Last Wednesday I gave a presentation to the Northeast Ohio Information Security Forum on Maltego which is a fantastic tool for information gathering. The presentation focused on a high level overview of the application and how it can be used for all types of security related work including security assessments, investigations and helping find public […]
Information Gathering with Maltego Read More »
Over the weekend I posted my first article on Social Network/Media security over at Blogsecurify. You can check out the post here. My next article will talk about the security of third-party applications and widgets for social media applications.
Exploiting trust in social networks Read More »
This article was just too good and worthy of a blog post…apparently a MI6 digital camera went missing and went up for sale on eBay…for only $30. The kicker is that the camera’s memory card contained the following information: Via Reuters: “Its memory had names of al Qaeda members, fingerprints and suspects’ academic records as
MI6 camera sold on eBay? 007 is pissed! Read More »
Just a reminder to head over to malwarechallenge.info to start the malware challenge that was mentioned on the last Security Justice podcast as well as a blog post that I did a few days ago. The contest runs from October 1st – 26th and is open to everyone! May the force be with you…
Malware challenge has started! Read More »
I am excited to announce that I am now part of the GNUCITIZEN Blogsecurify social media “tiger team”. I am officially a blogger for Blogsecurify and will be posting about security issues/vulnerabilities in social media applications. As you may already know, I have been doing a lot of research recently into Facebook privacy and security.
Tom joins the Blogsecurify team! Read More »
Tyler (aka: The Security Shoggoth) announced on the Security Justice podcast last week about the “Malware Challenge” that begins October 1st. I think this is a great idea and is a fantastic way to learn about how malware works and how to analyze it. Via The Security Shoggoth: “Starting from October 1, 2008 and ending
Malware Challenge begins October 1st! Read More »
Wow..it’s been really crazy as of late. Sorry for the lack of blog posts but this is “the” busy month of the year for me! Here is what I have going on: October 11th Ohio LinuxFest Security Justice will be podcasting live from the Ohio LinuxFest! Dave and myself will be there hanging out with
Lets say (hypothetically for the sake of this post) that you were able to exploit the system of a Windows domain admin during a pentest. The goal of this attack? Steal the credentials of the domain admin and continue on with owning the domain. Sure, you could use gsecdump, pass-the-hash and do the same thing…however,
Finally a use for Incognito Read More »
While not a security related post…I thought I would let everyone know about a really good open source hard drive cloning software that I recently discovered when I needed to clone and image multiple Linux systems. It’s called Clonezilla and works just like Symantec Ghost but faster and free. From the Clonezilla web site: “Clonezilla,
The best tool to clone hard drives, is free! Read More »
I have to give the lawmakers in the state of Ohio some credit for attempting to take identity theft somewhat seriously. It’s actually about time since every other state in the US has had laws for a long time now. Unfortunately, they got it wrong. The problem is that they have made something that is
New Ohio Identity Theft Law: Epic FAIL for Consumers Read More »
