Aanchal Malhotra, Isaac E. Cohen, Erik Brakke, and Sharon Goldberg wrote a paper (out of Boston University) http://www.cs.bu.edu/~goldbe/papers/NTPattack.pdf “Attacking the Networking Time Protocol” Apparently if your servers and clients (which all have NTP) have their time changed can affect various processes. To Attack … Change time by … TLS Certs … Read more
After seeing a good ISACA presentation today at the Renaissance in Saint Louis (near airport) http://www.isaca.org/chapters5/Saint-Louis/Pages/default.aspx by Josh Vander Veen with SpearTip Here are my notes: Sophistication of criminal attack is on the rise. Many small businesses have a false sense of security and say the following: I’m just a small company why would they … Read more
David Krebs story: http://krebsonsecurity.com/2015/10/at-experian-security-attrition-amid-acquisitions/ I want to focus on Board of Directors decisions to grow through acquisition, wanting to do growth securely, but in practice has lots of problems. The term I like the most is Black Box Magic. (as if security is gotten with a black box magic) image from Martin’s Magic collection: http://www.martinsmagic.com/product-tag/wagoncollector/ … Read more
http://arstechnica.com/security/2014/12/iranian-hackers-used-visual-basic-malware-to-wipe-vegas-casinos-network/ A very interesting story of Iranian hackers (whether government sponsored or sanctioned does not matter) attacked and deleted a lot of files using Visual Basic. (I know from 2014 attack – but that is when we get the most amount of data sometimes…) Apparently the billionaire owner pissed off some hacktivists in Iran after … Read more
The New Ponemon study (sponsored by HP) http://www8.hp.com/us/en/software-solutions/ponemon-cyber-security-report/index.html?jumpid=va_rmaig2786p Global Study at a Glance 252 companies in 7 countries 2,128 interviews with company personnel 1,928 total attacks used to measure total cost $7.7 million is the average annualized cost 1.9 percent net increase over the past year 15 percent average ROI for 7 security technologies Even … Read more