My buddy Aamir aka DrChaos.com wrote a interesting post defining what a Rainbow table is, when they are used and why salting passwords makes it hard to use Rainbow tables. The original post can be found HERE.
On the topic of breaking passwords, I often hear security professionals and a few other folks mention Rainbow Tables. I used to think a Rainbow Table was a set of pre-computed (pre-calculated) hashes from passwords…essentially a lookup table where a plaintext’s unencrypted password corresponds to a known hash.
However, this is not a totally accurate definition of a Rainbow Table. In reality, a reverse lookup table allows you create a second table consisting of the password hash of user accounts. Then you use a Rainbow Table consisting of hashes and guessed passwords to compare the two. You can see if the hashed password of compromised user account matches a hashed password in lookup table. Continue reading →
Networkworld wrote a interesting article on how Cisco is opening their development kimono and letting customers view how things are coded. The goal is to be more transparent about how things such as proving Cisco isn’t hiding NSA back doors in its technology. The original article can be found HERE.
Cisco’s suppliers have stronger security requirements, and customers will soon be able to inspect products before buying
Cisco is working to build the confidence of prospective customers in its products, two years after disclosures of spying by the U.S. National Security Agency seeded doubt, particularly in China. Continue reading →
RT posted about how Anonymous has taking down ISIS twitter accounts. Pretty awesome to see Anonymous is now getting involved. The original post can be found HERE.
Hacktivist group Anonymous has reported that more than 5,500 Twitter accounts belonging to Islamic State have been taken down. It comes after the collective declared a “total war” on the militant group following the Paris attacks.
Cisco just released the latest version of the Firepower software aka Firepower 6.0. You can now download this from Cisco.com or directly from your Firepower manager under the update section. A summary of new features include having all ASA models can now use ASDM to manage Firepower services for that individual ASA with Firepower (however best practice is using the centralized manager), SSL Decryption for ASA with Firepower, DNS sink holing, Identity services engine (ISE) integration and much more. Details on each new feature are found below. Continue reading →
If you are in the IT industry, most likely you will need to keep up with technology by obtaining a certification, attending a product training, attending a boot camp or a combination of these. I’ve gone through many different programs and have a few lessons learned that could help you with your future education planning. Continue reading →
I recently posted about the new release of Cisco’s flagship access control solution Identity Services Engine (ISE) 2.0 HERE. That post lists the highlights of the new features including the highly requested TACACTS+ support. I downloaded the .ova file and performed a fresh install using the virtualized version supporting up to 6,000 devices. This post provides a first look overview of the new features as well as compares ISE 2.0 to the last release 1.4. Continue reading →
Social Engineering is all about tricking somebody into acting a way you want them to act. A common tactic is having them click a link using a phishing attack such as a fake UPS delivery link around Christmas or cloning a popular website such as Facebook. Sometimes a target may question the authenticity of the source attempting to contact them. One way to fake your identity is to use listyourself.net by listing your phone or burner phone as a fake identity used in your social engineering scam. That website is http://www.listyourself.net/ Continue reading →