SSL broken, again, in POODLE attack

Peter Bright provided a fantastic writeup on the recent POODLE aka”Padding Oracle On Downgraded Legacy Encryption” attack that could be as he states “the final nail in SSLv3’s coffin”. You can find the original post HERE via the arstechnica.com website. 

Poodle SSL broken, again, in POODLE attack

From the researchers that brought you BEAST and CRIME comes another attack against Secure Sockets Layer (SSL), one of the protocols that’s used to secure Internet traffic from eavesdroppers both government and criminal.

Calling the new attack POODLE—that’s “Padding Oracle On Downgraded Legacy Encryption”—the attack allows a man-in-the-middle, such as a malicious Wi-Fi hotspot or a compromised ISP, to extract data from secure HTTP connections. Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

The Fappening: A Wake-Up Call for Cloud Users

Sarah Williams wrote a great article on my buddies blog about a recent breach in cloud security storage that exposed naked photographs of famous actors. The original post can be found at drchaos’s website HERE

The Fappening The Fappening: A Wake Up Call for Cloud Users

The Cloud storage option is fast becoming one of the most popular and effective methods of storing essential data that you definitely can’t afford to lose. From small to medium-sized business, cloud storage has helped owners save time and money in their businesses when it comes to IT.

But exactly how safe is the cloud? Though most reliable cloud service providers have cutting edge security, many IT experts say the cloud system is not entirely safe. Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Raspberry Pi As A Hacking Arsenal

IMG 04731 Raspberry Pi As A Hacking Arsenal

One really cool tool that I’ve had a lot of fun playing with is the Raspberry Pi. My buddy Aamir Lakhani and I recently went under contract for our second book covering how to run Kali Linux on a Raspberry Pi to perform various penetration testing scenarios. Here is a basic overview of the Raspberry Pi used as a security tool. The book should be out early next year.

For those that haven’t heard of a Raspberry Pi, it’s a small computer that is dirt cheap and can be imaged for just about anything. Continue reading

VN:F [1.9.22_1171]
Rating: 3.5/5 (2 votes cast)

NSS Labs releases a new set of security reports for Web Application Firewalls

NssLabs NSS Labs releases a new set of security reports for Web Application FirewallsNSS Labs just released a new set of reports covering Web Application Firewalls. Those reports can be found at NSS labs website HERE. There is a cost for these reports however it is worth the investment if you are looking to purchase a new firewall. Also, Palo Alto tested poorly and due to the back and forth between both companies, NSS labs is offering the Palo Alto report for freeContinue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

How to configure an ASA with built-in Sourcefire Firepower home lab

ASASF How to configure an ASA with built in Sourcefire Firepower home labFor those following Cisco security, you probably know Cisco acquired Sourcefire last year (more found HERE). The most anticipated release has been adding Sourcefire’s flagship Firepower offering inside Cisco’s most popular firewall offering the Adaptive Security Appliance (ASA). As of September 16th, this offering is officially available. You can find data sheets, configuration guides and more on the new release HERE. This post will cover steps I used to build my ASA with Soucefire lab. Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Fun building a CCIE Security home Lab

homelab Fun building a CCIE Security home LabI built a CCIE lab a while back and found the process to be a bit cumbersome. The hardware and software requirements were clear (4.0 version found HERE), but not the actual construction of a home lab. Here is an explanation of how I built my lab. This is my experience so I’m not saying it’s the right way, but its how I did it. Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Advanced Malware Protection AMP for Endpoints Overview

AMP2 Advanced Malware Protection AMP for Endpoints Overview

Detecting threats on endpoints like laptops and mobile devices is important but not enough to defend against the threats we see against our users. Reason why is Anti-Virus and host IPS/IDS can only scan for so many signatures and leverage so many behavior checks before they must let the traffic go through or it will impact the user experience. This is why many users get compromised by clicking the wrong email, accessing the wrong website, share the wrong USB drive and so on. Detection needs to extend beyond the doorway and look at files that have breached a host’s defense to determine if that system has been compromised as well as offer a method to remediate the entire outbreak. Continue reading

VN:F [1.9.22_1171]
Rating: 5.0/5 (3 votes cast)

Payment Card Industry PCI Security Best Practices

PCI 1 Payment Card Industry PCI Security Best PracticesMany industries rely on revenue generated by sales and if credit is used, Payment Card Industry (PCI) compliance is mandated. This includes all industries that process, store or transmit credit card information. Like any compliancy standard, this is the minimal level of real security and should not be considered the goal to protect sensitive data. All compliance mandates that matter must go through various review and audit processes that take time and cause the results to be dated compared to the speed of new attacks you should expect against your network. This means meeting mandates such as PCI should just be part of your overall security strategy. Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Beating Telemarketers With Customized Automated Call Center Management

 Beating Telemarketers With Customized Automated Call Center Management

A buddy of mine at Cisco is truly a genius when it comes to thinking outside the box. He loves technology and hates annoying telemarketers. Over time, he developed a call management system that involves a combination of open source software and proprietary hardware. He took advantage of the numerous application programing interfaces (API’s) available to create a tightly integrated environment. Continue reading

VN:F [1.9.22_1171]
Rating: 2.0/5 (1 vote cast)