Chances are that if you've used the internet in the last 15 years you've been subjected to more ads than there are grains of sand on a beach. There's also a good chance you've gotten sick of them and installed an Adblocker.
Topics: Cybersecurity, Information Security, consumer security
It’s common knowledge that websites are able to give users free content by serving advertisements and performing analytics in order to generate revenue (full disclosure: if you check this page’s source code, you’ll see Google Analytics and HubSpot). It turns out that between you and the website you’re browsing, there are a few friendly third parties who are very interested in your data. Let’s take a surface level look into how online tracking works, and how you may be uniquely identified with a few JavaScript API calls.
Topics: Cybersecurity, Information Security, Personal Privacy
At this point, everyone has probably heard a speech about how important it is to have a strong password. It is true that a strong password is extremely important in preventing an attacker from guessing or cracking it. However, it does not help against those annoying and ever-present phishing attacks when a user unknowingly hands over their password. And unfortunately, it’s almost inevitable that this will happen. This means that there will always be a question about the security of a password.
Topics: Cybersecurity, Information Security, Personal Data Protection, Passwords
Let’s just say there’s a lot to learn from history without quoting Sun Tzu… again. Especially in information and cybersecurity. While much of the birth of cyber realm revolves around the military - many of the members of our community are current or former members of various armed forces - many of us still refer to the military influence of old when working through our business planning and various actions revolving around cybersecurity. A great example is the common use or reference to Boyd’s OODA (Observe–Orient–Decide–Act) loop flow chart in both attack and defensive security applications. In sticking to a military theme, I want to touch on a story from World War II and its applicability in today’s modern cybersecurity world.
Topics: Cybersecurity, Network Security, Information Security, Penetration Testing
During a penetration test, we’ve found that a common (and easy) way to gather credentials and gain an initial foothold on the client’s network is to perform a Man-in-the-Middle poisoning attack abusing LLMNR & NBT-NS. Depending on how active users are on the network, this attack can give an adversary valuable information almost immediately. Fortunately, with a little knowledge, this attack can be easily remediated.
What is LLMNR & NBT-NS?
Topics: Cybersecurity, Network Security, Information Security, hacking