Should Facebook Manage Password Recovery?

Back on February 22nd, we discussed Facebook’s new Delegated Account Recovery feature.  Basically, if you should for some reason forget your password to any account, or lose your two-factor authentication device (smartphone), and can no longer get into your account, Facebook will help you recover the account, as long as it is one that is enrolled with Facebook.

This is not the same thing as password managers like DashLane or LastPass, although ...

Continue Reading →
0

Hacker Tools for Pen Testing

On Wednesday we took a look at a collection of mostly web-based reconnaissance tools.  Today we are taking it to the next level and actually attempting to find and exploit vulnerabilties.

Kali Linux – This is a pen-testers version of Linux that comes fully loaded with over a hundred testing applications.  Kali can be installed in any  old laptop you have laying around, installed as a virtual ...

Continue Reading →
0

Hacker Tools for Information Gathering

When starting an security assessment or penetration test with a new client, often the first step is information gathering or reconnaissance. Sure, you could just ask the client for the information you want, but where’s the fun in that?  Here is a list of tools to use to find information that they may not know is publicly available.

Google hacking or Google “dorks” – Johnny Long literally wrote the book about ...

Continue Reading →
0

What Are You Letting OUT of Your Network?

I had an interesting question from a client last month.  They were looking for guidance on “egress filtering.”  Egress filtering is the concept of tuning your perimeter defenses (firewalls, routers, IDS*, and UTM* devices) to review and restrict the flow of information that is leaving your network.

Historically, most perimeter defenses are are designed to keep ...

Continue Reading →
0

Report and Recover from Identity Theft with New FTC Service

Identity theft is a crime that can take years to recover from.  One of the early problems for an identity theft victim has been the requirement to file a police report.  Many police departments do not devote much effort to identity theft, so sometimes getting the police to actually create a report and provide you with a report number can difficult.  If ...

Continue Reading →
0

Anti-Drone Tactics

Drones have become the must-have item for many people this year.  Some of them are your neighbors, and they may be annoying you or intruding on your privacy.  On the other hand, it may be a member of our military hunting a terrorist.  Or, increasingly, it may be a terrorist using a drone to provide surveillance, or worse yet, deliver something deadly like ...

Continue Reading →
0

The Google Docs Hoax: What Have We Learned?

It has been a couple of weeks since the Google Docs hoax spread across the Internet like wildfire.  What have we learned about this exploit?

Originally this appeared to be a phishing campaign, but phishing emails are spoofed clever replicas.  These emails were the genuine article, and were sent from Google mail servers, from the hijacked Google accounts of people you were likely to know.  This made the exploit difficult to ...

Continue Reading →
0

The Economics of the Tech Support Scam

We have reported a few times about the tech support scammers who use cold-calling phone lists or browser pop-ups with 800 number “support” lines to trick people into paying $300 or more for “malware removal” and other services that the computer doesn’t need.  And the pop-ups can be scary and convincing as in the example image.

Naked Security recently reported on the work ...

Continue Reading →
0

Linksys Wireless Routers Have Security Vulnerabilities

Research firm IOActive recently released a an article that revealed some serious security deficiencies on popular Linksys Smart Wi-Fi products.  They have notified Linksys, and Linksys is working on the firmware upgrades that will be necessary to fix these issue, and they have issued a security advisory.

Among the vulnerabilities discovered:

  • Unauthenticated attacker can create a ...
Continue Reading →
0
Page 14 of 23 «...101213141516...»