The Security Blogger

SSL Strip – Breaking Secure Websites

admin — Thu, 16 May 2013 16:53:35 +0000

Aamir Lakhani wrote a overview of how to perform a ssl strip attack. The original post can be found HERE SSLSTRIP LAB Before beginning the lab, make sure you have Backtrack 5 R3 VM imported into VMWare Player/Workstation/Server/Fusion, or what … Continue reading →

How Hackers Crack Weak Passwords

admin — Mon, 13 May 2013 00:19:56 +0000

People use weak password practices to secure critical information. Weak password practices include using the same password for multiple systems regardless of the value of the asset, dictionary words, short phases and keeping the same passwords for extended periods of … Continue reading →

Verizon’s 2013 Data Breach Investigations Report

admin — Mon, 06 May 2013 19:42:01 +0000

Verizon recently released their annual Data Breach Report (download HERE). This report is based on statics from 19 organizations and showcases 621 security breaches and 47,000 security incidents with the goal of educating the public of the current risks from … Continue reading →

5 Steps to Take Right After Suffering a Cyber Security Breach

admin — Fri, 26 Apr 2013 14:46:30 +0000

Thanks to my guest writer Kyle Olson for this post. Kyle’s bio is below. Security breaches on your website hosting servers and any other server based online assets are no laughing matter. Suffering one of these breaches can mean anything … Continue reading →

Defining The Difference Between A Penetration Test, Vulnerability Assessment and Security Audit

admin — Mon, 15 Apr 2013 17:58:38 +0000

The terms Penetration Test, Vulnerability Assessment and Security Audit are often blended together when requested by clients or offered by security service providers. All three terms have security aspects however are very different regarding what purpose they serve as well … Continue reading →

Installing Lancope StealthWatch on a Mac mini for Small Lab

admin — Wed, 27 Mar 2013 23:24:08 +0000

Lancope enables visibility for security and network performance. Security capabilities focus on identifying insider threats such as botnets, malware and data loss using non-signature network wide correlation of all traffic. Pretty much anything touching the physical or virtual network leaves … Continue reading →

Situational Awareness For Cyber Threat Defense

admin — Mon, 18 Mar 2013 12:16:19 +0000

Aamir Lakhani did a great post on Situational Awareness. The original post ca be found HERE Illustration by Kekai Kotaki Problem Cisco Systems in their Cyber Security Threat Defense white papers outlines how the network security threat landscape is evolving. They describe how modern … Continue reading →

Cisco’s Cyber Solutions – What Is Happening In Your Network

admin — Mon, 04 Mar 2013 13:43:50 +0000

Today’s threat landscape is loaded with malicious websites, malware and other risks that attack users every nanosecond of the day. There isn’t a single product available that can guarantee protection from cyber threats. Older solutions leveraging static technologies such as … Continue reading →

PART 2 “The Attack” – THE SOCIAL MEDIA DECEPTION PROJECT : How We Created Emily Williams To Compromise Our Target

admin — Wed, 20 Feb 2013 12:27:27 +0000

Last year Aamir Lakhani and Joseph Muniz developed a fake identity known as Emily Williams with the purpose of compromising a specific target using social media. We created Emily Williams based on research from Robin Sage, which showcased how a … Continue reading →

The Importance of a BYOD Policy for Companies

admin — Thu, 14 Feb 2013 14:34:53 +0000

Here is a guest post from Pierluigi Paganini. He is a security researcher for InfoSec Institute. InfoSec Institute is an information security training company now offering a mobile computer forensics course. The IT landscape is dominated by the rise of paradigms such as cloud computing, … Continue reading →