From The Blog
-
NetSPI’s Offensive Security Offering Leverages Subject Matter Experts to Enhance Pen Testing
Written by Sean KalinichBlack Hat 2023 Las Vegas. The term offensive security has always been an interesting one for me. On the surface is brings to mind reaching…Written on Tuesday, 12 September 2023 17:05 in Security Talk Read 1258 times Read more...
-
Black Kite Looks to Offer a Better View of Risk in a Rapidly Changing Threat Landscape
Written by Sean KalinichBlack Hat 2023 – Las Vegas. Risk is an interesting subject and has many different meanings to many different people. For the most part Risk…Written on Tuesday, 12 September 2023 14:56 in Security Talk Read 768 times Read more...
-
Microsoft Finally Reveals how they Believe a Consumer Signing Key was Stollen
Written by Sean KalinichIn May of 2023 a few sensitive accounts reported to Microsoft that their environments appeared to be compromised. Due to the nature of these accounts,…Written on Thursday, 07 September 2023 14:40 in Security Talk Read 1144 times Read more...
-
Mandiant Releases a Detailed Look at the Campaign Targeting Barracuda Email Security Gateways, I Take a Look at What this all Might Mean
Written by Sean KalinichThe recent attack that leveraged a 0-Day vulnerability to compromise a number of Barracuda Email Security Gateway appliances (physical and virtual, but not cloud) was…Written on Wednesday, 30 August 2023 16:09 in Security Talk Read 938 times Read more...
-
Threat Groups Return to Targeting Developers in Recent Software Supply Chain Attacks
Written by Sean KalinichThere is a topic of conversation that really needs to be talked about in the open. It is the danger of developer systems (personal and…Written on Wednesday, 30 August 2023 13:29 in Security Talk Read 1007 times Read more...
-
Leaked Data from Duolingo incident Shows US is most Impacted
Written by Sean KalinichDuolingo, is a language learning site (not to be confused with an LLM) and has a very large base of users. The site is a…Written on Tuesday, 29 August 2023 19:12 in Security Talk Read 1422 times Read more...
-
We talk about the Ransomware Threat Landscape with SecureWorks at Black Hat 2023
Written by Sean KalinichBlack Hat 2023 – Las Vegas, NV – One of my personal focuses is understanding the “Why” behind changes in the threat landscape. In simple…Written on Tuesday, 29 August 2023 18:26 in Security Talk Read 1016 times Read more...
-
Now Patched Flaw Leverages Abandoned Reply URL found in Entra ID allows for Privilege Escalation
Written by Sean KalinichMicrosoft has not been having the greatest of months. First it was identified that a stollen MSA signing key was used by a Nation State…Written on Monday, 28 August 2023 15:39 in Security Talk Read 1643 times Read more...
-
Qrypt Looking to Attack the Inefficiencies in Quantum Encryption to make Quantum Secure Communication a Reality Today
Written by Sean KalinichBlack Hat 2023, Las Vegas – At Black Hat one of my favorite things to do is see what the latest buzzword(s)/phrases are. One of…Written on Monday, 28 August 2023 12:53 in Security Talk Read 1138 times Read more...
Recent Comments
- Sean, this is a fantastic review of a beautiful game. I do agree with you… Written by Jacob 2023-05-19 14:17:50 Jedi Survivor – The Quick, Dirty, and Limited Spoilers Review
- Great post. Very interesting read but is the reality we are currently facing. Written by JP 2023-05-03 02:33:53 The Dangers of AI; I Think I Have Seen this Movie Before
- I was wondering if you have tested the microphone audio frequency for the Asus HS-1000W? Written by Maciej 2020-12-18 14:09:33 Asus HS-1000W wireless headset impresses us in the lab
- Thanks for review. I appreciate hearing from a real pro as opposed to the blogger… Written by Keith 2019-06-18 04:22:36 The Red Hydrogen One, Possibly One of the Most “misunderstood” Phones Out
- Have yet to see the real impact but in the consumer segment, ryzen series are… Written by sushant 2018-12-23 10:12:12 AMD’s 11-year journey to relevance gets an epic finish.
Most Read
- Microsoft Fail - Start Button Back in Windows 8.1 But No Start Menu Written on Thursday, 30 May 2013 15:33 in News Be the first to comment! Read 115708 times Read more...
- We take a look at the NETGEAR ProSafe WNDAP360 Dual-Band Wireless Access Point Written on Saturday, 07 April 2012 00:17 in Pro Storage and Networking Be the first to comment! Read 85992 times Read more...
- Synology DS1512+ Five-Bay NAS Performance Review Written on Tuesday, 12 June 2012 20:31 in Pro Storage and Networking Be the first to comment! Read 80381 times Read more...
- Gigabyte G1.Sniper M3 Design And Feature Review Written on Sunday, 19 August 2012 22:35 in Enthusiast Motherboards Be the first to comment! Read 79056 times Read more...
- The Asus P8Z77-M Pro Brings Exceptional Performance and Value to the Lab Written on Monday, 23 April 2012 13:02 in Consumer Motherboards Be the first to comment! Read 69252 times Read more...
Displaying items by tag: DHS
CISA passes the Senate, opens the door to more abuse and fails to address security
Cybersecurity is a fairly common buzz word used in Washington these days. It is tossed around to scare people that are ignorant of the way computer systems work so that legislation that is exceptionally pro-corporate friendly and anti-consumer can be pushed through. The latest of these is the Cybersecurity Information Sharing Act. This handy little bit of law just passed through the US senate on the 28th (74 to 21) and allow corporations to share customer data with the US government and other companies without any consequences for doing so. This effectively removes any recourse customers or users have about the sharing of their personal information.
Troubles in Bitcoin paradise
![]() |
According to Ars Technica, the U.S. Homeland Security closed a key account for mobile payment associated with Bitcoin Stock Exchange Mt. Gox. This is the account Dwolla owned by Mutum Sigillum (Mt. Gox property) from which resources are paid to the account of Mt. Goxa which is the largest Bitcoin exchange on the Internet. For those who do not know, Dwolla was the easiest way of buying Bitcoin as other services for online payment, such as PayPal, for example, do not give the option to purchase Bitcoin.
Copyright, Patent, and Trademark Laws Are Being Abused Every Day to Stifle Competition and Maintain Control
![]() |
The system of Copyright, Patents and Trademarks has a long history in the US and around the world. Originally the system was developed to protect the individual inventor or artists. It allows them to benefit from their work or inventions for a limited period of time as a form of compensation for bringing a new technology or art to the world. This system worked very well when it was individuals who were seeking the protection. Patent laws at the time also required that the inventor be able to demonstrate their inventions before the patents were granted.
Update On Drone GPS Spoofing By The University of Texas Team *** Update 7-1-2102***
Yesterday we wrote an article where we described how a military drone could be hacked through the use of GPS spoofing. This morning we received an email from one of the people involved in the actual event with some clarifications. First despite original reports (and some addition information we were given) the drone that was used for the demonstration was not a military class drone. It was one that the University of Texas purchased. It is still fairly sophisticated and is the same kind used by law enforcement. The team did this to point out serious issues with commercial drones before there is a rewrite of the FAA rules governing this new class of vehicles. You can check out the original story about for more information on the hack.
**********UPDATE 7/1/2012 - We have heard from Both Vanguard Defense Industries and Todd Humphreys from the University of Texas. The Drone in quesstion was NOT purchased from Vanguard. The University of Texas declined to state how they did purchase it from, but commented that the vulnerability exists in any drone that uses Civil GPS systems. ******************
Anonymous; Activist Collective or Hacker Group, Hero or Villain?
As someone that has followed the online “hacking” community since its infancy (war dialing anyone) I can say with a fair amount of confidence that the guys what kicked it all off (Like Steve Wozniak) would be proud of where some of the movement has gone. In the early 80’s War Dialing was something of a fun sport, you dialed a range of numbers until a computer answered and then you tried to talk to it. A lot of the activity was aimed at “corrupt businesses and government agencies” right alongside the people looking to just do it because it was something new and exciting.
Are Cloud Services Really A Better Deal?
When we first started to hear rumblings about Microsoft’s next version of Windows we were told that it would be positioned as the center piece of a connected home. Now at the time we took this to mean an internal environment with connectivity to gaming consoles, media centers (or hubs) and of course Windows Home Server. What we did not expect was for Microsoft to shovel the cloud and their cloud based services down the consumer’s throats.
Leaked DHS Amber Warnings Claim There is Major Campaign Against US Natural Gas Pipeline, But Is It Real?
The Department of Homeland Security has issues some very unusual warnings for companies that handle the US Natural Gas Pipelines. The three Amber warnings claim that a concerted intrusion attempt is being made on the command and control centers for this infrastructure service that is responsible for roughly 25% of the power produced in the US. What makes these warnings unusual is the detail and the fact that companies have been told not to do anything to block the intrusions unless they threaten the actual operation of the service.
New Proposed Amendment to CISPA Could Grant the US DHS More Power to "Monitor" the Internet
After working so very hard (and unsuccessfully) to convince everyone that CISPA (Cyber Intelligence Sharing and Protection Act) would not be like SOPA and that it is all good for everyone, it seems that the lawmakers involved in it just could not resist adding in a special little touch. There is an amendment to CISPA that would grant the Department of Homeland Security some brand new powers over all that data.