Welcome!

Information Security and Network Awareness

Hurricane Labs

Subscribe to Hurricane Labs: eMailAlertsEmail Alerts
Get Hurricane Labs via: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Top Stories by Hurricane Labs

By Steve McMaster - I’ve gotten in a lot of arguments lately about one of the latest “hot topics” in the end-user side of technology – privacy. With some of the biggest names in Social Media doing a really bad job of it (and I’m not even just talking about leaked passwords), it’s something that’s throwing itself in the face of many average, day-to-day computer users. Many in the security industry already know most of the things people are discovering, and have screamed warnings from the mountaintops to the folks below. Alas, this is the woe of being a security engineer. But here’s my gripe for you. Facebook has, as of April 2012, 901 million active members (according to Wikipedia). If Facebook were a country, it would be ranked 3rd in the world by population. And it seems every week, they’re in the news again, someone ranting about their privacy on Facebook. My fav... (more)

Gaining Access to a Check Point Appliance

Gaining Access to a Check Point Appliance – Physical Access Trumps All by Tom Kopchak Recently, one of my co-workers and I were tasked with reconfiguring a Check Point Appliance for use as the main firewall in a lab environment we are building for some internal testing. Because we both are recent hires (and thus, the low men on the totem pole), we were not given passwords to the devices or any other useful information regarding their previous configuration. We were expected to learn how to manage the devices, reload the Check Point software, and configure the equipment entirely fr... (more)

IPS Updates, Splunk, Check Point and You

IPS Updates, Splunk, Check Point and You How I Learned to Stop Hating the Term “Zero-Day” but Not Really By: Bill Mathews Zero Day attacks – you know, the ones that almost EVERY signature in your IPS claim to protect you against? Yep those guys, nasty little things. Basically, if IPS vendors are to be believed, those are the things that don’t have a patch yet and have active exploits against them. You update your IPS signatures and BOOM protection from zero day! The problem we always run into, and this is with almost every IPS vendor so I’m not just picking on Check Point here, is... (more)

Beacon Podcast Episode 025

Hurricane Labs Beacon Podcast Episode Number: .025 – New Studio Edition Hosts: Matt Yonchak (@mattyonchak), Patrick Sayler (@psayler), Ian Gillespie, Tom Kopchak Amazon Studios - Create a television series - Amazon will fund and produce IT Security Basics - Matt isn’t buying it - People have been saying this for years - Matt and Tom debate Apple Legacy FileVault Hole - OSX 10.7.3 shipped with a debug flag - Passwords stored in plaintext in secure.log - Fixed in 10.7.4 Google vs Oracle - Google made their own Java clone for Android - Jury ruled Google infringed on copyrights - Google cal... (more)

Review of HTTP 2.0 – The Ever-Changing Web We Live In

Review of HTTP 2.0 – The Ever-Changing Web We Live In By: Aaron Croyle You may have heard recently that Facebook will be implementing SPDY. In that light I’d like to give you a basic understanding of the upcoming improvements to HTTP (HyperText Transfer Protocol). As you probably know, this is the protocol that moves most of the HTML documents and images around the web. Here’s a few definitions to get you up to speed: HTTP/2.0 This is the new version of HTTP currently in development by the httpbis working group of the IETF. The last update was HTTP 1.1 as described in RFC 2616 i... (more)