My buddy Aamir Lakhani wrote a good post on how to enable SSH on Kali Linux. He also has other tips for using Kali Linux found on his blog www.drchaos.com. Below is the post however you can find the original HERE.
Kali Linux does not come with SSH enabled. SSH is the preferred method of remote management for most Linux based systems. Secure Shell (SSH) is a cryptographic network protocol for secure data communication, remote command-line login, remote command execution, and other secure network services between two networked computers. It connects, via a secure channel over an insecure network, a server and a client running SSH server and SSH client programs. Continue reading →
Pierluigi Paganini from Security Affairs posted a great article about how Cisco NetFlow could possibly be used to identify Tor clients. The idea is a NetFlow sensor could monitor a certain percent of random generated Tor circuits and possibly link clients back to their users. The original post can be found HERE. Here is the post.
The research revealed that more than 81 percent of Tor clients can be de-anonymized by exploiting a new traffic analysis attack based on Netflow technology.
A team of researchers conducted a study between 2008 and 2014 on the de-anonymization of the Tor users, the team worked to disclose their originating IP addresses. Continue reading →
Many people believe the Sony breach was caused by North Korea’s Cell Bureau 121. As a follow on to my last post on the Sony incident, I am adding a fantastic post from The Independent covering Cell Bureau 121. The original post can be found HERE.
With North Korea’s ability to hack the most sophisticated computer systems in the world under scrutiny, a secretive cyber-warfare cell called Bureau 121 has come to light.
The Computer Science department at Florida State University is offering free computer security class lectures. You can find the entire CIS4930 and CIS5930 courses online HERE. These are the Spring 2014 classes so the content is pretty current. There are 26 lessons ranging from lock picking to launching attacks with Metasploit. Videos include lecture slides to download. Continue reading →
Cisco announced yesterday that they intend to acquire Neohapsis. Neohapsis is a security, risk and compliance company, which is a very interesting move by Cisco. Many people not only want data from security reports, but also desire how that data will impact their business. This means how changes or risk can impact compliance to mandatory regulations as well as how much impact could a vulnerability have to a system. Neohapsis is a services based company so this seems to be a security services play yet could also trickle in Cisco products.It would be really cool to see more compliancy based reporting in future Cisco products as an outcome of this acquisition.
The Verge has done a fantastic job covering the Sony Pictures Hacked story (found HERE). Below is a summary however you should go to the Verge.com to see each article showing the timeline of the attack.
A successful attack on Sony Pictures’ computer systems threw the entire studio into disarray in late November. The hijackers’ identity and motivation remain unclear, though in the days following the attack, evidence has surfaced to suggest it originated in North Korea. Rather than attempting to steal money or otherwise profit from the information it obtained, this hack seems to be focused on making life difficult for Sony Pictures employees. They have been subjected to threats from the hacking group, which has posted much of the data it collected from the studio’s servers to the web. Follow this storystream for the latest developments to the story.
The Telegraph posted a really cool article on the mysterious online organization called Cicada 3301 that has be posting puzzles for skilled cryptographers to crack. Is it a government organization such as NASA or CIA recruiting tactics or elite underground hacker group? What happens when you break all of the puzzles? You can read the original post HERE.
Here is the story from the Telegraph:
For the past two years, a mysterious online organisation has been setting the world’s finest code-breakers a series of seemingly unsolveable problems. But to what end? Welcome to the world of Cicada 3301
Typically I post about security topics on this blog however I want to share my experience trying to learn Mandarin. I spent the last 1-2 years trying both Rosetta Stone and later Pimsleur dedicating at least an hour a day towards learning. Both of these options offer completely different approaches to learning a language. My personal opinion is I learned a lot more from the Pimsleur approach verses Rosetta Stone based on my learning style. Here is a breakdown of my experience with each offering. Continue reading →