Manage the pain in the rear passwords

| 0 comments

At this time no matter where you turn you likely require a password. For this reason you need a way to manage those passwords in order to prevent others from accessing your private data or worse making it much more difficult for you password to be cracked if a service you use is ever breached. Of course, we all know that no service is ever breached and if you believe that then the safest password for you is Password1. Now if you are old school, you could always use the The Personal Internet Address & Password Log Book. Of course, …

Continue reading

Preparing for DEFCON 23

| 0 comments

It is hard to believe that almost a year has gone by and the desert heat of Las Vegas, NV is calling out to hackers of all ages from all over the world. The annual DEFCON conference is just a little over three weeks away and this year is very likely to bigger and better than the previous year. The change of venue from the Rio over to Paris & Bally’s should be much better. I say this only because last year there was roughly 14,000 attendees and to be honest the Rio was just too crowded for my taste. …

Continue reading

Security via obfuscation: MAC Address

| 0 comments

Every network interface card has a unique 48 bit identifier known as a MAC address. This address is burned into the EEPROM on the card, and often is used by networking equipment to track users as they come and go, frequently associating MAC address to a hotel, credit card, credentials, and so on. In fact, even most consumer gear will record the MAC addresses of all computers that have ever issued DHCP requests to them, and these logs usually cannot be purged. When you combine this with the fact that most Cable/DSL service providers will also record your MAC address …

Continue reading

Using the web application attack and audit framework known as w3af to test your security

| 0 comments

w3af is a Web Application Attack and Audit Framework is an amazing tool that is written in Python and has the capability to find more than 200 defined vulnerabilities. Not only does it look for the usual suspects such as SQL injection, it also handles crawling, bruteforce, authentication, and so much more. There are a number of vulnerability scanners both commercial and open source, but it all comes down to what you prefer. I tend to lean toward the open source community because of transparency, community involvement, and the fact there is zero cost. Unfortunately web applications pose one of …

Continue reading

The Dollars and Sense of Enterprise Access

| 0 comments

This week I attended the 2014 US Business Leadership Network (USBLN) conference in Orlando, Florida where I was honored to speak on the subject of accessibility. I took part in a panel discuss where I spoke with a number of very knowledgeable people from a number of organizations that included Sprint, Verizon, and IBM. I of course represented Northrop Grumman and I focused on policies and procedures around accessibility. If you are interested in this subject, you will find the PowerPoint deck at the end of this post. Today more than ever, we conduct our lives in a digital medium. …

Continue reading