uKnowKids Apparently Didn’t Know Security

Misconfigurations are a pain in the arse. They lead to more website compromises than inverted flux capacitors. But, in all seriousness it seems that the company uKnowKids had a an insecure MongoDB set up that was swinging in the breeze. Along came Chris Vickery, he discovered the database, that had been dangling online for at least 7 weeks and let the company know. From The Register: A misconfigured database at uKnowKids....

Continue reading

United Nations Website Compromised

United Nations Site Popped Yesterday morning at about 9 am eastern, the website databreaches.net noted that the United Nations World Tourism website had been compromised. The underlying software was a php based web forum. Apparently 1524 forum members had their information exposed via a SQL injection attack. When I checked on it at 6 pm the site was still defaced. But, at last, this morning the site has been restored.

Blackberry Buys Encription

The Blackberry Buy Yes, you are reading that correctly. That is not a typo. It seems that the Waterloo, Ontario based mobile handset maker, Blackberry, has purchased UK based security firm Encription, for an undisclosed amount. From Reuters: The acquisition will bring a team of about 40 cyber security professionals, who have helped test network vulnerabilities for both government agencies and large corporate entities, into the BlackBerry fold. "This is a ...

Continue reading

RSA Parties 2016

RSA Parties 2016 List It is that time of year again and the RSA Parties 2016 list is here. The RSA Security Conference approaches. This year it is back where it used to be at at the end of February. I didn't do a party post last year as I was overwhelmed with work/life imbalances. This year has started off to a more sane pace so, here we are. There are ...

Continue reading

RMISC: Things To Do In Denver

The new year has started rolling and one of the things that people try to hammer out early in the calendar year is often the training budget. Picking a good security conference can be a problem. What I mean, is it can be difficult to pick the right conference for you. I've been fortunate to have been to many conferences over the years. I've learned a great many things, such ...

Continue reading

Liquidmatrix Reflections

I found myself sitting in a hotel room in some random city recently with a glass of wine, several open powerpoint decks and Family Guy on the television. A moment of reflection if ever there was one. It occurred to me that Liquidmatrix just had it’s 17th birthday this past February. That is a helluva long time for a website of any description. It has been a lot of ...

Continue reading

RSA Parties 2015

Nothing like waiting until the very last minute to post an RSA Parties 2015 list. Day jobs + kids = you get the idea. That being said, I'm happy to note that Akamai Technologies (my day job) will be hosting a party this year in conjunction with AT&T. Be sure to come out and meet @csoandy, @billbrenner70, @mckeay and myself @gattaca. Now, this is a simple curated RSA Parties 2015 list but, if ...

Continue reading

Reflections

I find myself sitting in a hotel room in some random city this evening with a glass of wine, several open powerpoint decks and Family Guy on the television. A moment of reflection if ever there was one. It occurs to me that Liquidmatrix just had it’s 17th birthday in February. That is a helluva long time for a website of any description. It has been a lot of ...

Continue reading

The Stupid, It Burns

There are times where I just marvel at the abject stupidity of some folks. Case in point was the posting on Pastebin over the weekend where a group of "hackers" (wow, I use that term lightly) calling themselves "Wycked" posted a database dump from McDonald's Malaysia. The premise being that they compromised the site. Small problem with that however. You see, the "Havij Injection Project" already posted that same database ...

Continue reading

No Cyber Experience? Strategy! Um…

Michael Daniel is the person who is on point for shaping cyber security in the US government. I find it rather disquieting that the White House cyber security coordinator espouses his lack of technical knowledge as a plus. From Gov Security: "Being too down in the weeds at the technical level could actually be a little bit of a distraction," Daniel, a special assistant to the president, says in an ...

Continue reading