DON’T. SHARE. YOUR. PASSWORDS.

A lot of members of the British Houses of Parliament are under fire this week for some pretty terrifying information security practices. And by terrifying I mean that when I first read this I couldn’t believe that someone in a position of power could be so lax with their security. For those that haven’t seen, […]

6 months after WannaCry: People never learn

WannaCry caused chaos on thousands of networks, cost billions in damages, and represents a new chapter in cybercrime. 6 months after the attack, system administrators and security specialists still haven’t disabled the archaic software which caused it. Using Shodan I searched for devices which are still running public SMB services at the time of writing. […]

Cryptocurrency mining without consent: Drive-by Mining

In mid-September, Coinhive created a service which will probably be known as a huge milestone for cryprocurrencies. It allowed websites to insert a small amount of code onto their site which would use idle cycles on the user’s computer to mine for a cryptocurrency called Monero directly within the web browser. The code is written […]

Why random doesn’t really mean random

A friend of mine sent me a link to one of my favorite videos about how CloudFlare uses a wall of lava lamps to generate random events to seed their cryptographically secure random number generator, and asked why the random numbers generated by Python or C libraries aren’t random enough. If we’re being blunt, no […]

“True” 2 Factor Auth vs “Fake” 2FA

Multi-Factor Authentication is becoming commonplace in almost all of the services that we use on a daily basis. Multi-Factor Auth could comprise of 3 things Something you know a password, PIN, or personal question (name of pet, street you grew up on, etc). This factor is the easiest to beat. Something you have ID Card, […]

Reaper Botnet: Execute Order 66

Almost exactly a year after the Mirai Botnet took down half of the internet, a new IoT botnet is building itself to launch an even more disruptive attack. On October 19th, CheckPoint announced they’ve started tracking a new botnet, named “Reaper”, which had already found its way into over 1 million organizations. Unlike Mirai, which […]