Test your Bash Shell

how to test for vulnerable Bash shell: Execute the following: $ env x='() { :;}; echo vulnerable’ bash -c “echo this is a test” on the command line, if it comes back with this is a test then the system is vulnerable If the system returns: bash: warning: x: ignoring function definition attempt bash: error … Read more

Who to trust to “hack your systems”?

Taosecurity has an interesting post.  Is your network a jumble of wires andnetwork equipment but not yet ordered? Hiring a 19 year old hacker without an Associates degree and some hacking knowledge does not make a secure corporate environment. The ststaement by blogger Richard Bejtlich “Young has repeatedly assigned Brewer to hack into Butler’s computer system. … Read more

Password changes – how to keep track of passwords

The Onion gives a joking reference as to how some choose their passwords.  Putting your livelihood in the ability of hackers to guess your favorite TV show is funny. Some in the security industry recommend passwords to be built with lots of special characters 8 digits long, upper and lower characters, even as that method … Read more

The Psychology of security

Why do we continue to live with the situation that we have? Why are we willing to live with risks?   It has been shown from the ever capable Bruce Schneier youtube and his blog posts Humanity is risk averse when it comes to gains and risk seeking when it comes to losses. Here is a … Read more

What systems did the attacker access?

Will your company ever ask this question?     Hopefully the FBI does not call you … As Jim Aldridge from Mandiant says in this youtube video the first thing that will happen is the FBI will call you in a somewhat cryptic manner… Tell you the systems that were compromised and what systems compromised them. That’s … Read more