Headline »

AppSec USA 2014 in Denver, CO on September 16-19

July 9, 2014 – 10:52 PM |

AppSec USA 2014 in Denver, CO on September 16-19

Read the full story »
General Security

Information about general information security issues.

Hack
Privacy

Information about items pertaining to information privacy

Windows Security

Information about items pertaining to Windows Security

Mobile Security

Information about items pertaining to mobile security

General Security »

The Basics of Social Engineering

August 30, 2014 – 11:28 PM |

What is social engineering, according to Merriam Webster social engineering is “management of human beings in accordance with their place and function in society” (www.merriam-webster.com, 2014). Social engineering is a non-technical form of intrusion that relies on human interaction in an attempt to get the victim to break normal security. An example would be the hacker acting like an engineer calling a company trying to get information on what type of firewall or networking equipment is being used in a company. This information could be used to help a perpetrator to gain access to the system, by allowing them to research vulnerabilities and default passwords.

Most exploits to a system are through social engineering. Almost everyone has received an email offering a free flashdrive, whitepaper or etc for filling out a survey. Moreover, have received an email from the bank or credit card company saying that there is suspicious activity on their account and please provide critical information needed to take care of the problem.
Why would a social engineer attempt to “hack” the person instead of hacking the system directly? The person is usually the weakest link. There is a lot more effort needed to gain access to the system by going through firewalls then tricking an unsuspected user.

Some of the techniques that a social engineer uses are Quid pro quo, Shoulder Surfing, Pretexting, Phishing, Spear Phishing, IVR/Phone Phishing, Trojan Horse, Dumpster Diving and Road Apples to name a few.

“Since there is neither hardware nor software available to protect an enterprise against social engineering, it is essential that good practices be implemented” (Peltier, 2014). How do we defend against the social engineer? Some practices that should be deployed:

Read the rest on Examiner.com’s website.

SANS Network Security 2014: Las Vegas, NV: October 19-27

July 21, 2014 – 3:28 PM |

SANS Network Security 2014: Las Vegas, NV: October 19-27

2013 SouthEast LinuxFest – Kellep A. Charles – Conducting A Security Assessment

July 10, 2014 – 12:13 PM |
2013 SouthEast LinuxFest – Kellep A. Charles – Conducting A Security AssessmentPlay

2013 SouthEast LinuxFest – Kellep A. Charles – Conducting A Security Assessment

Packt’s celebrates 10 years with a special $10 offer

July 7, 2014 – 3:40 PM | One Comment

Packt’s celebrates 10 years with a special $10 offer

Modern Honey Network (MHN)

June 24, 2014 – 3:24 PM |
Modern Honey Network (MHN)Play

Modern Honey Network (MHN)

Open-Source Tool Aimed At Propelling Honeypots Into the Mainstream

June 20, 2014 – 3:08 AM |

Open-Source Tool Aimed At Propelling Honeypots Into the Mainstream

Interview with Aamir Lakhani Co-Author of Web Penetration Testing with Kali Linux

June 18, 2014 – 7:18 PM |

Interview with Aamir Lakhani Co-Author of Web Penetration Testing with Kali Linux

Web Penetration Testing with Kali Linux

June 17, 2014 – 10:34 AM |

Web Penetration Testing with Kali Linux

BlackHat Student Scholarship Program

June 10, 2014 – 7:55 PM |

BlackHat Student Scholarship Program

Operation Irongeek – Adrian Crenshaw gets Censored by Google #opirongeek

June 6, 2014 – 8:52 PM | 2 Comments

Operation Irongeek – Adrian Crenshaw gets Censored by Google #opirongeek

Homomorphic Encryption in the Real World

June 3, 2014 – 9:14 PM |

Homomorphic Encryption in the Real World

Half of American adults hacked this year

May 30, 2014 – 10:03 AM |

Half of American adults hacked this year

Edward Snowden NBC NEWS FULL INTERVIEW 2014

May 29, 2014 – 3:41 PM |
Edward Snowden NBC NEWS FULL INTERVIEW 2014Play

Edward Snowden NBC NEWS FULL INTERVIEW 2014

Snowden e-mail released by NSA

May 29, 2014 – 3:34 PM |

Snowden e-mail released by NSA

TrueCrypt Shuts Down… Why?

May 29, 2014 – 11:01 AM | One Comment

TrueCrypt Shuts Down… Why?

The SecurityOrb Show – AppSec EU 2014

May 27, 2014 – 2:03 PM |

We had the opportunity to speak with Adrian Winckles the local Conference Chair of AppSec EU 2014 as well as the OWASP UK Cambridge Chapter Leader. He also serves as the research track chair and is responsible for the conference schedule.

Listen to what Adrian had to say about the upcoming AppSec EU 2014 in Cambridge, UK

SANSFIRE 2014 at the Hilton Baltimore (Downtown Baltimore’s Inner Harbor District)

May 21, 2014 – 3:14 PM |

SANSFIRE 2014 is coming up soon at the Hilton Baltimore located in downtown Baltimore’s Inner Harbor district, June 21-30. SANSFIRE 2014 is SANS’ unique annual “ISC Powered” event. This is the event where the Internet Storm Center Incident Handlers present unique talks about the cyber hazards they deal with daily.

The SecurityOrb Show – The Best of 2013

May 21, 2014 – 2:38 PM |

This is a collection of some of the best segments of The SecurityOrb Show in 2013. Interviews from Vivek Ramachandran, Raphael Mudge and Mark Russinovich to name a few. You can listen to the full interviews on the SecurityOrb.com Website.

The SecurityOrb Show – Vivek Ramachandran

May 21, 2014 – 2:11 PM |

Vivek Ramachandran is the Founder and Chief Trainer at SecurityTube.net. He discovered the Caffe Latte attack, broke WEP Cloaking, a WEP protection schema in 2007 publicly at DEF CON and conceptualized enterprise Wi-Fi Backdoors. He is also the author of the book “Backtrack 5 Wireless Penetration Testing“. His book “The Metasploit Megaprimer” focused on Advanced [...]

‘Blackshades’ Trojan Users Had It Coming

May 20, 2014 – 11:12 AM |

‘Blackshades’ Trojan Users Had It Coming

The U.S. Justice Department Charged Members of the Chinese Military with Conducting Cyber-Espionage against American Companies

May 19, 2014 – 11:27 AM |

The U.S. Justice Department Charged Members of the Chinese Military with Conducting Cyber-Espionage against American Companies

NSA vs. Cloud Encryption: Which is Stronger?

May 17, 2014 – 9:24 PM |

NSA vs. Cloud Encryption: Which is Stronger?

AppSecEU 2014 June 23-26, 2014 Cambridge, UK

May 16, 2014 – 11:21 PM |

AppSecEU 2014 invites you to join top security architects, developers, technology thought leaders, and executives from Fortune 500 firms to the OWASP AppSec Europe global conference in the beautiful city of Cambridge, UK from June 23-26 2014.