Enable SSH on Kali Linux

My buddy Aamir Lakhani wrote a good post on how to enable SSH on Kali Linux. He also has other tips for using Kali Linux found on his blog www.drchaos.com. Below is the post however you can find the original HERE

Kali Linux does not come with SSH enabled. SSH is the preferred method of remote management for most Linux based systems. Secure Shell (SSH) is a cryptographic network protocol for secure data communication, remote command-line login, remote command execution, and other secure network services between two networked computers. It connects, via a secure channel over an insecure network, a server and a client running SSH server and SSH client programs. Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

81 Percent Of Tor Clients Could Be Identified With NetFlow

Large Man Looking At Co-Worker With A Magnifying Glass

Pierluigi Paganini from Security Affairs posted a great article about how Cisco NetFlow could possibly be used to identify Tor clients. The idea is a NetFlow sensor could monitor a certain percent of random generated Tor circuits and possibly link clients back to their users. The original post can be found HERE. Here is the post. 

The research revealed that more than 81 percent of Tor clients can be de-anonymized by exploiting a new traffic analysis attack based on Netflow technology.

A team of researchers conducted a study between 2008 and 2014 on the de-anonymization of the Tor users, the team worked to disclose their originating IP addresses.  Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

North Korea Cyber Spies Exposed: Cell Bureau 121

North-Korea-2

Many people believe the Sony breach was caused by North Korea’s Cell Bureau 121. As a follow on to my last post on the Sony incident, I am adding a fantastic post from The Independent covering Cell Bureau 121. The original post can be found HERE.

With North Korea’s ability to hack the most sophisticated computer systems in the world under scrutiny, a secretive cyber-warfare cell called Bureau 121 has come to light.

Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Free FSU Online Security Classes : Offensive Computer Security

FSUCS1

The Computer Science department at Florida State University is offering free computer security class lectures. You can find the entire CIS4930 and CIS5930 courses online HERE. These are the Spring 2014 classes so the content is pretty current. There are 26 lessons ranging from lock picking to launching attacks with Metasploit. Videos include lecture slides to download. Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Cisco Announces Intent to Acquire Neohapsis

Neo1

Cisco announced yesterday that they intend to acquire Neohapsis. Neohapsis is a security, risk and compliance company, which is a very interesting move by Cisco. Many people not only want data from security reports, but also desire how that data will impact their business. This means how changes or risk can impact compliance to mandatory regulations as well as how much impact could a vulnerability have to a system. Neohapsis is a services based company so this seems to be a security services play yet could also trickle in Cisco products.It would be really cool to see more compliancy based reporting in future Cisco products as an outcome of this acquisition.

You can find more about Neohapsis HERE.

The official announcement from Cisco can be found HERE.

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Sony Pictures Hacked: The Full Story

sony-hacked-again

The Verge has done a fantastic job covering the Sony Pictures Hacked story (found HERE). Below is a summary however you should go to the Verge.com to see each article showing the timeline of the attack.

A successful attack on Sony Pictures’ computer systems threw the entire studio into disarray in late November. The hijackers’ identity and motivation remain unclear, though in the days following the attack, evidence has surfaced to suggest it originated in North Korea. Rather than attempting to steal money or otherwise profit from the information it obtained, this hack seems to be focused on making life difficult for Sony Pictures employees. They have been subjected to threats from the hacking group, which has posted much of the data it collected from the studio’s servers to the web. Follow this storystream for the latest developments to the story.

MAJOR UPDATES

Go HERE to see the timeline of events associated with the attack.

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Interesting Story On Cicada 3301 – Code-Breakers Challenge

cicada1

The Telegraph posted a really cool article on the mysterious online organization called Cicada 3301 that has be posting puzzles for skilled cryptographers to crack. Is it a government organization such as NASA or CIA recruiting tactics or elite underground hacker group? What happens when you break all of the puzzles? You can read the original post HERE.

Here is the story from the Telegraph:

For the past two years, a mysterious online organisation has been setting the world’s finest code-breakers a series of seemingly unsolveable problems. But to what end? Welcome to the world of Cicada 3301

Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Personal Expereince Using Rosetta Stone vs Pimsleur

RosettaP

Typically I post about security topics on this blog however I want to share my experience trying to learn Mandarin. I spent the last 1-2 years trying both Rosetta Stone and later Pimsleur dedicating at least an hour a day towards learning. Both of these options offer completely different approaches to learning a language. My personal opinion is I learned a lot more from the Pimsleur approach verses Rosetta Stone based on my learning style. Here is a breakdown of my experience with each offering. Continue reading

VN:F [1.9.22_1171]
Rating: 5.0/5 (2 votes cast)