Tenable Tweets - You can find us on Twitter at http://twitter.com/tenablesecurity where we make product and company announcements, provide Nessus plugin statistics and more!
Wi-Fi security do's and don'ts - I agree with most of the recommendations here. WEP is bad, WPA-PSK is not a good solution for businesses, and MAC address filtering is useless. However, WIPS is a bit overstated, and certainly Snort doesn't help you much. The fact is, if you run an open wireless network, it allows for several attacks at layer 2. I do recommend practical network security with respects to WiFi, and designing the network to be robust and manageable will certainly help. However, many think that implementing 802.11i and VPNs is all you need to do. I disagree; treat your WiFi network as hostile, assume clients are compromise and MiTM attacks are occurring, then secure it as such.
CIA monitors up to 5 million tweets daily, report says - "A CIA team known internally as the "vengeful librarians" that numbers in the hundreds gathers information in multiple languages to build a real-time picture of the mood in various regions of the world." - I love the title. The technology used to monitor 5 million Tweets is interesting. I wish Twitter would monitor and do something about the evil things and spam that happens on Twitter.
'Nitro' hackers use stock malware to steal chemical, defense secrets - Computerworld - Attackers reportedly used Poison Ivy to compromise systems and steal intellectual property. I am familiar with this malware, and curious as to how it was able to evade even the most rudimentary defenses. Sure, you could configure it to be stealthy, but Poison Ivy tends to be somewhat loud on the systems and the network. We need to have a much better way to detect malware, especially on higher value targets.
Show Me Your DNS Logs, I’ll Learn about You! « /dev/random - Fun write-up of the analysis of the DNS logs from the 3rd annual BruCon conference. It was interesting to see that some people do not trust the DNS server provided by the ISP or conference service. You can also determine operating system type based on DNS requests to NTP servers, showing that many attendees were running Ubuntu Linux distributions. Requests to the WPAD domain leaked information about companies that owned the devices, Wordpress was the blog platform of choice, and Gmail remains king for email. There were many requests that were clearly typos, showing that "typo-squatting" could prove useful for attackers.
Try Tenable.io free for 60 days. Protect your organization from WannaCry, NotPetya and other ransomware cyberattacks. Get Started
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.