81 Percent Of Tor Clients Could Be Identified With NetFlow

online privacy 81 Percent Of Tor Clients Could Be Identified With NetFlow

Pierluigi Paganini from Security Affairs posted a great article about how Cisco NetFlow could possibly be used to identify Tor clients. The idea is a NetFlow sensor could monitor a certain percent of random generated Tor circuits and possibly link clients back to their users. The original post can be found HERE. Here is the post. 

The research revealed that more than 81 percent of Tor clients can be de-anonymized by exploiting a new traffic analysis attack based on Netflow technology.

A team of researchers conducted a study between 2008 and 2014 on the de-anonymization of the Tor users, the team worked to disclose their originating IP addresses.  Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

North Korea Cyber Spies Exposed: Cell Bureau 121

North Korea 2 North Korea Cyber Spies Exposed: Cell Bureau 121

Many people believe the Sony breach was caused by North Korea’s Cell Bureau 121. As a follow on to my last post on the Sony incident, I am adding a fantastic post from The Independent covering Cell Bureau 121. The original post can be found HERE.

With North Korea’s ability to hack the most sophisticated computer systems in the world under scrutiny, a secretive cyber-warfare cell called Bureau 121 has come to light.

Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Free FSU Online Security Classes : Offensive Computer Security

FSUCS1 Free FSU Online Security Classes : Offensive Computer Security

The Computer Science department at Florida State University is offering free computer security class lectures. You can find the entire CIS4930 and CIS5930 courses online HERE. These are the Spring 2014 classes so the content is pretty current. There are 26 lessons ranging from lock picking to launching attacks with Metasploit. Videos include lecture slides to download. Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Cisco Announces Intent to Acquire Neohapsis

Neo1 Cisco Announces Intent to Acquire Neohapsis

Cisco announced yesterday that they intend to acquire Neohapsis. Neohapsis is a security, risk and compliance company, which is a very interesting move by Cisco. Many people not only want data from security reports, but also desire how that data will impact their business. This means how changes or risk can impact compliance to mandatory regulations as well as how much impact could a vulnerability have to a system. Neohapsis is a services based company so this seems to be a security services play yet could also trickle in Cisco products.It would be really cool to see more compliancy based reporting in future Cisco products as an outcome of this acquisition.

You can find more about Neohapsis HERE.

The official announcement from Cisco can be found HERE.

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Sony Pictures Hacked: The Full Story

sony hacked again Sony Pictures Hacked: The Full Story

The Verge has done a fantastic job covering the Sony Pictures Hacked story (found HERE). Below is a summary however you should go to the Verge.com to see each article showing the timeline of the attack.

A successful attack on Sony Pictures’ computer systems threw the entire studio into disarray in late November. The hijackers’ identity and motivation remain unclear, though in the days following the attack, evidence has surfaced to suggest it originated in North Korea. Rather than attempting to steal money or otherwise profit from the information it obtained, this hack seems to be focused on making life difficult for Sony Pictures employees. They have been subjected to threats from the hacking group, which has posted much of the data it collected from the studio’s servers to the web. Follow this storystream for the latest developments to the story.

MAJOR UPDATES

Go HERE to see the timeline of events associated with the attack.

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Interesting Story On Cicada 3301 – Code-Breakers Challenge

cicada1 Interesting Story On Cicada 3301   Code Breakers Challenge

The Telegraph posted a really cool article on the mysterious online organization called Cicada 3301 that has be posting puzzles for skilled cryptographers to crack. Is it a government organization such as NASA or CIA recruiting tactics or elite underground hacker group? What happens when you break all of the puzzles? You can read the original post HERE.

Here is the story from the Telegraph:

For the past two years, a mysterious online organisation has been setting the world’s finest code-breakers a series of seemingly unsolveable problems. But to what end? Welcome to the world of Cicada 3301

Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Personal Expereince Using Rosetta Stone vs Pimsleur

RosettaP Personal Expereince Using Rosetta Stone vs Pimsleur

Typically I post about security topics on this blog however I want to share my experience trying to learn Mandarin. I spent the last 1-2 years trying both Rosetta Stone and later Pimsleur dedicating at least an hour a day towards learning. Both of these options offer completely different approaches to learning a language. My personal opinion is I learned a lot more from the Pimsleur approach verses Rosetta Stone based on my learning style. Here is a breakdown of my experience with each offering. Continue reading

VN:F [1.9.22_1171]
Rating: 5.0/5 (2 votes cast)

Detecting Malware With ThreatGRID Overview

threatgridlogo Detecting Malware With ThreatGRID Overview

Cisco acquired the leader for identifying day zero threats ThreatGRID around may of 2014. ThreatGRID’s statement The First Unified Malware Analysis and Threat Intelligence Solution sounds like a mouthful however represents its purpose of going beyond what most “sandbox” technologies accomplish in this market space. What is also interesting is this technology is being moved into other Cisco security offerings now that they are part of Cisco’s breach detection strategy. Continue reading

VN:F [1.9.22_1171]
Rating: 5.0/5 (1 vote cast)

Lets Encrypt Free Certificate Authority This Summer

letsE1 Lets Encrypt Free Certificate Authority This Summer

The Internet Security Research Group (ISRT) along with Mozilla Corporation, Cisco Systems, Akamai Tech, Electronic Frontier Foundation and IdenTrust will be offering a new free certificate authority service this up coming 2015 summer (learn more HERE). The concept is the Internet is a dangerous place and enabling protection is a hassle for many businesses. The reason behind this is enabling basic server certificates can be painful involving multiple steps and a cost. Lets Encrypt is offering the following principles to simplify the process. Continue reading

VN:F [1.9.22_1171]
Rating: 5.0/5 (1 vote cast)