Reports indicae, commercial banking institutions in the United States are peeved with the federal response to data security related attacks (evidence fingers Iranian sources for the specific attacks under scrutiny)...
Security Bloggers Network
ICANN blog
TeamSHATTER
Cryptography News
Ms. Smith
SANS Internet Storm Center, InfoCON: green
May 2013
Search
2013.05.02
2013.04.15
Metasploit: ARMITAGE Removed From Distribution
News, via Raphael Mudge, of the removal of graphical user interfaces utilized within the Metasploit environment. In essence, Armitage has been dropped in the
Metasploit 4.6 distribution.
Ostensibly dropped by the Metasploit Project to disambiguate supported product responsibility, both are still availble and under active development for inclusion in customized environments for your penetration testing efforts. Notwitstanding the lack of a default install [through the Kali Linux install routines] the Kali Linux team has included an Armitage package [apt-get install armitage] in the repository.
2013.04.12
Metasploit Pro + OWASP Top Ten 2013 Test Capabilities
News, via Rapid7's Christian Kirsch, of the Metasploit 4.6 release. This time, with the inclusion of OWASP Top Ten 2013 testing capability support - once the Top Ten 2013 (currently in release candidate stage, as of this posting) are unleashed, that is.
2013.03.29
2013.03.25
2013.03.08
A Call to Arms - Clean Up Google Play
News, via the inimitable Brian Krebs, detailing the astonishing malfeasance displayed by Google Inc. (NasdaqGS: GOOG) in policing the Google Play storefornt. Essentially, Krebs On Security reports discovering a thriving marketplace in the buying and selling of verified developer accounts by Android malware authors. Thinking about moving to the Android platform? Think again. Read it and weep.
2013.03.04
Evernote, Attacked
Saturday, twas a wet and stormy day... First came a new sub-version update to Evernote, then comes word of a service-wide password reset due to suspicious activity...
'The investigation has shown, however, that the individual(s) responsible were able to gain access to Evernote user information, which includes usernames, email addresses associated with Evernote accounts, and encrypted passwords.' - Evernote' Operations & Security Team
2013.01.25
2013.01.14
Attribution, Lack of
Meanwhile, in flawed intelligence analysis news (now promoted by elected officials) the latest 'Iranian State Sponsored Financial Institution Attacks' attribution statements lack both clarity and firm evidential artifacts. Kudos to InformationWeek's' Mathew J. Schwartz for making the appalling flaws clear.
Notwithstanding the reported lack of evidence, the reality of the overt linkage between and betwixt the Iranian national defense infrastructure (e.g., the IRIA, Gendarmerie, IRGC, Oghab 2, Quds Force, and the Army of the Guardians of the Islamic Revolution, etc.) and external-to-the-government hacker collectives is is just that - overt, rather than covert.
The smoking gun, as it were, will likely target those Iranian nationals [rather than the theocratic State]; but again, predicated on conjecture, rather than evidentiary proof.
Whilst a multitude of electronic acts of warfare can be sourced to the Islamic Republic of Iran or the nations-states' thralls, the current activities cannot yet be attributed with finality of judgment. The key concept here is evidence leading to a reasoned and prudent understanding of attribution within the scope of information security and electronic warfare realms, specifically focused on the attacks under scrutiny.
2012.12.17
2012.11.05
PortSwigger Releases Burp 1.5
News, of the latest release of Burp, now at version 1.5 by PortSwigger. A superb solution for discovering vulnerabilities in your web applications, the free version is available as well. Outstanding.
2012.10.29
Facebook Goes Off The Record
$5.oo for nearly 1 million UIDs revealed during supposedly confidential discssion between social network behemoth Facebook and Czech blogger Bogomil Shopov.
2012.09.26
2012.09.25
2012.09.19
2012.07.13
Dis-Harmony, The Crackage
Not the conventional view of a happy ending - more on the eHarmony dump and crack, with reports of the majority of password objects cracked by Trustwave's SpiderLabs (utlizing two of our favorites - John the Ripper and oclHashcat).
2012.07.12
TOR, Surveilled
Another well crafted screed from the inimitable John Leyden of El Reg - this time detailing the dust-up between and betwixt CyberRoam and the TOR project. Allegations of mass surveillance are rampant, whilst answers are apparently not up to snuff...
2012.06.29
2012.06.14
Germanischen Cyberkrieg
Evidently, the Germans have their very own electronic warfare unit... What next - an electronic Ligne Maginot française - on the opposite side of the now, non-existent, electronic border? Astonishing.
2012.06.13
2012.06.12
2012.05.22
Nitrozac and Snaggy: Investment Grade Facebookery
via the comic genius of Nitrozac and Snaggy at The Joy of Tech™
2012.05.21
Twitter's Feet of Clay
Outstanding screed, crafted with thoughtful erudition, by the inimitable Dustin Curtis; in which, the good Curtis illuminates the peccadiloes of Twitter, et al.
2012.05.10
2012.05.09
Stand Your Cyberground
Insightful article, via The Atlanic's Dr. Patrick Lin [The Good Doctor is the director of the Ethics + Emerging Sciences Group, at California Polytechnic State University, San Luis Obispo] , targeting the Cyber Intelligence Sharing and Protection Act (CISPA). Dr. Lin's screed is far more erudite than any comment I could make, as such, I highly recommend detailed scrutiny of his post. Today's MustRead.
2012.05.08
The Pulse of SSL
via Ivan Ristić, author of ModSecurity, and Apache Security, and one of the great minds in information security today, comes news of The Trustworty Internet Movement SSL Pulse. SSL Pulse, is essentially, a information dashboard provisioning significant data relevant to the current state of the SSL ecosystem, if you will. Absolutely Outstanding.
2012.05.01
TLS/SSL SNAFUs Lead To Flawed Site Security, Go Figure...
Evidently, site and web administrator's need a refresher course in socket and transport layer security configurations... Not particularly surprising, that.
2012.04.30
Litany of the Great Unpatched: 13 Year Old Oracle TNS Listener Flaw
News, of a thirteen year old Oracle Corporation (NasdaqGS: ORCL) Transparent Network Substrate Listener (TNS) flaw, reported, in error (a timing error, not in essence)... Regardless, flawed listener bits permit egregious Oracle Database attacks. Oops, all-around.
