PUBLIC MARKS with tag infosec

Protecting our computers and information from attack is becoming an increasingly dangerous and dodgy game in the Internet age.

The purpose of this article is to go beyond the basics and explore how social engineering, employed as technology, has evolved over the past few years.

Today I got a burr in my saddle again about SSH brute force attacks after finding thousands of attacks from a single machine against a couple of our network hosts. Unable to find a suitable solution, I went ahead and wrote my own.

BFD is a modular shell script for parsing applicable logs and checking for authentication failures. There is not much complexity or detail to BFD yet and likewise it is very straight-forward in its installation, configuration and usage. The reason behind BFD is very simple; the fact there is little to no authentication and brute force auditing programs in the linux community that work in conjunction with a firewall or real-time facility to place bans.

sshdfilter blocks the frequent brute force attacks on ssh daemons, it does this by directly reading the sshd logging output and generating iptables rules, the process can be quick enough to block an attack before they get a chance to enter any password at all.

Google has become the de facto standard in the search arena. It's easy, quick and powerful. For those same reasons that the general user has gravitated to Google, so have the hackers.

I'm a Mac user. I make no qualms about it. I do my best to play the part. This includes being smug about my platform. Very smug. So it was with a year's worth of chagrin that I discovered yesterday that my machine got hacked while on the company network.

We aim to provide the basic teaching and reference material to enable the less technical among us to better understand the relevance of the news posted on the site and it's application in everyday computing.

This article explores measures to attack those malicious attackers who seek to harm our legitimate systems. The proactive use of exploits and bot networks that fight other bot networks, along with social engineering and attacker techniques are all discussed in an ethical manner. Part two of two.

This article explores measures to attack those malicious attackers who seek to harm our legitimate systems. The proactive use of exploits and bot networks that fight other bot networks, along with social engineering and attacker techniques are all discussed in an ethical manner. Part one of two.

WASTE is an anonymous, secure, and encryped collaboration tool which allows users to both share ideas through the chat interface and share data through the download system. WASTE is RSA secured, and has been hearalded as the most secure P2P connection protocol currently in development.

Ungoliant, the public release project name for the system in place at the University of Indianapolis known as Shelob, is a system that utilizes open-sourced backends to isolate problematic (virus-infected or otherwise) hosts from a network. Ungoliant incorporates vmpsd, snort, and nmap for detection and containment.

I wanted to write an article on the strengths of OpenVPN, but I just can't get the message out without first talking about the serious insecurities I see in the rest of the SSL Virtual Private Network (VPN) space.

Let me introduce you to the six dumbest ideas in computer security. What are they? They're the anti-good ideas. They come from misguided attempts to ignore reality. These dumb ideas are the fundamental reason(s) why all that money you spend on information security is going to be wasted.

I'd like to think that this is a must read for anyone who's ever said, "I just have a little home computer. If people want to hack into it, they will, but there's nothing worth taking on there." When you're building an army of 20,000 to 30,000 zombie PCs, each and every computer becomes valuable. The reader comments at the end of this article help explain why.

Because sometimes one whopper of a mistake can be more instructive than a binder's worth of best practices, we interviewed more than a dozen security consultants to arrive at our 10 worst practices list.

Four mailing lists are available, be sure to choose the ones most suited to your interests

as we rush to embrace the latest and greatest gadgetry or high-tech service and satisfy our techno-craving, we become further dependent on these products and their manufacturers – so dependent that when something breaks, crashes, or is attacked, our ability to function is reduced or eliminated.

Information security is the process of protecting data from accidental or intentional misuse by persons inside or outside of an organization, including employees, consultants, and yes, the much-feared hacker.

information assurance technical framework