TrueCrypt goes dark

| 0 comments

Today was an interesting day in term of security within the encryption community. The developers of TrueCrypt have made the following statement: “WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues.” It is not clear exactly what is driving this decision and one can only guess at this point unless the development team comes out an conclusively comments on what the driving factor was. What makes this even more interesting, at least from my perspective, is the fact a security audit was just completed in April 2014. At that time, the phase 1 audit did not …

Continue reading

Doomed software developers that do not understand security

| 0 comments

Say for a moment you have a software development task to notify end users of a specific event and this notification is critical for a number of reasons. Would the average development team understand the best architectural design? What if I told you that you development team goes off and creates the software and it is a success, but in no time the network becomes unstable and eventually crashes. Sound impossible? Not if the software essentially performed a denial-of-service (DoS) attack. In a DoS attack, an attacker attempts to prevent legitimate users from accessing information or services. By targeting your …

Continue reading

DNS rebinding and IDS signatures

| 0 comments

DNS rebinding attacks have been around for a number of years and still present challenges today. This type of attack can propagate via malware and individuals who do not act appropriately to protect themselves often will become unknowing and unwilling victims. Often this risk is in play because of popular technologies such as Flash and the lack of common standards across vendors. DNS Rebinding Analysis I found the concept of DNS rebinding to extremely complicated. Upon investigation, I found that web browsers handle DNS queries differently during the Time to Life (TTL), for example, Internet Explorer uses what is called …

Continue reading

Internet security, data breaches and password management

| 0 comments

Today’s state of security truly is in a poor state of affairs and there is really little indication that things will get any better anytime soon. How better to understand the scope of the problem than looking at the last nine years defined as the World’s Biggest Data Breaches? As you review this chart, it is important to understand the breach resulted from a wide variety of risk, which leads to the vulnerability being exploited. The saddest fact is that may of these breaches may have been prevented if more attention to security had been applied, but that is an …

Continue reading

Computer forensics tools: Windows registry

| 0 comments

Computer forensics is the application of investigation and analysis techniques to gather and preserve evidence from a particular computing device in a way that is suitable for presentation in a court of law. The goal of computer forensics is to perform a structured investigation while maintaining a documented chain of evidence to find out exactly what happened on a computing device and who was responsible for it. There are many well defined tools and processes and you should understand the legalities behind computer forensics should you intend to consider this career field. That being said, you may want to give …

Continue reading