This is not a survey, consensus or popular poll. This is my opinion written from my viewpoint on how I see this subject. If you disagree with this list or if you agree, please do me a favor and write your OWN list! Seriously if you can’t find twenty things about the industry you work in no matter what it is then it is time for you to look for a new career. I have said it many times to be good at infosec you have to have a passion for it because the people you are up against love what they… Continue
Added by Jayson E. Street on April 9, 2013 at 2:00pm —
For over two years now, my ssh-honeypot kippo (developed by Upi Tamminen) is receiving “visits” from all over the world. With an easy to guess root password 123456, to shorten the brute force attacks I have gathered some interesting data/statistics.
So to sum things up:
First attack on Monday, 26-Jul-2010, 09:11 AM Continue
Total login attempts 474433
Distinct source IP…
Added by Leon van der Eijk on December 24, 2012 at 7:56am —
Every now and then somebody starts an argument about whether or not it should be a secret which security products you are using.
I will tell you my opinion on that right away:
1.) Unless your risk profile is extremely high and you are one of the five or so organizations in the world who really have super awesome wicked OPSEC in place, don't even bother starting to think about keeping secret the fact that you… Continue
Added by d3tm4r on October 13, 2012 at 2:23am —
This article was originally posted on my Digital Forensics Blog.
I heard talk at the SANS DFIR Summit a couple weeks ago about "knowing normal". What does that mean? Knowing what your systems and networks are doing each day and what their stats should look like. That way, even if you don't really know how to recognize… Continue
Added by Ken Pryor on July 30, 2012 at 1:05pm —
This is my first post on DTH. I got to know about DTH due to my exploratory research on SE and I think this site provides a lot of useful info. Hopefully one of you can help me too, therefore I will shortly explain my research object.
Sorry for my bad English by the way...
I am currently researching (historical) practices that point towards the use of Social Engineering in relation to criminal practices that have occurred within Dutch banks.… Continue
Added by Siem van Boxtel on May 10, 2012 at 9:06am —
Performing malware analysis, either static and/or dynamic can be an exciting but daunting task. The sheer amount of malware can be overwhelming at times. Between all the polymorphing Conficker junk that gets caught using, for example, the dionaea honeypot really exciting stuff can be found.
But relying solely on sites like Anubis, CWsandbox or Virustotal for dynamic analysis isn't always a good idea. Let alone the situations thinkable that prohibit the use of them, either by company policy… Continue
Added by Jayson E. Street on April 5, 2012 at 1:55am —
Today I read a blogpost by Fefe in which he rants about how folks just give up on trying to develop more secure code or even fix all bugs in their software but instead draw resources from bugfixing teams in benefit of building mitigations like sandboxing technologies.
Fefe criticizes Adobe's security chief Arkin for saying the following sentence:
“My goal isn’t to find and fix every security bug, I’d… Continue
Added by d3tm4r on February 11, 2012 at 7:44am —
I am lost - lost in an area of conflict.
Not that there were no solutions to solve the conflict.
In fact the conflict isn't as bad as it seems in the first place - at least this is my opinion.
You may be asking yourself exactly what am I talking about.
I am talking about the fact that we tell politicians and those in charge of IT:
Added by d3tm4r on October 2, 2011 at 3:00pm —
A friend who wants to start a career in information security asked me which books are a "must read".
It goes without saying that the one and only "must-read" is of course Jayson's book.
Since you found your way to this site, you'll probably already know that. ;-)
Up front I would like to say that I really doubt there are… Continue
Added by d3tm4r on September 11, 2011 at 12:30pm —
WTFSecurity 0.5 Continue
A few definitions
(for later debate)
Secure (se kur) adjective , unobtainable state
-Complete removal of every threat of Possible Injurious Event (PIE), known and unknown, now and in the future.
(See also - Unusable)
Security (se kur a te) verb , non continuous state
-Constant valid attempt to be secure.
(See also - Valiant…
Added by Darrin Ford on August 28, 2011 at 3:42pm —
How2BSecure 0.5 Continue
(Try really, really hard not to die!!!)
Be aware of your surroundings
Knowing your current environment is critical to being able to identify the severity of possible probable injurious events (ppie)
What is your current environment?
Anything that can currently affect you. Current means right now. Your environment is always changing.
What is an…
Added by Darrin Ford on August 28, 2011 at 3:39pm —
I honor and understand the defense of the classical definition of the word, because I know that it is how generations have defined themselves and their own rich history. However, I also feel its claim in modern context is only to cater to the egos of those who defend the traditional definition. But like all new words that evolve in the English language, The word itself has evolved and become defined in the context in which one uses it, therefore it is a word with…
Added by fixnichols on August 3, 2011 at 1:00pm —
I told my daughter when she was only three that I try not to reward negative actions/words with attention. I firmly believe that, so usually when someone has said or written something negative about me I try to ignore it. I just don't have the time to constantly respond to people who will never see any good in me at all. Even if I save a bus full of orphans carrying a box full of squirrels that was about to crash into a ravine, I am sure there would be a way to cast me in a negative… Continue
Added by Jayson E. Street on August 1, 2011 at 6:30am —
Identifying unknown files by using fuzzy hashing…
Added by Leon van der Eijk on July 25, 2011 at 11:56am —
-[ Introduction ]-
Most users trust their browser, some trust it with everything, while others like to keep their passwords safe in their heads. Is there a way to leverage this trust and collect passwords from the not so trusting, after all if you want to surf the internet your going to have to trust something with your…
Added by James Fisher on July 18, 2011 at 4:52am —
Emmet Jorgensen has written an article on Infosecisland that I'd like discuss for a bit. It is about wether or not FUD only has a bad connotation or could actually do something good as well. I must say I kind of agree and at the same time strongly disagree with his stance.
Added by d3tm4r on July 7, 2011 at 4:01pm —
Maybe you already have read the news: the local authority of the state of Niedersachsen in Germany seems to have blocked various anonymizing services such as Tor from accessing the state's websites.
The state office for statistics and communications technology stated that they have blacklisted several anonymizing services for security reasons, to better… Continue
Added by d3tm4r on June 20, 2011 at 10:30am —
I think I am a polite and forthcoming person. Most of the time. Continue
So when a sales representative of a reputable and well-known security vendor calls me, I will most of the time listen to what they are offering, although I really don't appreciate cold-calling. I will first see if I can somehow verify the identity of the caller before even continue talking to him or her. Since the person already managed to get my phone number, I will allow him to send me an email with his contact…
Added by d3tm4r on June 18, 2011 at 12:00pm —
Are you keeping track of how many organizations have been breached and their data stolen this week?
I stopped counting.
But it is very interesting to see how different organizations react to data breaches. Those who obviously don't have proper incident handling & response procedures mostly are hit much harder, detect the breach much later and in addition to that get very bad public reputation for it after the breach becomes public.
Those organizations who detect… Continue
Added by d3tm4r on June 16, 2011 at 4:38pm —
Here's my take on Dancho Danchev's great article 5 reasons why the proposed ID scheme for internet users is a bad idea on ZDNet. Politicians all over the world have finally realized that internet crime is a serious business and they want to do something to counter it. They overreact because they realize that they slept through that development and now… Continue
Added by d3tm4r on May 25, 2011 at 7:00am —