Bank Hacked In Minutes – Executives Don’t Know Nothin

In less than a minute a Hacker found out that the bank was giving out too much information. http://sijmen.ruwhof.net/weblog/584-how-i-could-hack-internet-bank-accounts-of-danish-largest-bank-in-a-few-minutes As the hacker studied the website information, it was evident that it will not take long to hack the website. Which means access to customer server information, so that means PII (Personal Identifiable Information), banking information … Read more

We are Hacked – Firewall Useless – Now What?

Why did we get hacked?  Is a common refrain after a breach. Thousands of businesses got hacked last year (and this year) as in my previous post: http://oversitesentry.com/analyzing-data-breaches-can-we-tolerate-status-quo/ We believe in our technologies, in automation in firewalls There are many aspects of potential weakness – and all weaknesses will be taken advantage of. The only way … Read more

Patching Ur Computers – Actually Reduces Risk

Patch Tuesday  August ( 8/11/2015) Here is Microsoft patch Tuesday August 2015 edition https://technet.microsoft.com/en-us/library/security/ms15-aug.aspx   How can I say that unpatched computers will get hacked? Any Metasploit pentester will tell you this. Metasploit is a nifty program (runs on Linux) that will attack computers with various attacks and payloads. It takes advantage of people who … Read more

Defcon Talk: Legacy System AS400 Hacked

Bart Kulach has a pdf from this year’s Defcon23  “Hack the Legacy! IBMi (aka AS/400) revealed” He recommends to check the website he set up http://www.hackthelegacy.org/ The items he has focused on are the privilege  escalation issue in this slide:   There are some good suggestions for a standard audit of your AD Check your group … Read more