Ashley Madison coding blunder made over 11 million passwords easy to crack

Until today, the creators of the hacked AshleyMadison.com infidelity website appeared to have done at least one thing well: protect user passwords with a strong hashing algorithm. That belief, however, was painfully disproved by a group of hobbyist password crackers.The 16-man team, called CynoSure Prime, sifted through the Ashley Madison source code that was posted online by hackers and found a major error in how passwords were handled on the website.They claim that this allowed them to crack over 11 million of the 36 million password hashes stored in the website's database, which has also been leaked.A few weeks ago such a feat seemed impossible because security experts quickly observed from the leaked data that Ashley Madison stored passwords in hashed form -- a common security practice -- using a cryptographic function called bcrypt.To read this article in full or to leave a comment, please click here

Oracle VirtualBox Network Modes

There’s been a whole heap (programming pun intended) of blogs around automation and virtualisation over the last few years, with some rather good ones of late centred around the now classic mix of VirtualBox, Vagrant and Ansible*|**. I’m particularly enjoying the Hey, I can DevOPS my Network too! series by Larry Smith Jr. at the moment. I may […]

The post Oracle VirtualBox Network Modes appeared first on Packet Pushers.

Security experts mostly critical of proposed threat intelligence sharing bill

This fall, the Senate is expected to take another look at the Cybersecurity Information Sharing Act, or CISA, but many security experts and privacy advocates are opposed.Cybersecurity has been in the news a lot this summer, and not just with several new high-profile breaches in government and the in private sector.Last month alone, the Pentagon began requiring defense contractors to report breaches, the White House Office of Management and Budget proposed new cybersecurity rules for contractor supply chains, and a court agreed that the Federal Trade Commission has the authority to enforce cybersecurity standards.MORE ON CSO:Millions of records compromised in these data breaches And many security experts agree that it's important for companies to share cybersecurity information, in real time, without risk of being publicly embarrassed, fined, or sued.To read this article in full or to leave a comment, please click here

10 things to do before you lose your laptop

Whether you’re in the office, at home, in school, or at coffee shops and hotels around the world, laptops are everywhere. The portable computer allows you to stay in touch and do productive work regardless of where you may be physically – especially when you factor in the extended battery life and cloud-based computing applications and services.On the other hand, the sheer portability of the laptop also makes it vulnerable to unauthorized access or outright theft or lost. Gartner recently estimated that a laptop is lost every 53 seconds.MORE ON NETWORK WORLD: 6 simple tricks for protecting your passwords While nobody plans to lose a laptop, there are some things that you can do to reduce both the risk and the potential legal repercussions should your laptop ever be misplaced or stolen. As with most security measures, the best defense is a good offense. Here are 10 things to do before you lose your laptop.To read this article in full or to leave a comment, please click here

Presidential longshot at CTIA 2015 promising nothing less than immortality

I hadn’t come to room 3301 of the Sands Expo to see Zoltan Istvan speak. I had come because the official CTIA Super Mobility 2015 conference app had pinged a notification to me that Mike Tyson – a boxer of some repute – was due to participate in a panel discussion and I wanted to startle my editors by landing a quote from Iron Mike.What I found, instead – I have no notion where Tyson was at the appointed time – was Zoltan Istvan, who is running for president. He is polished, polite and friendly. He was also gracious and patient with a reporter who bumbled into his speech by accident and essentially asked, “What the heck is going on here?”For those unfamiliar with his work, Istvan is a columnist for Vice, former reporter for National Geographic and author of a novel called The Transhumanist Wager, which lays out his hyper-futurist philosophy. In essence, he believes that humanity’s goal must be to create technology so advanced that we become immortal – conquering death with the infinitely sharp sword of logic. Through advances in medical science, the gentle melding of humans and machines and various other technological Continue reading

Apple Keynote 2015 – Enterprise & Personal

Excerpt: I am fascinated by Apple's business strategy and product management. Every year Apple makes a huge multi-billion dollar bet on delivering complex technology products into the hands of untrained users in the one of the toughest computing platforms - the smartphone. Plus they build custom silicon, new materials and software features in every version. And this time, they have an Enterprise product.

The post Apple Keynote 2015 – Enterprise & Personal appeared first on EtherealMind.

Risky Business #382 — Charlie Miller talks car hax, Uber

On this week's show we're checking in with Charlie Miller. We chat car hacking and we also (kind of) find out what he's up to now he's working at Uber.

This week's show is brought to you by HackLabs, an Australian security consultancy. They're a key sponsor of Australia's Cyber Security Challenge, which is basically a CTF for Australian CS students. What makes this one a bit different is it's being run by the Prime Minister's Office, which is, yeah, unexpected. Chris joins us later to discuss the challenge, that's this week's sponsor interview.

read more

North Korea is likely behind attacks exploiting a Korean word processing program

North Korea is likely behind cyberattacks that have focused on exploiting a word processing program widely used in South Korea, security firm FireEye said Thursday in a report.The proprietary program, called Hangul Word Processor, is used primarily in the south by the government and public institutions.The vulnerability, CVE-2015-6585, was patched three days ago by its developer Hancom.FireEye's conclusion is interesting because only a handful of attacks have been publicly attributed to the secretive nation, which is known to have well-developed cyber capabilities.To read this article in full or to leave a comment, please click here

What’s that drama?

The infosec community is known for its drama on places like Twitter. People missing the pieces can't figure out what happened. So I thought I'd write up the latest drama.

It starts with "Wesley McGrew" (@McGrewSecurity), an assistant professor at Mississippi state. He's been a frequent source of infosec drama for years now. Since I, myself, don't shy away from drama, I can't say that he's necessarily at fault, I'm just pointing out that he's been involved in several Big Infosec Drama Blowups.

Then there is "Adrian Crenshaw" (@irongeeek_adc) (aka. "Irongeek") who maintains a website http://irongeek.com, which hosts a lot of infosec videos. He'll work with conferences to make sure talks get recorded and uploaded to his site. A lot of smaller cons host their video there. If you frequently watch infosec videos, then you know the site.


I think this specific drama started back in April, when Irongeek made this April Fool's joke:
https://twitter.com/McGrewSecurity/status/583250910387789824

Many, most especially McGew, criticized Irongeek for this, claiming it was an "unfunny slap to women in security".

I don't know when it happened, but Irongeek punished McGrew by blocking students from McGrew's university, Mississippi State. This was noticed last week.

https://twitter. Continue reading

US defense secretary mulls rapid grants for tech companies

The U.S. Department of Defense is considering offering rapid seed funding to private companies as a way to encourage more work on technology projects with the commercial sector, Secretary of Defense Ashton Carter said Wednesday.The push for greater cooperation with tech companies has been a big theme for the DOD in the last year as it faces a growing and unprecedented threat from private and state actors on the Internet and beyond.That was demonstrated late last year when Sony Pictures suffered a devastating hack of its corporate email system that the U.S. government attributed to North Korea. Hackers based overseas have also been blamed for high-profile attacks on the Department of State and the Office of Personnel Management, the latter of which resulted in personal data on millions of government employees being lost.To read this article in full or to leave a comment, please click here

US defense secretary mulls rapid grants for tech companies

The U.S. Department of Defense is considering offering rapid seed funding to private companies as a way to encourage more work on technology projects with the commercial sector, Secretary of Defense Ashton Carter said Wednesday. The push for greater cooperation with tech companies has been a big theme for the DOD in the last year as it faces a growing and unprecedented threat from private and state actors on the Internet and beyond. That was demonstrated late last year when Sony Pictures suffered a devastating hack of its corporate email system that the U.S. government attributed to North Korea. Hackers based overseas have also been blamed for high-profile attacks on the Department of State and the Office of Personnel Management, the latter of which resulted in personal data on millions of government employees being lost.To read this article in full or to leave a comment, please click here

Video: Virtual networking’s killer use case

A key theme at this year's VMworld conference was the virtualization of the data center, and specifically the network.+MORE AT NETWORK WORLD: Containers key to Cisco's "open" data center OS +VMware entered into the networking market two years ago when it purchased Nicira for more than $1 billion. Since then VMware has rolled out NSX, it’s virtual networking product. Officials say there are already 700 NSX deployments, including 65 customers that have $1 million+ NSX deployments.In the video below, check out what VMware’s Chris King says have been some of the driving factors behind virtual networking, and learn how virtual networking is being used as a security tool, and not just network agility software.To read this article in full or to leave a comment, please click here

Video: Virtual networking’s killer use case

A key theme at this year's VMworld conference was the virtualization of the data center, and specifically the network.+MORE AT NETWORK WORLD: Containers key to Cisco's "open" data center OS +VMware entered into the networking market two years ago when it purchased Nicira for more than $1 billion. Since then VMware has rolled out NSX, it’s virtual networking product. Officials say there are already 700 NSX deployments, including 65 customers that have $1 million+ NSX deployments.In the video below, check out what VMware’s Chris King says have been some of the driving factors behind virtual networking, and learn how virtual networking is being used as a security tool, and not just network agility software.To read this article in full or to leave a comment, please click here

Turla cyberespionage group exploits satellite Internet links for anonymity

A cyberespionage group of Russian origin that targets governmental, diplomatic, military, educational and research organizations is hijacking satellite-based Internet connections in order to hide their servers from security researchers and law enforcement agencies.The group is known as Epic Turla, Snake or Uroburos and even though some of its operations were first uncovered in February 2014, it has been active for at least eight years.To read this article in full or to leave a comment, please click here

1 3,329 3,330 3,331 3,332 3,333 3,844