0

AshMad is prostitution not adultery

The Ashley-Madison website advertises adultery, but that's a lie. I've talked to a lot of users of the site, and none of them used it to cheat on their spouse. Instead, they used it as just a "dating" site -- and even that is a misnomer, since "dating" often just means a legal way to meet prostitutes. According to several users, prostitutes are really the only females they'd consistently meet on Ashley-Madison.

0

Big Data for Social Engineering

First, it integrates with corporate directories such as Active Directory and social media sites like LinkedIn to map the connections between employees, as well as important outside contacts. Bell calls this the “real org chart.” Hackers can use such information to choose people they ought to impersonate while trying to scam employees. From there, AVA users can craft custom phishing campaigns, both in email and Twitter, to see how employees respond. via wired

This is a white hat tool, of course, a form of social engineering penetration testing. Two points of interest, though.

First, you can be pretty certain hackers are already using this sort of tool today to find the right person to contact, how to contact them, and to discover the things they know people will respond to. The rule of thumb you should keep in mind is — at least 80% of the time, hackers are already using the tools researchers come up with to do penetration testing. Remember all those fake people inhabiting the world of twitter, facebok, and the like? Some of them might not be just another click farm — some of them might be clickbait for hackers to find out who you Continue reading

0

Trump is right about the 14th Amendment

Trump sucks all the intelligence out of the room, converting otherwise intelligent and educated pundits into blithering idiots. Today's example is the claim that Trump said:

"The 14th Amendment is unconstitutional."

Of course he didn't say that. What he did say is that the 14th Amendment doesn't grant "birthright citizenship" aka. "anchor babies". And he's completely correct. The 14th Amendment says:

"All persons born or naturalized in the United States, and subject to the jurisdiction thereof, are citizens of the United States"

The complicated bit is in parentheses. If you remove that bit, then of course Trump would be wrong, and anchor babies would be guaranteed by the constitution, since it would clearly say that being born in the U.S. grants citizenship.

But the phrase is there, so obviously some babies born in the U.S. aren't guaranteed (by the constitution) citizenship. Which babies are those?

The immigration law 8 U.S.C. § 1401(a) lists some of them: babies of ambassadors, heads of state, and military prisoners.

It's this law that currently grants anchor babies citizenship, not the constitution. Laws can be changed by Congress. Presumably, "illegal aliens" could easily be added to the list.

This Continue reading

0

Intel Developer Forum Gets Overrun by IoT

Intel makes its play for IoT ubiquity.

0

Notes on the Ashley-Madison dump

Ashley-Madison is a massive dating that claims 40 million users. The site is specifically for those who want to cheat on their spouse. Recently, it was hacked. Yesterday, the hackers published the dumped data.

It appears legit. I asked my twitter followers for those who had created accounts. I have verified multiple users of the site, one of which was a throw-away account used only on the site. Assuming my followers aren't lying, this means the dump is confirmed.

It's over 36-million accounts. That's not quite what they claim, but it's pretty close. However, glancing through the data, it appears that a lot of the accounts are bogus, obviously made up things for people who just want to look at the site without creating a "real" account.

It's heavily men. I count 28-million men to 5 million woman, according to the "gender" field in the database (with 2-million undetermined). However, glancing through the credit-card transactions, I find only male names.

It's full account information. This includes full name, email, and password hash as you'd expect. It also includes dating information, like height, weight, and so forth. It appears to contain addresses, as well as GPS coordinates. I suspect that Continue reading

0

Big Switch & Cumulus Play Hot Potato on Bare Metal Security

Who owns ONIE security?

0

A10 is Changing the Advanced Security Arena — Find Out How

Enter the advanced security arena with the A10 DemoFriday on September 11, 2015.

0

Featured Guest Article: Protection Is Job 1

IT and InfoSec need new and better tools.

0

Introducing Docker Content Trust

written by Diogo Mónica, Security Lead at Docker, Inc.   Image Signing and Verification using The Update Framework (TUF)   A common request that we’ve heard from the Docker community is the need to have strong cryptographic guarantees over what code … Continued

0

Low-Tech Scam Dupes Ubiquiti Networks Out of $40M

B2B email scams are all the rage.

0

Symantec is Selling Veritas for a Cool $8B

It's spinoff season in the Valley.

0

The Cloud Security Boom Has Just Started

Information security technology is undergoing a generational shift. Once thought of as a collection of point solutions, security technology is moving to the cloud, where a coordinated suite of real-time software tools are needed.

0

The End of the Internet

Will the Internet survive centralization, a Black Hat keynoter asks.

0

DNS parser, meet Go fuzzer

Here at CloudFlare we are heavy users of the github.com/miekg/dns Go DNS library and we make sure to contribute to its development as much as possible. Therefore when Dmitry Vyukov published go-fuzz and started to uncover tens of bugs in the Go standard library, our task was clear.

Hot Fuzz

Fuzzing is the technique of testing software by continuously feeding it inputs that are automatically mutated. For C/C++, the wildly successful afl-fuzz tool by Michał Zalewski uses instrumented source coverage to judge which mutations pushed the program into new paths, eventually hitting many rarely-tested branches.

go-fuzz applies the same technique to Go programs, instrumenting the source by rewriting it (like godebug does). An interesting difference between afl-fuzz and go-fuzz is that the former normally operates on file inputs to unmodified programs, while the latter asks you to write a Go function and passes inputs to that. The former usually forks a new process for each input, the latter keeps calling the function without restarting often.

There is no strong technical reason for this difference (and indeed afl recently gained the ability to behave like go-fuzz), but it's likely due to the different ecosystems in which they Continue reading

0

How a Chinese Hacking Ring Loots Corporate Secrets

A Dell SecureWorks survey explains how compromised sites can be used for highly selective attacks.

0

Skyport DemoFriday: Learn How SkySecure Intends to Disrupt the Security & Server Markets

Security threats are changing. Your security measures need to change, too. Find out what to do with the help of Skyport Systems and its SkySecure product.

0

F5 Badger Adds Azure Support, Targets Hybrid Cloud

BIG-IP gets a DevOps twist.

0

Zscaler Scales Up With $100M Series B

Another big round for a security startup.

0

Software-Defined Perimeter Remains Undefeated in Hackathon

'We don't have to be vulnerable.'

0

Worth Reading: Access Control with Segmentation

When you couple software-defined segmentation with an intelligent planning and implementation methodology, you get active segmentation. This approach to segmentation allows network operators to effectively cordon off critical network assets and limit access appropriately with minimal disruption to normal business functions. via the Cloud Security Alliance

The post Worth Reading: Access Control with Segmentation appeared first on 'net work.