June 2026 S M T W T F S 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30
PBS Presents: The Secret Lives of Hackers
Posted in Security Blog
Tagged 2014, hackers, video tutorial
Comments Off on PBS Presents: The Secret Lives of Hackers
Sears:Kmart Breach
Today Kmart stores were hit with a data breach that compromised some shoppers’ debit and credit card information but no personal information, no debit card PIN numbers, no email addresses and no social security numbers were obtained by those criminally responsible.
Sears said that the attackers used malicious software that was undetectable to anti-virus software.
Posted in Security Blog
Tagged 2014, breach, credit card, hacked, hackers, kmart, malware, sears
Comments Off on Sears:Kmart Breach
2 Factors of Authentication
A little hassle with logging into a system is tremendously worth the amount of security, if that system has information worth securing. I’ve enabled two-factor authentication for services I use. Some services call it two-step authentication, which is a sub-category of two-factor.
For the last few months, with two-factor enabled, it hasn’t really bothered me at all. Except for those times I’m sitting on the couch and my phone is on the charger, just a few feet out of reach. Like trying to reach the remote when you’re lying on the couch and infomercials are on. You start to question if you really need to change the channel and can you just remain comfortable and try to believe in the product that is missing from your life.
- Single-factor authentication: examples are PIN or password.
- Two-factor authentication: Single-factor plus a software or hardware-generated token code, or a card that is magnetic or smart.
- Two-step authentication: Single-factor plus a code sent to the user out-of-band.
Here are some services that offer two-step.
Go enable them and feel a little more confident in the security of some services you use!
Posted in Security Blog
Tagged 2014, passwords, two-factor
Comments Off on 2 Factors of Authentication
International Dairy Queen & Orange Julius Breach
According to the Dairy Queen website, they discovered evidence that the systems of some DQ locations and one Orange Julius location were infected with the widely-reported Backoff malware that is targeting retailers across the country.
The ice cream and fast food chain says 395 of its stores around the country were affected. The data breach happened between August and September.
According to their website:
You are entitled under U.S. law to one free credit report annually from each of the three nationwide consumer reporting agencies. We encourage you to remain vigilant by reviewing your account statements and monitoring your free credit reports. If you believe your payment card may have been affected, contact your bank or payment card issuer immediately.
See previous DQ post
Posted in Security Blog
Tagged 2014, breach, credit card, Dairy Queen, hacked, hackers, Orange Julius
Comments Off on International Dairy Queen & Orange Julius Breach
FEMA Federal Emergency Management Agency on #NCSAM
Posted in Security Blog
Tagged 2014, fema, Information Technology Security Awareness, NCSAM, Security Awareness, video tutorial
Comments Off on FEMA Federal Emergency Management Agency on #NCSAM
Chris Pirillo on National Cyber Security Awareness Month #NCSAM
This video is from 3 years ago. So some of the talk is a little dated.
The NCSAM campaign is intended to help spread awareness of the importance of good Web browsing practices. Cyber security is a shared responsibility, and the most important weapon we have to fight a growing number of phishing scams and malicious software floating around cyberspace is education.
You can find more information on National Cyber Security Awareness Month here:
http://www.staysafeonline.org/ncsam
Posted in Security Blog
Tagged 2014, Chris Pirillo, Information Technology Security Awareness, NCSAM, Security Awareness, video tutorial
Comments Off on Chris Pirillo on National Cyber Security Awareness Month #NCSAM
Bruce Schneier: Talks at Google
From the YouTube page
Human society runs on trust. We all trust millions of people, organizations, and systems every day — and we do it so easily that we barely notice. But in any system of trust, there is an alternative, parasitic, strategy that involves abusing that trust. Making sure those defectors don’t destroy the cooperative systems they’re abusing is an age-old problem, one that we’ve solved through morals and ethics, laws, and all sort of security technologies. Understanding how these all work — and fail — is essential to understanding the problems we face in today’s increasingly technological and interconnected world.
Bruce Schneier is an internationally renowned security technologist and author. Described by The Economist as a “”security guru,”” he is best known as a refreshingly candid and lucid security critic and commentator. When people want to know how security really works, they turn to Schneier.
Be a CISSP!
Avoid this frustration
Be a C. I. Double S. P.
To be honest, since I passed my exam in January, I feel I’ve been even more a respected member at work. The bolded ones below are the ones I’ve studied with. I highly recommend them. The first book is the official book and the Shon Harris book is highly praised.
#ICYMI CyberSecurity News Last Week
Here are some big things in the news that happened last week. In case you missed it (ICYMI).
- National CyberSecurity Awareness Month
- 17 ATMs were hacked, but no customer information was stolen
- Hacker Group AnonSec hacked a drone
- JPMorgan Chase Data Breach Affects 76M Households, 7M Small Businesses (83 million records)
- 17,000 Apple computers were infected due to a Mac iWorm
- BadUSB came back into the news as source code on GITHUB was released
- US-Cert’s list of vulnerabilities that came out last week
Posted in Security Blog
Tagged 2014, CyberSecurity News, ICYMI
Comments Off on #ICYMI CyberSecurity News Last Week
BadUSB MalWare Tutorial
Here is an intro to BadUSB
BadUSB can be installed on a USB device to completely take over a PC, invisibly alter files installed from the memory stick, or even redirect the user’s internet traffic. BadUSB resides in the firmware that controls their basic functions, the attack code can remain hidden after the contents of the device’s memory is deleted. It’s not Windows or Linux specific and pretty much anything can be a target of attack.
Because it is embedded in firmware, there is no way to detect it or get rid of it. It’s not just usb thumb drives that can be infected, but keyboards, mice, and smartphones.
Here is a tutorial on taking advantage of BadUSB
References:
Posted in Security Blog
Tagged 2014, android, badusb, firmware, impersonation, malware, Security Awareness, smartphones, tutorial, video tutorial
Comments Off on BadUSB MalWare Tutorial


