Security
VRF is the new Black: How I Learned to Stop Worrying and Love the Complexity
Breaking up your network “is good,” we all know this, and VLANs have traditionally been used to segment a network to help with maintenance, management, and security; but, they are not the only game in town and often the wrong place to break your network into smaller and more efficient pieces. VPN Routing and [...]
Breaking Twitter (authentication)
Yesterday we spent some time speculating on how phishing attacks like the one afflicting Twitter on Wednesday of this week are seeded. How are the original direct messages sent out that kick off the first stolen credentials, the next set of direct messages, and so on in the loop? We were hoping, but [...]
ROFL this you on here? The latest Twitter Worm
At 2pm on Wednesday 9/24, wide scale reports started showing up on Twitter that a new Twitter worm sends you a direct message with the content “rofl this you on here? http://videos.twitter.secure-logins01.com”. The link opens a Twitter style log in page (albeit Twitter’s previous version of this page, they have a new one) which, except for being an old version and a stray angle bracket is convincing. Upon logging in the user’s credentials are stolen, and presumably direct messages are sent to each follower that user has.
2008 Server to the Core
One of my favorite websites in the days of Windows 2000 Server was a project from a group of system managers from the Department of Electrical Engineering at the Swiss Federal Institute of Technology; it was titled “Real Men Don’t Click”, and it was dedicated to accomplishing tasks solely using the command line interface (CLI). [...]
Who’s Being Promiscuous in Your Active Directory?
I’m always a fan of more queries and peaks at what is going on in my AD domain, especially at what is happening on the workstations. I was working on some WMI queries to get information about network interfaces using the Win32_NetworkAdapterConfiguration class, and thought about promqry.exe. Promqry is a tool provided by Microsoft to [...]
Why former criminals aren’t always the best experts
The Onion reminds us why former criminals don’t always make the best “experts”. I hope information security conference organizers are watching.
Bear with the Onion’s silly advertising in the beginning.
Ex-Pedophile Shares Tips On How To Make Your Kids Less Attractive Related Posts: iPhone 4 Ordering and Session Switching May’s Patch Tuesday March’s Patch Tuesday Press F1 for Help, pwned. First Patch [...]
Microsoft Video ActiveX Control Vulnerability
Microsoft is recommending setting the kill bit for an ActiveX control object, MPEG2TuneRequest, to avoid an in the wild zero day exploit that allows for remote code execution when a web site containing the exploit is browsed by a user with Internet Explorer.
Warnings Ignored, Thousands of Websites Suffer
“We have been working diligently to recover the information that we can. Currently if your VPS is not responding it is best to consider that all data and information is lost…” This is the start of a message posted on VAServ’s website, a UK-based provider of virtual private servers. VAServ uses HyperVM, a virtualization application [...]
CollegeHumor explores the concept of real life tweeting
What if you walked through life providing twarcissistic updates as some are wont to do on Twitter. CollegeHumor.com explores what this might look like.
Categories
- Access Control
- Administration
- Botnet
- Censorship
- Certification
- Content Filtering
- Cross Site Scripting
- Cyberwar
- Data Breach
- data leak prevention
- Disaster Recovery
- enumeration
- Forensics
- funny
- homeland security
- Incident Response
- Industry News
- Intrusion Detection
- Law
- Malware
- Networking
- Patch Management
- Phishing
- Physical Security
- Remote Exploit
- scareware
- Security
- Security Policy
- Social Networking
- SQL Injection
- Stay Safe Online
- Technology in Society
- Tools
- Uncategorized
- Vulnerability
- Web Site Defacement
- windows
Recent Comments