From The Blog
-
ConnectWise Slash and Grab Flaw Once Again Shows the Value of Input Validation We talk to Huntress About its Impact
Written by Sean KalinichAlthough the news of the infamous ConnectWise flaw which allowed for the creation of admin accounts is a bit cold, it still is one that…Written on Tuesday, 19 March 2024 12:44 in Security Talk Read 603 times Read more...
-
Social Manipulation as a Service – When the Bots on Twitter get their Check marks
Written by Sean KalinichWhen I started DecryptedTech it was to counter all the crap marketing I saw from component makers. I wanted to prove people with a clean…Written on Monday, 04 March 2024 16:17 in Editorials Read 1510 times Read more...
-
To Release or not to Release a PoC or OST That is the Question
Written by Sean KalinichThere is (and always has been) a debate about the ethics and impact of the release of Proof-of-Concept Exploit for an identified vulnerability and Open-Source…Written on Monday, 26 February 2024 13:05 in Security Talk Read 1058 times Read more...
-
There was an Important Lesson Learned in the LockBit Takedown and it was Not About Threat Groups
Written by Sean KalinichIn what could be called a fantastic move, global law enforcement agencies attacked and took down LockBit’s infrastructure. The day of the event was filled…Written on Thursday, 22 February 2024 12:20 in Security Talk Read 910 times Read more...
-
NetSPI’s Offensive Security Offering Leverages Subject Matter Experts to Enhance Pen Testing
Written by Sean KalinichBlack Hat 2023 Las Vegas. The term offensive security has always been an interesting one for me. On the surface is brings to mind reaching…Written on Tuesday, 12 September 2023 17:05 in Security Talk Read 2079 times Read more...
-
Black Kite Looks to Offer a Better View of Risk in a Rapidly Changing Threat Landscape
Written by Sean KalinichBlack Hat 2023 – Las Vegas. Risk is an interesting subject and has many different meanings to many different people. For the most part Risk…Written on Tuesday, 12 September 2023 14:56 in Security Talk Read 1794 times Read more...
-
Microsoft Finally Reveals how they Believe a Consumer Signing Key was Stollen
Written by Sean KalinichIn May of 2023 a few sensitive accounts reported to Microsoft that their environments appeared to be compromised. Due to the nature of these accounts,…Written on Thursday, 07 September 2023 14:40 in Security Talk Read 2066 times Read more...
-
Mandiant Releases a Detailed Look at the Campaign Targeting Barracuda Email Security Gateways, I Take a Look at What this all Might Mean
Written by Sean KalinichThe recent attack that leveraged a 0-Day vulnerability to compromise a number of Barracuda Email Security Gateway appliances (physical and virtual, but not cloud) was…Written on Wednesday, 30 August 2023 16:09 in Security Talk Read 2052 times Read more...
-
Threat Groups Return to Targeting Developers in Recent Software Supply Chain Attacks
Written by Sean KalinichThere is a topic of conversation that really needs to be talked about in the open. It is the danger of developer systems (personal and…Written on Wednesday, 30 August 2023 13:29 in Security Talk Read 1824 times Read more...
Recent Comments
- Sean, this is a fantastic review of a beautiful game. I do agree with you… Written by Jacob 2023-05-19 14:17:50 Jedi Survivor – The Quick, Dirty, and Limited Spoilers Review
- Great post. Very interesting read but is the reality we are currently facing. Written by JP 2023-05-03 02:33:53 The Dangers of AI; I Think I Have Seen this Movie Before
- I was wondering if you have tested the microphone audio frequency for the Asus HS-1000W? Written by Maciej 2020-12-18 14:09:33 Asus HS-1000W wireless headset impresses us in the lab
- Thanks for review. I appreciate hearing from a real pro as opposed to the blogger… Written by Keith 2019-06-18 04:22:36 The Red Hydrogen One, Possibly One of the Most “misunderstood” Phones Out
- Have yet to see the real impact but in the consumer segment, ryzen series are… Written by sushant 2018-12-23 10:12:12 AMD’s 11-year journey to relevance gets an epic finish.
Most Read
- Microsoft Fail - Start Button Back in Windows 8.1 But No Start Menu Written on Thursday, 30 May 2013 15:33 in News Be the first to comment! Read 116470 times Read more...
- We take a look at the NETGEAR ProSafe WNDAP360 Dual-Band Wireless Access Point Written on Saturday, 07 April 2012 00:17 in Pro Storage and Networking Be the first to comment! Read 87374 times Read more...
- Synology DS1512+ Five-Bay NAS Performance Review Written on Tuesday, 12 June 2012 20:31 in Pro Storage and Networking Be the first to comment! Read 81930 times Read more...
- Gigabyte G1.Sniper M3 Design And Feature Review Written on Sunday, 19 August 2012 22:35 in Enthusiast Motherboards Be the first to comment! Read 80251 times Read more...
- The Asus P8Z77-M Pro Brings Exceptional Performance and Value to the Lab Written on Monday, 23 April 2012 13:02 in Consumer Motherboards Be the first to comment! Read 70883 times Read more...
Displaying items by tag: Hacking
After 30 Years of "Hacking" Data Security Has Not Changed Much
Data security (and privacy) has been in the news a lot lately as if it is a new and troubling issue. In fact this has been a major topic of discussion going back to the mid-1980s when the first consumer available modems hit the market. This started the practice of war dialing where phone phreaks would dial random numbers to see if any would answer to their computers. One of the more famous phone phreaks is none other than Steve Wozniak, Co-Founder of Apple Computers. These are the guys that pioneered the hacking scene (and in some cases the piracy scene as well). Back then security was primitive and usually consisted nothing more than a login and a password. Fast forward more than 30 years and the security of some places is little better than what it was back in the war dialing days.
Apple Admits to Breach in Developers' Portal
Today (Sunday July 21 2013) Apple officially admitted that someone had hacked their developer site. The notification came out as a warning that some information including names, addresses and email information might have been accessed. What we find interesting is that this announcement comes on the heels of a multi-day outage to the same site. It looks like Apple might have known about the breach earlier and not told anyone until they confirmed that user data was compromised (in which case they might have been compelled to). This is not exactly what you want to hear from a company that prides themselves on the security and safety of their operating system AND their ecosystem.
Club Nintendo hacked
Nintendo has announced that their Club Nintendo service where players can collect points for the hardware and the games they buy, and then to win a variety of prizes and gifts, got hacked or that unknown hackers broke into the database of members, and retrieve their data.
Human Security, Relearning How to Act on the Internet
Security is a huge issue and has always been one ever since the first person decided they wanted to protect what they owned. Through the centuries the art of security has evolved and a multitude of inventions have blossomed on the scene to help us keep our property safe and secure. Once the data age started we had new concerns and our fertile minds came up with new and more creative ways to protect our new digital property. These two separate (yet dependent) fields are broken down into physical and digital security. The problem is that neither of these are effective unless we apply human security. This is the practice of securing people (humans) against being the largest security hole in any network or location.
Zero-Day Exploit in Internet Explorer 8 Used To Access Nuclear Information
Whenever I read a headline that shows a company using very outdated software or hardware has been hacked; I find myself wondering if the people responsible for their IT and Finance departments are looking for new jobs. When it is a government agency it makes things even worse. Friday May 3rd I think things hit a peak as it has been revealed that nuclear researchers at the US Department of Energy had their computers compromised.
Military Contractors Say The Risk is Worth Saving the Cost of Security
Over the last few years we have followed the sorry state of cyber security in both corporate and governmental systems and have always been surprised at the solutions that they have presented. For some reason these groups want to remove responsibility from themselves for making sure their data (which in some cases is your data) is secure. This lack of corporate responsibility has led to misguided bills, acts and other nonsense that will still not do anything to stem the tide of security breaches. One of the most famous examples of this is QinetiQ.
Anonymous to Make May 7th a Day to Remember with OpUSA
A warning has been sent out to financial institutions and government agencies as the collective known as Anonymous has announced their OpUSA. The Operation as put forth by the hackvist group is supposed to target banks and government websites and is supposed to kick off on May 7th. Some security experts are advising the targeted organizations to prepare for Distributed Denial of Service Attacks and harden their sites against them.
When will they learn; when it comes to Anonymous there are no leaders
Today I read some very interesting news. According to a few news outlets the Australian Federal Police have arrested another “leader” of the group formerly known as LulzSec. This would make the 2nd top dog of the Anonymous splinter group to have been taken in by authorities. So the question is; who is the real LulzSec leader? Is it Hector Monsegur (Sabu) who was caught in New York and turned informant for the FBI to avoid a lot of jail time or is it 24 year old Mathew Trevor Flannery who went by the name Aush0k?
Aircraft Flight Management Systems Vulnerable To Attack... From A Smartphone...
If you want to talk about something frightening how does being able to crash a plane with little more than an Android Smartphone sound? This scenario that is right out of a movie script is apparently all too possible as was demonstrated at a talk by Hugo Teso. Teso who has 11-years of experience in IT and 12 as a commercial pilot combined what he knows about both fields and came up with a way to hack a plane.
10 years in prison for hacking celebrities’ computers
Christopher Chaney, a 36-year old office clerk from Florida, pleaded guilty to hacking into e-mail accounts and interception in nine cases, although he was actually sued in over 50 e-mail account hacking cases. Among his victims were well-known actresses Scarlett Johansson, Mila Kunis and singer Christina Aguilera. He has to pay a total of $ 66,179 to the victims of his work.