When starting an security assessment or penetration test with a new client, often the first step is information gathering or reconnaissance. Sure, you could just ask the client for the information you want, but where’s the fun in that? Here is a list of tools to use to find information that they may not know is publicly available.
Google hacking or Google “dorks” – Johnny Long literally wrote the book about Google ...Continue Reading →
Drones have become the must-have item for many people this year. Some of them are your neighbors, and they may be annoying you or intruding on your privacy. On the other hand, it may be a member of our military hunting a terrorist. Or, increasingly, it may be a terrorist using a drone to provide surveillance, or worse yet, deliver something deadly like a ...Continue Reading →
What if there was a new phishing scam that had an open rate of 90%. That’s right, this phishing email is so believable, 90 out of 100 recipients open the the attachment or click on the link without a second thought.
These attacks begin with the scammer researching the target victim. These targets usually work at companies where there is a lot of air travel. ...Continue Reading →
Everything you can think of and many things you have never dreamed of are being manufactured with little Linux operating systems and wireless Internet connections. Or in simpler terms, a brain, storage, and communications ability. This is the Internet of Things (IoT). Lots and lots of “smart” devices talking to each other and phoning home to some data collection or dissemination point. If only the people who are designing these devices, ...Continue Reading →
Believe it or not, two out of three people in the United States have had their personal information stolen by cyber-criminals. The likelihood is that this has already happened to you, and if not, it will happen eventually. And if it has happened, it will probably happen again. Why is this?
Even if you never click on a phishing email, and ...Continue Reading →
I know many people who are religious about deleting their cookies and browser history in an effort to improve their online privacy. I know others who have carefully gone through all the security settings on their browsers, and social networking sites for the same reason. If this sounds like you, I have bad news.
I’ve been using Opera to browse the web, and trying out the ad-blocking feature and the location cloaking “VPN” ...Continue Reading →
US-CERT just released more information about the Grizzly Steppe cybercrime group who has been fingered for hacking the DNC and US voter registration databases. The short report, titled Enhanced Analysis of GRIZZLY STEPPE Activity, makes interesting reading, especially if you are interested in finding out more about state-sponsored political espionage. See pages 4-7 for the main story.
The Grizzly Steppe group is certainly ...Continue Reading →
I read an interesting article on Naked Security the other day about how Hamas had used Facebook and social engineering tactics to trick Israeli soldiers into installing surveillance malware. The malware allowed Hamas to track the soldiers using the phone’s GPS, and to turn on the microphone and video to actually listen in and and watch their targets. Hamas undoubtedly picked up the malware ...Continue Reading →
On Wednesday we looked at several of the important takeaways from this year’s Cyber Security Summit. Here are a few more.