Blog

Blog

CUI – Protect It or Lose the Business

I’m working with a couple of organizations faced with NIST 800-171 compliance. The first is a small manufacturing company doing business with a prime contractor. The second is a tribal business unit with federal contracts. Both must be compliant by December 2017 or risk losing their federal business. From what I can tell, neither organization was...
Blog

TiaraCon: Supporting Women in Security

TiaraCon started with a group of women having lunch in the foodcourt at Def Con last year. It was an oasis in the midst of testosterone. We bonded over shared experiences, both good and bad, of being women in a field that is unquestionably male-dominated. We really enjoyed the opportunity to come together, since many of us are “the only woman” in...
Blog

Hacker Mindset: SANS NetWars & Tools of the Trade

In my ongoing blog series “Hacker Mindset,” I’ll explore an attacker's assumptions, methods and theory, including how information security professionals can apply this knowledge to increase cyber-vigilance on the systems and networks they steward. In this article, I share my thoughts on NetWars – a live interactive Capture the Flag training exercise...
Blog

The Emerging Threats Posed by Augmented Reality Gaming

There is a deeper, hidden world all around us, but most of the population remains oblivious to it. An alien technology called exotic matter has broken through a dimensional barrier and leaks into our world through millions of pinprick-sized holes. This exotic matter subtly influences human creativity. Centered around the locations where this matter...
Blog

DEF CON 24: Brainwashing Embedded Systems

Come get your hands dirty with embedded device hacks during my DEF CON 24 workshop. Brainwashing Embedded Systems will be held in Las Vegas Ballroom 3 on Saturday, August 6, from 10AM - 2PM. This workshop is a condensed version of the full-day training offered at the 2016 AusCERT and SecTor conferences. During the workshop, you will learn about the...
Blog

Challenges in Securing Unrestricted (Open) DNS Resolvers

Working for a security services vendor provides me the opportunity to work with a variety of cool tools in our quest to develop new and innovative security services. The most recent project I was deeply involved in is the development of a DNS security service called SecureSurf. The foundational goal of the design of this service was to provide a...
Blog

3 Principles and Challenges of Endpoint Discovery

Digital attackers are constantly looking for ways to infiltrate organizations' IT environments. One of the easiest modes of entry is for an actor to exploit a weakness in an endpoint, a network node which according to Dark Reading remains "the most attractive and soft soft target for cyber criminals and cyber espionage actors to get inside." Under the...
Blog

Finding the Balance Between Security and Productivity

The majority of employees within an organisation are hired to execute specific jobs, such as marketing, managing projects, manufacturing goods and overseeing financial investments. Their main – sometimes only – priority is to efficiently complete their core business activity, so information security is usually only a secondary consideration....
Blog

Teenager Who DDoSed Governments, SeaWorld Receives No Jail Time

A teenager who launched distributed denial-of-service (DDoS) attacks against government websites and the SeaWorld theme park has received no prison time for his crimes. According to prosecutors, the teenager from Plymouth in Devon conducted a three-month attack spree from late-2014 to early-2015. During that time, the teen--who was 14 years old at...
Blog

Penetration Testing: Do We Need a New Term?

I am a penetration tester by trade. What does that mean I do in my day-to-day? Well, that depends on whom you ask, as it is open to interpretation. Penetration testing means different things to different people. What it meant a decade ago is different from what it means today, and that will be different from what it means a decade from now. So,...
Blog

Fraud and Computer Misuse Crime on the Rise, Study Finds

A new report from the Office for National Statistics (ONS) states that cybercrime is on the raise in England and Wales. According to the report, adults aged 16 and over experienced an estimated 5.8 million incidents in the past 12 months, with 3.8 million of those classified as fraud and another 2 million as computer misuse incidents. Regarding...
Blog

Kickass Torrents Goes Offline Following Arrest of Alleged Owner

One of the world's largest BitTorrent distribution sites Kickass Torrents (KAT) has gone offline following the arrest of its alleged owner. On July 20, kat.cr, which is the current domain for the website, appeared to be offline, reports Gizmodo. Those loading issues surfaced the same day U.S. authorities arrested Artem Vaulin, 30, of Kharkiv,...
Blog

Privacy and Humanity Elements for the IoT / IoE

In the first and second part of this series, we introduced the risks of the IoT / IoE world and addressed the mandatory security design considerations around the C-I-A triplet; the concepts of “openness;” the secure system and SDLC; the 4 “A”s; as well as the term “non-repudiation.” To continue with our overview, we will describe the important...
Blog

Cicis Pizza Suffers Payment Card Breach at 130+ Locations

Cicis Pizza, a casual fast food restaurant chain, has acknowledged it suffered a payment card breach at more than 130 locations. On July 19, the restaurant chain informed its customers of the breach: "Cicis values its customers and respects the privacy of your information. As a precautionary measure, we want to inform you that your personal...