background preloader

Blog

Facebook Twitter

Tracking GhostNet: Investigating a Cyber Espionage Network. Labs - AlienVault R&D Labs Portal. Get the latest news from our research. M86 Security Labs Blog. Levelling up in the real world. Here's a great post from Victor Wong on What They Don't Tell You About Promotions. All of his points are so, so true -- and I thought I'd add some more from my own experiences and perspective. There are a lot of misconceptions out there about what entitles you to a promotion, so let me get those out of the way first: What does not get you promoted: Being the oldest person on your team.

(Really, some people seem to believe this.) It's not about how old you are; management or senior positions are not about babysitting other people.Being in your position the longest. Being irreplaceable. When you are looking out for the welfare of your organization instead of focusing on what you can get for yourself, that's when you'll be given the chance to do more and own more. 2012. Updated 3/12/2012 to include the cyber attack targeting the Upper Chamber of Japanese Parliament discovered on 2 November 2011. The New York Times has recently reported the news related to a (yet another) targeted cyber-attack against JAXA (Japan Aerospace Exploration Agency).

This targeted attack has allegedly led to the exfiltration of sensitive information related to Epsilon, a solid-fuel rocket prototype supposed to be used also for military applications, suggesting the targeted attack is probably part of a cyber-espionage campaign. The targeted attack has been carried on by mean of a malware installed in a computer at Tsukuba Space Center. Before being discovered, on November 21, the malicious executable has secretly collected data and sent it outside the agency.

Unfortunately the above cyber-attacks are not episodic circumstances, confirming that Japan is a hot zone from an information security perspective, and a coveted target for cyber espionage campaigns. The list is quite long… Cognitive Dissidents. DEF CON 19 Whoever Fights Monsters Q&A [No. Josh is not a member of Anonymous] Will you be headed out to Vegas for this year’s MegaHackerWeek ? If so, I’d love to meet you. I know some people get fatigued with the scene and some of these conferences, but I personally find the week incredibly valuable.

Like with most things, you get out what you put in. Much like the RSA Conference does for the corporate/commercial side of the industry, this week in the desert is the heartbeat of the research and hacker community for the year. While our challenges in security are tremendous, the intellectual potential in the hallways and bars of Vegas is humbling and inspiring. Bacon-Wrapped, Almond Stuffed Dates with Red Wine Reduction and Bleu Cheese Crumble Highlights of Last Year Here are a few of the things I fondly remember from last year: SecBurnOut: At #BsidesLV in 2011, a few of us launched the beginning of acknowledging and studying the levels of fatigue and burnout in our industry and demographic. Windows Incident Response. Digital Forensics Blog. Sketchymoose's Blog. Forensic Focus Blog. Lost In The Flood. Journey Into Incident Response. How to Be a Good Commenter. One of the things I’m proud of here at Whatever is that the comment threads are usually actually worth reading, which is not always something you get with a site that has as many readers as this one does.

Some of this is down to my moderation of the site, and my frequent malleting of trolls/idiots/assbags, but much of it is also down the generally high standard of commenter here. I do a lot less malleting than I might have to, because the people who frequent here do a fine job at being good commenters. And I hear you say: Why, I would like to be a good commenter too! Not just here, but in other places where commenting occurs online! Well, of course you do. So for you, I have ten questions to ask yourself before you press the “post comment” button. Here are your questions: 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. Got it? Rational Survivability. So-called Next Generation Firewalls (NGFW) are those that extend “traditional port firewalls” with the added context of policy with application visibility and control to include user identity while enforcing security, compliance and productivity decisions to flows from internal users to the Internet.

NGFW, as defined, is a campus and branch solution. Campus and Branch NGFW solves the “inside-out” problem — applying policy from a number of known/identified users on the “inside” to a potentially infinite number of applications and services “outside” the firewall, generally connected to the Internet. They function generally as forward proxies with various network insertion strategies. Campus and Branch NGFW is NOT a Data Center NGFW solution. Data Center NGFW is the inverse of the “inside-out” problem. Campus and Branch NGFWs need to provide application visibility and control across potentially tens of thousands of applications, many of which are evasive.

They don’t. /Hoff. 0113. SecurityWatch | BH Consulting's Security Watch Blog. If you are looking for information about the Heartbleed bug and what you, or your business, should do next then the good news is that there is already a huge amount of information on the net and in mainstream media. The bad news, however, is that some of the advice on offer isn’t the greatest. The Heartbleed bug is a vulnerability in a component of recent versions of SSL which is used by many services across the web including banks, email providers and shops, to provide a secure connection between the service and the user.

Whilst the average web user may not be aware that they have used it, they will undoubtedly be familiar with the padlock icon in the top left corner of their browser which denotes that it is in use. At around the same time that the flaw was identified, an online tool was released that allows anyone to force a web server running a vulnerable version of SSL to dump the data it has most recently processed. Before changing any passwords you will want to know: George Hulme. Chaordic Mind: The Regulatory Compliance (PCI), Chaordic Framework, and Data Privacy Blog. December 1, 2013 November 3, 2013 January 10, 2013 November 22, 2012 May 30, 2012 January 1, 2012 December 22, 2011 October 28, 2011 May 28, 2011 May 1, 2011.

Andy Ellis. Uncommon Sense Security. Jeremiah Grossman. Andrew Hay. February 25, 2014 by Andrew Hay I had the opportunity to attend the Tenth Annual West Coast Infosec & Technology Growth Conference put on by AGC Partners on Monday, February 24th. I wasn’t able to stay for the entire day but I was able to run into a few people who I hadn’t seen in a while, couldn’t remember meeting, and people I had only ever “met” on Twitter. The panels are led by security industry experts, bankers, and investors with executives (or their designates) from various companies as panelists. What do they talk about you might ask? Well, the people leading the panel ask hard questions about the industry, threats, and opportunities. Blog. Responsibly (Heart)Bleeding By Mike Rothman Yeah, we hit on the Heartbleed vulnerability in this week’s FireStarter, but I wanted to call attention to how Akamai handled the vulnerability.

They first came out with an announcement that their networks (and their customers) were safe because their systems were already patched. You see big network service providers tend to get a heads up when stuff like this happens, and they can get a head start on patching. They were also very candid about whether they have proof of compromise: Do you have any evidence of a data breach?

So kudos were due to Akamai for both explaining the issue in understandable terms, discussing their home-grown way of issuing and dealing with certs, discussing the windows of potential vulnerabilities in the window before they started patching, and owning up to the fact that they (like everyone else) have no idea what was compromised (if anything). Then they assured customers they were protected. It’s OK to be wrong. By Rich. Blog | MAD Security. Full press release via: LONG BEACH >> Mike Murray, managing partner of MAD Security, will discuss how to better protect against cyber security breaches at a free workshop on Computer Security Threats sponsored by the Port of Long Beach on Wednesday. The workshop featuring Murray, who has more than a decade of experience helping firms fend off potential cyber threats, is part of National Cyber Security Awareness Month, which this year is themed “Our Shared Responsibility.” According to the Bureau … Read more » Joseph Sokoly is a Vulnerability Engineer here at MAD Security.

He’s been with MAD now since 2011. During his time here, he’s been involved with numerous professional service engagements and proven himself as not only a hard worker, but as an industry thought leader. Read more » Read more » Here you are. Read more » Andrew Jaquith | The STAR Team Blog | Perimeter E-Security. From the desk of Perimeter E-Security CTO Andrew Jaquith: New -as-a-Service risks, the hot mess that is Android, why your password policy stinks, and two other sizzling security predictions. In 2012, we saw increased worries about nation-state-sponsored cybercrime, mobile security, and the resurrection of an old tactic: the venerable denial-of-service attack.

On the heels of our year in review post, in which we examined a number of topics that got and held our attention in 2012, last week we unveiled five new predictions for 2013. Prediction 1: CISOs will wrestle with the risks of “as-a-Service” platforms “The Cloud,” to many, has become a way of characterizing hosted applications and services that have had some “extras” added to them: elastic usage, geo-redundancy, instant-on, instant provisioning and by-the-drink pricing. But as with every maturing technology, the cloud has split into three layers.

Prediction 2: Android’s security issues will force CISOs to take action Here’s why. Rational Survivability. So-called Next Generation Firewalls (NGFW) are those that extend “traditional port firewalls” with the added context of policy with application visibility and control to include user identity while enforcing security, compliance and productivity decisions to flows from internal users to the Internet. NGFW, as defined, is a campus and branch solution. Campus and Branch NGFW solves the “inside-out” problem — applying policy from a number of known/identified users on the “inside” to a potentially infinite number of applications and services “outside” the firewall, generally connected to the Internet. They function generally as forward proxies with various network insertion strategies. Campus and Branch NGFW is NOT a Data Center NGFW solution. Data Center NGFW is the inverse of the “inside-out” problem. Campus and Branch NGFWs need to provide application visibility and control across potentially tens of thousands of applications, many of which are evasive.

They don’t. /Hoff. Blog - Home page of RealGeneKim (Gene Kim): Tripwire founder and CTO, Visible Ops co-author, and more... I’m writing this blog post to explain briefly why I chose to accept the BSides board position, what my goals are, and provide a brief status report. Why I joined the BSides board Over the years, I’ve come to respect the work of everyone in the BSides community. I’m amazed and continually reminded of how many people BSides has positively influenced and the vibrant community they’ve created. I’ve been to three events, and during my tenure at Tripwire, we became one of the first global sponsors. In mid-December, I was asked by Mike Dahn and Jack Daniel to join them on the BSides board. My goals My goal is to help ensure that BSides succeeds in its mission: to continue to help more information security practitioners achieve their fullest potential, both now and in the future.

Clearly there have been some growing pains. A brief status report Mike, Jack and I started having nearly daily, now weekly, phone calls. On the 501c3 front, the team continues to move towards the official filing.