Welcome!

Information Security and Network Awareness

Hurricane Labs

Subscribe to Hurricane Labs: eMailAlertsEmail Alerts
Get Hurricane Labs via: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Top Stories by Hurricane Labs

Yesterday we started getting floods of malware alerts for machines on many different networks that we manage going out to a site that was identified a while ago for MS08-067 type activity. So we did our due diligence and notified our clients that we were seeing this traffic attempting to leave their network. As of now the alerts are still coming in. If you've watched the news at all over the past couple of days you've heard about the events in Austin, TX involving a plane being intentionally flown into an IRS building there. Thankfully only the pilot was killed and our thoughts go out to everyone who has been a part of that terrible situation. So what do these two things have to do with each other? Well upon further inspection of the alerts we were seeing I noticed that it was all http traffic to one particular IP address and if it was indeed real malware calling home... (more)

SSL Is NOT Your Friend -- or Is It?

Folks who know me know one thing about me for certain, I am a conflicted individual. On the one hand I detest encryption as a security mechanism and on the other I LOVE encryption as a privacy mechanism. In the same day, nay, sometimes in the same hour I can argue for and against SSL and sometimes to the same person! I guess it helps to be able to have conflicting opinions on things but it gets confusing so I thought I'd do a quick post on why SSL is both good and bad. Away we go: Cons: SSL should never be used a security mechanism on its own, unfortunately the traditional uses o... (more)

Encrypt My Information, Please

By: Leigh Goldie For the last few months, security breaches have been on the rise (or let’s just say have been receiving more news coverage). We have seen countless stories of large, popular websites being compromised by unknown, or later identified, hackers. The quest, it seems, is to determine how easy it is to access the personal information of customers from any popular company. The hackers are proud of their accomplishments, as they have gained access to tens of millions of users account information. But it seems they have a message for corporations – encrypt your customers... (more)

Ohio LinuxFest 2012 – Reflecting on Fun

Ohio LinuxFest 2012 – Reflecting on Fun By: Dru Streicher Another Ohio LinuxFest has come and gone, yet the level of ingenuity I witness every year never ceases to amaze me. There were two presentations that stood out as the highlights of my weekend. The first presenter, Daniel Thau, demonstrated his new distribution called Bedrock Linux. I’ll admit it, the cynic in me was saying, “great just what we need, another distro.” I thought of all the distributions flying around today and wondered what could be so special about this one. Boy was I wrong! Bedrock Linux is unique: it pull... (more)

Ten Things I’ve Learned About Cloud Security

This is not a Top 10 list – it is a list of 10 things I’ve learned along the way. Top 10 lists imply some sort of universal knowledge of the “top” things possible in a given field. Top 10 attractive women, top 10 guitar players, top 10 whatever, they all have one thing in common: They are all ten things the author thinks are the best. I don’t really like to think I know everything so this list is in no particular order. This particular list is on cloud security and, well, it is a big topic that interests me greatly and there is no way I can cover it all in a blog post. As a resul... (more)