Scary tool – dnscat

The idea of this tool is that you can run just about any program and/or copy files to/from the machine, say an ssh session, using DNS packets to/from the client.  In other words, a workstation sitting on a network somewhere, behind the companies firewalls, IPS/IDS, AV, etc., etc. could communicate with a system on the [...]

Tagged with:
 

FBI Supply chain compromised :)

http://blogs.csoonline.com/the_fbi_supply_chain_illustrated Funny!

 

A great example of why you need…

defense in depth (which includes egress filters) and Network Security Monitoring (NSM).  This diary post on isc.sans.org is a good example of why companies need to practice defense in depth.  I have spent many years involved with messaging, back in 1995 I didn’t know what SMTP meant, but thanks to a gentleman at then Xerox [...]

Tagged with:
 

Google asking NSA for help

In this article Google is reportedly asking for assistance from the NSA. From my limited knowledge of the NSA, this sounds like the right thing to do. I have done plenty of work under non-discolure agreements (NDAs). Given the people that work at the NSA, I don’t see a problem with Google working with them. [...]

Tagged with:
 

Monitor your traffic and egress filters

I’m reading this story and I quote Last year, for example, an unidentified defense contractor discovered 100 compromised systems on its network, and found that the intruders had been inside since at least 2007. Hopefully now they’ve come to realize that monitoring your network, as in the traffic patterns, rates, etc. is very important too.  [...]

Tagged with:
 

Looking for something?

Use the form below to search the site:

Still not finding what you're looking for? Drop a comment on a post or contact us so we can take care of it!

Visit our friends!

A few highly recommended friends...

    52 queries in 3.990 seconds.
    © 2004-2010 Balius Inc.