How2BSecure 0.5 Continue
(Try really, really hard not to die!!!)
Be aware of your surroundings
Knowing your current environment is critical to being able to identify the severity of possible probable injurious events (ppie)
What is your current environment?
Anything that can currently affect you. Current means right now. Your environment is always changing.
What is an…
Added by Darrin Ford on August 28, 2011 at 3:39pm —
I honor and understand the defense of the classical definition of the word, because I know that it is how generations have defined themselves and their own rich history. However, I also feel its claim in modern context is only to cater to the egos of those who defend the traditional definition. But like all new words that evolve in the English language, The word itself has evolved and become defined in the context in which one uses it, therefore it is a word with…
Added by fixnichols on August 3, 2011 at 1:00pm —
I told my daughter when she was only three that I try not to reward negative actions/words with attention. I firmly believe that, so usually when someone has said or written something negative about me I try to ignore it. I just don't have the time to constantly respond to people who will never see any good in me at all. Even if I save a bus full of orphans carrying a box full of squirrels that was about to crash into a ravine, I am sure there would be a way to cast me in a negative… Continue
Added by Jayson E. Street on August 1, 2011 at 6:30am —
Identifying unknown files by using fuzzy hashing…
Added by Leon van der Eijk on July 25, 2011 at 11:56am —
-[ Introduction ]-
Most users trust their browser, some trust it with everything, while others like to keep their passwords safe in their heads. Is there a way to leverage this trust and collect passwords from the not so trusting, after all if you want to surf the internet your going to have to trust something with your…
Added by James Fisher on July 18, 2011 at 4:52am —
Emmet Jorgensen has written an article on Infosecisland that I'd like discuss for a bit. It is about wether or not FUD only has a bad connotation or could actually do something good as well. I must say I kind of agree and at the same time strongly disagree with his stance.
Added by d3tm4r on July 7, 2011 at 4:01pm —
Maybe you already have read the news: the local authority of the state of Niedersachsen in Germany seems to have blocked various anonymizing services such as Tor from accessing the state's websites.
The state office for statistics and communications technology stated that they have blacklisted several anonymizing services for security reasons, to better… Continue
Added by d3tm4r on June 20, 2011 at 10:30am —
I think I am a polite and forthcoming person. Most of the time. Continue
So when a sales representative of a reputable and well-known security vendor calls me, I will most of the time listen to what they are offering, although I really don't appreciate cold-calling. I will first see if I can somehow verify the identity of the caller before even continue talking to him or her. Since the person already managed to get my phone number, I will allow him to send me an email with his contact…
Added by d3tm4r on June 18, 2011 at 12:00pm —
Are you keeping track of how many organizations have been breached and their data stolen this week?
I stopped counting.
But it is very interesting to see how different organizations react to data breaches. Those who obviously don't have proper incident handling & response procedures mostly are hit much harder, detect the breach much later and in addition to that get very bad public reputation for it after the breach becomes public.
Those organizations who detect… Continue
Added by d3tm4r on June 16, 2011 at 4:38pm —
Here's my take on Dancho Danchev's great article 5 reasons why the proposed ID scheme for internet users is a bad idea on ZDNet. Politicians all over the world have finally realized that internet crime is a serious business and they want to do something to counter it. They overreact because they realize that they slept through that development and now… Continue
Added by d3tm4r on May 25, 2011 at 7:00am —
Humans are great at detecting patterns and abstracting knowledge and in successfully applying these patterns and principles to very disparate fields. This can happen for all kinds of small tasks that we have to fulfill on a daily basis.
It can also lead to some of mankind's greatest philosophical models like Taoism, Confucianism and Buddhism.
I could also mention some other religions and philosophies but I want to stick with… Continue
Added by d3tm4r on May 23, 2011 at 5:00am —
I am not sure if this is worth a blog post but it's definitely too long for a tweet.
Today I was totally blown away by the precision of Apple's location service - on the iPod Touch!
It is well known for a long time that all iOS devices use Apple's location database which is comprised of cell-tower locations as well as the locations of Wifi hotspots and access points. Of course there is also a knowledge base… Continue
Added by d3tm4r on May 5, 2011 at 3:00pm —
Just dumping some shell output and comments today. :)
If you haven't read the first issue of this series of articles on IPv6, I'd recommend you read it first.
IPv6 Attack Toolkit by THC (The Hacker's Choice)
You can download the tools here: http://www.thc.org/thc-ipv6/
Right now there is no… Continue
Added by d3tm4r on April 17, 2011 at 4:53am —
Here is my list of infosec podcasts I listen to or have listened to now and then.
Podcasts that I listen to regularly
(ordered by preference)
1.) Risky Business @riskybusiness
2.) Pauldotcom Security Weekly @pauldotcom
3.) Social-Engineer Podcast by @humanhacker @dave_rel1k… Continue
Added by d3tm4r on April 16, 2011 at 11:04am —
If you are into network security, now is the time to acquaint yourself with IPv6.
If you're planning to buy or perform a penetration test on your site, make sure that IPv6 is incorporated in the test.
If the pentest firm that you hired does not incorporate it or reacts kind of hesitant or surprised, get another vendor!
Why? Because IPv6 is and has been enabled in all kinds of operating systems and networking devices for some… Continue
Added by d3tm4r on April 16, 2011 at 8:30am —
It's quite amazing to watch people's reactions when things that you told them could or would happen actually do happen.
This throws up the question if we ever can proactively prevent bad things from happening as long as we are depending on a broader community to actually help and enable society to prevent them from happening.
Those are not only my own personal thoughts - this is an observation which is quite old and now being discussed again very widely.
It has also been… Continue
Added by d3tm4r on April 2, 2011 at 5:30am —
I am getting the impression that the end user is not supposed to ever mistrust any of those CAs that all browser and OS vendors are shipping with their products for our convenience.
The Comodo hack was only one incident in a row of incidents that show us that the trust model of PKI for SSL certificates is broken in many ways.
First off there are far too many CAs that your browser or operating system trusts per default.
Your browser or operating system trusts them so… Continue
Added by d3tm4r on March 29, 2011 at 12:30pm —
Another lengthy repost from my tumblr blog with some editing.
It's still a topic I am concerned with and which I'd like to discuss.
And where could be a better place for that than DTH? :)
Well now here it… Continue
Added by d3tm4r on March 5, 2011 at 1:30pm —
The German Department of the Interior has recently published its new Cyber Security Strategy for Germany (german version here).
Whether it's good or not that a government is… Continue
Added by d3tm4r on February 26, 2011 at 2:30pm —
this is partly a re-post of my blog at kamerazukleber.tumblr.com:
I am following many discussions on pentesting, including that one in @pauldotcom EP225. About how customers order pentests for the wrong reason (compliance checkboxing), how the word “pentest” has lost it’s original meaning and the question what we should call it instead, what penetration testing shall concentrate on, how the results shall be presented, about…
Added by d3tm4r on February 23, 2011 at 11:19am —