14 years ago was a bad day in US history: And it was unfortunately not predicted by anyone, there was no formula to look at and say yes we knew that was going to happen. So remember just when you think you know your life is in a certain shape and format. It … Read more
I want to highlight 2 current articles: http://www.infosecurity-magazine.com/news/pawn-storm-serves-malware-via-fake/ and http://googleonlinesecurity.blogspot.com/2015/07/new-research-comparing-how-security.html It is best to use good passwords, 2factor authentication, and patch your systems The first article points to how a fake website was set up and delivers a zero-day java exploit attack onto unsuspecting users as they come in the website, and you … Read more
The Oracle CSO (Chief “Security” Officer) statements show a misunderstanding of IT security principles. IT-Security BlogNotions post is appropriate: That is why I came up with “Don’t Expose My Code Bro” I am afraid that a lot of Executives do not understand security principles within the IT industry. Let me help you understand a bit … Read more
Grant Bugher with perimetergrid.com had a talk on the DEFCON101 track. “Obtaining and Detecting Domain Persistence” As the slide above states, it is not about _how_ to hack a domain. But assuming someone has – now what? 1st Process start command line logging and PowerShell logging enabled on all systems. 2nd SysMon(Sysinternals Monitoring Service) … Read more
According to TonyZ (Fixvirus.com) DefCon23 100 talks and pdf’s I chose 3 to focus on: Added a fourth later in day :). Created a separate post with another-5th: http://oversitesentry.com/defcon-talk-your-domain-is-compromised-now-what/ ) Risk discussion: Bruce Potter A hacker’s Guide to Risk Risk”vs.”Threat”vs.”Vulnerability Risk”tends”to”be”bigger/more”general”than”threat.” Multiple”threats”can”role”up”in”to”a”single”risk Threats”rely”on”vulnerabilities”to”be”realized and more good risk info… to come. WiFi IDS/Firewall for windows: Vivek Ramachandran There is … Read more
