points. First off, people are trusting and male dominated industries like IT are even more trusting of women. Second, social media can be used as a means to compromise targets if users are not educated on common attacks and proper use of public facing network resources. The risk extends beyond data leakage since many people that use social media also use the same systems for internal use while at work. Finally, we demonstrated how easy it is to carry out what many consider an advanced persistent threat (APT) meaning we chose our target and bypassed standard security technology. We believe our methods were not very sophisticated compared to the real threats that target people using today’s public Internet yet we were very successful with our goal of compromising a specific target. Security is an extremely important investment and needs to include education around proper use of social media (more on this HERE) as well as protection from insider threats.

I hate to drop a plug however I recently took a job at Lancope based on their technologies’ ability to detect insider threats.

Rating: 4.7/5 (3 votes cast)

1 Comment

Filed under Penetration / Hacking, Scams and Social Engineering

Tagged as Aamir Lakhani, Access Control, BeEF, blackhat, blackhole, Cisco, cloudcentrics, Compliance, Data Loss Prevention, digital life, DLP, emily, Emily Williams, facebook, facebook hacking, fake facebook, hacking, hacking people, Home, Joey, Joey Muniz, joseph, joseph muniz, LanCope, linkedin, linkedin endorsing, mobile, mobile device, Muniz, netflow, part 2, part2, pen testing, Penetration Testing, Robin Sage, Security, social engineering, Social Engineering Training, social network secuirty, social pentest, Stealth Watch, The Browser Exploitation Framework, williams

February 11, 2013

THE SOCIAL MEDIA DECEPTION PROJECT : How We Created Emily Williams To Compromise Our Target

Disclaimer: This post has been modified to exclude specific subjects not approved for public viewing

Emily Williams and Robin Sage

Emily Williams and Robin Sage don’t exist in the real world. They are fake social network accounts designed to obtain sensitive information. Robin Sage was created in late 2009 to obtain information from intelligence on US military personnel. Her story was presented at the Black Hat hacker conference upsetting many people by exposing the type of sensitive data provided over social networks. Joey Muniz and Aamir Lakhani decided to go one-step further and ask the hard question: “what else can happen outside of data being leaked over social networks”. We decided to find out using Emily Williams.

NOTE: The research presented is real. Many people reading this are friends with Emily and probably mad at us. We have informed anybody attacked so if you haven’t heard from us, you are just social network friends with Emily.

Emily’s Real Employer

Emily Williams was created in November 2011 for Facebook and LinkedIn. Our goal was to pick a specific target and see how far we could penetrate the target using social networks as the entry point for infiltration. The plan was to build up a social network with key personal and launch attacks from Facebook and LinkedIn that compromised systems using social networks. From there, we could gain entry into the network and more or less capture the flag. The research was made public with the goal of educating employees about security around social networks as well as the current potential threats that could target people like you. We had executive approval before conducting the experiment.

Social Network Findings

The first step was creating the Facebook and LinkedIn accounts. We found a non technical female employee from the restaurant industry (that happened to be a few blocks from our target) to volunteer pictures for Emily’s appearance. We developed a fake social security number, residence and other areas that may be searched to make Emily seem real. We gave Emily an IT background from the University of Texas and updated her profile with a matching employment background.

Social Engineer Using Facebook Profile Info

User Flags Emily

Step two was building up friends prior to networking with our target audience. We decided to pick on Joey Muniz’s friends figuring if they flagged her as fake, they wouldn’t inform anybody from our target audience. Within hours we had over 100 friends using manual adding methods. We found very little resistance to accepting her as a friend however one individual not only denied her friend request but also posted to his friends a warning about Emily without actually calling her out. Another funny story was a friend ask “Do I know you?” and by simply replying with information from his social profile, we had him say he remember her. The lesson learned is think about what you post because it could be used against you!

Job Offer Based On Profile Info

Once we had a decent number of friends, we updated her status as a new employee to our target with a technical engineering title. From there, we start adding potential targets starting with sales and mid level technical staff as well as our partners with the target. We not only grew our friends from the organizations, we also started receiving job offers, meeting requests and congratulations on the new job with our target. As our target audience friend number grew, we started moving up the rank eventually capturing people from Human Resources and Engineering who would be responsible for hiring Emily if she existed. We moved all the way up to executive leadership and happy to say our President denied her friend request based on looking for her name is the corporate directory. We have a lot of respect for his diligence.

Can You Trust LinkedIn Endorsing?

At this point we have networked with our target audience and have enough key members linked to perform attacks. Part 2 of this story will feature how we leveraged the social network to obtain access to the network. Consider part 2 the answer to WHY Robin Sage and Emily Williams are a risk for organizations. Stay tuned for part two and again for those involved, don’t worry we didn’t do anything bad to you unless we told you. Oh and thanks for helping us prove our point about the dangers of social networks!

Article written and research conducted by:

Joey Muniz

Blog: www.thesecurityblogger.com

Aamir Lakhani

Blog: www.cloudcentrics.com

Rating: 5.0/5 (1 vote cast)

1 Comment

Filed under Penetration / Hacking, Scams and Social Engineering

Tagged as Aamir Lakhani, Access Control, advanced persistent threat, APT, backtrack, BeEF, blackhat, Cisco, cloudcentrics, Compliance, Data Loss Prevention, digital life, DLP, emily, Emily Williams, facebook, facebook hacking, fake facebook, hacking, hacking people, hacking wwt, Home, insider threat, Joey, Joey Muniz, joseph, joseph muniz, LanCope, linkedin, linkedin endorsing, mobile, mobile device, Muniz, netflow, part 1, pen testing, Penetration Testing, Robin Sage, Security, social engineering, Social Engineering Training, social media, social network secuirty, social pentest, Stealth Watch, The Browser Exploitation Framework, williams

December 3, 2012

Hacking the iPhone : Breaking Pins and Passcodes : Booting without approved Apple Firmware

“My buddy Aamir Lakhani is developing a iOS security class and recently posted about hacking iOS devices. This is a very popular subject and want to share this. Also shout out to Tom Bedwell for his assistance with the research. You can find the original posting at www.cloudcentrics.com”

iOS devices can be booted with their own kernel and micro operating systems instead of approved Apple firmware. When iOS devices are loaded with a micro kernel, you can run attacks such as bypassing the passcode, decrypting passwords, copying file systems, viewing emails and much more. The following guide describes how to create a RAM DISK, however it may not function precisely as a step-by-step instruction set, since each system is unique and requires some level of customization.

Note: If you run in to trouble when creating a RAM DISK due to unique OS configurations and code versions, don’t despair.

If you want to take the easy way

Download: http://cloudcentrics.com/wp-content/uploads/2012/11/iphone-dataprotection-modifed.zip

- and then complete step 11 then proceed to step 20.

Now let the real fun begin

IMPORTANT: Watch the word wrap. Many commands are single line and may be wrapped on multiple lines.

Step 1: Uninstall file system readers

If you have a system tool such as MacFuse or Tuxera, uninstall the program before starting and reboot your machine.

Step 2: Install Xcode from the Mac App Store

Step 3: Download and install Xcode Command Line Tools:

1. Download Xcode from the Apple App Store
2. Launch Xcode and go to preferences
3. Install Xcode Command Line tools and Simulators

Step 4: Open the Terminal App.

Make sure you are in your home directory. In my case the home directory is /Users/alakhani
Continue reading →

Rating: 0.0/5 (0 votes cast)

1 Comment

Filed under Bring Your Own Device BYOD, Host And Mobile Device Security, Penetration / Hacking

Tagged as 802.1x, Aamir Lakhani, apple, Apple firmware, apple security, breaking iOS, Breaking Passcodes, Breaking Passwords, Breaking Pins, end point management, Fuse, hacking, hacking apple devices, hacking passwords, hacking phones, hacking tools, Home, http://www.cloudcentrics.com/, iOS, iOS firmware, iOS kernel, iOS SDK, iPhone, iPhone 5, jail breakable iOS, jailbreak, jailbreaking phones, Joey, Joey Muniz, joseph, joseph muniz, Mercurial, micro operating systems, mobile, mobile device, mobile device management, mobile device security, mobile endpoints, Mobile phone security, Muniz, network security, Python, RAM DISK, redsnow, Security, USB Multiplexing, wireless hacking, wireless security, World Wide Technology, world wide technology inc., wwt, Xcode

October 31, 2012

Cool Tool : FOCA – Network Intelligence Reconnaissance using metadata

My buddy Aamir Lakhani posted about a really cool metadata tool called FOCA. The original post can be found HERE. Below is Aamir’s post about FOCA.

I would like to introduce you to one of my favorite network reconnaissance tools. It is called FOCA.

Did you know every time you create a document such as PowerPoint presentation, Microsoft Word document, or PDFs, metadata is left in the document?

What is metadata? metadata is data about data. It is descriptive information about a particular data set, object, or resource, including how it is formatted, and when and by whom it was collected. metadata can be useful to attackers because it contains useful information about the system where the file was created such as:

Name of user logged into the system
Software that created the document
OS of the system that created the document

FOCA is a security audit tool that will examine metadata from domains. It uses search engines to find files on domains, or you can use your own local files.

The first step to use FOCA is to download it.

FOCA can be downloaded at: http://www.informatica64.com/DownloadFOCA (use Google Translate)
You will need to give your email address at the bottom of the screen. You will receive an email with the download link. You will also receive updates on when FOCA is updated.

Using FOCA

FOCA is a Windows only tool. When you install FOCA you may be asked to install .NET Framework or other decencies. Continue reading →

Rating: 4.0/5 (1 vote cast)

Cyber Crime Is A Well Funded Enterprise. A Look At Who Is Hacking You

Some people believe people behind Cyber Crime are disgruntled teenage hackers looking to cause chaos for fun. In some cases that may be however the majority of Cyber Crime is performed by well-funded organized criminals. Yes, I’m talking about the godfather like people who robbed banks and distributed narcotics on the street corner prior to the computer age. Organized crime realized it’s faster to automate an attack against millions of virtual targets rather than physically deal with criminal activity. Who is really behind Cyber Crime and how do they operate? Lets take at look at a case study of popups to understand the Cyber Crime organization.

Cyber criminals behind popups can for the most part be looked at as two separate groups. The first group is the well-funded mafia. They develop fake Viagra as well as other illegal narcotics. The second group is the hackers. They identify ways to compromise systems and take advantage of people’s data. The Mafia utilizes hackers to push people to their products. They offer attractive compensation packages to hackers who can capture large audiences through automated attacks. Studies show organized crime may pay a hacker a portion of sales every week tax-free. A working vulnerability could compromise millions of systems in a short time which having a small percent of that number could quickly add up to large profits for all criminal parties.

A study by the Cisco IronPort tested this concept by ordering Viagra from a phony pharmacy. The team identified the phony pharmacy by clicking a popup from a botnet and ordered Viagra like a standard customer. They called a support line to test customer service, which was polite and extremely helpful. After a few days, a package showed up containing a Russian coupon magazine. Viagra was taped to a page inside the magazine. This is how the drugs were being smuggled passed customs. After testing, the IronPort team found the Viagra to be 110% legit including a logo stamped on each pill. The team received a follow up call asking about the quality of the product and if more was desired. The overall experience was receiving a better product than commercial stores at half the cost.

The IronPort team visited the mailing address of the phony pharmacy and found an abandoned building. When they reversed engineered the advertisement popup, they identified a botnet advertising for spamit.com. Research reveled spamit.com as a criminal entity paying hackers to advertise the phony pharmacy by any means. This picture shows a spamit payment system compensating for purchases led through spam. The image below was captured by the IronPort team while posing as a hacker looking to advertise through spamit.com.

Cyber Crime is an organized business and winning the war against security professionals. Cyber criminals have more funding and less restrictions than companies developing solutions to stop them. Cyber criminals have research and development laboratories that purchase and dissect the solutions we use to prevent them from breaching our systems. Cyber Crime pays a lot more than legit organizations, which means they have first class talent. Cyber Crime is automated and criminal activity is performed across boarders through Zombie systems hiding the creators. Who is attacking you? It’s not zero cool from the movie “hackers”, it’s the Corleone crime family from The Godfather.

Rating: 0.0/5 (0 votes cast)

3 Comments

Filed under General Security

Tagged as advanced persistent threat, adware, APT, botnet, botnets, china hackers, Cisco, computer crime, computer virus, cyber attacks, cyber crime, cyber security, cyber warfare, fake viagra, hacker, hackers, hacking, ironport, Joey Muniz, joseph, joseph muniz, keyloggers, mafia crime, Malicious software, malware, Muniz, online mafia, online pharmacy, popups, spam, spamit.com, spyware, vulnerability, World Wide Technology, world wide technology inc.

August 8, 2011

Passwords Are Doomed: You NEED Two-Factor Authentication

How many people use eight-character or less passwords with the first letter being capital and last entries being numbers? People are predictable and so are their passwords. To make things worse, people are lazy and tend to use the same passwords for just about everything that requires one. A study from the DEFCON hacker conference stated, “with $3,000 dollars and 10 days, we can find your password. If the dollar amount is increased, the time can be reduced further”. This means regardless of how clever you think your password is, its eventually going to be crack-able as computers get faster utilizing brute force algorithms mixed with human probability. Next year the same researchers may state, “with 30 dollars and 10 seconds, we can have your password”. Time is against you.

Increasing password sizes and changing mandatory character types helps combat this threat however humans naturally will utilize predictable practices as passwords become difficult to remember. It’s better to separate authentication keys into different factors so attackers must compromise multiple targets to gain access. This dramatically improves security but doesn’t make it bullet proof as seen with RSA tokens being compromised by Chinese hackers. Ways to separate keys are leveraging something you know, have and are. The most common two-factor solutions are something you have and know which is a combination of a known password/pin and having a token, CAC/PIV card or digital certificate. Biometrics is becoming more popular as the cost for the technology becomes affordable.

There are tons of vendors in the authentication market. Axway and Active Identity focus on something you have offering CAC/PIV card solutions. These can be integrated with door readers to provide access control to buildings along with two-factor access to data. RSA and Symantec focus on hardware or software certificate/token based solutions. These can be physical key chains or software on smartphones and laptops that generate a unique digit security code every 30 seconds. Symantec acquired the leader of the cloud space VeriSign, which offers recognizable images, challenge and response type solutions. Symantec took the acquisition further by changing their company logo to match the VeriSign “Check” based on its reputation for cloud security.

VeriSign

PRE ACQUSITION LOGO

POST ACQUSITION LOGO

The consumer market is starting to offer two-factor options to their customers. Cloud services such as Google and Facebook contain tons of personal information and now offer optional Two-Factor Authentication. Its common practice for financial agencies to use combinations of challenge and response questions, known images and verifying downloadable certificates used to verify machines to accounts. The commercial trend is moving in the right direction however common practice for average users is leveraging predictable passwords. As many security experts have stated, security is as strong as the weakest link. Weak authentication will continue to be a target as hackers utilizing advance computing to overcome passwords.

Rating: 4.7/5 (3 votes cast)

13 Comments

Filed under General Security

Tagged as Access Control, Active Identity, authentication, Authorization, Axway, brute force, Creating Secure Passwords, defcon, defcon 19, hacking, hacking passwords, Joey Muniz, joseph, joseph muniz, mobile, mobile device, password, password security, Password strength, passwords, RSA, secure passwords, Security, security blog, Symantec, two-factor, VeriSign, weak passwords

Tag Archives: hacking

SSL Strip – Breaking Secure Websites

5 Steps to Take Right After Suffering a Cyber Security Breach

Hacking the iPhone : Breaking Pins and Passcodes : Booting without approved Apple Firmware

Cyber Crime Is A Well Funded Enterprise. A Look At Who Is Hacking You

Passwords Are Doomed: You NEED Two-Factor Authentication

Search

Topics

Cisco ISE Documentation

Subscribe

Blogroll