Former Hostgator employee arrested (the way he got caught was awesome)
Hit the link above for an awesome(ly scary) article about a former Hostgator employee who setup a backdoor to nearly 3,000 systems in a way that was very difficult to detect.
Warning: spoiler below!
Reading the article I couldn’t help but go, “How in the world did they catch what this guy was doing since his method was so clever and he was so good at covering his tracks?!” I love the answer:
“Among other things, a desktop monitoring system that took screenshots of employee workstations in one-minute increments helped Hostgator officials quickly zero in on Gisse.”
The bad guys are winning, so now what?
The bad guys are winning, according to Ed Skoudis. Hit the link above for his slides/presentation on this topic. They offer a frightening/sobering look at how the bad guys are wreaking havoc on networks, and how we may not be defending ourselves the right way against these attacks.
Security: good for me, bad for my familiy
I recently started a new job, and my wife hates me for it. Ok wait, let me explain. A little background:
I’ve served in various network engineer roles for the past 10 years - doing Microsoft/Cisco/Dell/VMWare infrastructure installs and upgrades. But recently I’ve shifted gears a bit into a job that’s all about information security, and helping others develop information security practices and programs. Even though I’m only a few weeks into the job, I’m starting to implement stronger security in my own computing practices so I can “learn by doing” and help others too.
And this is the part where my wife wants to kill me. Because instead of nice short, easy-to-remember passwords on the services we use as a family, I’ve changed them all to 25+ character monstrosities with a mix of upper/lowercase characters, numbers and symbols. Ever tried entering a 25-character password via the sluggish AppleTV remote? Yeah, it’s not fun.
Bottom line: when all that stands between my wife and the latest episode of Downton Abbey are my security practices, I risk sleeping on the couch.
Two-factor authentication: everybody’s doing it (almost)!
Lately I’ve been seeing a lot of my friends report hacked Facebook and Hotmail accounts, so I’m encouraging them to take advantage of some simple security measures to reduce the likelihood of that happening (again).
Almost all the big cloud services offer two-factor authentication, which combines something you know (like a password) combined with something you have, like a text message from your phone or a security token. This strengthens your account security by adding an additional electronic roadblock if your password is compromised.
Here are some “how to” links for turning on two-factor authentication at some popular online services:
Apple - http://support.apple.com/kb/HT5570
Facebook - http://howto.cnet.com/8301-11310_39-57566228-285/how-to-enable-two-factor-authentication-on-popular-sites/
Google - http://support.google.com/accounts/bin/answer.py?hl=en&ctx=ch_b%2F0%2FSmsAuthLanding&answer=180744
Microsoft - http://blogs.technet.com/b/microsoft_blog/archive/2013/04/17/microsoft-account-gets-more-secure.aspx (they just turned on two-factor over the last few days).
Looks like Evernote and Twitter will be getting on board soon as well, I hope!
Don’t forget that two-factor authentication doesn’t lessen the need for using good, long, strong passwords across your accounts, and using different passwords for each account. I personally like using password management tools like LastPass or 1passwd so I don’t have to try and remember them all :-)
Crazy as it might be, I’m going after my CISSP certification. So this book is about to consume a huge chunk of my life for the next few months. I hope to blog interesting/helpful tips I glean from this bad boy.
(On a side note, Amazon has a Kindle version for about $40 that I may grab. I like the idea of being able to float between my PC, iPad and iPhone while retaining my bookmarks, notes, and most importantly, where I left off reading!)
- Page 1 of 56
- Next »
