now browsing by tag
As noted before, like in this post, I am a huge fan of RSS feeds, but I also love instructional videos, demo videos, and other similar stuff.
I’ve been toying around the idea of doing video tutorials of attacking vulnerable distributions, like those found on VulnHub, and documenting the process that I go through. Maybe some other things, like various CTF challenges as well. I’m trying to get an idea, how people would react to seeing such videos posted here/on youtube.
If you have any opinions on this, please shoot me an email, and let me know if you think I should do some videos on vulnerability discussion topics and vulnerability videos.
I’ve always had fun competing in the Linux Showdown’s at TrueAbility. It is time for this year’s Linux Showdown, beginning on March 16, 2015! I really recommend this linux showdown if you have any interest in linux at all. First, there is the simple benefit of being able to compete, to see how your linux skills stack up, against everyone else’s (who doesn’t like some friendly competition every once in a while), and secondly, TrueAbility can and will get you a linux related job, if you are on the market.
It will challenge your linux ability, to determine where you stand among every other linux user in the world. So, if you’re up for a challenge, or up to learning more about linux, I definitely recommend that you check out the TrueAbility Linux Showdown #8, and make sure you sign up for the competition that begins on March 16, 2015!
From TrueAbility’s website:
Begins March 16th
For this challenge, you’re going to be using your scripting skills to implement a “sub par assembler” dubbed:
Instead of using memory, we’re going to use the filesystem to store and manipulate our data. Your task will be to create a program (in the language of your choice) called
/usr/local/bin/spasmthat can handle some basic operations.
Those of you in the top 50 will be invited to the next round, the rest are.. 0xDEADBEEF. Round 2 we make things a little more advanced… so save your script!
Begins April 1st
Welcome to the next phase of
spasmdevelopment! You gained an invite to this round by successfully completing the last challenge, and hopefully you saved a copy of it because we’re going to add some functionality to it in this round.
Following up on the recent breach at Sony; this article states that 2014 was labelled as “The Year if the Breach”. The other thing that this article is pointing out, you don’t have to be a mega-corporation to get breached, you can be a small business, you can be a small start-up, it doesn’t matter. You can be targeted, your company may or may not contain valuable information, that is valued by the attacker.
Security experts are now saying there are only two types of companies left in the U.S.: Those that have been hacked, and those that don’t yet know they’ve been hacked. And although cybersecurity is being forced to the forefront of national consciousness, we still are not seeing the urgency needed to make a difference.
There is no more time to wait on the issue of cybersecurity. Government agencies and corporations alike must become both educated and absolutely determined to stop cybercrime now. Neither can afford mediocre approaches to security and customers (whether citizens, in the case of government; or paying clients, in the case of corporations) must demand better. Organizations must have the right plans and the right technologies in place to deal with the threats we’ve seen do so much damage in 2014, and the threats we know are on the way in 2015.
It is important to keep you guard up, maintain safe systems, and keep your organization secure. Remember that 556 Forensics can assist you in keeping you and your organization safe.
I agree, that everyone jumping on the band-wagon, saying that N. Korea is behind this hack is wrong. This is the way I feel about a fair number of security ramblings coming from Mandiant/Fire Eye, Norse, and the rest of the huge companies out there. I think some of their information can be wrong. I also agree with the statements made at Krypt3ia, that we are now at “cyber-war” with North Korea. It feels like another Cold War race, with a lot more countries involved.
However, the really scary part, is that now, foreign influences have now proved, that they can hold United States (and companies within the US) at bay with attacks on there computer infrastructure.
From the article:
Everyone seems to be eager to pin the blame for the Sony hack on North Korea. However, I think it’s unlikely. Here’s why:
1. The broken English looks deliberately bad and doesn’t exhibit any of the classic comprehension mistakes you actually expect to see in “Konglish”. i.e it reads to me like an English speaker pretending to be bad at writing English.
2. The fact that the code was written on a PC with Korean locale & language actually makes it less likely to be North Korea. Not least because they don’t speak traditional “Korean” in North Korea, they speak their own dialect and traditional Korean is forbidden. This is one of the key things that has made communication with North Korean refugees difficult. I would find the presence of Chinese far more plausible. See here – http://www.nytimes.com/2006/08/30/world/asia/30iht-dialect.2644361.html?_r=0
This change in language is also most pronounced when it comes to special words, such as technical terms. That’s possibly because in South Korea, many of these terms are “borrowed” from other languages, including English. For example, the Korean word for “Hellicopter” is: 헬리콥터 or hellikobteo. The North Koreans, on the other hand, use a literal translation of “vehicle that goes straight up after takeoff”. This is because such borrowed words are discouraged, if not outright forbidden, in North Korea – http://pinyin.info/news/2005/ban-loan-words-says-north-korea/
Lets not forget also that it is *trivial* to change the language/locale of a computer before compiling code on it.
According to stats gathered by Statista, Hacking is now every American’s worst nightmare. Honestly, I’m a little shocked by this statistic, not because I don’t think hacking is way to prevalent in our world, but because I thought people/American’s cared about many other things, as opposed to hacking.
An important thing to remember, for companies out there, you have to do more than PCI compliance. There are vulnerability scans and penetration testing that you need to do, to ensure, or the more correct term would be to minimize risk.
You will find more statistics at Statista