6 Categories of Hackers and What They Want

Last time, I went over the three types of hackers out there.  To give you a stronger foundation from which to build your defense in this digital world, I’ve broken down the category of hacker once more into the various types underneath the hats.  In order to defend against impending subterfuge, it is important to know who may be targeting you or your company.

Password Management Best Practices: Stemming the Tide

This one is geared to all you IT professionals out there who are looking to create a strong, effective, and simple to manage password policy.  We’ve talked before about password best practices, and what not to do.  If you want some more information on that particular subject, check out some of the information provided by the security experts over at PortalGuard.  Today, however, we’re going to look at the password policy in some more detail to figure out what password management best practices are the most effective in actual use. 

Mobile Security | Slow and Steady Need to Combat Mobile Malware

Remember when mobilegeddon was all the rage throughout the net?  It was interesting on the surface, but unless you were a marketing professional, you probably just took those announcements in stride.  Why focus your efforts on understanding the details of the mobile presence for Google if you barely have to interact with it?  In a way, that sort of thinking does make sense (unless, of course, you have a business that has any sort of digital presence), but the whole mobilegeddon event threw into light a major aspect of technology that has been digging its heals into every instance of our lives: mobile security and access. 

Mobile security is on the rise; with a lot of new efforts being made to try and secure data files that get accessed and stored on mobile devices from secure data centers.  For the hacking game, this means there is an increasing focus on the security of mobile devices in general.

Top 5 SSO Security Advantages

Behold the power of one password. That's right, password. No longer are you faced with a plethora of login credentials that you know you will never remember. That vicious cycle of helpdesk calls followed by daily account lockouts has finally come to an end. It sounds like you’ve found yourself a single sign-on (SSO) solution and you’re ready to embrace the convenience. After all, convenience was your primary reason for adopting such a technology, was it not? I’ll let you get back to me on that one. In the meantime, let’s take a look at SSO security, a hot topic among the information security community and what more and more IT decision makers are referring to as their “primary motive” for deploying SSO.

Duqu Cyber Attack - Zero-Day, Predecessors and a Silver Lining

In light of Sir Christopher Lee’s passing, it seems only fitting that we make a nod in his general direction to talk about the most recent attack by our good friend: Duqu.  That’s right, HackerAttackers – There has been another Duqu cyber attack. Duqu is back, and it’s breaking out the big guns with 2.0.  Like its apparent namesake (though, personally, Dooku looks a lot more villainy), Duqu 2.0 is a master of disguise, infiltration and covering its tracks.  We’ve spoken before about the nature of cyber warfare in the digital age, and Duqu 2.0 is a prime example of the evolution of this threat.  Threats such as the Stuxnet virus, and Flame are pushing the envelope for what we consider traditional spycraft and covert war.  The Duqu cyber attack is the most recent, home-based instance of cyber warfare to point out the need for stronger security, and above all, a more penetrating awareness of the threats of our digital age. 

Importance of Password Expiration | Don’t have it – Why Not?

The importance of password expiration is an interesting topic for me.  It’s all over the place online – and rightfully so.  There are tons of questions floating around out there: what is the best duration for a password, should be the same expiration rate for each user, is password expiration beneficial.  It can sometimes be a bit overwhelming to look at.  That being said: there are also areas surrounding the importance of password expiration that are somewhat debated (much like the last question above). In that regard, I would like to take a look at an older article I found interesting and debate some of the claims therein.  Catch up after the jump!

Password Policy Best Practices | 4 Ways Being Hacked Educated Me

Here at HackerAttacker, we talk a lot about how to protect yourself from hackers of all shapes and sizes (or colors, as it were).  What we rarely talk about is what it is liked to actually be hacked.  There are countless examples of various individuals being hacked (and we’ve talked a lot about some big company hacks as well), so you know it isn’t some rare occurrence.  Today, I’m going to talk about some password policy best practices I learned from being hacked myself, and how the experience changed the way in which I approach my online security.

Password Generator Using Words | Things to Know

We all know that hackers are out there and the worst of the lot want the key to our castle. In today’s world of online banking and VPN access to corporate accounts, there are many who say we are still using the wrong type of ‘key;’ one that is easily stolen and/or copied.  The password is still around though, for better or worse (though Microsoft is working on changing that soon, and with it comes the typical issues of forgotten passwords and account lockouts.  With the average help desk call costing around $25-$30 per call, a simple solution would be welcome in most environments.  Instead of just your typical self-service password reset solution; why not take a look at a password generator using words that the user has previously set? If you are interested in reducing help desk costs and empowering your users, read on after the jump!

What Star Wars Taught Me About Information Security

A belated May the 4^th to all of you Star Wars Fans out there! If you’ve never seen Star Wars: a New Hope, then beware: Spoilers ahead (also, you should go watch that.  Seriously, go now.  We can talk after).  Obviously, one of our favorite topics here at HackerAttacker is security in all its shapes and forms.  We’ve talked about various hackers, how to hack the government, and even how hacking is like picking a lock.  One thing that I never really take into consideration, however, is how much security is thrown in our faces throughout pop culture.  I’m not just talking about advanced techniques seen in movies like Mission Impossible or James Bond; I’m talking about popular culture both old and new.  Specifically, how Star Wars taught me more about information security than most any actual course or class ever could. 

Simple USB Token Logon | Secure Authentication

Passwords.  Did you even read that word?  Passwords are such a staple of everyday life now that we hardly even recognize when the word even plants itself in front of us.  Half of the time, a website asks us to enter a username or ID and we immediately fill the blank space beneath it with a password.  We don’t even think about it.  That’s just the way things are now, especially with people.  Don’t you think it would be nice if you could login without a password though? Sure, it sounds simple, but what about the fallout surrounding the security vulnerabilities inherent in using no password?  Let’s talk about that after the jump!

Preventing Phishing Attacks | How to Protect Your Information Online

To this day, entering personal information online makes many of us feel uneasy. In fact, I sometimes find myself paying certain bills by submitting a hand-written check through the mail. In a personal attempt to prevent phishing attacks, it makes sense.  Now, some may call this old-fashioned method a waste of time. Maybe it's even being too paranoid or merely an under-utilization of technology’s modern-day user experience. What can I say, old-fashioned ways tend to have a better ability to prevent phishing attacks!

Authentication Best Practices - Brief History of Security

We talk a lot about the digital age of warfare here at HackerAttacker.  It’s kind of the most popular aspect of the digital age today.  Just take a look at history; war is always resting at or about the pinnacle of the public forum.  Why mess with a classic? When it comes to security and authentication best practices, however, there are more avenues to peruse than simply the digital side of warfare.  In that element, we are going to take a look at some older forms of deception and how they play a role in the social relationships inherent in digital security and authentication.

Contextual Authentication - Who is Behind the Keyboard?

Have you ever asked yourself this question before? The MTV TV show Catfish asks this question in every single episode. They work with people all over the United States that have fallen in love with someone they have never met in person, or even talked to on the phone before. On the show, the two hosts work together to find the person who is behind the other keyboard in order to play matchmaker. Nine times out of ten, the person on the other end of the line is not who they say they are. They might not even look remotely close to who they are pretending to be online.

This got me thinking a couple of things… Why do people do this? And how can user fraud be stopped online?

War is Changing: Digital Authentication and Security Solutions

War is changing.  We’ve talked about this before, but the state of war between nations is evolving every day. What once was a sequence of battles between armies, marching in line towards each other, has now become a digital minefield of secrecy, deception, and cyber attacks.  It’s one of the age-old ideas for inventors and other entrepreneurs: give me something that will make life easier, and I’ll show you the next great weapon.  Recently, the White House (you know, the place where all of the people that run things tend to go) was victim of a long-standing, brutal cyber attack.  Sure, the various sources say that nothing ‘Top Secret’ was made available to the public or the attackers, but that doesn’t do much to make me feel better.  I don’t know about you, but I’m left wondering: what did they get? I guess, in a way, the next leap my mind makes is towards digital authentication and security solutions. 

The Secret is Out!

Who does not love a good secret? Being in on a secret is exciting! You know something that someone else does not know; you are instantly special and separated from the pack. Congratulations! But what if that secret is crap? A false façade someone has put up to cover up the truth or to mislead you to think differently about the person or situation.

Deception is real and happens every day. Everywhere you look there is deception being played out.

The guy sitting next to you right now, is that his real hair color? Are your neighbors really happily married? Did we really land on the moon? Is global warming real? Did Al Gore really invent the Internet? Is the dress black and blue or white and gold? What should I believe is the truth?

Gallimaufry Grey Hats - For the Greater Good

Recently I wrote about a couple of very notable White Hat hackers who have literally changed the world as we know it. Those savants of technology took a concept and made it staple in the world we live in. Today we turn the tables though and look at a couple of adventurous grey hat hackers that used their considerable skills to make a statement.

Hooray for White Hats: A look at two who changed the world

In the world of hacking there is good and evil, much like in any other world I suppose. However, like in the Transformers movies, there are two divided teams that clearly play on opposite sides of the fence. A black hat hacker, as you know, is someone who uses his or her “powers” for evil doings. On the other hand there is a type of computer genius that uses his or her powers to do good in this world: the white hat hacker.

3 Different Hacker Types

You’ve been watching and reading the news right?  All of those data breaches that have made headlines; it’s a crazy, risky, digital world that we live in.  The digital world is one where knowledge and information equates to power, or scientias est potestas as the old Latin phrase goes. Sure, these digital attacks sometimes surround money, or politics, but it is the knowledge these hackers possess and gain from their subterfuge that grants them so much influence.  To be a substantial Hacker Attacker, you need knowledge of your own.  Here, I will give you the building blocks to form your own power base to better protect yourself against the biggest aggressors of the digital age. 

Phishing News: Windows Live Digital Certificate Risk

Looking to spend a little bit of that tax return on some sweet online deals? The latest news from Microsoft should make you do a double take before entering your credit card data. There is anew report of a windows live digital certificate risk making the rounds. They are reporting that an unauthorized SSL certificate was issued for “live.fi” that could have been used to leverage man-in-the-middle attacks or even spoof official Microsoft announcements.

Cyber Attack Defense: Are you a potential target?

The simple answer is yes. It seems that everyone is a potential target these days. Recently, even a major health insurance provider announced that they had been breached. Clearly, they lacked appropriate cyber attack protection. I would know, I am one of the 78.8 million people who got the letters in the mail. What were they saying? That they are doing everything they possibly can to ensure that my information is being protected. Great, now I get to join the countless people who suffer a successful cyber attack!

You may ask yourself: why me?