Welcome!

Information Security and Network Awareness

Hurricane Labs

Subscribe to Hurricane Labs: eMailAlertsEmail Alerts
Get Hurricane Labs via: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Top Stories by Hurricane Labs

By Steve McMaster - I’ve gotten in a lot of arguments lately about one of the latest “hot topics” in the end-user side of technology – privacy. With some of the biggest names in Social Media doing a really bad job of it (and I’m not even just talking about leaked passwords), it’s something that’s throwing itself in the face of many average, day-to-day computer users. Many in the security industry already know most of the things people are discovering, and have screamed warnings from the mountaintops to the folks below. Alas, this is the woe of being a security engineer. But here’s my gripe for you. Facebook has, as of April 2012, 901 million active members (according to Wikipedia). If Facebook were a country, it would be ranked 3rd in the world by population. And it seems every week, they’re in the news again, someone ranting about their privacy on Facebook. My fav... (more)

Apple’s Magical Lie

By: Ian Gillespie Warning: I am not an Information Security expert – I am the Lead Designer at Hurricane Labs. I do not know the detailed best practices of securing a network or how to set up a SIEM such as Splunk. You may be asking yourself, “Why the heck is this guy even writing an article on a blog about Information Security?!” Hold on a second – what I propose is an outsider’s perspective on the idea of information security as a whole. My perspective may not be the same as that of an information security specialist, but that’s the point. The purpose of this article is to h... (more)

Review of HTTP 2.0 – The Ever-Changing Web We Live In

Review of HTTP 2.0 – The Ever-Changing Web We Live In By: Aaron Croyle You may have heard recently that Facebook will be implementing SPDY. In that light I’d like to give you a basic understanding of the upcoming improvements to HTTP (HyperText Transfer Protocol). As you probably know, this is the protocol that moves most of the HTML documents and images around the web. Here’s a few definitions to get you up to speed: HTTP/2.0 This is the new version of HTTP currently in development by the httpbis working group of the IETF. The last update was HTTP 1.1 as described in RFC 2616 i... (more)

Creating a Self-Defending Network Using Open Source Software

By: Steve McMaster This past weekend, I presented the idea of a self-defending network at Ohio LinuxFest 2012. The accompanying slides are now available here. So let’s talk about network security. You’ve got a firewall and a DMZ, you’re all set, right? Not so fast slugger. We preach a theory called “defense in depth” here at Hurricane Labs. And that means you need something to defend you when your firewall admins make a mistake. And something to protect you when that layer fails. And so on. So what are these other layers? Well one of them is having a good IDS/IPS system. An IDS/... (more)

Top Web Application Security Questions to Ask Third Party Developers

When you are hiring a third party web developer you need to consider several things so I’ve attempted to prioritize the things you will want to ask in this list. These are in no particular order of importance. The answers I have provided are only examples, as acceptable answers will vary based on your web application and company needs. What web development framework do you employ? Whether its .NET ColdFusion or some Java framework, the answer to that is going to depend on a few factors. First, are you hosting it or them? If you’re hosting it, then you should choose a web developer... (more)