How ErsatzPasswords Hide the Real Passwords and Detect Attacks
Jun 10,
2015
Researchers at Purdue’s CERIAS group have developed a way of strengthening traditional password authentication against sophisticated attacks. Not only is the defense practical — you can download the PAM security module from GitHub — but it also includes a built-in alarm that warns you when attacker try to use decoy passwords they believe they have […]
How to Log Events and Maintain Compliance with the Linux Journal — Part 2: How to Extract Journal Entries
Mar 31,
2015
Earlier this week I told you how to set up the journal daemon. Now that it has had time to gather data, let’s see how to easily extract meaningful reports from the Linux system log files. First, let’s see the complete journal data. Look at the first line to see how far back the journal […]
How to Log Events and Maintain Compliance with journald, the New Linux System Event Log– Part 1: Configuring the Daemon
Mar 30,
2015
Cybersecurity laws and other regulations clearly exist for good reasons, and there are serious penalties involved if you fail to meet them. The new version of PCI DSS, the Payment Card Industry Data Security Standard, requires going beyond showing that data can be secure, you must show that it will be secure through established procedures […]
Regin is a Sophisticated New Cyberespionage Threat
Dec 16,
2014
Another highly advanced and highly stealthy Advanced Persistent Threat (or APT) has come to light over the past few weeks. It has been around at least since 2008, and it may have been active for several years before that. Its stealthiness and complexity have delayed detection and defensive analysis. Symantec and Kaspersky Labs have released […]
What Happens When “Shadow IT” Goes Missing?
Feb 17,
2014
Last week I told about how a vulnerable cloud server was deployed, ignored, and then owned by an attacker, with Amazon catching this and the entire cycle complete in just over two weeks. It had an obvious cause: skipping part of the process in which unneeded cloud resources are shut down. But I said that […]