Kali Linux on your Android Phone

Though I’ve yet to find the ARM packages to install BackTrack on a Kali Linux Chromebook, I did find this awesome tutorial on installing Kali Linux on Android. You may want to get a larger memory card prior to installing it.

When logging in for the first time on Kali LInux for Android, use the username: android and the password: changeme

Posted in Security Blog | Tagged , , , , | Comments Off on Kali Linux on your Android Phone

Information Security Awareness Crossword

Cute, found it online. Try it out!

Posted in Security Blog | Tagged , , , | Comments Off on Information Security Awareness Crossword

Digital Profile

Ubisoft created a video game called Watch Dogs, though some of the threats may be far reaching in their risk analysis, if you have a Facebook profile and are active on it, try out the Digital Shadow.

I can appreciate how this can possibly foreshadow the future of our cyber landscape, though this is video game extreme, the risks from the Digital Shadow site are based only on your Facebook profile. Imagine if it was all your online activity, regardless of what anonymous programs and proxies you hop through. What if all those proxies and programs are only advertised as anonymous or encrypted or if they’ve been cracked forever ago?

I think it is healthy to be always a little suspicious. To believe that you have little to no privacy.

Posted in Security Blog | Tagged , , , , , , , | Comments Off on Digital Profile

Damien Working?

20140424_162140

Damien got a job offer from our neighbor and friend Preston, to work a carnival. Of course they both asked me if it was OK. So I just dropped Damien off at the University of Phoenix Stadium to work at the Big Red Rib & Music Festival.

[AFG_gallery id=’26’]

Damien got me tickets so I could come see Kool & the Gang, how awesome!

Posted in life | Comments Off on Damien Working?

The Verizon 2014 Data Breach Investigations Report

v2014dibres

There are seven common themes:

  1. Be vigilant. Organizations often only find out about security breaches when they get a call from the police or a customer. Log files and change management systems can give you early warning.
  2. Make your people your first line of defense. Teach staff about the importance of security, how to spot the signs of an attack, and what to do when they see something suspicious.
  3. Keep data on a ‘need to know basis’. Limit access to the systems staff need to do their jobs. And make sure that you have processes in place to revoke access when people change role or leave.
  4. Patch promptly. Attackers often gain access using the simplest attack methods, ones that you could guard against simply with a well-configured IT environment and up-to-date anti-virus.
  5. Encrypt sensitive data. Then if data is lost or stolen, it’s much harder for a criminal to use.
  6. Use two-factor authentication. This won’t reduce the risk of passwords being stolen, but it can limit the damage that can be done with lost or stolen credentials.
  7. Don’t forget physical security. Not all data thefts happen online. Criminals will tamper with computers or payment terminals or steal boxes of printouts.

I highly recommend the Executive Summary if you don’t have time for the whole report. Again, it is here http://www.verizonenterprise.com/DBIR/2014/reports/rp_dbir-2014-executive-summary_en_xg.pdf.

Posted in Security Blog | Tagged , , , , | Comments Off on The Verizon 2014 Data Breach Investigations Report

Not a CISSP? After Watching This, You’ll Want to be. Already One?


The C, I, double S, P

Posted in Security Blog | Tagged , , , | Comments Off on Not a CISSP? After Watching This, You’ll Want to be. Already One?

Dr. Steven Bagley: Heartbleed Code


In this video, which I found through links on Facebook, Dr. Steven Bagley runs the Heartbleed code to show exactly how the exploit works.

Also, here is a website that may give you some audit capabilities.
http://www.garage4hackers.com/blog.php?b=2551

Posted in Security Blog | Tagged , , , , | Comments Off on Dr. Steven Bagley: Heartbleed Code

KPMG on GRC


A somewhat vendor neutral animation on GRC to help make informed decisions.

Posted in Security Blog | Tagged , , , , , | Comments Off on KPMG on GRC

Service Now and IT GRC


Because some people struggle with GRC and have multiple tools, the video is a quick, short video on tying GRC together with one of the many packages out there. Plus, hey, stop motion animation!

Posted in Security Blog | Tagged , , , , , | Comments Off on Service Now and IT GRC

Gary Warner on TedxBirmingham: Why do we call it CyberCrime?


What is cybercrime? How do we fight cybercrime? Who do we report cybercrime to? Gary Warner tells us his thoughts.

Posted in Security Blog | Tagged , , , , , | Comments Off on Gary Warner on TedxBirmingham: Why do we call it CyberCrime?