Russian cyber-criminals are hard to arrest, because there is no extradition treaty between the US and Russia. The Russian government allows them to prosper as long as they do not attack anything in Russia. The Russian government also contracts with these criminal groups when they need some state sponsored hacking done, a la Grizzly Steppe. In Russia, these guys are considered to be just very successful business men. They have achieved ...
I will also be speaking at this event, also sponsored by First State Bank and Trust. This will be at the Stillwater Public Library, 224 Third St No, Stillwater, MN 55082, from Thursday May 4, 2017, from 8:00 am to 9:15 am.
Here is the EventBrite link.
Up to 95% of network intrusions are invited by ...
Continue Reading →
Everything you can think of and many things you have never dreamed of are being manufactured with little Linux operating systems and wireless Internet connections. Or in simpler terms, a brain, storage, and communications ability. This is the Internet of Things (IoT). Lots and lots of “smart” devices talking to each other and phoning home to some data collection or dissemination point. If only the people who are designing these ...
Many social network sites make it too easy to overshare personal information. An innocent post to Twitter or Facebook, or pictures uploaded to SnapChat or Instagram can help a criminal target you. Online posts that identify your location, your travel and vacation plans, your employer, your home, and your personal possessions can be used by criminals to plan an crime. ...
US-CERT just released more information about the Grizzly Steppe cybercrime group who has been fingered for hacking the DNC and US voter registration databases. The short report, titled Enhanced Analysis of GRIZZLY STEPPE Activity, makes interesting reading, especially if you are interested in finding out more about state-sponsored political espionage. See pages 4-7 for the main story.
The Grizzly Steppe group is ...
Continue Reading →
NIST is working on new authentication standards, and there are some surprising changes coming out of this effort. One of the issues that NIST is dealing with is the use of biometrics for authentication. But there are problems with biometrics. Here they are from the NIST Special Publication 800-63b. Emphasis is mine.
For a variety of reasons, ...
Continue Reading →
We have complained in this blog about the plethora of Internet connected IoT devices that are being sold without anything approaching meaningful security to an unsuspecting public. A notable exploitation of IoT devices was behind the Mirai botnet, which shut down significant parts of the Internet for a couple of days.
But other disasters await, for instance, the easy access of web cams from the ...
Continue Reading →I have been working my way through a Cybrary course titled ” Incident Response and Advanced Forensics.” In it I came across the following slide, and what interested me was how it juxtaposed the Lockheed-Martin Cyber Kill Chain against a lower row of defensive tactics. The last option, hidden beneath the instructor’s image, is “Destroy.”
Where did this intriguing ...
Continue Reading →
Is a good offense? If you or your company has been a victim of cyber-crime, I am sure you have had fantasies about back-hacking the perpetrators back to the stone age. Or having some sort of magic button phone app that would do the same thing.
Currently, the bad guys are running the offense, 24/7/365. The good guys are limited to defense only. There ...
Continue Reading →
On May 25 2018, new regulations will go into effect in the European Union called the General Data Protection Regulation (GDPR). If you are doing business in Europe, this will affect your business. If your website collects personal information and other data from European site visitors or customers, this will affect your business.
The Europeans take personal privacy, especially online privacy, much ...
Continue Reading →