Enterprise Password Management System

Archive for hacking

Cyber Warfare: Chapter 7.

Cyber Warfare: Techniques, Tactics and Tools for Security Practitioners by J. Andress and S. Winterfeld.

Cyber warfare is real. That’s why each Friday I will post a review on this book: Cyber Warfare: Techniques, Tactics and Tools for Security Practitioners, and today I am sharing what I am reading in…

Chapter 7: Psychological Weapons. Cyber Warfare Techniques Tactics and Tools for Security Practitioners - Book review by Dovell Bonnett of Access Smart.com

Psychological weapons are another tool used in cyber warfare. It is designed to leverage the frailties of people (often refered to as “wetware” by  hackers) to ultimately gain access into computers, networks or infrastructure. While the military may call it PSY OPS, law enforcement uses the term “con artists” and cyber attackers call it “social engineering” it is all the same thing: the use of psychology to manipulate an individual’s beliefs, frailties and motivations in such a way as to knowingly or unknowingly convey valuable information. The authors again do a great job of comparing military operations with civilian ones, I am only going to focus on those that are pertinent to businesses. Read More→

Cyber Warfare: Chapter 6

Cyber Warfare: Techniques, Tactics and Tools for Security Practitioners by J. Andress and S. Winterfeld.

Cyber warfare is real. That’s why each Friday I will post a review on this book: Cyber Warfare: Techniques, Tactics and Tools for Security Practitioners, and today I am sharing what I am reading in…

Chapter 6: Physical Weapons. Cyber Warfare Techniques Tactics and Tools for Security Practitioners - Book review by Dovell Bonnett of Access Smart.com

Chapter 6 it’s all about physical weapons. A key point is how both the physical and logical worlds are tied together in cyberspace. Computers and networks need buildings, utilities, electricity, cooling, etc. to operate. But it is also true that software and applications are what run and manage this infrastructure. These two worlds have a symbiotic relationship. Therefore, the strategy in cyber warfare, as in conventional, is understanding all aspects of a system and determining where are the vulnerabilities.

Read More→

Google may be doing Harm

Google is gathering your personal and corporate data.

Cloud security Google Inc. (GOOG) motto is, “do no harm.” But who defines what is harmful? Employees recently testified to the U.S. Federal Communications Commission that they didn’t initially know that their mapping-service project software was gather personal data, even though an undisclosed engineer told a few fellow workers. The software would access payload data like e-mails, text messages, passwords, internet-usage, and other highly sensitive personal information. The FCC ended up not penalizing Google for data gathering, but assessed a $25,000 fine for not cooperating with the FCC during the initial inquiry. The fine would not even be considered a slap on the wrist. Read More→

Cyber Warfare: Chapter 5

Cyber Warfare: Techniques, Tactics and Tools for Security Practitioners by J. Andress and S. Winterfeld

Cyber warfare is real. That’s why each Friday I will post a review on this book: Cyber Warfare: Techniques, Tactics and Tools for Security Practitioners, and today I am sharing what I am reading in…

Chapter 5: Logical Weapons.Cyber Warfare Techniques Tactics and Tools for Security Practitioners - Book review by Dovell Bonnett of Access Smart.com

This chapter is chocked full of valuable information. Instead of going through the details of all the tools discussed, I think that startling insight into the defense of these attack tools is more important. I do, however, strongly suggest your read this chapter to get a better perspective on the types and capabilities of the available logical access weapons.

The weapons or tools available to cyber warriors are vast and many are free and open sourced. The non-government and non-military attackers are using common or customized tools. At times the same tools used to investigate an attack are also the same tools used to attack. While many may believe that the government and military warriors have highly specialized tools, the authors suggest that they are using some of the same commercially available tools.

Read More→

Network Access Authentication with MagStripe Cards

Network Access Authentication using a Magnetic Stripe Card

network access authenticationAccess Smart®, LLC expands our network access authentication product line for data security. Power LogOn for MagStripe allows any issued magnetic stripe card to be used to log onto a computer and network. Imagine the cost savings and convenience of not having to re-issue cards, and the convenience for customers to use their existing loyalty card for network access authentication into a computer network. Some of the key markets are hotel lobby and airport kiosks, internet cafes Read More→

What To Do When Your Company Network is Hacked

What to Do When Your Business Network is Hacked by Dovell Bonnett of Access SmartI have written many articles and blogs warning about the cost to a company from a security breach.

Ben Worthen, a staff reporter in The Wall Street Journal’s San Francisco bureau, wrote a great article “What to Do if You’ve Been Hacked” on September 26, 2011, where he has highlighted some key things to do. All the points are excellent but the #1 “to do” is to not ignore the attack and hope it goes away. It won’t! Read More→

More Hacking. When Will it Stop?

The simple answer?  Hacking won’t stop. To paraphrase Willie Sutton, bank robber, “That’s where the money is.”

PBS, Sony, Lockheed, Amazon, IMF, US Senate, etc., all announced in 2011 that their systems were hacked. Security specialists are now calling 2011 the year of the hacker. Weak SecureID tokens, malware, password attacks, etc., have all been used. Foreign governments, terrorists, drug cartels and a “hacking collective” called Lulz Security have been accused. Recently, the DOD announced that cyber attacks can now be regarded as a military attack with the recourse being military ordnance. Read More→

Patco Needed To Take Responsibility For Their Own Security

In the ComputerWorld article “Judge rules against trial in lawsuit by victim of $588K cyber heist” by Jaikumar Vijayan about the lawsuit between Patco and Ocean Bank there were no winners here. There were mistakes done on both sides and lack of responsibility. Since I was not in the courtroom and didn’t follow the trial I can’t say if the judge’s ruling was the correct one but here is why both plaintiff and defense lost. Read More→

SecurID Tokens Are Being Hacked

Are Your Secure ID Tokens Really Secure From Being Hacked?

One of the leading supplier of one time passwords (OTP) tokens is RSA (an EMC company) has recently been in the news because Lockheed Martin and L-3 Communications had their SecurID tokens being hacked.  RSA said that attackers had accessed code related to its SecurID two-factor authentication technology. Read More→