No matter what facet of information security you're in, from being the CISO
down to just installing security patches and keeping up to date, there will
probably be a point where you need to see the details of a hack. Maybe it's
because you need to fingerprint what it does or how it acts on your network.
Maybe it's because you need to be able to reproduce it in a penetration test.
Either way you look at it, sometimes you just need to test something out.
Obviously, this could go one of a few ways. You could execute these hacks on
your network. This could lead to potentially bad outcomes, especially if you
break something. The next option is to try it out on someone else's network
who doesn't know. (Read: ILLEGAL!). The last option, and also the one we use
over here at Hurricane Labs, is a lab environment.
A lab environment is simply going to consist of a bunch of diffe... (more)
I recently wrote a couple of to-be-published articles basically laying out
all the reasons why we as security professionals should not be running away
from so-called "new" technology. Essentially I am asking that we take the
time to really understand what's so new about this stuff. SmartPhones, the
"cloud", etc these are all repackaged versions of old technology. We're
terrified of them because we think we don't understand them. The sad part is,
We seem to be under the impression that all new technology is bad and
inherently insecure, it isn't. It's not any more insecu... (more)
Corporate Forensics: Security, Not Law Enforcement
By: Tom Kopchak
The term forensics stirs up vivid images: Crime scenes littered with obvious
and equally less obvious evidence. Investigators toiling to bring a heartless
criminal to justice. Video game consoles covertly storing secret files. A
perfectly detailed account of the exact causes and motives of a crime. Police
chases. Gunfire. All neatly solved in a half hour or less.
Unfortunately, the popular view of forensics is often in stark contrast with
reality. The computer forensics field requires significant quantities of
7 Steps to Effective User Education
By: Bill Mathews
There has been a lot of debate recently over the merits of user education,
specifically in the security awareness arena. The questions range from, “is
it worth it?” to “why aren’t we doing more of it?” and everything in
between. But the biggest question is: How do we make it better? The answer,
as usual, is a little tricky, so I decided to post a few tips from my
experiences as a trainer and as a student.
1: Organize Smaller Training Groups
I have found that having no more than 5 to 8 people in a session leads to
better discuss... (more)
Time to Put Some Big Data Misconceptions to Rest
by Ryan O'Connor
As a recent graduate, and now professor in the University of Connecticut's
Business Analytics and Project Management masters program, I have a lot of
conversations surrounding the topic of "Big Data" and questions such as,
"What does that term actually mean?"
Big Data is a fairly new topic and what seems to be an elusive term for many.
Conversations are important to help bring clarity to Big Data, as well as
generate ideas about how we can shape, not only what it is, but also the
future of where it's going.
Not th... (more)