Amazing that security breaches like the one I am about to tell you about are becoming more common…so common that the mainstream media like CNN doesn’t even report it anymore. If you haven’t read about this pretty significant security breach yet…let me briefly tell you about it… Bank of New York (BNY) Mellon and People’s […]
Raiders of the Lost Backup Tapes Read More »
I wrote an article some time ago about multiple platform password managers. At the time I talked about PasswordSafe and Password Gorilla. While both of these are really good password managers that work on Linux, Windows and OSX…Matt Neely talked about KeePass at the NEO InfoSec Forum last week and how KeePass is probably the
KeePass Password Manager Read More »
This is just classic. A TJX employee, Nick Benson, was fired for posting about security issues on the TJX internal network to this sla.ckers.org forum. Nick attempted to report security issues to his management back in 2006 (before the massive TJX security breach) and nothing changed. Apparently things like having blank passwords on servers were
TJX Employee Fired for Posting Security Issues Read More »
Looking for a fresh, new look at all the recent security news and threats? Check out the new security podcast called “SecuraBit“. The crew of the SecuraBit podcast includes Jason Mueller, Chris Gerling (you may know him from Hak5), Anthony Gartner and Christopher Mills. It’s nice to have another podcast following in the footsteps of
SecuraBit: New Security Podcast Read More »
Very good interview over at The Ethical Hacker Network with Ed Skoudis of Intelguardians. Ed talks about his career, how Intelguardians came to be, his new SANS 560 Course, and a little about his hacker challenges that he is famous for. I know several of the Intelguardians and I have a huge amount of respect
The Ethical Hacker Network: Interview with Ed Skoudis of Intelguardians Read More »
According to 2600 News, 1,500 attendees of this years Last HOPE (Hackers On Planet Earth) hacker conference will be tracked via RFID in a large social experiment which will include games focused on RFID technology. From the press release: “Players will seek ways to protect their privacy, find vulnerabilities in the tracking system, employ data
Attendees to be tracked with RFID at The Last HOPE Read More »
I won’t go into all the details since every other security blogger on earth is covering it….however, as a reminder this issue is pretty serious if you had generated any keys on affected Debian or Ubuntu systems. The best summary I have found of the issue with links to all the “toys” that have come
Debian and Ubuntu OpenSSL Vulnerability Read More »
I came across this post by Martin McKeay on the Network Security Blog today talking about changes to the Nessus license that Tenable will be starting July 31st. Martin makes some really good points and I recommend you read his post. Basically as a corporate user you will need to pay for the new “ProfessionalFeed”.
Nessus “registered” plugin feed to be discontinued Read More »
Brain Salcedo was convicted back in 2004 of hacking the Lowe’s (a national home improvement retail chain) computer network through an unsecured wireless network. Brian and his partner found the unsecured wireless network while Wardriving. Brian’s plan was to eventually tap in and siphon off millions of credit card’s through a backdoor installed in a
Lessons Learned from the Lowe’s Hacker Brian Salcedo Read More »
This is one of those security breaches that underlines the need for physical security if you are doing remodeling or construction where there is potentially sensitive customer data being held…like a bank! From the official bank disclosure: “The Hongkong and Shanghai Banking Corporation Limited confirms one of its computer servers went missing on 26 April
HSBC branch server goes missing Read More »
