Fred Zajac commented on the post, How are we to get better if our leader do understand, on the site MIS 5212-Advanced Penetration Testing 5 months ago
wrong link Sorry
Fred Zajac wrote a new post, How are we to get better if our leader do understand, on the site MIS 5212-Advanced Penetration Testing 5 months ago
I am not sure if anyone else watch congresses questioning of Mark Zukerberg, but I did. It was streamed live on Bloomberg nation and CNBC. While I was watching and listening, I was shocked at how uneducated o […]
I believe the standard should “Freeze” should be changed for everyone immediately. You must “manually” change it to be “Un-Freezed” by visiting a website or when you apply for your next loan. You may also Freeze and Un-Freeze your account at anytime for no charge. This cost will be passed onto the banks, who will pass it on to the…[Read more]
I understand your concern, but hackers already use credit scores to target people and businesses. Anyone can purchase someone’s credit score for a few dollars, and FTC regulations require a rating on financials, rating from AAA to Junk.
In my opinion, the cyber score should be required for all publicly traded companies who handle…[Read more]
The thing about patch management is testing the patch to see if it is valid or even if it will hinder your system. For instance, if you are not monitoring your hard drive space and a new patch gets installed that puts your hard drive in an unhealth state, then the good update may crash the system.
Automation on these things is…[Read more]
Fred Zajac wrote a new post, Multi-Factor Bio-Metric Authentication for home security, on the site MIS 5212-Advanced Penetration Testing 5 months, 4 weeks ago
This report covers Lighthouse AI, a startup hoping to install facial and voice recognition devices in homes. The program is similar to the access software in cellphones, but can do much more. You can set up m […]
I think this would be fantastic innovation altogether to make security of IoT devices more efficient. However there has not been much progress made until today on the security of these applications against brute force attacks. Moreover, IoT itself is in a growing phase of technological development and this startup would definitely be an icing on the cake.
This report identified three vulnerabilities with VPN services leaking sensitive IP Address and location information. Virtual Private Networks are used for several different reasons, but in this case it is used […]
Fred, really interesting article you posted. I remember last year when Internet privacy laws were scrapped and all my IT friends kept discussing VPN. What is more concerning is that the VPN services which contained vulnerabilities were the services provided by three popular VPN providers. I could expect this from a smaller provider, but not a well-known one. To me, VPN services is your focus so why are there slip ups? Also, I am sure once Internet privacy laws were removed, business must have increased. I know many of people who purchased VPN services once this change went into effect. Technology, security and privacy are huge today and I feel as if those companies should know that and not have vulnerabilities in the free Chrome-plug-in.
That’s actually quite interesting because over 40% of SMBs use VPN for remote business operations. I am unsure of the severity of these transactions, but if VPNs are leaking sensitive information such as IP address and location, this possibly has a huge place to instigate another cyber threat. Attackers can easily catch hold of these IPs to demand ransom. I am sure that Private VPNs are far secured and that organizations do use advanced security systems to prevent IP leaks over the private network.
I attended a Risk Quantification Symposium last week and learned some fascinating things that are coming down the pipeline for enterprise risk.
One thing I found very interesting is the FICO Enterprise Security Score. http://www.fico.com/en/products/fico-enterprise-security-score
This is similar to a credit score everyone is familiar with,…[Read more]
Check this out…
I wonder what these agencies “security score” is. Bad Credit.. LOL
The score is based on a few factors, but security posture and culture weighs on the number
Here is a link that may help everyone on assignment 2 and 3. You will be able to see more information on the left side if you follow the tree. Also, you can search previous versions of windows group policy information for a step-by-step guide. The one I like is for Windows 2000. Keep in mind, the Windows 2000 guide is like version 1 of the…[Read more]
Flash can be disabled in all popular internet browsers. Plus, you can set up office to not allow files with flash or any plug in.
To stop flash in group policy:
Search Group Policy editor –> Computer Configuration –> Administrative Templates –> Windows Components –> Internet Explorer –> Security Features –> Add On…[Read more]
Fred Zajac commented on the post, Kali Update – 404 error when using update && upgrade, on the site MIS 5212-Advanced Penetration Testing 7 months ago
Sorry, here is the information link. Just realized I forgot to include.
Fred Zajac wrote a new post, Kali Update – 404 error when using update && upgrade, on the site MIS 5212-Advanced Penetration Testing 7 months, 1 week ago
I was getting the 404 with several tools when apt-get update && apt-get upgrade. This command worked.
wget -q -O – archive.kali.org/archive-key.asc | apt-key add
You can read more up on repositories on […]
Sorry, here is the information link. Just realized I forgot to include.
Thanks Fred, this will definitely help!
Thanks for sharing. My kali from last semester works with this command:
wget -q -O – https://archive.kali.org/archive-key.asc | apt-key add
I also got 52 upgrades including exploitdb for metasploit:
root@kali:~# apt-get -y upgrade
Reading package lists… Done
Building dependency tree
Reading state information… Done
Calculating upgrade… Done
The following packages will be upgraded:
bsdmainutils burpsuite cracklib-runtime dbus dbus-user-session dbus-x11
exploitdb firmware-amd-graphics firmware-atheros firmware-bnx2
firmware-bnx2x firmware-brcm80211 firmware-cavium firmware-intel-sound
firmware-intelwimax firmware-ipw2x00 firmware-ivtv firmware-iwlwifi
firmware-libertas firmware-linux firmware-linux-nonfree
firmware-misc-nonfree firmware-myricom firmware-netxen firmware-qlogic
firmware-realtek firmware-samsung firmware-siano firmware-ti-connectivity
gnome-control-center gnome-control-center-data gnome-terminal
gnome-terminal-data imagemagick imagemagick-6-common imagemagick-6.q16
libaudit-common libaudit1 libcrack2 libdbus-1-3 libicu57
libmagickcore-6.q16-3 libmagickcore-6.q16-3-extra libmagickwand-6.q16-3
libsodium18 libtiff5 metasploit-framework python-flask python-formencode
python-tornado recon-ng sysstat
52 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
The general public is way too willing to add content to their social conglomerate that they are forfeit basic privacy.
Challenge questions that can be guess by visiting social media sites:
What is your high school mascot?
Where did you go to elementary school?
What road did you grow up on?
What is your favorite sports team?
We are using Patch Management for our clients using a third-party product. If you are interested in the product, let me know and I will give you info.
One of the things you mention is patching causing issues with applications. This is something we run into from time to time from our clients. Another issue we have is patching…[Read more]
Satwika & Frederic,
I agree patching is a very big deal, but what if the IoT manufacture didn’t provide enough space for constant patching? Example: Hardrive limit.
The patching will crash the hard drive at some point because of the file additions. Also, as you mention in a previous post,
The manufacturer may have used a very basic…[Read more]
Are you in the mood for love, but forgotten what love is?
Valentine’s Day is a day when people of all ages express their “love” towards people very close to them. Elementary schools are engaging in […]
I would also like to see these scanners, but playing the other side of the coin…
The users of these scanners are creating the database for them. Example: As a pentester, I use Chronicle to search for vulnerabilities of a specific IPAddress. It then scan’s the IPAddress for vulnerabilities. It does or doesn’t identify…[Read more]
- Load More