Archive for the ‘Information Security’ Category

Never before has a presidential candidate used technology in the way the Obama administration did during the past elections. From Youtube, to twitter tweets sent from him trusty Blackberry. Obama definitely leveraged his technilogical savvy in his favor. So then why after more than a handful of months into his term has he still not chosen a CTO for the nation? Is it due to lack of competent technology folks? Maybe he feels it is not as important as say visiting the Tonight show? Or maybe he wants to assume the responsibilities himself on the weekends and in his spare time? Techcrunch is running a poll on this very question. So take the time and head on over and share your input on this question. In a world of increasing threats to our IT infrastructure you would figure this role should be filled soon…

Read More Here …

Advertisements

This is not the first time we have mentioned the rise of computer security related crimes or pointed out the hacking of or weaknesses of many critical metropolitan infrastructures. With that said the recent hacking events first mentioned over the past weekend does again cast a big bright light on how living in our ‘digital age’ can also be our Achilles heel. Remember the East Coast Power Outage of 2007? No airports, emergency services, traffic & street lights, mobile phones, or other critical services.. Now picture that on a slightly larger scale, and you begin to understand how important events like this can be to not only us IT security folks but to the society as a whole.

The intruders, who came from countries including China and Russia, were believed to be attempting to map the US electrical system and work out how it was controlled…
…..Authorities investigating the intrusions have found software tools left behind that could be used to destroy infrastructure components, the senior intelligence official said. He added, “If we go to war with them, they will try to turn them on.

Read More Here …

It was in 2006 that the language known as RUBY was fully accepted as a standard language. The self described “open source programming language with a focus on simplicity and productivity” is one of the more powerful languages in use today. The folks over at Matasano Security (not affiliated with “matz” Y.Matsumoto the creator of RUBY) have announced the release of ‘rbkb’ or The Ruby Black Bag.

‘rbkb’ is an ever growing collection of reversing and pen-testing related ruby libraries and tools I’ve been using and evolving for a long time now.

Head on over to their site to read more.

While the concept is pretty clear the development team is having some issue with resources ($$). You can read more about the concept first shown in the Android Dev Challenge at Androidandme.com. You can also show your support for the dev team by voting for them to help get some funding here.

I am pretty excited to see this project mature and release a workable version. In my opinion this would pretty much be cake for Android security which is already is ahead of the pack in this field.

As posted in the “Waiting for the Worms” article below the conflicker worm was MIA on April 1st along with all the Gloom N Doom forecasted by the IT security industry. There is an interesting article posted by SearchSecurity.com that talks about not only possible reasons for the fizzle of the worm but also the impact these “Crying Wolf” scenario’s can have on the security industry. Will we get to a point where these warning will be ignored? Is that maybe the intention of some of these skilled attackers? How about end users who could of patched this 6 months back but still may have not until something as hyped as this? .. Many good questions still to be answered.

Read More Here

Unified threat management (UTM) is a promising approach to consolidating security controls, including firewalls, intrusion prevention, anti-virus, content filtering, and reporting.

Read More Here

As anyone who have heard any news media source lately may already know. Today is April Fool’s Day, and also “worm” day. For those that are unfamiliar the worms first started back in 1988 and was released by accident (so the story goes) by a researcher named Robert Morris. Today this has evolved quite a bit but the overall concept is still the same, create some malicious code that can move freely to any exploitable system it can talk to. While the build up for the today’s worm may have been part hype and part prior preparation, it is still a real reminder of how vulnerable our technology is still. For today’s threat make sure you are patched and safe.

It is common to read about various social engineering attack scenario’s in many of today’s IT security based books. None the less just like the need to constantly drill this information into the minds of the non tech users of many organizations. It makes for a better story when the scenario can be drawn from real world experiences. SearchSecurity had an excerpt from the book titled “The Truth About Identity Theft” that cover the topic in this exact way. But of course this would never happen in your organization now would it? (as they say ignorance is bliss)

Read More Here

Since I did not get out to Black Hat DC last month I was just reviewing the papers and came across one very interesting one. Aside from the white paper I also enjoy the story about the new “Friends” disclosing such an exploit brings. All in all a good read and just more wood for the fires of security threats in our digital age.. I should point out that the founder and CEO of the company to disclose this is pretty hot, and the fact that she is smarts.. and can hack increase the hot meter by at least x10.

Read more about it here

A newer trend in the field of “Hacking” is the use of “Hacker Spaces”. Picture a community lab with various hardware/software for you to refine your skills in a controlled and safe environment. While this may not be a way to gain true real-world experience. It does help nuture your skill from a casual or novice hacker to someone who can say “I can do that!”.

Read more about Hacker Spaces

Think your ready for the big time now? Then head on over to the Defcon Capture the Flag competition in July/Aug.. I will see you there!