Welcome!

Information Security and Network Awareness

Hurricane Labs

Subscribe to Hurricane Labs: eMailAlertsEmail Alerts
Get Hurricane Labs via: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Top Stories by Hurricane Labs

Here I am at ShmooCon 2010 right in the middle of what people here in Washington DC are calling Snowpocalypse 2010. The Metro, busses, and taxis are all closed down and essentially the city has shut down. Being from Cleveland I find it a little laughable but it’s still a pretty bad storm. Well that hasn’t stopped ShmooCon from going strong. This being my first hacker con it took me a little while to get acclimated to what kind of talks would be interesting and relevant to me as a network/firewall security guy. The first talk I found interesting was about an OWASP project called OWASP BWA (Broken Web Application). This project combines many of the web app testing programs into one place to help you sharpen your web app testing skills. You can install the iso in a VM as a place to test against. BWA combines Mutillidae, WebGoat, etc with some old versions of real progr... (more)

Nothing New Under the Sun

I recently wrote a couple of to-be-published articles basically laying out all the reasons why we as security professionals should not be running away from so-called "new" technology. Essentially I am asking that we take the time to really understand what's so new about this stuff. SmartPhones, the "cloud", etc these are all repackaged versions of old technology. We're terrified of them because we think we don't understand them. The sad part is, we don't. We seem to be under the impression that all new technology is bad and inherently insecure, it isn't. It's not any more insecu... (more)

Mobile Security Apps – ESET

By: Bill Mathews - Anyone who listens to our podcast should know that I hate all anti-virus and anti-virus vendors. I really don’t have too many shades of grey when it comes to it, so it’s pretty hard to make me want to do anything regarding anti-virus technology that isn’t just recommending you get rid of the platform that is so susceptible to it. I’ve argued (and still argue) that even though there is clearly a malware issue with Android phones (unless lots of folks are lying), it is not as bad as the vendors make it out to be. They have a whole new platform to infect…err, get ... (more)

Hurricane Beacon 2011-01-31

----------------------------------Daily News 2011-01-31---------------------------------- ----------------CRITICAL----------------Google Chrome .replace DOS- [http://www.exploit-db.com/exploits/16079] IE MHTML XSS- [http://www.exploit-db.com/exploits/16071] Adobe ColdFusion- [http://seclists.org/fulldisclosure/2011/Jan/534] VLC Media Player- [http://www.videolan.org/security/sa1102.html] -----------------SECURITY-----------------Amazon Unlimited Streaming Video- [http://www.engadget.com/2011/01/29/amazon-rolling-out-netflix-like-video-streaming-for-prime-subscr] Open a Locked Suitcase- ... (more)

The Ins and Outputs of TCPDUMP

The Ins and Outputs of TCPDUMP By: Nicholas Beris As a Network Engineer, I spend a lot of time on, in, and around the terminal. Many of the systems that I work with are remote and taking the time to download a packet capture in the middle of an emergency call and waiting for Wireshark to get the necessary details is just too much of a hassle. (Plus, it makes me feel like I’m an operator in the Matrix with the scrolling code.) Now don’t get me wrong, Wireshark is a great tool and has many uses, but a lot of times it’s just not practical. Besides, are you really going to download ... (more)