The Norse Hacking Map

norse-china-usa-hacking-smaller

At this link, you can watch the world hacking map, hosted by Norse. Apparently back in 2012, the United States was getting attacked at least 10,000,000 times a day. Can you imagine what it is now? 20 million? 40 million?

Cisco has a whitepaper outlining a strategy to protect against a DDoS attack, because when you think about it, if a hacker fails to exploit any vulnerabilities because a company has fully patched all their systems, they will usually resort to a DoS or DDoS.

Posted in Security Blog | Tagged , , , , , | Comments Off on The Norse Hacking Map

Keren Elazari: Hackers: the Internet’s immune system

Keren gives a great talk about the Internet.

Posted in Security Blog | Tagged , , , | Comments Off on Keren Elazari: Hackers: the Internet’s immune system

PRINCE2 Risk Management

22 minutes of your time and you will learn PRINCE2 Risk Management.

Posted in Security Blog | Tagged , , , , , , , , | Comments Off on PRINCE2 Risk Management

The Best Defense

9m4v2

The best defense a company can have against cyber and social engineering attacks is have educated people.
People who know how to manage systems, people who know how to be cautious, people who know when they need to escalate and report.

When the population of your company gets company email in regards to security awareness, it is important for executives, management, and supervisors to promote the material and for the staff to want to read it. On the same note, it is important to make the material fun, simple, to the point.

A great publication to read is NIST 800-50, which focuses on people and awareness.

Below are some of the topics that are listed. I’m thinking about writing some articles based on them, perhaps open articles that can be used for businesses. Perhaps.

• Password Usage and Management
• Protection from Malware
• Policy: Implications of non-compliance
• Unknown email and attachments
• Web Usage
• Spam
• Social Engineering
• Incident Response
• Shoulder Surfing
• Changes in system environment – increases in risks to systems and data (e.g., water, fire, dust or dirt, physical access)
• Inventory and property transfer – identify responsible organization and user responsibilities (e.g., media sanitization)
• Personal use and gain issues – systems at work and home
• Handheld device security issues – address both physical and wireless security issues
• Use of encryption and the transmission of sensitive/confidential information over the Internet – address agency policy, procedures, and technical contact for assistance
• Laptop security while on travel – address both physical and information security issues
• Personally owned systems and software at work
• Timely application of system patches
• Software license restriction issues
• Supported/allowed software on organization systems
• Access control issues
• Individual accountability
• Use of acknowledgement statements – passwords, access to systems and data, personal use and gain
• Visitor control and physical access to spaces – discuss applicable physical security policy and procedures, e.g., challenge strangers, report unusual activity
• Desktop security – discuss use of screen-savers, restricting visitors’ view of information on screen (preventing/limiting “shoulder surfing”), battery backup devices, allowed access to systems
• Protect information subject to confidentiality concerns – in systems, archived, on backup media, in hard-copy form, and until destroyed
• E-mail list etiquette – attached files and other rules.

Posted in Security Blog | Tagged , , , | Comments Off on The Best Defense

Phoenix Comicon 2014

14360053546_97d401524b_o

Jaime and I were stopped SO many times for pictures. It was a great feeling knowing our costumes we worked hard on were very popular.

My brother and sister-in-law got to get their pictures with the one and only Stan Lee.
Then my brother got to have a moment with Bruce Campbell :)

We also bumped into John Barrowman again. This time he was running through the crowds and nudged into us accidentally. There is something about him that really makes you like him.

14360053546_97d401524b_o

Posted in life | Tagged , , , , , , , , | Comments Off on Phoenix Comicon 2014

Some CISSP Webcasts

Some CISSP Webcasts that I reviewed last year prior to my test, which I passed in January of 2014.

Posted in CISSP-Study | Tagged , , | Comments Off on Some CISSP Webcasts

OWASP Top 10 Training for CPEs

ISC2 had a link on their website for some motivating, not boring, well maybe a little, OWASP Top 10 training CBTs, provided by Security Compass. If you are doing security code reviews this helps a little, or at least can be a good refresher.

The CBTs I took on this site were not very user interactive, which is good. I do enjoy just listening and watching. Every hour you do, counts as a CPE Credit.

Posted in Security Blog | Tagged , , , , , , , | Comments Off on OWASP Top 10 Training for CPEs

Hacking Cars

A news bit about car hacking

And Dr. Charlie Miller @0xcharlie presents how he has done this

Car_Hacking_Hacktivity_2013_whitepaper

What’s next? Well, eventually, there will be Google car hacking, I’m sure of it.

Update 20140723. The good Dr. Charlie Miller will present an anti-hack box. https://www.carmelowalsh.com/2014/07/anti-car-hacking-gadget/

Posted in Security Blog | Tagged , , , , , | Comments Off on Hacking Cars

Smart TV Hacking


@beist from Korea.

TVs are never really off, are they?

Here are his slides (pdf).

Posted in Security Blog | Tagged , , , , , , , | Comments Off on Smart TV Hacking

User Based (Health) Insurance?

Fitness bands

I almost wanted a fitbit. I started to see a lot of them at work and in general. They seemed to grow in popularity like Crocs did 10 years ago. I decided to wait it out and watch people wear them. Did they lose weight? Did they get bigger and stronger? Did they walk more? Found out a lot of them just wear them as fashion statements that they have money to burn, or give me the excuse that it is to monitor their sleep.

I thought to myself. “If you get 8 hours of sleep, and you are tired, you probably aren’t sleeping well.” Which really equates to the same result.

At work, we have discussed user based insurance and how that will effect the future of vehicle insurance by offering customers who drive a lot less, a smaller bill based off the tracking device in their car. Just like how Progressive offers their snapshot.

snapshot-flo

If an older lady only drives her car to the store once a week in a peaceful and quiet town, just for groceries, the snapshot will report very little usage, thus, she is lower risk and her policy will reflect that. On the other hand though, if one drives like a douchebag, one will be higher risk and pay much more.

Now, with all the Affordable Health Care Act going on, would it surprise me if health insurers paid a large sum to… say fitbit as an example, to snapshot a person?

Fitness and health are already starting to be integrated into phones, keeping track of gps coordinates, speed, pictures of your (my) chubby face, and heart rate monitors. Even apps that tell you how drunk you are. I can see phone companies doing it.

Posted in Security Blog | Tagged , , , , | Comments Off on User Based (Health) Insurance?