Impressive Coinbase Phish (except for that return address)

Threat actors use phishing attacks in order to force their targets to take some action. I recently wrote a post about reporting on CNBC that documented attacks against Coinbase customers with horrific (for the target) results. I received a rather well constructed phish message today allegedly from Coinbase. EMail from supportinhotint@wordfily.com The "Verify my identity" … Continue reading Impressive Coinbase Phish (except for that return address)

School Surveillance of Students Through Laptops May Be Doing More Harm Than Good

My hometown news website recently published an article with the above title authored by University of North Carolina Professor Nir Kshetri. I've never met Professor Kshetri but after reading his essay I posted the following comment. Professor Kshetri is all wrong in his analysis and conclusions regarding monitoring minor students use of district supplied computing … Continue reading School Surveillance of Students Through Laptops May Be Doing More Harm Than Good

Crypto Nightmare: Coinbase Users Phished and Robbed

CNBC released reporting about Coinbase users falling victim to phishing attacks and subsequently having their cryptocurrency accounts drained. Image from CNBC's Crypto Nightmare reporting Despite the headline of the reporting "Crypto Nightmare: Hackers hacking Coinbase"; no attack on Coinbase itself is included in the reporting. What actually happened was a cryptocurrency investor with a very … Continue reading Crypto Nightmare: Coinbase Users Phished and Robbed

What is Golden SAML?

The Golden SAML threat vector enables an attacker to create a forged SAML “authentication object,” and authenticate across every service that uses SAML 2.0 protocol as an SSO mechanism. In a golden SAML attack, the attacker can gain access to any application that supports SAML authentication (e.g. Azure, AWS, vSphere, etc.) with any privileges they … Continue reading What is Golden SAML?

Secure Networks Vidcast with Mike Morris from Endace

I had the fantastic opportunity to have a recorded video chat (a vidcast) with Mike Morris the Global Director of Business Development at Endace recently. Endace is in my mind the market leader when it comes to network packet capture solutions. They have really evolved network packet technology from its roots in open source TCPdump … Continue reading Secure Networks Vidcast with Mike Morris from Endace

Inference, Aggregation, and Safe Cracking

I'm studying for the CISSP exam. Inference and aggregation are means used to take low level or partial information and use that to derive higher level information. Inference requires deduction. The lower level information provides clues. Aggregation is a mathematical or mechanical process. Apply inference and aggregation to safe cracking (or lock picking). Using inference … Continue reading Inference, Aggregation, and Safe Cracking