6 Categories of Hackers and What They Want

Last time, I went over the three types of hackers out there.  To give you a stronger foundation from which to build your defense in this digital world, I’ve broken down the category of hacker once more into the various types underneath the hats.  In order to defend against impending subterfuge, it is important to know who may be targeting you or your company.

Password Management Best Practices: Stemming the Tide

This one is geared to all you IT professionals out there who are looking to create a strong, effective, and simple to manage password policy.  We’ve talked before about password best practices, and what not to do.  If you want some more information on that particular subject, check out some of the information provided by the security experts over at PortalGuard.  Today, however, we’re going to look at the password policy in some more detail to figure out what password management best practices are the most effective in actual use. 

Mobile Security | Slow and Steady Need to Combat Mobile Malware

Remember when mobilegeddon was all the rage throughout the net?  It was interesting on the surface, but unless you were a marketing professional, you probably just took those announcements in stride.  Why focus your efforts on understanding the details of the mobile presence for Google if you barely have to interact with it?  In a way, that sort of thinking does make sense (unless, of course, you have a business that has any sort of digital presence), but the whole mobilegeddon event threw into light a major aspect of technology that has been digging its heals into every instance of our lives: mobile security and access. 

Mobile security is on the rise; with a lot of new efforts being made to try and secure data files that get accessed and stored on mobile devices from secure data centers.  For the hacking game, this means there is an increasing focus on the security of mobile devices in general.

Top 5 SSO Security Advantages

Behold the power of one password. That's right, password. No longer are you faced with a plethora of login credentials that you know you will never remember. That vicious cycle of helpdesk calls followed by daily account lockouts has finally come to an end. It sounds like you’ve found yourself a single sign-on (SSO) solution and you’re ready to embrace the convenience. After all, convenience was your primary reason for adopting such a technology, was it not? I’ll let you get back to me on that one. In the meantime, let’s take a look at SSO security, a hot topic among the information security community and what more and more IT decision makers are referring to as their “primary motive” for deploying SSO.

Duqu Cyber Attack - Zero-Day, Predecessors and a Silver Lining

In light of Sir Christopher Lee’s passing, it seems only fitting that we make a nod in his general direction to talk about the most recent attack by our good friend: Duqu.  That’s right, HackerAttackers – There has been another Duqu cyber attack. Duqu is back, and it’s breaking out the big guns with 2.0.  Like its apparent namesake (though, personally, Dooku looks a lot more villainy), Duqu 2.0 is a master of disguise, infiltration and covering its tracks.  We’ve spoken before about the nature of cyber warfare in the digital age, and Duqu 2.0 is a prime example of the evolution of this threat.  Threats such as the Stuxnet virus, and Flame are pushing the envelope for what we consider traditional spycraft and covert war.  The Duqu cyber attack is the most recent, home-based instance of cyber warfare to point out the need for stronger security, and above all, a more penetrating awareness of the threats of our digital age. 

Importance of Password Expiration | Don’t have it – Why Not?

The importance of password expiration is an interesting topic for me.  It’s all over the place online – and rightfully so.  There are tons of questions floating around out there: what is the best duration for a password, should be the same expiration rate for each user, is password expiration beneficial.  It can sometimes be a bit overwhelming to look at.  That being said: there are also areas surrounding the importance of password expiration that are somewhat debated (much like the last question above). In that regard, I would like to take a look at an older article I found interesting and debate some of the claims therein.  Catch up after the jump!

Password Policy Best Practices | 4 Ways Being Hacked Educated Me

Here at HackerAttacker, we talk a lot about how to protect yourself from hackers of all shapes and sizes (or colors, as it were).  What we rarely talk about is what it is liked to actually be hacked.  There are countless examples of various individuals being hacked (and we’ve talked a lot about some big company hacks as well), so you know it isn’t some rare occurrence.  Today, I’m going to talk about some password policy best practices I learned from being hacked myself, and how the experience changed the way in which I approach my online security.

Password Generator Using Words | Things to Know

We all know that hackers are out there and the worst of the lot want the key to our castle. In today’s world of online banking and VPN access to corporate accounts, there are many who say we are still using the wrong type of ‘key;’ one that is easily stolen and/or copied.  The password is still around though, for better or worse (though Microsoft is working on changing that soon, and with it comes the typical issues of forgotten passwords and account lockouts.  With the average help desk call costing around $25-$30 per call, a simple solution would be welcome in most environments.  Instead of just your typical self-service password reset solution; why not take a look at a password generator using words that the user has previously set? If you are interested in reducing help desk costs and empowering your users, read on after the jump!

What Star Wars Taught Me About Information Security

A belated May the 4^th to all of you Star Wars Fans out there! If you’ve never seen Star Wars: a New Hope, then beware: Spoilers ahead (also, you should go watch that.  Seriously, go now.  We can talk after).  Obviously, one of our favorite topics here at HackerAttacker is security in all its shapes and forms.  We’ve talked about various hackers, how to hack the government, and even how hacking is like picking a lock.  One thing that I never really take into consideration, however, is how much security is thrown in our faces throughout pop culture.  I’m not just talking about advanced techniques seen in movies like Mission Impossible or James Bond; I’m talking about popular culture both old and new.  Specifically, how Star Wars taught me more about information security than most any actual course or class ever could. 

Simple USB Token Logon | Secure Authentication

Passwords.  Did you even read that word?  Passwords are such a staple of everyday life now that we hardly even recognize when the word even plants itself in front of us.  Half of the time, a website asks us to enter a username or ID and we immediately fill the blank space beneath it with a password.  We don’t even think about it.  That’s just the way things are now, especially with people.  Don’t you think it would be nice if you could login without a password though? Sure, it sounds simple, but what about the fallout surrounding the security vulnerabilities inherent in using no password?  Let’s talk about that after the jump!

Preventing Phishing Attacks | How to Protect Your Information Online

To this day, entering personal information online makes many of us feel uneasy. In fact, I sometimes find myself paying certain bills by submitting a hand-written check through the mail. In a personal attempt to prevent phishing attacks, it makes sense.  Now, some may call this old-fashioned method a waste of time. Maybe it's even being too paranoid or merely an under-utilization of technology’s modern-day user experience. What can I say, old-fashioned ways tend to have a better ability to prevent phishing attacks!

Authentication Best Practices - Brief History of Security

We talk a lot about the digital age of warfare here at HackerAttacker.  It’s kind of the most popular aspect of the digital age today.  Just take a look at history; war is always resting at or about the pinnacle of the public forum.  Why mess with a classic? When it comes to security and authentication best practices, however, there are more avenues to peruse than simply the digital side of warfare.  In that element, we are going to take a look at some older forms of deception and how they play a role in the social relationships inherent in digital security and authentication.

Contextual Authentication - Who is Behind the Keyboard?

Have you ever asked yourself this question before? The MTV TV show Catfish asks this question in every single episode. They work with people all over the United States that have fallen in love with someone they have never met in person, or even talked to on the phone before. On the show, the two hosts work together to find the person who is behind the other keyboard in order to play matchmaker. Nine times out of ten, the person on the other end of the line is not who they say they are. They might not even look remotely close to who they are pretending to be online.

This got me thinking a couple of things… Why do people do this? And how can user fraud be stopped online?

War is Changing: Digital Authentication and Security Solutions

War is changing.  We’ve talked about this before, but the state of war between nations is evolving every day. What once was a sequence of battles between armies, marching in line towards each other, has now become a digital minefield of secrecy, deception, and cyber attacks.  It’s one of the age-old ideas for inventors and other entrepreneurs: give me something that will make life easier, and I’ll show you the next great weapon.  Recently, the White House (you know, the place where all of the people that run things tend to go) was victim of a long-standing, brutal cyber attack.  Sure, the various sources say that nothing ‘Top Secret’ was made available to the public or the attackers, but that doesn’t do much to make me feel better.  I don’t know about you, but I’m left wondering: what did they get? I guess, in a way, the next leap my mind makes is towards digital authentication and security solutions. 

The Secret is Out!

Who does not love a good secret? Being in on a secret is exciting! You know something that someone else does not know; you are instantly special and separated from the pack. Congratulations! But what if that secret is crap? A false façade someone has put up to cover up the truth or to mislead you to think differently about the person or situation.

Deception is real and happens every day. Everywhere you look there is deception being played out.

The guy sitting next to you right now, is that his real hair color? Are your neighbors really happily married? Did we really land on the moon? Is global warming real? Did Al Gore really invent the Internet? Is the dress black and blue or white and gold? What should I believe is the truth?

Gallimaufry Grey Hats - For the Greater Good

Recently I wrote about a couple of very notable White Hat hackers who have literally changed the world as we know it. Those savants of technology took a concept and made it staple in the world we live in. Today we turn the tables though and look at a couple of adventurous grey hat hackers that used their considerable skills to make a statement.

Hooray for White Hats: A look at two who changed the world

In the world of hacking there is good and evil, much like in any other world I suppose. However, like in the Transformers movies, there are two divided teams that clearly play on opposite sides of the fence. A black hat hacker, as you know, is someone who uses his or her “powers” for evil doings. On the other hand there is a type of computer genius that uses his or her powers to do good in this world: the white hat hacker.

3 Different Hacker Types

You’ve been watching and reading the news right?  All of those data breaches that have made headlines; it’s a crazy, risky, digital world that we live in.  The digital world is one where knowledge and information equates to power, or scientias est potestas as the old Latin phrase goes. Sure, these digital attacks sometimes surround money, or politics, but it is the knowledge these hackers possess and gain from their subterfuge that grants them so much influence.  To be a substantial Hacker Attacker, you need knowledge of your own.  Here, I will give you the building blocks to form your own power base to better protect yourself against the biggest aggressors of the digital age. 

Phishing News: Windows Live Digital Certificate Risk

Looking to spend a little bit of that tax return on some sweet online deals? The latest news from Microsoft should make you do a double take before entering your credit card data. There is anew report of a windows live digital certificate risk making the rounds. They are reporting that an unauthorized SSL certificate was issued for “live.fi” that could have been used to leverage man-in-the-middle attacks or even spoof official Microsoft announcements.

Cyber Attack Defense: Are you a potential target?

The simple answer is yes. It seems that everyone is a potential target these days. Recently, even a major health insurance provider announced that they had been breached. Clearly, they lacked appropriate cyber attack protection. I would know, I am one of the 78.8 million people who got the letters in the mail. What were they saying? That they are doing everything they possibly can to ensure that my information is being protected. Great, now I get to join the countless people who suffer a successful cyber attack!

You may ask yourself: why me?

Defending against the Man in the Middle

I remember as a child trying to eavesdrop on conversations I would hear in school. They usually were centered around who kissed whom or who had a crush on someone. As an adult, like most others, I still listen in on other people’s conversations from time-to-time. Usually this happens when you’re standing in line somewhere, and it is hard to not listen in on the people next to you. After talking with a colleague over the weekend about man-in-the-middle (MITM) attacks, I found some similarities to the more typical activity of eavesdropping on others conversations.

TedTalks: Password Strength – Part II

Last time, we talked about the various polices mentioned in the first part of Lorrie Cranor’s video: What’s wrong with your pa$$w0rd? Today, we are going to look at how Hackers breach accounts, and some other methods to consider when trying to increase the strength of your password.  Forewarned is forearmed, after all.

You can find the video in our last article or at TED for reference. 

TedTalks: Password Strength – PART I

You’ve heard it time and time again in recent days.  On every new site that you try to register for, or any time that you have to change your credentials for your bank or reward program website, you see the ever-frustrating notification: password strength – weak.  That’s just the way things are these days.  With more and more hackers signing up to wear the black hat, even more everyday people are becoming the subject of digital theft and attack. 

FREAK and Geeks: Attack and Defense

The Best Offense is a Good Defense

Glass houses are always the worst choice to live in; unless, of course, you want to share your most private secrets with your neighbors.  Most people prefer a house with stronger, thicker, and less ‘see all’ walls where they can protect themselves and their personal information.  Neighbors can throw stones all they want, but they’re not going to crack the walls of an ancient, brick-mortar Victorian. 

It’s an issue as old as time: people will always want to protect their personal data from prying eyes.  Whether that means a thicker flap over the entrance to a straw hut, or a high-end security system that monitors every entrance and exit to a mansion on a hill. But as Hollywood has shown us time and again, where there is extra security, there is usually somebody trying to take what’s hiding inside. 

The digital age has only exacerbated this issue for most users and companies around the world.  The stronger the information security in place, the more vigorous hackers attack in order to find out what is hiding behind the high stone walls on the top of the hill.  Every so often, these hackers find a spot where the mortar is weak, and they drill and drill, under cover of night, until a hole is formed. Then, just out of sight, they sneak in and quietly make away with everything you value most.  So how do you stop somebody coming through the walls around your data? Find the holes, and seal them back up.

A Strong Password: A Hard Nut to Crack

In a recent article “The Great Bank Heist,” I touched on the topic of strong passwords and the need for them. After completing that article I walked away and thought stronger passwords are worth taking a deeper look at and felt compelled to write an article about it. So here it goes…

The Great Bank Heist

 

Typically bank heists are conducted with men wearing all black, ski masks and someone sitting in a van outside ready for a quick getaway. Perhaps that is too old school for a sophisticated group of hackers who just pulled of the biggest bank heist in history, pulling in a billion (yes that is billion with a ‘b’) dollar haul. They carried out this robbery in quite the opposite fashion of the aforementioned style of heist, working remotely and using computers to steal the money. 

The Future of Warfare

“… The next Pearl Harbor that we confront could very well be a cyber-attack”

-Leon Panetta, Former CIA Director

This statement could not be truer, look at everything in this world, it is all going online. Movies, schooling, shopping, books, and more are all now online. It is almost like we never need to leave the house, heck you can even work from home if you land the right job. So why wouldn’t everything turn cyber?

Top 5 Solutions to Stop Hackers

And when I say hackers, I want to be clear. I mean the security crackers that break into your account to steal your information, max out your credit card, and wreak havoc on your computer or device! This is not how you intended things to end when you chose that password that you could remember or ignored Gmail’s new second factor feature. But, now it is too late. Unless you have a Tardis, you are not changing the fact that your email or other personal accounts have been compromised.

Your Phone: Potentially Your Greatest Enemy

Cell phones . . . They have become one of the greatest tools that we use daily. Even if you are against the whole smart phone thing, chances are you have a phone that receives phone calls at the very least. Cell phones have become a way of life, and with the increase in the use of smart phones comes the increase in possible attacks on your personal data.

Hood or Hacker: The Robin Hood Story

“He stole from the rich to give to the poor.” We know the line well, the quintessential line that describes the legend of the famed or infamous (depending on which side you were on), Robin Hood. Robin Hood is a mystery to us all, and there are many versions of the Sherwood Forrest living outlaw. Some say he was an aristocrat turned peoples hero; others say he was an outlawed Yeoman that made a living off of stealing from the rich, led a faithful following of other outlaws, and married the beautiful Maid Marian. It is legends like these that we want to believe are real, that somehow Robin Hood actually existed, and those in corrupted power exposed. The truth is, we don’t always know the full story behind the legend or have all the facts. It is, after all, only legend.

By now, I am sure you know where I am going with this. I am not here to condone breaking the law, but I am here to pose to you that we must look at the facts.

Did you know Sony Pictures was Hacked?

Unless you have been living under a rock for the past month, you know that Sony Pictures was hacked, not just a little . . . They were hacked a lot! Now as a movie goer, blogger, and hacking nut, I was not surprised that Sony got hacked. Companies get hacked all the time; heck, the US Government gets hacked a lot too. But the Sony hacking was much more than meets the eye.