Welcome!

Information Security and Network Awareness

Hurricane Labs

Subscribe to Hurricane Labs: eMailAlertsEmail Alerts
Get Hurricane Labs via: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Top Stories by Hurricane Labs

Here I am at ShmooCon 2010 right in the middle of what people here in Washington DC are calling Snowpocalypse 2010. The Metro, busses, and taxis are all closed down and essentially the city has shut down. Being from Cleveland I find it a little laughable but it’s still a pretty bad storm. Well that hasn’t stopped ShmooCon from going strong. This being my first hacker con it took me a little while to get acclimated to what kind of talks would be interesting and relevant to me as a network/firewall security guy. The first talk I found interesting was about an OWASP project called OWASP BWA (Broken Web Application). This project combines many of the web app testing programs into one place to help you sharpen your web app testing skills. You can install the iso in a VM as a place to test against. BWA combines Mutillidae, WebGoat, etc with some old versions of real progr... (more)

Open Source Firewalls - Untangle and pfSense comparison

So this week I had the opportunity of setting up a little lab to test both of these firewalls. Before this week I had no idea these firewalls even existed, and the only open source routing/firewall software I even knew of at the time was Vyatta; which is really only for routing purposes. Starting off, you really need to pay attention to the system requirements, especially Untangles. I attempted to install both of these using Ubuntu with VirtualBox and was in for a nasty surprise. Originally skimming the requirements brought me to this issue, to where I used an old Dell Dimension ... (more)

Shopper Trust – The Zappos Ordeal

Shopper Trust – The Zappos Ordeal Sharing is NOT Caring by Bill Mathews During my early morning Twitter-lurking I ran across this gem, which basically says that a good chunk of folks surveyed just give up their personal information to their “favorite” merchants. Now usually I always doubt the veracity of such surveys but for the sake of this post let’s assume this is true. If folks are more than willing to hand over their information to merchants I think on some level they have to trust the merchants, or should at least. The bigger question is, what have merchants done to earn t... (more)

Why You DO Need a Firewall

Why You DO Need a Firewall By: Tom Kopchak This week, our office came across an article by Roger A. Grimes entitled “Why you don’t need a firewall”. As a security professional working for a company whose responsibilities include firewall management, I found the article to be extremely shortsighted, and borderline offensive. Normally, I’d encourage you to read the article in question, but your time is most certainly better spent doing nearly anything else. I would highly recommend learning home dentistry as a suitable alternative activity. Grimes argues that firewalls are becoming... (more)

Adobe is the New Microsoft: Maintaining Multi-Platform Security in 2012

Adobe is the New Microsoft: Maintaining Multi-Platform Security in 2012 By: Bill Mathews I distinctly remember writing an article for a local journal back in the 90’s. In it, I discussed Microsoft’s special responsibilities concerning software security. If I recall correctly, my point was that since they were the dominant player in the operating system space, they had a duty to make their ecosystem resilient to attacks and compromise. Look, no company is ever going to be perfect at it, but some handle it a lot better than others. Fast-forwarding roughly 13 years after that article... (more)