Tag: Breaches

Malicious Data From Trusted Companies

Last night, I received one of the typical malicious “you have a package waiting” spams to an email address that I have only used at one place–in this case DynDNS.com. It included a link inviting me to print a shipping

Posted in Incident Response, Risk Management Tagged with:

The Immutable Friday Fav Five for September 23, 2011

Here are the five or more links that I found interesting for this week: This is just all kinds of awesome. It’s not that I am with the bad guys, but when they get this creative you have to give

Posted in Computer Crime, Intrusion Detection, Log Analysis, Secure Design, Vulnerabilities Tagged with: ,

The Immutable Friday Fav Five

Here are the five links that I found interesting for this week: Mitigating the Apache Range Header Attack. This is a pretty good overview of several ways you can protect yourself for little to no cost. Also, see my post, Detecting

Posted in Computer Crime, Encryption, Incident Response, Intrusion Detection, Log Analysis Tagged with:

The Immutable Friday Fav Five

One of the reasons I started this blog was to share things I had encountered in the security and privacy world. I have done quite a bit of editorializing, but not too many of the quick and useful posts. I

Posted in Computer Crime, Incident Response, Intrusion Detection, Log Analysis Tagged with: , , ,

Garden Security III: The Houdini Hare

Never underestimate the potential of a motivated attacker–or a hungry rabbit. Fairly confident in my beefed up garden security, I entered my garden to commune with my plants. They probably would have preferred water, but I am an earthy kind

Posted in Risk Management, Secure Design Tagged with:

Garden Security II: The Bunny Breach

*(&$#@!! I stepped outside tonight to water the garden and what did I find? A fuzzy-tailed rabbit happily hanging out inside my garden–with the gate closed. My perimeter has been breached! How did he get in? I am still doing

Posted in Incident Response, Intrusion Detection, Risk Management, Secure Design, Vulnerabilities Tagged with:

Beware of Payscale.com

Awhile back, I blogged about how not to handle notification of a possible breach. In that case, I began to receive spam to a very unique address only used at one place. When I attempted to report the potential breach,

Posted in Computer Crime, Ethics, Incident Response Tagged with:

The Ethics of Publicly Disclosing Breaches

In the security research community, it is commonly held that the ethical thing to do when discovering a vulnerability is to contact the software developer. Only after a lack of response, after the vulnerability has been fixed, or after the

Posted in Dialogue, Ethics, Incident Response Tagged with:

An Analysis of the Analysis of the Apache.org Attack

Over at the Apache blog, you’ll find a nice and detailed incident report on the recent, successful attack on Apache.org. I thought it might be worth a few minutes to share my thoughts on their write-up. First, I would like

Posted in Computer Crime, Ethics, Incident Response, Intrusion Detection, Log Analysis, Secure Administration, Secure Design, Systems Hardening Tagged with: , ,

A Public Lesson on How to Handle a Breach

When I first heard about this, I thought to myself, “Say it isn’t so. Tell me this is just a big misunderstanding. Tell me that my favorite place to buy cables at great prices wasn’t breached.” Alas, it seems to

Posted in Computer Crime, Ethics, Incident Response Tagged with: