How ErsatzPasswords Hide the Real Passwords and Detect Attacks

Researchers at Purdue’s CERIAS group have developed a way of strengthening traditional password authentication against sophisticated attacks. Not only is the defense practical — you can download the PAM security module from GitHub — but it also includes a built-in alarm that warns you when attacker try to use decoy passwords they believe they have […]
Read More ›

How to Log Events and Maintain Compliance with the Linux Journal — Part 2: How to Extract Journal Entries

Earlier this week I told you how to set up the journal daemon. Now that it has had time to gather data, let’s see how to easily extract meaningful reports from the Linux system log files. First, let’s see the complete journal data. Look at the first line to see how far back the journal […]
Read More ›

How to Log Events and Maintain Compliance with journald, the New Linux System Event Log– Part 1: Configuring the Daemon

Cybersecurity laws and other regulations clearly exist for good reasons, and there are serious penalties involved if you fail to meet them. The new version of PCI DSS, the Payment Card Industry Data Security Standard, requires going beyond showing that data can be secure, you must show that it will be secure through established procedures […]
Read More ›

Regin is a Sophisticated New Cyberespionage Threat

Another highly advanced and highly stealthy Advanced Persistent Threat (or APT) has come to light over the past few weeks. It has been around at least since 2008, and it may have been active for several years before that. Its stealthiness and complexity have delayed detection and defensive analysis. Symantec and Kaspersky Labs have released […]
Read More ›

What Happens When “Shadow IT” Goes Missing?

Last week I told about how a vulnerable cloud server was deployed, ignored, and then owned by an attacker, with Amazon catching this and the entire cycle complete in just over two weeks. It had an obvious cause: skipping part of the process in which unneeded cloud resources are shut down. But I said that […]
Read More ›

Type to search

Do you mean "" ?

Sorry, no results were found for your query.

Please check your spelling and try your search again.