Halloween 2014

We had a fairly busy weekend with going to a Halloween party (and won first place for best couples costume) and even better, we got to hang out with our friends that I haven’t seen in awhile :)

The next day we decided to participate in Zombie Walk 6, which was kind of cheesy but something fun to do. It was Beau’s first nerdy thing to do too, so that made it even more fun.

Posted in life | Comments Off on Halloween 2014

McAfee Exec on Cybersecurity

Posted in Security Blog | Tagged , , , , , , , | Comments Off on McAfee Exec on Cybersecurity

2-Factor on LinkedIn

If you use LinkedIn, like I do. Enable 2-factor authentication to keep your professional profile and contacts secured. How embarrassing would it be if you are advertising yourself as a security and privacy professional and someone gets into your account and spams or phishes everyone you know?

https://www.linkedin.com/settings/security-v2 is the URL to enable 2-factor on LinkedIn.

Here is my post on how to secure your other social profiles with 2-Factor (sometimes called 2step)

Posted in Security Blog | Tagged , , , , , , , , , | Comments Off on 2-Factor on LinkedIn

Emailed PowerPoint and other Microsoft Office Attachments

A vulnerability, designated as CVE-2014-6352, is triggered when a user is forced to open a PowerPoint files containing a malicious Object Linking and Embedding (OLE) object. All Office file types can also be used to carry out same attack.

The vulnerability could allow remote code execution if a user opens a specially crafted Microsoft Office file that contains an OLE object. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. Microsoft urges Windows users to pay attention to the User Account Control prompt, a pop-up alerts that require authorization before the OS is allowed to perform various tasks, which would warn a user once the exploit starts to trigger – asking permission to execute. But, users many times see it as an inconvenience and many habitually click through without a second thought.

The UAC prompt may look similar to this on Windows 7.
Windows_7_UAC

This vulnerability, combined with half of America’s e-mail addresses stolen from JP Morgan Chase, can be used as a targeted phishing attack.

Posted in Security Blog | Tagged , , , , , | Comments Off on Emailed PowerPoint and other Microsoft Office Attachments

Staples Investigation

staples

From Krebs on Security According to more than a half-dozen sources at banks operating on the East Coast, it appears likely that fraudsters have succeeded in stealing customer card data from some subset of Staples locations.

It may have been card-stealing malware that lets thieves create counterfeit copies of cards that customers swipe at compromised payment terminals.

Posted in Security Blog | Tagged , , , , | Comments Off on Staples Investigation

Social Engineering – How to Scam Your Way into Anything


A great video by Brian Brushwood, from Scam School, on Social Engineering.

The video quotes the following books:

Posted in Security Blog | Tagged , , , , , | Comments Off on Social Engineering – How to Scam Your Way into Anything

Social Engineering Fraud by Chubb Insurance

A great little video on Social Engineering fraud.

Posted in Security Blog | Tagged , , , , , , | Comments Off on Social Engineering Fraud by Chubb Insurance

Killer Robot… Ebola Killer Robot That Is!

A Robot named Gigi, uses ultraviolet light 25,000 times more powerful than sunlight. It kills ebola by scrambling the genetic codes on surface areas. Pretty wicked.

Posted in Security Blog | Tagged , , , | Comments Off on Killer Robot… Ebola Killer Robot That Is!

How Tyupkin, the ATM Malware, Works

The hack, known as Tyupkin, requires criminals to enter a unique code into a machine that has already been compromised by the malware. A second Pin code – a random sequence of numbers generated at another location – is also needed to unlock the machine before it will dispense the cash. The video shown is Tyupkin in action.

It is believed that the criminals are headquartered somewhere in Europe but they have people worldwide.

Posted in Security Blog | Tagged , , , , , , , , , , | Comments Off on How Tyupkin, the ATM Malware, Works

The Rise of the Hackers

Here’s a preview of the show!

If you aren’t a fan of PBS|NOVA, you need to be!

From http://www.pbs.org/wgbh/nova/tech/rise-of-the-hackers.html

Our lives are going digital. We shop, bank, and even date online. Computers hold our treasured photographs, private emails, and all of our personal information. This data is precious—and cybercriminals want it. Now, NOVA goes behind the scenes of the fast-paced world of cryptography to meet the scientists battling to keep our data safe. They are experts in extreme physics, math, and a new field called “ultra-paranoid computing,” all working to forge unbreakable codes and build ultra-fast computers. From the sleuths who decoded the world’s most advanced cyber weapon to scientists who believe they can store a password in your unconscious brain, NOVA investigates how a new global geek squad is harnessing cutting-edge science—all to stay one step ahead of the hackers.

Posted in Security Blog | Tagged , , , , , | Comments Off on The Rise of the Hackers