Best Password Management

Due to the bad password practices of the general population, the latest example is the Sony Pictures hack uncovering the passwords of Sony Pictures employees(as well as SSN and more):     As in our previous post where  we discussed the hack. Now various forums are picking apart the very bad password practices of Sony Pictures … Read more

Penetration testing example: exifdata function

SANS pen tester  has an excellent example (guest written by Chris Andre Dale)  and also a new Zero-day Cross Site Scripting(XSS) example at SANS pen testing blog http://pen-testing.sans.org/blog/pen-testing/2014/12/04/cross-site-scripting-through-file-metedata   The vulnerability is based on exif data in jpegs: http://www.digital-photo-secrets.com/tip/38/what-is-exif/ You can view the EXIF data in Windows7 by right clicking on the image, choosing Properties and … Read more

SPOE – Second Pair of Eyes

When is it necessary?  when entering an important command into a critical system that affects thousands of users. Or when you have to review your network to make sure no holes are found. the attacks on your network are relentless: Bad hackers  will attack your network and own your machines.   Once they own your machines … Read more

Manage a website?

On the Internet if you manage a website then you should update the system in such a manner so that it should not get hacked. If the machine gets hacked you may inadvertently attack other systems.  Hackers are looking for systems to control (owning or p0wned) How are you certain that your IT department is … Read more

Now North Korea may be behind Sony Pictures hack

Wall Street Journal  article   Ever since the odd Press release from north Korea which clearly meant that they were not very happy with the new movie about 2 US spies attempting an assassination of the North Korean leader. FireEye seems to think so ABC news story they have an interesting threat map: https://www.fireeye.com/cyber-map/threat-map.html FBI … Read more