Bsides Tampa 2017, Brian Beaudry's 'Intro to Fuzzing for Fun and Profit' →

March 24, 2017 by Marc Handelman in All is Information, Conferences, Information Security, Secure Coding, Code, Fuzzing, Security Testing

BSides 2017, Matthew Domko's 'Alert All the Things! (Network Baselines/Alerts with Bro Scripts)' →

March 23, 2017 by Marc Handelman in All is Information, Conferences, Education, Information Security, Network Security

Tau, The Manifesto →

March 23, 2017 by Marc Handelman in All is Information, Education, Mathematics

or, Why Pi is Wrong. Enjoy the video below!

BSides Tampa 2017, Erich Kron's 'Phishing Pholks Phor Phun and Prophit' →

March 22, 2017 by Marc Handelman in All is Information, Conferences, Education, Information Security

Looked it over, how shall I say, it's lacking a certain - competency?

Are Intel SGX Enclaves Secure? Nope, Not Really...

March 22, 2017 by Marc Handelman in All is Information, Alternate Attack Analysis, Enclaves, Information Security, Lack of Security Regimen

via Catalin Cimpanu, writing at BleepingComputer, comes this well-crafted piece on the folly of secure enclaves... In this case, Intel SGX Enclaves. Enjoy.

"More details on the attacks and proposed countermeasures are available in the research paper titled "Malware Guard Extension: Using SGX to Conceal Cache Attacks." via Catalin Cimpanu at BleepingComputer

BSides Tampa 2017, Andy Thompson 's Advanced Targeted Attack →

March 21, 2017 by Marc Handelman in All is Information, Attack Analysis, Conferences, Education, Information Security

Self-Healing Endpoint

March 21, 2017 by Marc Handelman in All is Information, Blatant Stupidity, Information Security, Right to Privacy, Security Failure, Security Governance, Security Heal Thyself, Security Opinion, Demise of Privacy

Apparently, this product is now embedded in a wide range of devices (ranging from Apple Inc. to Dell Computers and more). I do architect & advise end-point security efforts in my work (agnostic that I am - I do not recommend individual products), but certainly not an embedded product in BIOS or EFI. Could it be rightly called 'The Self-Healing Endpoint of Privacy'? Has a meme been created? You be the judge - Me?, I'm going back to paper and pencil, air-gapped (of course - dammit, air-gaps are no guaranty of secure platforms either...). What to do. Tip o' the Hat.

BSides Indy 2017, Timothy De Block's 'Kick Starting an Application Security Program' →

March 20, 2017 by Marc Handelman in All is Information, Application Security, Conferences, Education, Information Security

BSides Indy 2017, Price McDonald's 'Hardware Hacking Abusing the Things' →

March 17, 2017 by Marc Handelman in All is Information, BSides, Conferences, Education, Hardware Security

via the eponymous Randall Munroe at XKCD.com

XKCD, Chat Systems →

March 16, 2017 by Marc Handelman in All is Information, XKCD, Sarcasm, Humor

BSides Indy 2017, Kenneth White's 'Crypto Defenses for Real-World System Threats' →

March 16, 2017 by Marc Handelman in All is Information, Conferences, Education, Information Security, BSides

SANS DFIR, Ronnie Tokazowski's Reversing Threat Intelligence - Fun with Strings in Malware →

March 15, 2017 by Marc Handelman in All is Information, Conferences, Education, Information Security, Forensics, Forensication

CTI Summit 2017, Threat Intelligence At Microsoft - A Look Inside →

March 14, 2017 by Marc Handelman in All is Information, Conferences, Information Sciences, Intelligence, Threat Intelligence

Machine-Based Investigation: Fully →

March 14, 2017 by Marc Handelman in All is Information, Analytics, Computation, Data That Is Big, Exploration, Fingerprinting, Information Sciences, Intelligence, Robots, Machine Learning

via Motherboard writer Michael Byrne, comes this well-wrought piece on the apparent proliferation of 'bots on Twitter, ie., the implications of algorithm-driven entities on the Twitterverse. The fascinating component to this study by Onur Varol, Emilio Ferrara, Clayton A. Davis, Filippo Menczer and Alessandro Flammini, was the utilization of a machine-learning apparatus (and the feature-sets therein) to tease out the truth. Additional documentation (in the form of the paper) is available on arXIv. Today's MustRead.

"Part of what makes the new research interesting is the sheer number of features used in the classification model..." - Motherboard's Michael Byrne

CTI SUMMIT 2017, Robert M. Lee's - Knowing When to Consume Intelligence and When to Generate It →

March 13, 2017 by Marc Handelman in All is Information, Information Security, Threat Intelligence, Intelligence, Conferences, Education

H/T

Shrinkage... →

March 13, 2017 by Marc Handelman in All is Information, Dark Web, Criminal Enterprise

Apparently, the Dark Web has shrunk... via CircleID, comes this interesting report detailing the notion.

CTI Summit 2017, Cliff Stoll's Keynote Address - (Still) Stalking the Wily Hacker →

March 12, 2017 by Marc Handelman in All is Information, Conferences, DFIR, SANS, Education, Forensics, Forensication

RSAC 2017, Quick Look: Hacking Exposed Live NextGen →

March 10, 2017 by Marc Handelman in All is Information, Conferences, Education, Information Security

RSAC 2017, Delivering Effective Security Outcomes →

March 09, 2017 by Marc Handelman in Information Security, Education, Conferences, All is Information

Trustwave Locates New VOIP Device Backdoor →

March 08, 2017 by Marc Handelman in Believe It Or Not, All is Information, What Could Go Wrong, Information Security, Hardware Security

Meanwhile, in the Infosecurity.US What-Could-Possibly-Go-Wrong Department, comes this El Reg news item detailing a report published by researchers at Trustwave, of an undocumented backdoor account in DBLTek GoIP products. The kicker you ask? DBLTek has so far failed to remediate the issue, and has left the 'door' swinging on it's creaky hinges... Oops.

"Trustwave recently reported a remotely exploitable issue in the Telnet administrative interface of numerous DblTek branded devices. The issue permits a remote attacker to gain a shell with root privileges on the affected device due to a vendor backdoor in the authentication procedure." - via the published Trustwave Report