Analytics is very useful when set up correctly, and Walton wrote his method that’s geared towards web developers.
Because you don’t want to spread your real phone number all around the web all willy-nilly.
FAP80 is a Z80-based retro computer with a sprinkling of modern twists to make the experience of designing, programming, and debugging this computer as painless and straightforward as possible.
- Get involved in online infosec discussions
- Establish an online identity
- Get some learning
- Get some certs (maybe, if applicable)
- Get some experience
- Put in your time
Read the whole thing, it’s good.
I just resolved an issue where a Hyper-V virtual machine was running fine for a few weeks, then it suddenly dropped off the network and connectivity went unpredictably intermittent.
Couldn’t remote desktop to it, pings drop most of the time but not all of the time; they looked like this:
Reply from 172.24.255.153: Destination host unreachable. Reply from 172.24.255.153: Destination host unreachable. Reply from 172.24.255.237: bytes=32 time=1098ms TTL=126 Reply from 172.24.255.237: bytes=32 time=1ms TTL=126 Reply from 172.24.255.153: Destination host unreachable. Reply from 172.24.255.153: Destination host unreachable. Reply from 172.24.255.153: Destination host unreachable. Reply from 172.24.255.237: bytes=32 time<1ms TTL=126 Reply from 172.24.255.153: Destination host unreachable. Reply from 172.24.255.153: Destination host unreachable. Reply from 172.24.255.153: Destination host unreachable. Reply from 172.24.255.237: bytes=32 time<1ms TTL=126 Reply from 172.24.255.237: bytes=32 time<1ms TTL=126
Live replies from the correct address, unreachable response from a different address (but another Hyper-V virtual machine).
The Hyper-V environment is composed of five Windows Server 2012 R2 Standard server loaded on top of a five-blade Cisco UCS B200 M3 with Nimble SAN.
Google found lots of wrong answers involving disabling VMQ on the host and guest, but my new hero Joel Coel mentioned some of his Hyper-V guests had been given duplicate MAC addresses.
Sure enough, I checked the guests with those two IP addresses and they had the same MAC:
I solved the conflict by turning off the VM, removing the Network Adapter with the duplicate MAC, Applying the change, then adding a new NIC.
Via InfoSec Handlers Diary Blog – Egress Filtering? What – do we have a bird problem?, a very good article on getting started in egress filtering.
One of the major tools that we have in our arsenal to control malware is outbound filtering at firewalls and other network “choke points”. Over the years, it’s become obvious that “enumerating badness” on the internet is next to impossible, it’s generally much easier to enumerate “known good” traffic, and simply deny the rest as bad or at least suspect. Often the management response is “we trust our people”, but that’s not really the point. While maybe you can trust all of your people, you can’t trust the malware they may have, or all the links they might click. But let’s be honest, it’s likely that you can’t trust all of your people to never install a bittorrent client or other higher-risk program.
When you know what legitimate traffic is leaving your organization, you can watch for the bad stuff.
And even beyond that, you want to know what legitimate traffic is leaving your organization, right?
Modern password crackers combine different words from their dictionaries:
What was remarkable about all three cracking sessions were the types of plains that got revealed. They included passcodes such as “k1araj0hns0n,” “Sh1a-labe0uf,” “Apr!l221973,” “Qbesancon321,” “DG091101%,” “@Yourmom69,” “ilovetofunot,” “windermere2313,” “tmdmmj17,” and “BandGeek2014.” Also included in the list: “all of the lights” (yes, spaces are allowed on many sites), “i hate hackers,” “allineedislove,” “ilovemySister31,” “iloveyousomuch,” “Philippians4:13,” “Philippians4:6-7,” and “qeadzcwrsfxv1331.” “gonefishing1125” was another password Steube saw appear on his computer screen. Seconds after it was cracked, he noted, “You won’t ever find it using brute force.”
This is why the oft-cited XKCD scheme for generating passwords — string together individual words like “correcthorsebatterystaple” — is no longer good advice. The password crackers are on to this trick.
The attacker will feed any personal information he has access to about the password creator into the password crackers. A good password cracker will test names and addresses from the address book, meaningful dates, and any other personal information it has. Postal codes are common appendages. If it can, the guesser will index the target hard drive and create a dictionary that includes every printable string, including deleted files. If you ever saved an e-mail with your password, or kept it in an obscure file somewhere, or if your program ever stored it in memory, this process will grab it. And it will speed the process of recovering your password.
Schneier then encourages random character passwords generated and tracked in an app like Password Safe or KeePass.
I agree with him generally, except that Windows passwords will still need to be something easy(ish) to type, and particularly, if it’s a password you’ll use on a touchscreen, like the Microsoft Surface or an iDevice, it will be more difficult to mix special characters into a password.
In those cases, a password with a mix of case, not following rules of grammar or predictable typos, is more likely to be used, remembered, and fairly secure.
If btrfs interested you, start your next-gen trip with a step-by-step guide to ZFS.
by Jim Salter
An excellent walk-through here on transforming your Android Phone into a Network Pentesting Device.
I was debating switching to the iPhone 5, but maybe I’ll go for the next Google phone instead.