InfoSec

Integrated Attack Strategy

Integrated attack strategies involve combining hacking computer systems with attack vectors such as: espionage, blackmail, medical/health attacks, asymmetric “guerrilla-style” attacks, weapons of mass destruction, and conventional kinetic military attacks. The video below shows an example using a medical vector, and an unprotected printer, to compromise patient and identity records that can be used in future […]

Awareness of Information Security

Awareness of a problem is always one of the first prerequisites to finding a solution. In everyday life, many people are grossly unaware of many threats around them. Technology always amplifies things and that happens without discrimination or moral clauses. It amplifies both good and bad. It can make our information more safe and less […]

Zero Day Vulnerabilities Have No Patch Yet

When computer system vulnerabilities are discovered, patches are issued that have been designed to close the hole of vulnerability. The patches take some time to construct and deploy and even longer to get the community to accept them and install them. This always leaves a gap of some time between the discovery and when the […]

Poker Cards Marked With IR Codes

The short video clip below is an excerpt from a recent Defcon talk about cheating at poker using an electronic device that uses infrared to read specially marked playing cards. Watch the video first, then keep reading to get the whole story. Poker analyzer basic demo – [youtube.com] Here’s the whole story: Full(er) House: Exposing […]

How Real Hacking Works

Hacking computers is a mysterious and dangerous world that most of us don’t really understand. This video shows some hackers at DEFCON demonstrating their techniques on a reporter who volunteered to be hacked. The video shows some basic “social engineering” which may use technical knowledge and experience, but involves classic “confidence” manipulation to gain credentials […]

Using a Home Email Server for Federal Govt Business

The following article was published in March of 2015, but it’s worth a fresh look since we now know much more about Hillary Clintons home email server. Specifically, the requirement for assessment and authorization seems to have been ignored completely in the media stories. The State Department CIO had specific responsibility for this and the […]

Computer Security For Beginners

Don’t put any information that you don’t want exposed on any computer system that is connected to anything. Consider using a second computer that is not connected or a portable USB drive that can be unplugged or encrypted. Don’t connect any computer system to any other system or network of system without considering possible negative […]

Stop Using Quicktime for Windows

Quicktime for Windows is no longer being supported by Apple, but new vulnerabilities have been disclosed that include the possibility for “remote code execution”. This means exploits can likely take over control of a computer running Quicktime for Windows. The United States Computer Emergency Readiness Team (US-CERT), Trend Micro, and other security organizations have called […]

Holistic Information System Security

Too often, we think about and plan our information security in terms of protecting pieces of the system. We use firewalls and Anti-Virus (AV) software and intrusion detection and integrity checking and many more techniques to provide needed protections to various pieces. But we may not be paying enough attention to the gaps between the […]

Hashing Algorithms

A cryptographic hash function is a mathematical formula or algorithm that creates a one way encryption process. By “one-way”, this means the information that is encrypted by a hash function can not be decrypted. The purpose for using these one-way hashing algorithms is two-fold: to provide a check of integrity to protect some important piece […]