DARKNET- Know it – Learn it

 also called the “Deepweb” Guess what the IRS was hacked, which actually means we were hacked. http://arstechnica.com/security/2015/05/report-irs-admits-its-been-hacked-tax-info-stolen-for-100000-plus/ In the thousands of breaches all over the world, the criminals are building a dossier data file on all of us that have any PII – Personal Identifiable Information. Addresses (old and new), answers to questions like what … Read more

How-Why Hackers Do What They Do?

After a long Weekend  I wonder if there is a good enough understanding of how(and why) hackers do what they do – i.e. What makes a hacker want to take control of an airplane just to see if they can do it? There is a widely discussed Wired article: http://www.wired.com/2015/05/feds-say-banned-researcher-commandeered-plane/  about hacking an airplane and potentially … Read more

Memorial Day 2015 Thoughts

http://www.wsj.com/articles/SB118014402282815483 An excellent tribute and a very good expanation in 2007 Memorial Day and today 8 years later:   Once we knew who and what to honor on Memorial Day: those who had given all their tomorrows, as was said of the men who stormed the beaches of Normandy, for our todays. But in a … Read more

Are We Falling Behind on Patching Computers?

I.e. Bruce Schneier quote: Can we patch vulnerabilities faster than attackers can exploit them?   The University of maryland, College park has a website project: https://www.umiacs.umd.edu/~tdumitra/blog/2015/04/15/impact-of-shared-code-on-vulnerability-patching/ In my opinion the crux of their vulnerability survey is in this graph(also from Univ of Maryland link):   The end result of this survey was that how long vulnerabilities … Read more

Another Major Security Flaw (Website Encryption Technology) Called Logjam

A new report came out  https://weakdh.org/imperfect-forward-secrecy.pdf     The group of researchers created a website to explain their findings: The Logjam Attack (https://weakdh.org) It looks like they also did a scan of the Internet (this is typical of security researchers using zmap.io) and found over 8.4% of Top1 million domains were at risk. This means … Read more