XKCD Explains Heartbleed

XKCD Explains Heartbleed

Posted in Security Blog | Tagged , , , | Comments Off on XKCD Explains Heartbleed

The Heartbleed Hit List

heartbleed

To search this page, press CTRL and F, then type in the site you are about to log into and hit enter.

The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).

Copied from https://raw.githubusercontent.com/musalbas/heartbleed-masstest/master/top10000.txt

Disclaimer: This scan was performed around April 8, 16:00 UTC. Websites listed
as vulnerable may no longer be vulnerable. This list serves as a snapshot of
vulnerable sites at the time of the scan.

To check if a site is still vulnerable, you can use the tool at:
http://filippo.io/Heartbleed/, a lot of the sites below have updated since they were on this list.
Continue reading

Posted in Security Blog | Tagged , , , , | Comments Off on The Heartbleed Hit List

Get Comfortable: @SecureNinjaTV Free Training

Going through my twitter feed, I enjoyed an embedded secureninjatv video and then decided to check out their youtube page. I’ve embedded it for your convenience. There are about 22 videos in the playlist embedded above.

Get comfortable, take frequent breaks, stay hydrated and caffeinated, and have something to munch on. Enjoy!

Cyber Kung Fu For
The CEHv8 (Certified Ethical Hacker) Mod 00 Intro
Mod 01 Intro to Ethical Hacking
Mod 02 Footprinting and Reconnaissance
Mod 02 LAB Footprinting and Reconnaissance
Mod 03 Scanning
Mod 03 LAB Pt 1 Nmap
Mod 03 LAB Pt 2 Nessus
Mod 03 LAB Pt 3 Intro to Metasploit
Mod 04 Enumeration
Mod 04 LAB Intro to Cain
Mod 06 LAB Trojans and Backdoors
Mod 05-07 System Hacking, Trojans, Viruses and Worms
Mod 05 LAB System Hacking
Mod 08 Sniffing
Mod 08 LAB PT 2 Man-In-The-Middle
Mod 08 LAB PT 1 Capsa & Wireshark
Mod 09 LAB Social Engineering Toolkit
Mod 09 Social Engineering
Mod 10 LAB Denial of Service
Mod 10 Denial of Service
Mod 11 Session Hijacking
Mod 11 LAB Session Hijacking

Posted in Security Blog | Tagged , , , , , , , , , , , , , , , , , , , , , | Comments Off on Get Comfortable: @SecureNinjaTV Free Training

Phoenix ISSA Q2 Meeting

Phoenix-2012-v2-small6

I went to the Phoenix ISSA meeting today, saw some people I used to work with, and also had a short refresher in PCI and got a few good tips on where to look for creating a MDM solution that works with BYOD.

Prior to the meeting officially kicking off, we were educated a little on the HeartBleed Bug. Before logging into a website, check out this website by Filippo Varsoda. http://filippo.io/Heartbleed/

A good resource is the Ponemon Institute for figuring out costs for breaches, which is pretty essential when creating a quantitative risk and somewhat needed when looking at a qualitative risk.

Another good resource is the NIST 800-124 Guidelines for Managing the Security of Mobile Devices in the Enterprise (pdf).

And of course, I would be remiss if I didn’t include the ISO 27000.

Aside from all that good information, I got some CPE credits.

Sometimes I’m not a big fan of vendor presentations, but since they help pay for food and keep membership fees and guest fees affordable, I tolerate. I really like speakers who are passionate about what they are talking about. There was a gentleman from ECTrust and he was enjoyable to listen to.

Posted in Security Blog | Tagged | Comments Off on Phoenix ISSA Q2 Meeting

The Nano UAV, Black Hornet PD100

This is the future tool for the military. I predict that very soon, drones will be part of every type of business. Some businesses such as insurance, use drones to assess damage to roofs, sending the video feeds to claims adjusters. I bet parking lots will be monitored by drones with cameras and probably hallways of buildings.

Pretty soon we’ll have Enforcement Droids like the ED 209!
ed 209

Posted in Security Blog | Tagged , , , , , | Comments Off on The Nano UAV, Black Hornet PD100

The Art of Cyberwar

This was a great presentation at the DefCon 20, tying together CyberWarfare and Sun Tzu’s Art of War.. Sun Tzu was a Chinese military general, strategist, and philosopher. The gentleman presenting is Dr. Kenneth Geers, an NCIS Cyber Subject Matter Expert.

Posted in Security Blog | Tagged , , , , | Comments Off on The Art of Cyberwar

Interactive Cyber Threat Map

kaperskycyberthreatmap

The Kapersky Cyberthreat real-time map is pretty flashy.

Posted in Security Blog | Tagged , , , , , | Comments Off on Interactive Cyber Threat Map

Security for IoT

A good awareness video in regards to the Internet of Things.

Posted in Security Blog | Tagged , , , , , | Comments Off on Security for IoT

What’s New with PCI DSS 3.0

Posted in Security Blog | Tagged , , , | Comments Off on What’s New with PCI DSS 3.0

Top 20 Critical Security Controls

You know, I really dig SANS for putting things together. On their page called Critical Security Controls for Effective Cyber Defense, they list the top 20 critical security controls.

I’m actually amazed at how quite a few companies do not place high emphasis on some of these. I worked for one company that thought security was ONLY having anti-virus.

Each of these security control links tell you why the control is critical, how to implement the control, procedures and tools, effectiveness metrics, automation metrics, effectiveness test, and diagraming it out for documentation of your implementation. It is nearly foolproof.  That being said doesn’t mean every place has a budget for this. I was in a conference today where I heard that socializing the concept will allow for better adoption, which can be used with executive management to drive the point of securing funding for complete implementation and maintenance.

 

 

Posted in Security Blog | Tagged , , , , , , | Comments Off on Top 20 Critical Security Controls