My buddy Aamir Lakhani and Keith Rayle wrote a funny post about research they did on decrypting Ashley Madison user passwords (original post found HERE). In summary, they took all the passwords that were released, decrypted the weak passwords and tallied up the top weak passwords used by Ashley Madison users. The results are pretty damn funny. Continue reading
I posted about the OPM breach a few weeks ago HERE and the resignation of the director Katherine Archuleta HERE. Well it looks like the original estimates of lost records from this breach were a few million off. The original post from the washingtonpost can be found HERE.
One of the scariest parts of the massive cybersecurity breaches at the Office of Personnel Management just got worse: The agency now says 5.6 million people’s fingerprints were stolen as part of the hacks. Continue reading
I have been a fan of the gadgets produced by Hak5. For example, you can find a post I wrote on the WIFI Pineapple HERE. I picked up the latest tool from Hak5 known as the LAN Turtle from DEFCON23 and have configured it to auto SSH to a server hosted in the cloud (thanks to Aamir aka DrChaos for the server). This post will cover an overview of the LAN Turtle and how to setup an auto SSH to remotely access the LAN Turtle as well as cloud folder to easily remove data from a target network. Continue reading
I posted about the Ashley Madison breach HERE. For those that are not following this, Ashley Madison, the popular affair website was breached by a group calling themselves The Impact Team. They threaten to leak customer records if Ashley Madison didn’t shutdown their website. Ashley Madison is still up and the deadline has passed so The Impact Team posted access to all 30 million customer records. My buddy Aamir aka Dr Chaos summed up the current state of this situation. His post can be found HERE.
Hackers attacked Ashley Madison (known as AM by its users), the dating site for married couples that promotes infidelity. They walked away with 30 million records containing site user information. While the initial ramifications seem obvious, the story continues to unfold with recent news that email addresses were discovered that originated from government agencies, high level politicians, and certain celebrities. The data represents a treasure trove of sensitive and extremely private data that has a high potential for causing damage to individuals. Continue reading
Hackread.com posted about the web.com breach HERE.
For those who don’t know, Web.com is a Florida based company that provides web services and solutions to small businesses including hosting, domains, social media, e-commerce, online marketing, website building and other relevant services.
They have served more than 3 million customers and have over 30 years of experience in the market. Apart from that, they also have the ownership of two trustworthy online services, Network Solutions and Register.com. Continue reading
Treatpost.com posted a interesting article on a recent DDoS attack using reflection via portmapper. The original post can be found HERE.
A number web hosting providers and businesses in the gaming industry were last month guinea pigs for a new type of amplified DDoS attack.
Attackers have figured out how to use Portmapper, or RPC Portmapper, in reflection attacks where victims are sent copious amounts of responses from Portmapper servers, saturating bandwidth and keeping websites and web-based services unreachable. Continue reading
My good buddy Aamir Lakhani arrived days before everybody else for the Blackhat conference to help setup the network for attendees. He was interviewed by Darkreading.com and spoke about his experience standing up and securing a network for security professionals as well as potential hackers. The original post can be found HERE.
‘Dr. Chaos’ shares the inside scoop on the challenges and rewards of protecting one of the ‘most hostile networks on the planet.’
BLACK HAT USA — Las Vegas — Securing Black Hat from Black Hat sounds like a great tagline, but it’s something volunteers at the Black Hat Network Operations Center (NOC) took very seriously last week when we were tasked to help secure one of the most hostile networks on the planet. Continue reading