Hiya Community,

I have an idea I'm going to supplement my ranty one sided vidcast with a Dissecting The Hack Podcast!

Let's just call it the DTH podcast for short ;-) There are a lot of podcast dealing with INFOSEC out there now. I would not even think about starting this if I did not think I could bring something different to the table. If that something is good has yet to be determined but I feel I have to at least try it. So stay tuned for more I have a vidcast in mind…

I am lost - lost in an area of conflict.

Not that there were no solutions to solve the conflict.

In fact the conflict isn't as bad as it seems in the first place - at least this is my opinion.

You may be asking yourself exactly what am I talking about.

I am talking about the fact that we tell politicians and those in charge of IT:

a)…

A friend who wants to start a career in information security asked me which books are a "must read".

It goes without saying that the one and only "must-read" is of course Jayson's book.

Since you found your way to this site, you'll probably already know that. ;-)

Up front I would like to say that I really doubt there are…

WTFSecurity 0.5





A few definitions



(for later debate)







Secure (se kur) adjective , unobtainable state



-Complete removal of every threat of Possible Injurious Event (PIE), known and unknown, now and in the future.



(See also - Unusable)











Security (se kur a te) verb , non continuous state



-Constant valid attempt to be secure.



(See also - Valiant…

How2BSecure 0.5

PPIE



Or



(Try really, really hard not to die!!!)







Be aware of your surroundings



Knowing your current environment is critical to being able to identify the severity of possible probable injurious events (ppie)







What is your current environment?



Anything that can currently affect you. Current means right now. Your environment is always changing.







What is an…

I told my daughter when she was only three that I try not to reward negative actions/words with attention. I firmly believe that, so usually when someone has said or written something negative about me I try to ignore it. I just don't have the time to constantly respond to people who will never see any good in me at all. Even if I save a bus full of orphans carrying a box full of squirrels that was about to crash into a ravine, I am sure there would be a way to cast me in a negative…

Identifying unknown files by using fuzzy hashing…

-[ Introduction ]-

Most users trust their browser, some trust it with everything, while others like to keep their passwords safe in their heads.  Is there a way to leverage this trust and collect passwords from the not so trusting, after all if you want to surf the internet your going to have to trust something with your…

Emmet Jorgensen has written an article on Infosecisland that I'd like discuss for a bit. It is about wether or not FUD only has a bad connotation or could actually do something good as well. I must say I kind of agree and at the same time strongly disagree with his stance.

 …

Maybe you already have read the news: the local authority of the state of Niedersachsen in Germany seems to have blocked various anonymizing services such as Tor from accessing the state's websites.

The state office for statistics and communications technology stated that they have blacklisted several anonymizing services for security reasons, to better…

I think I am a polite and forthcoming person. Most of the time.

So when a sales representative of a reputable and well-known security vendor calls me, I will most of the time listen to what they are offering, although I really don't appreciate cold-calling. I will first see if I can somehow verify the identity of the caller before even continue talking to him or her. Since the person already managed to get my phone number, I will allow him to send me an email with his contact…

Are you keeping track of how many organizations have been breached and their data stolen this week?

I stopped counting.

But it is very interesting to see how different organizations react to data breaches. Those who obviously don't have proper incident handling & response procedures mostly are hit much harder, detect the breach much later and in addition to that get very bad public reputation for it after the breach becomes public.

Those organizations who detect…

Here's my take on Dancho Danchev's great article 5 reasons why the proposed ID scheme for internet users is a bad idea on ZDNet. Politicians all over the world have finally realized that internet crime is a serious business and they want to do something to counter it. They overreact because they realize that they slept through that development and now…

Humans are great at detecting patterns and abstracting knowledge and in successfully applying these patterns and principles to very disparate fields. This can happen for all kinds of small tasks that we have to fulfill on a daily basis.

It can also lead to some of mankind's greatest philosophical models like Taoism, Confucianism and Buddhism.

I could also mention some other religions and philosophies but I want to stick with…

I am not sure if this is worth a blog post but it's definitely too long for a tweet.

Today I was totally blown away by the precision of Apple's location service - on the iPod Touch!

It is well known for a long time that all iOS devices use Apple's location database which is comprised of cell-tower locations as well as the locations of Wifi hotspots and access points. Of course there is also a knowledge base…

Just dumping some shell output and comments today. :)

If you haven't read the first issue of this series of articles on IPv6, I'd recommend you read it first. 

IPv6 Attack Toolkit by THC (The Hacker's Choice)

You can download the tools here: http://www.thc.org/thc-ipv6/

Right now there is no…

Here is my list of infosec podcasts I listen to or have listened to now and then.

Podcasts that I listen to regularly

(ordered by preference)

1.) Risky Business @riskybusiness

2.) Pauldotcom Security Weekly @pauldotcom

3.) Social-Engineer Podcast by @humanhacker @dave_rel1k…

If you are into network security, now is the time to acquaint yourself with IPv6.

If you're planning to buy or perform a penetration test on your site, make sure that IPv6 is incorporated in the test. 

If the pentest firm that you hired does not incorporate it or reacts kind of hesitant or surprised, get another vendor!

Why

Why? Because IPv6 is and has been enabled in all kinds of operating systems and networking devices for some…

It's quite amazing to watch people's reactions when things that you told them could or would happen actually do happen.

This throws up the question if we ever can proactively prevent bad things from happening as long as we are depending on a broader community to actually help and enable society to prevent them from happening.

Those are not only my own personal thoughts - this is an observation which is quite old and now being discussed again very widely.

It has also been…