All Blog Posts (72)

How2BSecure 0.5

How2BSecure 0.5

PPIE



Or



(Try really, really hard not to die!!!)







Be aware of your surroundings



Knowing your current environment is critical to being able to identify the severity of possible probable injurious events (ppie)







What is your current environment?



Anything that can currently affect you. Current means right now. Your environment is always changing.







What is an…

Continue

Added by Darrin Ford on August 28, 2011 at 3:39pm — No Comments

hackers do not exist

      I honor and understand the defense of the classical definition of the word, because I know that it is how generations have defined themselves and their own rich history. However, I also feel its claim in modern context is only to cater to the egos of those who defend the traditional definition. But like all new words that evolve in the English language, The word itself has evolved and become defined in the context in which one uses it, therefore it is a word with…

Continue

Added by fixnichols on August 3, 2011 at 1:00pm — No Comments

Lessons from a 3yr. old & Katt Williams

I told my daughter when she was only three that I try not to reward negative actions/words with attention. I firmly believe that, so usually when someone has said or written something negative about me I try to ignore it. I just don't have the time to constantly respond to people who will never see any good in me at all. Even if I save a bus full of orphans carrying a box full of squirrels that was about to crash into a ravine, I am sure there would be a way to cast me in a negative…

Continue

Added by Jayson E. Street on August 1, 2011 at 6:30am — No Comments

Identifying unknown files by using fuzzy hashing

Identifying unknown files by using fuzzy hashing…



Continue

Added by Leon van der Eijk on July 25, 2011 at 11:56am — 6 Comments

Stealing Passwords with FireFox 3.6.X

-[ Introduction ]-

 

Most users trust their browser, some trust it with everything, while others like to keep their passwords safe in their heads.  Is there a way to leverage this trust and collect passwords from the not so trusting, after all if you want to surf the internet your going to have to trust something with your…

Continue

Added by James Fisher on July 18, 2011 at 4:52am — 6 Comments

The Benefits of FUD - ORLY?

Emmet Jorgensen has written an article on Infosecisland that I'd like discuss for a bit. It is about wether or not FUD only has a bad connotation or could actually do something good as well. I must say I kind of agree and at the same time strongly disagree with his stance.

 …

Continue

Added by d3tm4r on July 7, 2011 at 4:01pm — 4 Comments

Local Government Blocks Anonymizing Services

Maybe you already have read the news: the local authority of the state of Niedersachsen in Germany seems to have blocked various anonymizing services such as Tor from accessing the state's websites.

The state office for statistics and communications technology stated that they have blacklisted several anonymizing services for security reasons, to better…

Continue

Added by d3tm4r on June 20, 2011 at 10:30am — 2 Comments

Infosec Sales Practices - the Good the Bad and the Ridiculous

I think I am a polite and forthcoming person. Most of the time.

So when a sales representative of a reputable and well-known security vendor calls me, I will most of the time listen to what they are offering, although I really don't appreciate cold-calling. I will first see if I can somehow verify the identity of the caller before even continue talking to him or her. Since the person already managed to get my phone number, I will allow him to send me an email with his contact…

Continue

Added by d3tm4r on June 18, 2011 at 12:00pm — No Comments

Logging vs. Privacy, Data Protection Laws & Codetermination Regulations

Are you keeping track of how many organizations have been breached and their data stolen this week?

I stopped counting.

But it is very interesting to see how different organizations react to data breaches. Those who obviously don't have proper incident handling & response procedures mostly are hit much harder, detect the breach much later and in addition to that get very bad public reputation for it after the breach becomes public.

Those organizations who detect…

Continue

Added by d3tm4r on June 16, 2011 at 4:38pm — No Comments

Accountability for Internet Users

Here's my take on Dancho Danchev's great article 5 reasons why the proposed ID scheme for internet users is a bad idea on ZDNet. Politicians all over the world have finally realized that internet crime is a serious business and they want to do something to counter it. They overreact because they realize that they slept through that development and now…

Continue

Added by d3tm4r on May 25, 2011 at 7:00am — No Comments

Martial Arts and IT defense

Humans are great at detecting patterns and abstracting knowledge and in successfully applying these patterns and principles to very disparate fields. This can happen for all kinds of small tasks that we have to fulfill on a daily basis.

It can also lead to some of mankind's greatest philosophical models like Taoism, Confucianism and Buddhism.

 

I could also mention some other religions and philosophies but I want to stick with…

Continue

Added by d3tm4r on May 23, 2011 at 5:00am — 3 Comments

Apple's Location Service

I am not sure if this is worth a blog post but it's definitely too long for a tweet.

Today I was totally blown away by the precision of Apple's location service - on the iPod Touch!

It is well known for a long time that all iOS devices use Apple's location database which is comprised of cell-tower locations as well as the locations of Wifi hotspots and access points. Of course there is also a knowledge base…

Continue

Added by d3tm4r on May 5, 2011 at 3:00pm — No Comments

Engage yourself in IPv6! Issue #2 - THC tools

Just dumping some shell output and comments today. :)

If you haven't read the first issue of this series of articles on IPv6, I'd recommend you read it first. 

 

IPv6 Attack Toolkit by THC (The Hacker's Choice)

You can download the tools here: http://www.thc.org/thc-ipv6/

Right now there is no…

Continue

Added by d3tm4r on April 17, 2011 at 4:53am — 2 Comments

Information Security Podcast List

Here is my list of infosec podcasts I listen to or have listened to now and then.

 

Podcasts that I listen to regularly

(ordered by preference)

1.) Risky Business @riskybusiness

2.) Pauldotcom Security Weekly @pauldotcom

3.) Social-Engineer Podcast by @humanhacker @dave_rel1k…

Continue

Added by d3tm4r on April 16, 2011 at 11:04am — 1 Comment

Engage yourself in IPv6! Issue #1 - Link Local

If you are into network security, now is the time to acquaint yourself with IPv6.

 

If you're planning to buy or perform a penetration test on your site, make sure that IPv6 is incorporated in the test. 

If the pentest firm that you hired does not incorporate it or reacts kind of hesitant or surprised, get another vendor!

 

Why

Why? Because IPv6 is and has been enabled in all kinds of operating systems and networking devices for some…

Continue

Added by d3tm4r on April 16, 2011 at 8:30am — No Comments

Seeing Is Believing

It's quite amazing to watch people's reactions when things that you told them could or would happen actually do happen.

This throws up the question if we ever can proactively prevent bad things from happening as long as we are depending on a broader community to actually help and enable society to prevent them from happening.

Those are not only my own personal thoughts - this is an observation which is quite old and now being discussed again very widely.

It has also been…

Continue

Added by d3tm4r on April 2, 2011 at 5:30am — No Comments

Thou shalt not mistrust the PKI

I am getting the impression that the end user is not supposed to ever mistrust any of those CAs that all browser and OS vendors are shipping with their products for our convenience. 

The Comodo hack was only one incident in a row of incidents that show us that the trust model of PKI for SSL certificates is broken in many ways. 

First off there are far too many CAs that your browser or operating system trusts per default.

Your browser or operating system trusts them so…

Continue

Added by d3tm4r on March 29, 2011 at 12:30pm — 3 Comments

Promises And Reality Of Modern Commercial IDS

Another lengthy repost from my tumblr blog with some editing.

It's still a topic I am concerned with and which I'd like to discuss.
And where could be a better place for that than DTH? :)
Well now here it…
Continue

Added by d3tm4r on March 5, 2011 at 1:30pm — No Comments

The new Cyber Security Strategy for Germany

The German Department of the Interior has recently published its new Cyber Security Strategy for Germany (german version here).

Whether it's good or not that a government is…

Continue

Added by d3tm4r on February 26, 2011 at 2:30pm — 1 Comment

RTFOSSTMM!

this is partly a re-post of my blog at kamerazukleber.tumblr.com:

I am following many discussions on pentesting, including that one in @pauldotcom EP225. About how customers order pentests for the wrong reason (compliance checkboxing), how the word “pentest” has lost it’s original meaning and the question what we should call it instead, what penetration testing shall concentrate on, how the results shall be presented, about…

Continue

Added by d3tm4r on February 23, 2011 at 11:19am — 1 Comment

Latest Activity

Anton Vyacheslav is now a member of Dissecting The Hack
Dec 9, 2018
bernardorichard updated their profile
Nov 28, 2018
Sam Mccalla is now a member of Dissecting The Hack
Nov 19, 2018
bernardorichard is now a member of Dissecting The Hack
Oct 24, 2018

Stratagem 13 News Feed

© 2019   Created by Marcus J. Carey.   Powered by

Badges  |  Report an Issue  |  Terms of Service