Information Security and Network Awareness

Hurricane Labs

Subscribe to Hurricane Labs: eMailAlertsEmail Alerts
Get Hurricane Labs via: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn

Top Stories by Hurricane Labs

Written by Rick Deacon Recently I’ve been faced with a very difficult type of question, and it isn’t even technical. No, it’s not the typical ‘How do you find a buffer overflow?’ or ‘Can you write me code entirely in assembly in 20 minutes?’ It’s much more difficult to answer. It’s answer, to many people, may be the ‘key’ they are looking for in this industry. The question is very often phrased as “So what did it take for you to get where you are?” or “How do I get into the security industry?” and even sometimes “How do I become a hacker?” There are many different approaches to this subject, and I firmly believe there only a few ways to truly succeed in security or IT in general. A lot of people assume four years of school is going to land you your dream job, where you’re a hacker in your own peaceful office behind a wall of 6 monitors watching packet captures fly... (more)

Take Social Media Privacy Into Your Own Hands

By Steve McMaster - I’ve gotten in a lot of arguments lately about one of the latest “hot topics” in the end-user side of technology – privacy. With some of the biggest names in Social Media doing a really bad job of it (and I’m not even just talking about leaked passwords), it’s something that’s throwing itself in the face of many average, day-to-day computer users. Many in the security industry already know most of the things people are discovering, and have screamed warnings from the mountaintops to the folks below. Alas, this is the woe of being a security engineer. But here’... (more)

Network Access Control (from the hacker, not the vendor)

Last week was the Information Security Summit at Tri-C Corporate College East. It was my first time at the Summit, so I went in looking to learn something new. Looking over the 'pre-con' training that they had to offer, I noticed an inexpensive course on NAC (Network Access Control). This was of relevant interest to me because of the fact not long ago one of my tasks as a penetration tester was to break into a NAC "secured" network. What me and my fellow tester found was a mis-configured, hard to understand and easy to subvert device that wouldn't have caught us if we walked in w... (more)

IPS Updates, Splunk, Check Point and You

IPS Updates, Splunk, Check Point and You How I Learned to Stop Hating the Term “Zero-Day” but Not Really By: Bill Mathews Zero Day attacks – you know, the ones that almost EVERY signature in your IPS claim to protect you against? Yep those guys, nasty little things. Basically, if IPS vendors are to be believed, those are the things that don’t have a patch yet and have active exploits against them. You update your IPS signatures and BOOM protection from zero day! The problem we always run into, and this is with almost every IPS vendor so I’m not just picking on Check Point here, is... (more)

Ten Things I’ve Learned About Cloud Security

By Bill Mathews This is not a Top 10 list – it is a list of 10 things I’ve learned along the way. Top 10 lists imply some sort of universal knowledge of the “top” things possible in a given field. Top 10 attractive women, top 10 guitar players, top 10 whatever, they all have one thing in common: They are all ten things the author thinks are the best. I don’t really like to think I know everything so this list is in no particular order. This particular list is on cloud security and, well, it is a big topic that interests me greatly and there is no way I can cover it all in a blog... (more)