Data Security
Are You Smarter Than a Hacker? [CONTEST]
Nov 24, 2014
They’ve broken into the largest retailers, key government agencies, and major social media companies, stealing tens of millions of credit card numbers, email addresses, and sensitive data. They’re experts at...
Getting Started with PowerShell Option Inputs
Nov 17, 2014
PowerShell is the dominant method of automating tasks and scripting changes for Windows sysadmins. This article covers getting started with some basic PowerShell usage and how to pass optional customization...
How to Be Your Own Best Password Generator
Nov 12, 2014
Let’s face it people, we’re bad at coming up with our own passwords. They’re too short, too obvious, and hackers have gotten very good at breaking them —either by outright guessing...
What You May Have Missed
Sep 19, 2014
1. Here’s an interesting perspective from a CTO on why metadata matters. 2. By September 30th, California Governor Jerry Brown will either veto or sign two very important bills that will protect...
Phishing Attacks Classified: Big Phish vs. Little Phishes
Sep 16, 2014
The CMU CERT team I referred to in my last post also has some interesting analysis on the actual mechanics of these phishing attacks. Based on reviewing their incident database, the...
In Search of Kerberos’s Golden Ticket
Sep 05, 2014
In a Kerberos environment, all users get tickets, or more specifically TGTs (Ticketing Granting Tickets). It’s the starting point for gaining access to services—network files, email, apps, etc. In Windows,...
Kerberos Weaknesses: Pass the Ticket Is a Real Threat
Aug 27, 2014
August is always a good time to check up on the dark side. Black Hat had its annual conference earlier this month, and there are always presentations worth looking at....
Top Five Most Dangerous Software Errors
Aug 11, 2014
Over the years, Mitre, the MIT research group, has been analyzing software bugs and missteps that hackers have been able to exploit. Their Common Vulnerabilities and Exposures (CVE) classifications are...
Authentication Lessons from the Magic Kingdom: A Closer Look at Kerberos, Part I
Aug 06, 2014
The flaws in NTLM I’ve been writing about might lead you to believe that highly-secure authentication in a distributed environment is beyond the reach of mankind. Thankfully, resistance against hackers...
Pass the Hash, Part III: How NTLM Will Get You Hacked
Jul 15, 2014
The most important takeaway about PtH is that the password hashes that are stored in memory (and grabbed by hackers) are a feature of Single Sign On.
3 Deadly File Permissions Mistakes
Jul 08, 2014
Scarily, in most organizations people have access to much more information than they need in order to do their jobs. With file permissions, it’s easy to mess things up and...
A Closer Look at Pass the Hash, Part II: Prevention
Jun 26, 2014
Last week, I attended a webinar that was intended to give IT attendees a snapshot of recent threats—a kind of hacker heads-up. For their representative case, the two sec gurus...
Try Varonis free.
Deploys in minutes.