Secure your Mac computer

| 0 comments

Securing your Mac computer is not overly difficult and there are a number of actions you can take to protect yourself from others seeking harm. Face it, if you do not take security seriously with your own system then who will? I have heard of the tooth fairy, but I have not heard of the security fairy. The fact is Apple has provided a number of features core to the operating system to help secure your system and prevent the tampering or stealing of your personal data. Securing your computer may sound intimidating at first and you may worry that you do not have the necessary skills to address this activity, but the truth is the features of the OS X operating system and third party tools range from simple to complex. Like with all things in life, all it takes is time and effort to succeed. The Operating System The fact is the tools afforded to you within the operating system come at no additional cost. For example, open up System Preferences and you will find a number of areas that will further advance you security efforts.  These area include Desktop & Screen Saver, Security & Privacy, Sharing, and …

Continue reading

Malware and the risk to cybersecurity

| 0 comments

Malware is widespread and continues to grow with each passing day. There are even recent reports that adware vendors are actively purchasing Chrome extensions to peddle their adware and malware. If you are not familiar with what malware really is the jest of it is essentially malicious software. It many ways malware is a lucrative business but it is also very damaging and illegal. You need to understand that the delivery method of malware can include websites, email, electronic documents, and so much more. Think of it this way, the black hat finds a vulnerability which is a weakness in you defensive measures then the blackhat launches an exploit which is a way to take advantage of the vulnerability. Ask yourself the following question. Do you patch all software on your computer to include the operating system? If not, you are likely a prime target because known vulnerabilities are simpler to exploit rather than determining if a new vulnerability exist. While some may debate that antivirus software is essentially useless because it fails to protect 100% of the time is a poor argument. In my mind this argument is no different than someone saying you do not need to place …

Continue reading

What can we learn from the 2013 Adobe database breach

| 0 comments

Early October 2013, Adobe announced that they fell victim to a cyberattack and their database was breached to the degree that 2.9 million customers are impacted in one way or another. From my point of view it is great that Adobe regrets the incident and apologizes for the inconvenience, but I believe that we as consumers should and must demand so much more than a simple “we are sorry”. In the event this breach is new to you, then I urge you to visit Troy Hunt’s new site ‘;–have i been pwned? Troy has done an exceptional job at bringing vendors in a single location where in one way or other were compromised. At the time of this article, Troy offers eight vendors that you can search by email address to determine if you may be at risk. How easy is that? Preparing the Database I set out to find the database myself and give it a look firsthand.  I am not going to point you to users.tar.gz (3.8GB compressed) and just under 9GB uncompressed. If you set out to find the database it is useful to know that the format is: <some uid> -|–|- <email address> -|- <encrypted password>-|- …

Continue reading

Life in a digital world means little or no privacy

| 0 comments

I want to start 2014 off by looking at security and privacy. One can argue that we are more secure today than we were just a few short years ago, but security comes at a cost and that cost is privacy. During discussions with others that I come into contact with, I am disturbed when I hear the response “if you are doing nothing illegal then you have nothing to worry about”. Obviously these individuals have not idea what privacy means. For those individuals, the Webster Dictionary defines privacy as the state of being alone. For those of you who subscribe to the idea of “if you are doing nothing illegal then you have nothing to worry about” may I have you WiFi and interest account credentials? I bet you then are not so willing to share this private information. The book 1984 was George Orwell’s chilling prophecy about the future and while 1984 has come and gone, Orwell’s narrative is timelier than ever. 1984 presents a startling and haunting vision of the world, so powerful that it is completely convincing from start to finish. No one can deny the power of this novel, its hold on the imaginations of …

Continue reading

Fingerprinting a web server with httprecon

| 0 comments

Web applications unfortunately are vulnerable and for this reason they are often the gateway for attacks. An attacker is going to perform reconnaissance to understand where a weakness may reside. Of course understand what web server platform is running is critical to understand what type attack may or may not be successful. In other word, knowing the application server one can then begin investigation into what vulnerabilities may exist. There are a variety of tools and mechanisms you may employ to fingerprint your target. One such tool is httprecon and the user interface is very simple and provides a wealth of information. If you are not interested in installing software then Port80 Software has a number of tools that can be used all from a browser and one such tool is ServerMask. There are other online options to include NetCraft and Shodan. Finally is the tried and true Nmap. nmap -sV www.somewhere.com If you are running a Windows machine you can drop out to a command prompt and use telnet to perform banner grabbing. Be sure to enter the desired IP address and the appropriate port number. telnet 127.0.0.1 80 At this stage you should see an empty command prompt …

Continue reading