Tag: Cybercrime

This year, it seems like you can hardly turn around without bumping into some commentary on a breach. There’s expert analysis on every blog. The trade press eats up controversy stirred up by responses. Twitter trends. My inbox fills up with quotes and offers to hear more about the breach. It’s all bad news, so…

Read More

From these 49 breaches, it is apparent that the “Information” industry is the most vulnerable by more than double of any other industry. By nature, the “Information” industry has massive amounts of data available to be harvested for resale and other malicious use, as opposed to the relatively small amount of data or high-dollar information…

Read More

When it comes to crossing the US border, we used to worry about the simple things—too many souvenirs to avoid paying import duties, lines short enough to get to a bathroom in a reasonable timeframe, maybe concerns about which fruits and vegetables could be kept from the last grocery run. Today, we’ve got one more…

Read More

Another week, another threat. This week dawned with a spate of twitchy fingers telling us about the latest monster to emerge from the closets: KRACK. KRACK stands for Key Reinstallation Attack. You can read the details of this one on a variety of sites including Arstechnica,1 Verge,2 and, as befitting the seriousness of this one, its own website.3…

Read More

I recently had the opportunity to sit down with two of F5’s top threat researchers, Sara Boddy and Justin Shattuck, to pick their brains about IoT, its current state of “security,” and what we can expect to see in terms of threats, attacks, and mitigations in the future. Justin and Sara are co-authors of three IoT threat research…

Read More

This isn’t your mama’s botnet. This is a proper botnet. If you were the world’s best IoT botnet builder and you wanted to show the world how well-crafted an IoT botnet could be, Reaper is what you’d build. It hasn’t been seen attacking anyone yet, and that is part of its charm. But, what is…

Read More

Figure 1: Demonstration of a split-tunnel attack4 Email Retrieval attacks The two major protocols associated with email retrieval are Post Office Protocol 3 (POP3) and Internet Message Access Protocol (IMAP). Both protocols connect to an email server to download new messages over a TCP/IP connection.5POP3 is much simpler and easier to implement, but only allows…

Read More

So, what’s the issue when it comes to encryption and quantum computing? Today’s asymmetric encryption algorithms, which are primarily used for key exchanges and digital signatures, are considered vulnerable to quantum computers. For example, using today’s traditional, digital, transistor-based computers, it’s estimated it would take 6 quadrillion CPU years to crack a 2048-bit RSA decryption key.7 But,…

Read More

  Email Headers An excellent source of internal configuration information can be gleaned from email headers. Attackers can simply fire off a few email inquiries to folks at an organization and see what they can find. Here’s a typical email header using our example company, Boring Aeroplanes, from our phishing example. Note both internal and…

Read More

My favorite color, by the way, is black. Or at least it will be until something darker comes along. While marginally better than asking for personal information that is just as easily discovered on the web —your mother’s maiden name, where you were born (my mother claims it was in a barn based on my…

Read More