Blog

Blog

BSidesSF Preview: DNS Attacks, A History and Overview

In modern times, it is possible for an attacker to persistently and repeatedly hijack a victim's bank account at most major US banks through the victim visiting a web page. This is done without browser exploits or any visible warning. For a criminal, these attacks are cheap and highly successful. The attack that I am talking about is DNS hijacking....
Blog

No, CVE Details Did Not Just Prove Android Security Stinks!

It’s January again, and as usual, various media outlets are busy reporting on vulnerability statistics from the previous year. As usual, the CVE Details folks have worked up a lot of hype based on CVE counts, and once again, the media has taken the bait with sensational headlines about Google’s Android being the most vulnerable product of 2016. For...
Blog

5 Tips to Get an “A” on Research Papers & Advance Your Infosec Career

John Callahan’s October article “4 Reasons to Get Your Masters in Cyber Security” made me think about how to help students and cyber professionals strengthen a critical soft skill: written communication. Research synthesis and analysis papers are common in academic environments. These critical thinking assignments require students to conduct research...
Blog

VERT Threat Alert: January 2017 Patch Tuesday Analysis

Today’s VERT Alert addresses 4 new Microsoft Security Bulletins. VERT is actively working on coverage for these bulletins in order to meet our 24-hour SLA and expects to ship ASPL-706 on Wednesday, January 11th. Ease of Use (published exploits) to Risk Table Automated Exploit Easy ...
Blog

The Need for Better Cybersecurity Prioritization Metrics

Most organizations are overwhelmed, understaffed, and/or underfunded when it comes to cybersecurity. These constraints create a critical need to prioritize on the most critical cybersecurity measures. However, often these priorities are unclear or hard to determine, leading to less-than-optimal cybersecurity product purchases and/or activities. This...
Blog

How and Why Small Businesses Are Investing in Cybersecurity

Businesses of all sizes are taking note that cyber threats are continually on the rise. No one is safe. In our digital world, you just can't be too cautious when it comes to protecting your data. This is true whether your company employs 200,000 or 10 employees. Cyber criminals have no bounds. They just want to profit off of your information. That...
Blog

Top 10 State of Security Articles of 2016

With 2016 coming to a close, The State of Security wanted to give our readers an overview of some of the most interesting, educational, and standout blogs from the year to help fill the time between eating holiday treats and celebrating the New Year. 6 Stages of Network Intrusion and How to Defend Against Them In June, David Bisson wrote up...
Blog

2016 Reflections on ICS Security

As the year approaches the end, it is a time to reflect on 2016 and industrial control systems (ICS) security. Why ICS security? Because securing ICS should be everyone’s concern. Consider the impact on this critical infrastructure and what it means to you. Impact Why? Your entertainment—watching movies on your TV or laptop,...
Blog

7 Digital Security Lessons from Mr. Robot

I am going to put the spoiler warning right here in the first sentence: I am going to be talking about season two of Mr. Robot, and I'm not holding anything back. Read on if you have already watched it. If you haven't watched it, keep reading to see how life imitates art. And if not art, then at least a cable TV show. Those of you here at The State...
Blog

10 Security Tips for Linux Post-Install

Ask any geek and they'll tell you how fun it is to install Linux on a new machine. Whether you're trying out a new distro or installing an upgraded version, there is something cathartic about jumping on the Linux bandwagon and hacking away on a new system. Although Linux by nature is more secure than Windows, there are still steps that need to be...
Blog

What Will Protect Your Connected Car Against Hackers?

There are a lot of great benefits to a connected car like the new Toyota Highlander: increased integration, a more comfortable driving experience and personalized controls, just to name a few. However, with increased computing power comes increased risk that hackers could take control of a car remotely, causing it to speed up, turn off, or turn...
Blog

Eyes Wide Open with the Internet of Things

Vacuums, refrigerators and thermostats – OH MY! Take a stroll through the homewares section of your favorite store and you are likely to find that nearly all home appliances lighting, and thermostats have a “smart” model or feature. Such is the reality of the Internet of Things (IoT). With two IT professionals in our household, we run it a bit...
Blog

VERT Threat Alert: December 2016 Patch Tuesday Analysis

Today’s VERT Alert addresses 12 new Microsoft Security Bulletins. VERT is actively working on coverage for these bulletins in order to meet our 24-hour SLA and expects to ship ASPL-703 on Wednesday, December 14th. Ease of Use (published exploits) to Risk Table Automated Exploit Easy ...
Blog

7 Online Tools for Security Managers

Protecting the company’s servers and online presence is a task that requires a lot of effort. As a result, the reality of securing the online environment is hitting companies hard because hackers and malware constantly find new ways to compromise their online security and privacy. Following a hack or breach, days, months and even years of work could...
Blog

Just How Much Home Security Do You Need Right Now?

When it comes to home security, technology provides us with plenty of solutions for all needs and budgets. The problem is the same technology also provides burglars and perpetrators with the similar means of bypassing your fancy security systems. Long gone are the days when burglars would brutally force their way into your home with a lever. Now...
Blog

Patch Your Sony Security Cameras Against Backdoor Attacks!

If you have a Sony network-connected CCTV camera, you may have a security problem. Researchers at SEC Consult uncovered a backdoor in Sony IP cameras that could allow a hacker to remotely execute malicious code, spy on users, brick devices, or recruit them into a DDoS botnet. As the vandal-resistant Sony IPELA Engine IP cameras at the centre of the...
Blog

Trust: The Social Basis of the Internet Ecosystem

Societies function on the basis of trust, and Internet users are no different. Users need to trust the Internet. They need to trust it to keep their data secure, protected and private, and they need to trust it to reliably give them the content they want to view and share. If governed in an inclusive way, users will continue to place their trust in...
Blog

Is Quantum Networking The End of Man-in-the-Middle Attacks?

Research on quantum networking is well under way. In April 2012, Gerhard Rempe and other researchers at the Max Planck Institute of Quantum Optics in Germany announced their first working quantum network to the world. Then, just this year, Wolfgang Tittel and his researchers at the University of Calgary transported a light particle's properties...
Blog

Women in Information Security: Zoё Rose

Women are eagerly needed in information security because we offer unique perspectives and there are so few of us. So far in this series, I interviewed Tiberius Hefflin, Tracy Maleef, Isly, Kat Sweet, and Jess Dodson--five different women from different parts of the English-speaking world and from different areas of IT. For my sixth and final interview...