By:

You’re Still Using Clear Text Passwords!?

March 9th, 2015

This week I was doing some poking around in the hacking forums. Someone recently posted a huge password list. These get circulated around from time to time. It’s a long list of words and character sequences people commonly use for passwords. The intent is that you feed the list to a tool like John the […]



By:

Hacking (Protecting) Your POS System

February 23rd, 2015

In the House of Cards series of posts, I walked you through gaining access to a company’s network through an online portal in order to exfiltrate credit card data. It was a lengthy process, but the target company had enough data to make the time investment worthwhile. Most credit card data thefts come from POS […]



By:

Is Your Organization a House of Cards – Part 6

February 17th, 2015

This is the last in a series of posts describing how a typical credit card data theft occurs, from the hacker’s point of view. If you haven’t read the prior posts, check out parts 1, 2, 3, 4, and 5 to see how we got here. At this point, I have credentials for an online invoicing portal […]



By:

Is Your Organization a House of Cards – Part 5

February 9th, 2015

This is another in a series of posts (parts 1, 2, 3, 4 ) discussing how I’m infiltrating an airline’s network to gain access to credit card data. I’ve identified a vendor for the airline and am in the process of retrieving saved passwords from the vendor’s Chief Accountant’s browsers. My goal is to find credentials […]



By:

Is Your Organization a House of Cards – Part 4

February 2nd, 2015

In previous posts (part 1, part 2, part 3) I have been taking you through the steps to steal credit card information from Lychee Air, an airline in China. So far I have managed to break into the network of a catering company who works with Lychee Air. I have downloaded account info for their […]



By:

Is Your Organization a House of Cards – Part 3

January 26th, 2015

In my last 2 posts (part 1, part 2) I explained I will be walking you through the attack of an airline company in order to obtain credit card data I can sell. I’ve identified an airline, Lychee Air, flying out of Hangzhou Airport. I was able to use a not-so-public IP camera to watch […]



By:

Is Your Organization a House of Cards – Part 2

January 19th, 2015

In my last post, I explained I will be walking you through the attack of an airline company in order to obtain credit card data I can sell. Now I have my project defined. The first step is to identify a target. Because I’m looking specifically for an airline, I can’t just start scanning ports […]



By:

Is Your Organization a House of Cards?

January 12th, 2015

Some data breaches get a lot of attention in the news. When a large amount of data is taken from a popular retailer or organization, it makes big news in the media, and law enforcement gets interested. They like to be seen investigating the biggest crimes so everyone thinks they are doing their job. On […]



By: - Dir. Solutions Marketing

Infosec Haiku

December 21st, 2014

Anata no joho sekyuritei konshu no haiku Sony Hack Is Called “Snowdon for Corporations” This 5h1t Just Got Real   ### Notes ### * Thanks to Ms. Etsuko vdH for the translation. * Thanks to everyone who’ve contributed their haikus … watch this space to see if yours is published. * Submit Your Own … […]



By: - Independent Computer Security Analyst

@gcluley

Did North Korea Hack Sony? It Seems Hard to Believe

December 1st, 2014

There’s plenty of rumours and speculation, but one thing is certain: something has gone awfully awry with the computer systems at Sony Pictures Entertainment – the television and movie subsidiary of the huge Sony Corporation. The media has been full since last week with reports that the company has shut down its servers, after a ghoulish […]


By: - IT Security Expert

Avoiding the User Blame Game

October 10th, 2013

It might not be part of any formal forensics or incident response policy, but odds are at most organizations, whenever a malicious hacking attack hits the mark there’s one step rarely missed: blaming the user. Users do some boneheaded things sometimes so pointing the finger at them is easy. But the truth is if IT […]


By: - Forensics and Security Expert

@phenrycissp

Securing the Internet of Things

June 6th, 2013

Gone are the days when the Internet was something accessed only through a PC attached to an Ethernet plug. Access is now available from anywhere and via a multitude of form factors. The Internet has moved beyond the computer and even your smartphone into the most unlikely of things. Your TV, your thermostat, even your […]


By: - Former Chairman and CEO, Lumension

@pclawson

Big Brother is Listening Too – Are Journalists Sitting Ducks Part II

May 29th, 2013

Since writing “Are Journalists Sitting Ducks?” a few months back in response to the New York Times being targeted by Chinese hackers, several more high profile news organizations have been hacked including The Onion, AP, Financial Times and BBC. It’s apparent this trend is not going away any time soon. To add insult to injury, […]


By: - Technology Reporter

FBI Apple AntiSec Chess Match

September 12th, 2012

The denials by the FBI and Apple that unique device identifiers (UDIDs) of Apple devices were breached would seem to put to rest Anonymous spinoff AntiSec’s claim that it was able to steal 12 million UDIDs from Special Agent Christopher Stangl’s notebook computer. Right? Not so fast. A number of media outlets have confirmed with […]


By: - Dir. Solutions Marketing

Change Your LinkedIn Password – Now!

June 6th, 2012

LinkedIn – the online professional networking site which I suspect many Optimal Security blog readers use – has apparently been hacked, resulting in something like 6.5M SHA-1 hashed passwords being posted in a Russian hacker site. This evolving situation will certainly be updated through-out the day (and beyond), so I don’t want to recap the […]



IT Secured. Success Optimized.™

Contact Lumension | Privacy Policy

Connect & Follow Us

blog.lumension.com