Infosecurity.US

Information Security & Occasional Forays Into Adjacent Realms

  • Web Log

via the White Paper mentioned herein.

Alejandro Hernandez's Exposing Security Weakness in Stock Trading Tech →

August 10, 2018 by Marc Handelman in Must Read, Information Security, Security Testing, Security Research, Application Security

Superlative security research is still coming out of the IOActive game-changing environment (this has been going on for years now - how do they do it...).

Case in Point: The work of Alejandro Hernandez and his current project targeting the apparent insecurity of some (but not all, mind you) stock trading applications so popular amongst the budding young (and old - don't forget the greybeards) kings and queens of capitalism.

In the case under scrutiny, a highly detailed - most importantly: thoroughly accurate - examination of a large number of commercially available applications executing their binary bits on a variety of platforms. Read all about it on Mr. Hernandez's blog post at Iocactive, and white paper. You'll be glad you did.

August 10, 2018 /Marc Handelman
Must Read, Information Security, Security Testing, Security Research, Application Security

2018 Cymmetria MazeRunner Community Edition Announced →

February 02, 2018 by Marc Handelman in Security Testing, Security Tooling, Information Security, Network Security, Deception

Gadi Evron has announced the latest edition of Cymmetria MazeRunner Community Edition. I'm particularly interested in the Python Enhanced Responder.py/Pass-the-Hash deception capabilities. Enjoy!

February 02, 2018 /Marc Handelman
Security Testing, Security Tooling, Information Security, Network Security, Deception

Dr. Chuvakin's Prescription: 'On Negative Pressure ...'

January 25, 2018 by Marc Handelman in Brilliant, Security Tooling, Security Testing, Security Strategy, Information Security, Cybersecurity

via Anton Chuvakin, Ph.D., Research VP and Distinguished Analyst at Gartner, speaks security truth to power. Pay attention folks - your organization's security and continued existence could very well depend on the action you take in your environments, based what he has to say.

January 25, 2018 /Marc Handelman
Brilliant, Security Tooling, Security Testing, Security Strategy, Information Security, Cybersecurity

Kali, The Distro of Cloud GPUs →

April 28, 2017 by Marc Handelman in All is Information, Information Security, Network Security, Penetration Testing, Security Testing, Security Tooling, KALI

News - via El Reg writer Simon Sharwood, of new capabilities within Kali Linux distro (version 2017.1). The standout addition: The leveraging of cloud-based GPU infrastructure to crack pasword objects. Outstanding.

April 28, 2017 /Marc Handelman
All is Information, Information Security, Network Security, Penetration Testing, Security Testing, Security Tooling, KALI

Webroot, The Latest SNAFU →

April 25, 2017 by Marc Handelman in All is Information, Security Failure, Information Security, Governance, Security Governance, Security Heal Thyself, Security Testing, Vulnerabilities, Vulnerability Research

Iain Thomson, writng at El Reg, reports on Webroot's latest SNAFU. I'll leave it to his illustrative prose to tell the tale.

April 25, 2017 /Marc Handelman
All is Information, Security Failure, Information Security, Governance, Security Governance, Security Heal Thyself, Security Testing, Vulnerabilities, Vulnerability Research

Bsides Tampa 2017, Brian Beaudry's 'Intro to Fuzzing for Fun and Profit' →

March 24, 2017 by Marc Handelman in All is Information, Conferences, Information Security, Secure Coding, Code, Fuzzing, Security Testing
March 24, 2017 /Marc Handelman
All is Information, Conferences, Information Security, Secure Coding, Code, Fuzzing, Security Testing