
Prepare for Ransomware
Recently technical guidance was released for CIOs and CISOs on how to prepare for a ransomware attack. This guide was a joint effort of multiple Federal agencies to address the growing concern of ransomware. In, “How to protect your Networks from Ransomware,” they provide some suggestions for prevention and response. We have created a checklist below to help you based on their recommendations. You can review your current polices, procedures and plans to see if you are cover

Cybersecurity for Local Governments 2018
2018 update on cybersecurity for local governments. This year marks the rise of the new threat to Local Government from nation states and the new risks to local governments. Costs for suffering cyber-attacks can be crippling to local governments. In addition, 93% of incidents are directly related to the human vulnerability. Most importantly strengthening the human firewall is a must to reduce risk. A strong cybersecurity awareness program is necessary. One update since I d

Default Security Settings, What Needs to Change?
Today, news agencies and outlets are reporting Information Technology (IT) breaches and loss of protected data at alarming rates. The centerpiece of these breaches, after months of forensic analysis, has been a lack of following IT industry accepted security best practices. Should manufacturers of IT products, both software, and hardware, follow these industry best practices by releasing secure products? Manufacturers need to start designing security in their products from th

Student Notes November 2017
Don, Since we'd been talking about AI recently in the beginning of class before we get down to the lesson of the day, thought you'd might find this interesting. http://www.iflscience.com/technology/ai-programmed-to-solve-zodiac-killer-mystery-creates-creepy-poetry-on-the-side/ Happy Thanksgivings, Jeffrey Graham Don, Something to show your CNT 51 class about help desk. Medieval helpdesk with English subtitles Tim, Mr. Hester, Ransomware spreading through RDP https://nakedsecu

Hacking the iPhone's Face ID
A Vietnamese security firm says it has been able to fool the iPhone X's facial recognition software. In a video released by the company Bkav, an employee uses a 3-D mask, to which the phone apparently responds to by unlocking. Apple marketing executive Philip Schiller put the odds of a random person being able to unlock your phone's Face ID at 1 in 1,000,000. Here is the video Read more about how Bkav tricked iPhone X's Face ID with a mask: http://www.bkav.com/FaceID #Hacking

The Wolf
Stop what you are doing and watch this. It's a big ad for HP but you gotta take a minute to view it. Especially after what we were talking about last night about what to cover in your blog. Chris Knight Christian Slater stars as The Wolf in a cautionary tale about what happens when print security goes overlooked. From director Lance Acord. http://www.hp.com/TheWolf The Wolf ft. Christian Slater | HP If you're not taking your printer security seriously, someone else might be

Spoofing Fully Qualified Domain Names
Spoofing Fully Qualified Domain Names How can you spoof a FQDN? John Hohn covers the history of DNS and name registry to demonstrate a flaw/feature that allows for the spoofing of fully qualified domain names. Learn how a Puny code vulnerability can be used by hackers to redirect unsuspecting browsers to malicious or spoofed sites. #PunyCode #DNS #DomainName #FQDN #Cybersecurity #Vulnerability #TipsandTricks #Network #Network #NetworkTrafficAnalysis #CNT52

The Visible Ops Handbook
This is a book review I wrote back in 2007 for a past version of this website. I am resurrecting it because it is still applicable today. I can't recommend this book enough for system administrators. I also recommend the book last May in the context of vulnerability management here: http://www.learnsecurity.org/single-post/2017/05/09/Where-are-the-Real-Vulnerabilities Book Review: The Visible Ops Handbook If you are in Information Technology, do you spend more time on fixin

New Attack Techniques 2017
The Seven Most Dangerous New Attack Techniques, and What's Coming Next "Moderator: Alan Paller, Research Director and Founder, SANS Institute. Which are the most dangerous new attack techniques? How do they work? How can you stop them? What’s coming next and how can you prepare? This fast-paced briefing provides answers from the three people best positioned to know the answers: the head of the Internet Storm Center, the top hacker exploits expert/teacher in the US and the top

WPA2 Vulnerability
WPA2 Encryption used to secure wireless networks has been broken. Website explaining the crack https://www.krackattacks.com/. Thanks to Nathan Bahr, Vic Reynov, Erik Gallagher and Chris Knight for sending me the information. StartFragmentKRACK Attacks: Bypassing WPA2 against Android and Linux EndFragment Flaw in WPA2 Security, UniFi Is Rolling New Firmware, & Things You Should Know About KrackAttack More Newsweek, “Krack Wi-Fi Hack: Google, Apple and Microsoft Scramble to F