You are viewing 'password'
It’s hard for me to get enthusiastic about predictions. Let’s face it, anyone at the end of 2014 could have predicted that in 2015 that there would have been mega data breaches, such as those that hit the Office of Personnel Management and Ashley Madison. And in the year ahead, there will be a number of major breaches, shocking vulnerabilities, and surprising gaffes at the hand of the IT department at a number of enterprises and government agencies.
That said, it’s important that security teams always keep an eye on the major trends in the industry so that they can adjust their programs accordingly. With that in mind, here are a handful of key things we can expect to see in 2016 and likely beyond:Citizen developers increase enterprise data risks
If enterprise application security teams think that they have a challenge now regarding keeping applications secure as they’re developed, deployed, and maintained in production,... read more >
AppSec USA 2015 Follow Up
This blog is a continuation of the AppSec USA 2015 blog, “Web Application Testing with Python” and “Web Application Testing with Python – Part 2”. To follow along, please download the virtual machine and scripts that I’ll cover in these series of blogs (the files are posted on an OWASP-controlled Google Drive. See Resources below for the full URL).
In the previous blog post, “Web Application Testing with Python – Part 2”, we wrote two scripts to attack the login form of our vulnerable application in order to enumerate valid users. In this blog, we’ll continue attacking... read more >
NCSAM Week 3: Connected Communities and Families
Week 3 of National Cyber Security Awareness Month (NCSAM) focuses on “Connected Communities and Families: Staying Protected While We Are Always Connected”. This week really resonates with me as a first time mom. How will we stay safe and secure in this ever changing digital world? How will I be able to protect my child from cybercrime, cyberbullying, etc.? When do I need to start teaching my child about cyber issues?
I thought these questions and worries were a concern of the distant future - when my child is old enough to use devices. I quickly am finding out that this is not the case.
Surprisingly, a hot cyber topic among other first time moms is baby monitors. The scariest part is the real life stories about baby monitors getting hacked. There are instances of hackers... read more >
A wide-open physical security assessment war story - #WarStoryWednesday
War Story Wednesday is a Solutionary Minds blog feature series. On the first Wednesday of the month, Solutionary is publishing a blog from one of our security practitioners that discusses a real-world engagement or “war story.” This blog, featuring Security Consultant Brent White, is the second submission in the series.
This physical security assessment was fun, easy and a bit alarming. It was fun and easy for how completely simple it was. On the other hand, it was alarming because of how simple it was — as well as there being no security presence.
How can we get in?
This is usually the thing we try to answer first when conducting a physical security assessment. Through basic reconnaissance, my co-worker and I quickly figured out the following information:
- The front doors automatically locked every day at 4:30 pm.
The first known, reported account of hacking in professional sports
One Major League team hacked another one for competitive gain? Say it ain’t so, Joe.
Teams have often tried to steal the other team’s signs during a game to predict a play or a pitch. This has been part of baseball since its earliest days. Now, it seems that a team may have taken it to a new level. Corporate espionage may now be part of our national pastime.
It looks as if the first known instance of one professional sports team hacking another has been reported. According to a NY Times report, the St. Louis Cardinals are facing an F.B.I. inquiry due to the alleged hacking of the Houston Astros.
On June 16, 2015, the NY Times reported:Investigators have uncovered evidence that Cardinals officials broke into a network of the Houston Astros that housed special databases the team had built,... read more >