March 05, 2018
Did You Order All These Large Packets?
This week GitHub became the victim of the largest DDOS attack ever recorded due to a new amplification attack being observed in the wild. This attack, which did not require building a botnet or compromising any servers, was able to generate 1.35TBps of data against the target. It leveraged UDP responses from memcached servers exposed to the […]
Read more
January 04, 2018
Moore’s Law Crippled by Security Flaw
Most of us working in Information Technology are aware of the Moore’s Law observation. A gross over-simplification would be to say the transistor density on an integrated circuit doubles about every two years (some quote 18 months), and as a result, performance increases by double in that same time-frame. Ironically, Gordon Moore, the co-founder of […]
Read more
November 02, 2017
Threat Deception: Attacking the Illusion
“Guardian, this is Rapier….three klicks southeast of target…Rapier is Oscar Mike. Radio silent. Over.” “Copy Rapier. This is Guardian. Out.” “Guardian, this is Rapier. Code worked. Rapier in the perimeter headed to target…..FRV in five. Over” “Roger. Out….” “Guardian, this is Rapier. What’s goin’ on? We’re in the building ……negative contact….I repeat, negative contact. Nothing. […]
Read more
October 24, 2017
What’s KRACKing at HPE Aruba
Everything you need to know about KRACK(Key Reinstallation Attacks) What is it? Mathy Vanhoef, a technical security researcher, found what we are now calling “KRACK” to be a devastating security flaw in the relatively “secure” standard for wireless networks WPA. KRACK allows for attackers to eavesdrop on your personal data when authenticating to an access point. That’s […]
Read more
September 12, 2017
Hyperconvergence is Now Mainstream, Why?
Both HPE and Dell EMC announced triple digit growth of hyperconverged solutions in their latest quarterly results. Nutanix more than doubled quarterly revenue year over year. VMWare VSAN, barely 3 years old, has crossed over the 10,000 customer mark. Companies are clearly adopting hyperconvergence solutions at a blistering pace, but why now? The answer, I […]
Read more
May 26, 2017
7 Year Old Code-Execution Bug Found In Samba
7 Year Old Code-execution Bug Found In Samba It appears Wannacry may have gotten people looking at the SMB functions in Samba on Linux as well. A code-execution bug was detected in all versions of Samba 3.5.0 (released March 2010) and onwards. It is CVE-2017-7494 and there is already a Metasploit module available for attacking […]
Read more
May 16, 2017
A Cybersecurity Engineer’s Perspective On Wannacry
A Cybersecurity Engineer’s Perspective On Wannacry When an otherwise routine crypto cash-grab becomes international news, it can make the most seasoned of us pause momentarily in reflection. At its core – WannaCry isn’t anything special. It has your usual components of a ransomware attack – the Bitcoin buy, scary pop-ups and flutter. It has the […]
Read more
March 20, 2017
Compliance and Security are not the Same Things
The EU General Data Protection Regulation was approved on April 14, 2016 and will come into enforcement on May 25, 2018. This timeline leaves little time to perform the work necessary to avoid the stiff 4% penalty (4% of total revenue). Additionally, New York State has implemented a recent regulatory measure where all relevant financial […]
Read more
