Is This A Real Dip In Password Guessing? And If So, What Does It Mean?
I’m quite certain that I’m seeing a trend. I just don’t know what the trend means. SSH password guessing attacks used to be almost constant. Any Internet-connected host running an SSH service would be probed frequently. But things have been changing over the past year. I collect data on about ten publicly reachable Linux machines […]
Vulnerabilities On My New Phone?
I mentioned in my last post that I just bought a new Android phone. This week (the week of 17 December 2012) in the news there were two stories about Android phone vulnerabilities. Before I mention them, I need to say that they are not new concepts, just new exploits along the same lines as […]
Plugging the Leak
InformationWeek ran a story last week about misconfigured Apache web servers that exposed server settings. This is bad because bad actors can use that information to potentially successfully attack the server. For instance, if they know of a vulnerability in a particular version of an application, and see that a site is running that version […]
Social Engineering on Father’s Day
Social engineering is a powerful tool. But, it is tough art to practice. It’s fun and interesting to read about it. But, what if you wanted to experience first-hand how it works? You can’t just waltz into some establishment and run a con game. Sending phishing or spearphishing emails to friends will not endear you […]
Update Before You Leave! And Other Advice for the Cyber Road Warrior
I recently traveled to Denver to attend the American Society for Training and Development’s (ASTD) International Conference and Exposition (ICE). I stayed at the Embassy Suites next to the conference venue, the Colorado Convention Center. (The conference was fantastic, by the way, but that’s not what this post is about…) While I was there the […]