The Golden SAML threat vector enables an attacker to create a forged SAML “authentication object,” and authenticate across every service that uses SAML 2.0 protocol as an SSO mechanism. In a golden SAML attack, the attacker can gain access to any application that supports SAML authentication (e.g. Azure, AWS, vSphere, etc.) with any privileges they … Continue reading What is Golden SAML?
I was recently asked this question...I'm working on a project right now where my team wants to substitute passwords and usernames for biometric authentication. I have expressed my multiple concerns for the security of such a system, but the idea has now come up that we could use a system with at least 2 factors … Continue reading Using Biometrics to Replace Passwords
The Traffic Light Protocol (TLP) takes something that most people know and applies it to a new problem. In this case the simple concept of roadway traffic lights applied to information sharing. As defined by FIRST, an organization formed by cyber first responders; the Traffic Light Protocol is "a set of designations used to … Continue reading Understanding the Traffic Light Protocol (TLP)
The Internet is changing yet again. One of my predictions for 2018 is that everyone will witness a migration from corporate or private data centers to the 'Cloud', or Internet hosted data centers. There have been tremendous advances made in both securing the Cloud and sharing with the broader technical community how to secure the … Continue reading It all in the Cloud(s)
I recently came across two very good articles about USB forensics. The Hitchhiker's Guide to USB Forensics was published at the Cyberforensicator site by Oleg Skulkin and Igor Mikhaylov. It is a very well thought out an written description of how to find out by operating system analysis what files have been copied to a USB … Continue reading USB Forensics
In the past week I completed the work for the first MOOC (Massive Open online Course) that I've ever taken. The course was Surveillance Law which I completed via Coursera. Let me start by saying that this course was fantastic. The presenter, Jonathan Mayer from Stanford did a great job delivering a series of short … Continue reading Surveillance Law from Standford University via Coursera
BBC News is reporting today that Google has updated their search engine algorithm to provide a higher rank to websites that use HTTPS. The web news site Gigaom explains further that the algorithm identifies web sites that use HTTPS / TLS and uses it as a 'light factor' that impacts less than 1% of global queries.
After reading Thomas' article on re-evaluating the safety of Mac OS/X last week I finally managed to bring most of my Apple equipment up to current. I checked all the network devices and updated most of those. My Windows machines are all current. I do have that one Mac that won't run a current OS. … Continue reading Good References on Securing Mac OS/X
Five years ago I made a decision to move from PasswordSafe to AgileBits 1Password. As someone in the security field I've always tried to practice what I preach and using different passwords for different sites and cycling passwords (changing passwords every N months) is important. I looked at a number of different password management solutions. … Continue reading Password Managers & Escrow
I read an excellent article by Nate Anderson in Ars Technica, "How the FBI found Miss Teen USA’s webcam spy" about how they broke the recent Miss USA 'sextortion' case. It got me thinking about how many of my friend and colleagues become temporary IT support personnel at the end or the year trying to … Continue reading Remote Access Tool Misuse & Familial IT Support