question

Why most, if not all, “New Generation” endpoint security product are not self-sustained?

Fire Eye, Sentinel One, Crowdstrike, HackerOne, Cylance, Cyphort, Trustlook, Venafi, Clavister, Invincea,  Code42,  just to name a few,  are so called NG Cybersecurity startups. NG comes from “New Generation” or “Next Generation”… (Yeah, just like in StarTrek. 🙂 )   What exactly are these “NG” products and services? There is no single definition that fits them all. Here are the common features: All of them have a cloud backend. Some install an agent on each machine, some install an appliance that acts as a sniffer in the network. Some others must be installed on the default gateway where they take…

Read More


competition

Love statistics? Read here what went wrong with the USA presidential election polls

Source: http://stats.stackexchange.com/questions/245063/us-election-results-2016-what-went-wrong-with-prediction-models   Original question: First it was Brexit, now the US election. Many model predictions were off by a wide margin, and are there lessons to be learned here? As late as 4 pm PST yesterday (n.b. on 08.11), the betting markets were still favoring Hillary 4 to 1. I take it that the betting markets, with real money on the line, should act as an ensemble of all the available prediction models out there. So it’s not far-fetched to say these models didn’t do a very good job. I saw one explanation was voters were unwilling to identify…


breaches-full

Scary to see details of the World’s Biggest Data Breaches

Source: http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/   No worries, the chart is very interactive and you can select what you want to see by changing the filter: The problem is that if you select like the screenshot below, you will not see anything anymore. This is scary!   Statistics? Actually, the data is scary: it seems that at any point in time there was a breach.     Here is the source of the data: https://docs.google.com/spreadsheet/ccc?key=0AmenB57kGPGKdHh6eGpTR2lPQl9NZmo3RlVzQ1N2Ymc&single=true&gid=2&range=A1%3AW400    


http-poxy

Vulnerability analysis: how “HTTPoxy” allows redirect of web applications http-queries

This is a guest post written by Alex Bod, Information Security Researcher and the founder of the Gods Hackers Team.   The information about a set of vulnerabilities called HTTPoxy was published on July 18. Using this, attackers can replace the HTTP_PROXY environment variable that allows them to redirect http-queries to the Web applications on their resources. The vulnerability was identified in partnership with the developer Dominic Scheirlinck, who in his blog talked about how the vulnerability was discovered by his colleagues in the analysis of one of the tickets, received in support.   How it works   Scheirlinck explains in…


wordfence

DOS challenges with ITsecurity.co.uk

We were faced on ITSecurity.co.uk with a problem which was at first out of our control: “somebody” is creating, probably without knowing, a denial of service on this website. The consequence was that it was “consuming” the accesses to the database behind this WordPress site. The ISP hosting the website limits the accesses to 50K a day. More accesses require a high plan, three times more expensive. The “somebody” is an IP from Canada which, considering the fact that it is retrying every second, it is most probably a script out of control. First thing, I contacted the owner of the IP address at…



car-hack

Chinese Researchers Remotely Hack Tesla Model S (Update)

Security researchers from China-based tech company Tencent have identified a series of vulnerabilities that can be exploited to remotely hack an unmodified Tesla Model S while it’s parked or on the move. The researchers managed to perform various actions. While the vehicle was parked, the experts demonstrated that they could: control the sunroof, the turn signals, the position of the seats, all the displays, the door locking system. While the car was on the move, the white hat hackers showed that they could activate the windshield wipers, fold the side view mirrors, and open the trunk. They also demonstrated that…


yahoo

Yahoo was hacked in 2014 and lost the credentials of over 500Mil accounts

Oh boy…. they were hacked two years ago and they say it was a “state sponsored attack”. What the hack is that ?! How do you differentiate a hack done by an employee from a state sponsored attack? Let’s take it step by step: Yahoo has started to write to all affected customers this email: https://s.yimg.com/sf/support/en-us-security-notice-content.pdf Below is the text of the email notice sent by Yahoo to potentially affected users. Please note that the email from Yahoo about this issue does not ask you to click on any links or contain attachments and does not request your personal information. If an…


wired

Annoying Internet Ads: An Open Letter To Digital Marketers Everywhere

I gave a nice interview to MICHAEL O’DWYER for IPSwitch and he wrote the following article: Annoying Internet Ads: An Open Letter To Digital Marketers Everywhere “Ads consume bandwidth, especially those delivered as Flash or code. If you’re on a mobile device, with a small screen, the ads will also cover a good portion of the screen, thus making it difficult or even impossible to see the desired content you want to see,” says Sorin Mustaca, CSSLP, Security+, Project+, an independent IT security consultant. “[Over] the last 3 years, we hear[d] more and more about malvertising — the delivery of malicious software…


By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close