Saturday, February 25, 2012

Rubber Hose Decryption


Government Ready to Use Physical Force During Cyberattack?

Here's a quote I came upon after researching DDoS attacks against root name servers.
 
"If the United States found itself under a major cyberattack aimed at undermining the nation’s critical information infrastructure, the Department of Defense is prepared, based on the authority of the president, to launch a cyber counterattack or an actual bombing of an attack source."

Just reading this quote scares me!! How much do we need to evolve in order to understand that not every attack can be fixed with bombs? Our governments infrastructure is hit by DDoS attacks all the time and the attackers are almost always using botnets to do it.

Good luck bombing all those civilian attack sources. Fail.

Wednesday, February 22, 2012

New Blog for Algosec (Mergers & Acquisitions)

In today’s business environment, mergers and acquisitions occur on a regular basis. While many different organizational and cultural aspects are impacted by a merger or acquisition, one area that must not be overlooked is IT security. The owning company must be diligent in streamlining security processes and policies and ensuring enforcement from the beginning or they’ll have a long, hard road ahead of them. Here are some tip:

http://blog.algosec.com/2012/02/mergers-and-acquisitions-a-security-point-of-view.html

Tuesday, February 7, 2012

Agreeing with Anonymous?

The news of the latest Anonymous hack has me vexed. Here's an clip from SCMagazine on their latest hack:

"Just hours after releasing the recording of its daring interception of an FBI-Scotland Yard conference call, Anonymous had more surprises in store on Friday, this time leaking 300 GB of data it hijacked from the law firm Puckett & Faraj, which represents a U.S. Marine accused of killing 24 Iraqi civilians in 2005.

Staff Sgt. Frank Wuterich received no jail time last month in a sentencing that followed a deal in which he pleaded guilty to negligent dereliction of duty. Originally he faced up to 152 years in prison for nine manslaughter charges stemming from a raid on homes in the Euphrates Valley city of Haditha. He admitted to telling his men to "shoot first, ask questions later," which they did, killing seven children, three women and a 76-year-old man, according to reports.

The plea bargain approved by Lt. Gen. Thomas Waldhauser called for no jail time -- he would not explain why he offered this deal, reports said. The sentencing judge recommended Wuterich's rank be reduced to private, which came with a moderate pay cut."


I'm against Anonymous hacking anyone, but this one made me think. The government has arrested Bradley Manning for leaking information to Wikileaks, but allows Frank Wuterich to walk out free after admitting to multiple murders. The hypocrisy of this event is absolutely astounding!! Both sides are wrong, but murder outweighs hacking any day.

I'm on the fence with this hack. I don't encourage Anonymous in anyway, but this still has me thinking.

Monday, February 6, 2012

FBI Conference Call with Special Guest Anonymous



The FBI should be less worried about this being leaked to the public and more concerned aboout the Anonymous mole within their group.

Saturday, February 4, 2012

ATM skimmer installed in under 10 seconds

This is an old video, but its still relevant today. With over $1 billion dollars skimmed every year in the US alone, this issue is only going to grow with time. We're starting to see skimmers installed in other card realms like PoS and gas pumps and this is only going to get worse as time goes by. How are we going to stop this? Out-of-band is still slightly incovient for everyday use.

Wednesday, February 1, 2012

When IT and Security Don't See Eye-To-Eye

We've all been there and if you're reading this article you know exactly what I'm talking about: the classic battle between IT and Security. Both of these groups think they're right and have their reasons behind it, but if you're not seeing each other's point of view, you're both losing. Click below to read more on my latest article for Algosec.

http://blog.algosec.com/2012/02/when-it-and-security-dont-see-eye-to-eye-a-security-professionals-viewpoint.html