The SANS guys have developed a pretty impressive holiday-themed hacking challenge. Speaking as someone who creates crisis management table-top exercise scenarios as part of my job, I'm always impressed by the level of effort and details that goes into creating these challenges.
Even if you don't have the type of skills required to participate in a challenge like this, you can still benefit from it, by using it as a chance to get inside the mind of an attacker and think like "they" think.
Then, continue in that mindset and turn your attention to your own organization's network. How would you attack it if you were inclined to - what would you target?
Your own security program will benefit if you start to think like this.
Showing posts with label web application security. Show all posts
Showing posts with label web application security. Show all posts
Friday, December 7, 2012
Wednesday, September 19, 2012
Virgin Mobile: a case study on how not to implement password authentication
This article caught my eye today. Virgin Mobile shows everyone all the places you can go wrong when implementing website password authentication.
The good side of this story? I am planning to use this as a case study when discussing web app authentication with our software developers. Not much comfort if you're a VM customer though.
The good side of this story? I am planning to use this as a case study when discussing web app authentication with our software developers. Not much comfort if you're a VM customer though.
Monday, May 21, 2012
Security mindset
Interesting article about the mindset of security practitioners - thanks to Bruce Schneier for highlighting this one.
Tuesday, May 15, 2012
Surveillance cameras
A report from Wired's excellent Threat Level blog on research into the security of cameras used for CCTV, surveillance, security purposes. It seems many of them are by default enabled to allow access from the internet, and also by default use weak, well known passwords. That's a bad combination.
Friday, April 13, 2012
Panda Security hacked by Anonymous
Panda Security was hacked by the Anonymous group in retaliation for allegedly working with law enforcement to investigate Anonymous members, something that Panda staff deny.
Story from ZDNet Australia via the Verizon Business Security blog
Story from ZDNet Australia via the Verizon Business Security blog
Library of Congress website compromised
The Library of Congress website was compromised by a group known as BlitzSec - report from threatpost.com The password tables were taken and some of the passwords were decrypted revealing some particularly weak password policies in place. A user account named "test" had a password of "testing" for example.
Wednesday, April 4, 2012
Subscribe to:
Comments (Atom)