This Blog has Moved!

This blog is moving to


Thank you for visiting! Content will remain here for archival purposes.

Beware of Paul Walker Malware Emails

With the death of Paul Walker, be on the lookout for emails containing malware exploiting the news of the celbrity's death.

Often these emails will claim to have "leaked photos" etc.

Be vigilant.

Hacker Academy and Pwnie Express Partner to Giveaway a Pwn Pad

The following is external content provided for readers' interest (because who doesn't like free stuff?). The blog editor is not responsible for its content.

The Hacker Academy is partnering with Pwnie Express to offer one lucky winner a Pwn Pad; a commercial grade penetration testing tablet, and a subscription to the Hacker Academy. So, how do you win? 

Come up with something creative and catchy. Create something that demonstrates COMPLETE PWNAGE. Slogans, images, funny photos, hand-drawn pictures all are fair game.

Submit your entry. Use the form found here. The “Entry” field is where you put your masterpiece (submit images as links created through imgur.com).

Twiddle your thumbs. Sit and wait for the finalists to be announced and winners to be decided. follow the contest on Twitter with the #TrainYourPwnie hash tag and look for important updates and news via our blog at blog.hackeracademy.com andhttp://www.pwnieexpress.com/blogs/pwnie.

Deadlines. Entries will be accepted until December 27, finalists announced January 6, with winner announced January 20.

The winning design will also be featured on the Hacker Academy's next t-shirt. Visit the contest website for more information and to enter. 

Using Splunk for Kippo Honeypot Log Analysis

I was recently asked how I can quickly and efficiently analyze Kippo results. The secret is generating an additional log with Kippo, and inputting the results into Splunk. Since this data could be useful for researchers everywhere, I've decided to type up a quick tutorial.


In order to have Kippo generate the needed log, you need to create a batch file or shell script designed to generate the log.

For Windows, your batch file will look something like this:
twistd.py -y kippo.tac >> "Kippo.log"

For non-Windows, logging is already enabled by default, and will be saved to:
log/kippo.log 

Once Kippo is generating logs, you can either upload these logs to Splunk manually, or use Splunk's Universal Forwarder to upload automatically.

IT Security Software Demonstration: Windows Admin Privileges and Whitelisting

The following is external content provided as a free resource for blog readers.





Monday, December 9th at 9am PT/12pm ET



In this 30-minute, live demonstration, you'll see, first-hand, how the Viewfinity technology provides everything needed for whitelisting – from trusted sources and updaters, reputation services which ranks and scores unknown executables, and how our forensics and monitoring tracks application history. And for those companies considering removing admin rights, or who have removed admin rights, we'll demonstrate how to use the same product to create policies that will elevate privileges for applications that require administrative rights in order to install/execute.



Request Free!

Developing Intrusion Detection Systems Through Behavior Analysis

Recently at the Recorded Future User Network (RFUN) conference, I had the privilege of meeting Dr. Ben Shneiderman from the University of Maryland. Dr. Shneiderman is a Computer Science professor and founding director of the Human Computer Interaction Lab (HCIL) at University of Maryland.

Dr. Shneiderman demonstrated for us several amazing data analysis tools which have been developed at the HCIL, including LifeLines and EventFlow, two tools designed for temporal analysis and visualization of events. While these tools were designed to analyze medical events around patient care, I wondered if they could also be applied to analyze patterns used by attackers against my honeypots.

The first step was to take all of my honeypot logs and turn them into something EventFlow could understand. I imported the logs into Splunk, and started identifying fields. After careful consideration, the only fields I really care about for this analysis are the session number, source IP address, and the main commands being entered by the attacker, such as "who" "ls" "rm" etc. I combined the source IP and session number to create a session ID, so that EventFlow would treat each connection by each IP address separately.


The Need for a Cyber Attack Warning System

I was recently asked to write a brief guest blog entry on Recorded Future about some of the work I've done with Threat Watch, as well as present on the topic at the Recorded Future Users Network (RFUN2013) conference.

For those interested, the blog entry has been posted on Recorded Future's blog. Also, the slides for my RFUN2013 presentation are now available here.

Crowdfunding RFID Security Research

I've been thinking about doing some research on the security of RFID tags/access cards/etc.

This is the same topic which the Mythbusters have been banned from discussing by the Discovery Channel due to concerns by the network's advertisers reasons unknown.

RFID is used by retailers for inventory control, building access control, livestock tracking, credit cards, passports, and even medical uses. And yet, there have been very few in-depth security studies of RFID technology.

Unfortunately, RFID equipment isn't cheap, and there are a lot of different RFID tags out there. So, I'm probably going to need to turn to crowdfunding to get the project going.

I've never used crowdfunding, and I'm aware there are a lot of different options. Any suggestions? I'm open to any helpful ideas.

Guest Post: Steps to Take to Ensure Your Bank Accounts Can't Be Hacked

NOTE: The following is a guest post by Courtney Gordner. The blog maintainer is not responsible for its contents.
Allowing a bank to store all of your financial information is supposed to keep it safe, but that is not always the case. Although banks generally have the best anti-hacking software available and take extra precautions to keep this information secure, things do happens that can allow these documents to fall into the wrong hands. In many cases, it is not the bank's fault, as there are things that you should be doing to protect your bank account.

Security and Compliance in the Cloud

The following is external content provided as a free resource for blog readers.





With the emergence of consumer-driven technologies such as mobile computing devices and user-initiated cloud applications in the workplace, organizations find themselves struggling to understand how these business-enabling technologies impact the security and compliance of their critical data and systems.



NetIQ understands that the traditional approach to mitigating data security and compliance risks is no longer effective by themselves. Our suite of Identity, Access and Security Management solutions integrate seamlessly to help you:

  • Control access to cloud services and data.

  • Reduce your risk of data breaches in mixed environments.

  • Achieve compliance with industry regulations and security policies in the cloud.


Download this solution brief today!



Request Free!

The Complete Guide to Log and Event Management

The following is external content provided as a free resource for blog readers.





Security information and event management technology has existed since the late 1990s, but it has always been somewhat controversial in the security industry due to its initial promise of a "security single pane of glass" combined with slow adoption across smaller organizations. More recently, traditional SIEM has been joined by the broad use of log management technology that focuses on collecting a wide variety of logs for a multitude of purposes. In this white paper:

  • Learn about the relationship between log management and SIEM.

  • Plot your roadmap for enhancing, optimizing and expanding your log management and SIEM deployment.

  • Get a roadmap recommendation for companies that have already deployed log management and SIEM technologies.






Request Free!

Why It Pays to Take a Business-Centric Approach to Compliance

The following is external content provided as a free resource for blog readers.





A poll of CIOs and IT managers reports why departments must defend against complex internal and external threats while mitigating regulatory and compliance concerns. The results provide data about how enterprises view compliance; particularly with identity management and access governance. In this white paper learn:

  • The number one near-term compliance objective.

  • The way an access governance suite can improve your audit performance.

  • The important business benefits of using a suite-based solution.


Download this white paper to learn more.



Request Free!

VoIP Vulnerabilities

The following is external content provided as a free resource for blog readers.





Are you thinking of switching to or investing in a VoIP system for your company? VoIP offers numerous benefits -- ease of use and reduced cost being just two -- but with increased benefits can come increased risk. This complimentary white paper will honestly and succinctly assess the vulnerabilities associated with VoIP systems and then provide you with security guidelines for avoiding security threats during use.



If you're thinking of purchasing a VoIP system, read on and discover exactly how you can get the most out of a new VoIP system, while protecting yourself from vulnerabilities and security threats!



Request Free!

Data Security Strategies for Next Generation Data Warehouses

The following is external content provided as a free resource for blog readers.





Critical to any big data strategy, organizations are challenged with implementing data security strategies to protect the data warehouse.



Request Free!

Automating the SANS 20 Critical Security Controls with QualysGuard

The following is external content provided as a free resource for blog readers.





The SANS 20 Critical Security Controls are a prioritized, risk-based approach to cyber security. They are the result of a consensus process that involved a wide variety of cyber security professionals from government and industry, who were asked: “In practice, what works and where do you start?” The Critical Controls have become a blueprint to help Chief Information Security Officers (CISOs) and Chief Information Officers (CIOs) to deploy the most effective processes and tools to secure all their computer systems according to risk.



Request Free!

Continuous Security Monitoring (CSM)

The following is external content provided as a free resource for blog readers.





Given that you can't prevent all cyber attacks, you need to ensure you detect attacks as quickly as possible. The concept of continuous monitoring has been gaining momentum, driven by both compliance mandates (notably PCI-DSS) and the US Federal Government's guidance on Continuous Diagnostics and Mitigation, as a means to move beyond periodic assessment. This makes sense given the speed that cyber attacks can proliferate within your environment.



Download this white paper to learn more about security monitoring.



Request Free!

Unofficial Guide to Tor: Really Private Browsing

The following is external content provided as a free resource for blog readers.





There are equally compelling reasons that various unscrupulous people, corporations, and governments might want to do just that. The whole issue has come to a head recently with the revelation that the NSA has been illicitly spying on American citizens and others through Facebook, Google, and Skype – including, probably, you.



In a nutshell, Tor is a powerful, easy-to-use piece of software that lets you keep your online life private. This guide will provide a step-by-step guide to installing, configuring, and using Tor, and getting you started taking an active role in defending your privacy on the Internet.



With this free guide you will also receive daily updates on new cool websites and programs in your email for free courtesy of MakeUseOf.



Request Free!

How to Pass an IT Audit

The following is external content provided as a free resource for blog readers.





This guide covers the steps and procedures to passing an IT GRC audit -- as told by an enterprise end-user who deployed QualysGuard Policy Compliance. The tool allowed the audit team to be more productive by focusing time on analyzing the data and preparing for audits -- instead of administrating the tool.



Request Free!

To Outsource or Not to Outsource: That is the Network Security Question

The following is external content provided as a free resource for blog readers.





Organizations today have two security options – insource their network security or outsource it to a Managed Security Service Provider (MSSP). There are pros and cons to each option (i.e., insource vs outsource), and certain organizations can dismiss one or the other out of hand. Financial institutions, retailers and healthcare organizations subject to compliance requirements may be in a perfect position to outsource network security to a service provider. Wherever you fit along the spectrum, it's critical to thoroughly evaluate your choices and optimize for security, cost-effectiveness, and compliance. Download this paper to learn the options and methodology for making critical decisions about how to tackle your network security challenges.



Request Free!

Examining a Suspect Android Apk - FCC Speed Test

Recently the FCC released a "FCC Speed Test" application for Android.

Of course, the paranoid among us will claim that the app may be designed to secretly spy on you.

Fortunately there are Android app analysis sites out there, such as Anubis. These sites will automatically analyze an application for you and tell you everything it does.

I went ahead and analyzed the FCC Speed Test application, and the report is available here.

I have to admit, looking at the results doesn't feel very reassuring. The app is supposed to measure broadband speeds and report back to the FCC. But an interesting question is, why does the app contain IP addresses used to connect to internal networks?

When Network Security Becomes a Network-management Problem

The following is external content provided as a free resource for blog readers.





When you hear about security breaches, you think about disruption of services to customers, stolen data and identities, and damage to company reputation. But there is another kind of damage that is directly impacting your network management teams, attacks on the computing infrastructure. The ability of network management teams to do their jobs, the time and resources they have available, and their ability to scale the network in order to support the business as it grows are all impacted by security threats. Security isn't just a security issue; it's a network management issue as well. This white paper explains six ways in which your network management team can make strong contributions to your company's defense against botnets, Distributed Denial of Service (DDoS) attacks, designer malware, and all the other scary things that go bump in the Ethernet.



Request Free!

Are Your DNS Servers as Secure and Available as the Rest of Your Network?

The following is external content provided as a free resource for blog readers.





In 2012, 7.8 million new malware threats emerged. Mobile threats grew by 1,000%. 865 successful breaches compromised 174 million records. According to a 2012 study by Ponemon Institute, the annual cost of malware breaches across 13 industries averaged $8.4 million. This rapidly growing threat landscape directly targets any organization's Domain Name System (DNS) servers. DNS can be a hole into an organization's security infrastructure creating channels for successful attacks. These servers are an often-overlooked weak point that traditional approaches ignore. Since DNS works unobtrusively behind the scenes, it makes an excellent vehicle for communicating with internet-based systems and exfiltrating information. The only way to plug the DNS hole in your network security is to directly address the vulnerabilities unique to DNS. Read this white paper to gain insights into critical information to safeguard against DNS security threats and disrupt malware communications to your DNS servers.



Request Free!

Compliance Management's Seven Steps to Success

The following is external content provided as a free resource for blog readers.





Organizations most often come face-to-face with compliance either when something in the network breaks or when an audit comes due. Either of those instances can send IT staff on mad scrambles to research compliance requirements and find ways of documenting that they have been fulfilled. Reliance on legacy efforts and traditional techniques to attain and maintain compliance has left many organizations failing with non-compliant networks. Compliance isn't an option, it's a requirement. Failure to meet compliance regulations can result in fines, dangerous network exposure and even damage to your company's reputation. Can your organization meet and exceed compliance requirements cost-effectively and in a timely manner? Read this white paper to learn how to get your network compliance completely under control with automated tracking, analysis and reporting.



Request Free!

Aumente la Seguridad y fiabilidad en el lugar de trabajo con Movilidad

The following is external content provided as a free resource for blog readers.





Dé un vistazo y conozca cómo las empresas en industrias de capital intensivo ya se han beneficiado de la solución móvil EAM.



Request Free!

Adventures in Desktop Linux Computing - Chapter One

Today I took a very brave step. I installed Linux on my mother-in-law's laptop.

The reason I installed Linux on her laptop is because despite my continued attempts to keep her system from getting infected with malware, she continues to be the victim of drive-by downloads.

So, to help mitigate this recurring issue, I completely wiped her PC and installed Linux.

Why Linux? Because most malware which targets home users attacks Windows or Mac systems.

Now, something to keep in mind is that this solution is not for everyone. Before I wiped her PC, I confirmed with her multiple times that there was nothing on it she needed, and that all she uses it for is web browsing. It's important to note that while most people only use their PCs for Internet and word processing, some do use specialized software, so consult with your family member before trying to replace their operating system.

Before wiping a PC, it's important to make sure that all of the drivers will work with that PC. The best option is to boot the PC using a LiveCD before actually committing the install. I personally used CentOS 6 but there are many options, including Fedora or Ubuntu.

Once you have the PC up and running with the LiveCD, make sure the person can still use the PC for everything they need. Ask them to visit the Internet sites they regularly visit, and make sure they still work. Note any dependencies they might need, such as Java or Flash.

After you are comfortable that the person will be able to still use their computer, go ahead and install Linux from the LiveCD to the hard disk, so that any favorites/bookmarks the person creates will stay, as well as any dependencies you install.

Hopefully by replacing the PC's operating system with Linux, you'll have fewer visits to fix malware infections. However, don't be surprised if you have to answer a few calls on how to do something with their new OS.

I'll let you know what issues are encountered in Chapter Two!

Guest Post: Preparation: Why should I and how to start.

The following is a guest blog to kick off a new series of articles about personal security and disaster preparedness. Many thanks to Kim Walsh for providing the first article!

My journey to the preparedness world has been long and winding. Like many of my generation there was no reason to learn survival skills or think about disaster prep. We had stores aplenty right? We had easy access to everything we could ever want or need.

Then I got married. I married a man raised on hunting, survival, preparedness. Not out of any sort of paranoia like so many survival shows these days seem to imply but because it was just how his father had been raised and his father before him. I was reluctant to even open the doors at first. Who cared about edible plant or food storage or water filtration? We lived in a pretty populated place, we have never been rich but we had enough to go to the store when needed. And guns? Not needed. Violence and disaster happened to other people.

Then I got a wakeup call. An active shooter decided to shoot up our apartment complex. Our complex was situated more like a hotel. You had a secure door to buzz through and all the front doors were interior. The shooter’s apartment was not even 3 yards from my own. First I heard the pops. I brushed those off. Then I heard someone banging on my door. I was about to answer and ask them to stop as my husband was sleeping in prep for a late shift but some instinct stopped me. An hour later my husband got up for work and went onto the porch to be greeted by SWAT with guns drawn. We were asked if they could use our apartment to gain entry as the front door was glass and being watched by the shooter. Then we were evacuated. The officer who led us out said that ignoring that door probably saved my life
.
That is when I realized bad things can happen any time and any place and often do to wonderful people. So I decided to learn to shoot and to prepare for worst case. We have lived in multiple state but all were earthquake zones. One was also a volcano zone. So then my question was: How do I start?

The four real issues are: food, water, shelter, protection. So I have set about learning all I can about each in different situations. I now live in the desert on the edge of BLM land. I know where the water sources are for wildlife. I know where to find game. I also know several escape routes off the interstate if needed.


Examine where you live. What type of natural disasters can happen? If needed can you lock yourself down at home while still gaining access to food and water? If you need to get out of the area do you know the less traveled paths? Honestly it’s not about the apocalypse or aliens, it is about knowing that sometimes bad things happen. Job loss, illness, accident, fire, tornado, earthquake, hurricane, etc. Knowing that bad things are a possibility is what being prepared means. It is seeing those possibilities and doing what you can to make sure you and your family are able to weather any eventuality.  

Kim Walsh is a writer, designer, rights advocate, fribromyalgia awareness activist, wife, mother, and friend. You can check out her blog, or follow her on Facebook or Twitter.

Planning a Career Path in Cybersecurity

The following is external content provided as a free resource for blog readers.





As a society, we have all become heavily dependent on computers, network, and data stores. This in turn has exposed us to the risk of loss or compromise of those data systems. The need for personnel knowledgeable and experienced in security implementation and management has never been greater, and the need is growing.



Request Free!