Essential Hacking Tools

Kali-logo2Here is a short list of applications that I use frequently when undertaking a penetration test of vulnerability scan.  I don’t use all of these all the time, but they are probably the most popular tools in the security community.  We start with Kali, the Swiss Army knife of exploitation tools.  What can’t Kali do?  Then we look several stand alone tools for host enumeration, port scanning, packet sniffing, vulnerability detection, password ...

Continue Reading →
0

Sunday Funnies – Old Tech Lives

8-inch-floppy-diskNot sure how funny this is.  According to Smithsonian.com, the U.S. Department of Defense still uses floppy disks for its Strategic Automated Command and Control System.

The system is still in use because, according to the a Pentagon spokesman, “it works.”  He also was touting the built in “security” in using a technology so old that most modern hackers would not be familiar ...

Continue Reading →
0

NIST Nixes TFA Via SMS

NISTHoly acronyms Batman!  What the heck does this headline mean?  Well, the National Institute for Standards and Technology (NIST) has removed two-factor authentication (TFA) via short-messaging service (SMS) from the approved list of two-factor authentication methods.  The reason is that SMS is an unencrypted service, and the lack of encryption makes it too insecure for use in Federal authentication systems.  NIST is recommending that all companies ...

Continue Reading →
0

Which Is Better – SMS or App-based TFA?

google-authenticatorI am a firm believer in, and user of two-factor authentication (TFA or 2FA).  Heck, if there was three-factor authentication I would probably sign up.  The two most popular authenticator apps are Authy and Google Authenticator.  I primarily use Google Authenticator wherever I can.  I use SMS when Authenticator isn’t an option, or won’t work.  I had trouble, for instance, getting Facebook to work and ...

Continue Reading →
0

Changing Passwords Regularly May Be Insecure

password1Bruce Schneier had an interesting post where he attacked the commonplace practice of requiring regular password changes.  Usual corporate IT policies require changes every 90 days, and in some high security environments, more frequently than that.

The basic issue with frequent password changes is that humans will create a system that makes it easy to remember the next iteration of the password.  This ...

Continue Reading →
0

Recovering from Ransomware

teslacryptYou have trained your staff and improved your defenses.  In spite of your best efforts, you have an active case of crypto-malware running on a system in your business.  How do you recover?

Here are the steps to recovery:

  • Disconnect the affected system from the network by removing the Ethernet network cable connection or turning off the Wi-Fi connection.
  • Determine if the encryption process has completed.
    • If so, leave the system running, but disconnected from the network. ...
Continue Reading →
0

Detect and Defend Against Ransomware

maktub-lockerEncryption ransomware can be a devastating event if it happens to your or your company.  The three solutions are basically pay the money, restore from backup, or accept your losses and move on.  All are expensive, and some can be severe enough to drive a business out-of-business.Monday we gave you several ways to prevent, or at least prepare a response to a crypto-ransomware exploit.  Today we are going to look at early ...

Continue Reading →
0

Prepare and Prevent Ransomware Attacks

cryptolockerThis week we will be focusing on preventing, detecting, and recovering from the many variants of the crypto-ransomware exploit.  Ransomware attacks, such as CryptoLocker, CyrptoWall, Locky, Chimera, Zepto, and the like, have become one of the best money-making exploits for cyber-criminals, with new variants appearing on the scene every month.  These attacks usually start with a phishing email and a ZIP file attachment or a malicious link, so email vigilance can help. ...

Continue Reading →
0
Page 1 of 87 12345...»