The idea of this tool is that you can run just about any program and/or copy files to/from the machine, say an ssh session, using DNS packets to/from the client. In other words, a workstation sitting on a network somewhere, behind the companies firewalls, IPS/IDS, AV, etc., etc. could communicate with a system on the [...]
http://blogs.csoonline.com/the_fbi_supply_chain_illustrated Funny!
defense in depth (which includes egress filters) and Network Security Monitoring (NSM). This diary post on isc.sans.org is a good example of why companies need to practice defense in depth. I have spent many years involved with messaging, back in 1995 I didn’t know what SMTP meant, but thanks to a gentleman at then Xerox [...]
In this article Google is reportedly asking for assistance from the NSA. From my limited knowledge of the NSA, this sounds like the right thing to do. I have done plenty of work under non-discolure agreements (NDAs). Given the people that work at the NSA, I don’t see a problem with Google working with them. [...]
I’m reading this story and I quote Last year, for example, an unidentified defense contractor discovered 100 compromised systems on its network, and found that the intruders had been inside since at least 2007. Hopefully now they’ve come to realize that monitoring your network, as in the traffic patterns, rates, etc. is very important too. [...]
Recent Comments