Threat actors use phishing attacks in order to force their targets to take some action. I recently wrote a post about reporting on CNBC that documented attacks against Coinbase customers with horrific (for the target) results. I received a rather well constructed phish message today allegedly from Coinbase. EMail from firstname.lastname@example.org The "Verify my identity" … Continue reading Impressive Coinbase Phish (except for that return address)
My hometown news website recently published an article with the above title authored by University of North Carolina Professor Nir Kshetri. I've never met Professor Kshetri but after reading his essay I posted the following comment. Professor Kshetri is all wrong in his analysis and conclusions regarding monitoring minor students use of district supplied computing … Continue reading School Surveillance of Students Through Laptops May Be Doing More Harm Than Good
CNBC released reporting about Coinbase users falling victim to phishing attacks and subsequently having their cryptocurrency accounts drained. Image from CNBC's Crypto Nightmare reporting Despite the headline of the reporting "Crypto Nightmare: Hackers hacking Coinbase"; no attack on Coinbase itself is included in the reporting. What actually happened was a cryptocurrency investor with a very … Continue reading Crypto Nightmare: Coinbase Users Phished and Robbed
As a cybersecurity educator one of the core concepts that I try to relate to students is the ability to differentiate between qualitative and quantitative data. While to some it may seem a simple distiction between two forms of measurement; from my perspective as an educator it is not. While both forms of data are … Continue reading Quantitative CyberSeek
The Golden SAML threat vector enables an attacker to create a forged SAML “authentication object,” and authenticate across every service that uses SAML 2.0 protocol as an SSO mechanism. In a golden SAML attack, the attacker can gain access to any application that supports SAML authentication (e.g. Azure, AWS, vSphere, etc.) with any privileges they … Continue reading What is Golden SAML?
I had the fantastic opportunity to have a recorded video chat (a vidcast) with Mike Morris the Global Director of Business Development at Endace recently. Endace is in my mind the market leader when it comes to network packet capture solutions. They have really evolved network packet technology from its roots in open source TCPdump … Continue reading Secure Networks Vidcast with Mike Morris from Endace
Before I was a programmer. Before I was a network expert. Before I was an educator. I was a car guy. Due to all these other things in my life I never got as deep into auto mechanics as others. Reading about and working on my cars has always been a great distraction from Internet … Continue reading Amazingly Great Read: Gates and Ladders
I'm studying for the CISSP exam. Inference and aggregation are means used to take low level or partial information and use that to derive higher level information. Inference requires deduction. The lower level information provides clues. Aggregation is a mathematical or mechanical process. Apply inference and aggregation to safe cracking (or lock picking). Using inference … Continue reading Inference, Aggregation, and Safe Cracking
If you have not read this already I highly recommend Alex Stamos' opinion essay that appeared in the Washington Post on December 15th, 2020. Titled "Enough is enough. Here’s what we should do to defend against the next Russian cyberattacks.", Stamos writes about how poor our response is today and what the United States government … Continue reading Enough Already. Stamos is right.
Looking at the phishing email I received the other day telling me that my PayPal account had been suspended the next step in my investigation is to determine how it reached my inbox. There are many good resources available that describe manual email header analysis. To start out take a look at this article at … Continue reading Examining PayPal Phishing Email Headers