Podcast appearances and mentions of morris worm

Craig Peterson's Tech Talk

Play Episode Listen Later Dec 20, 2021 113:48

12202021 : Supply Chain + Metaverse + 2021 electronic gifts ………. Keywords: zone-h, hands on hacking, ethical hacking, hacker course hackerbox.org Hackers Home Page for FREE Geeky Image Submission and Tools Conficker. First discovered in 2008, Conficker, which had many aliases, including Downup, Downadup, and Kido is a worm that targets Windows operating systems. ... ILOVEYOU. ... Morris Worm. ... Mydoom. ... Stuxnet. ... CryptoLocker. ... Sasser & Netsky. ... Anna Kournikova Keywords: hack, hacker, hackers, hackerbox ethicalhacker.net The Ethical Hacker Network - Free Online Magazine for the Security Professional Nokia, Fujitsu, Motorola and Sun Microsystems Keywords: ethicalhackernet, hacking, hack, hacker resource for Kaspersky Lab experts' technical research, analysis, and thoughts. Online headquarters of Kaspersky Lab security experts. zone-h.com Zone-H - Unrestricted Information - A global view to the world with a stress on the ITsec Keywords: zone-h, hands on hacking, ethical hacking, hacker course coresecurity.com Enabling enterprises with access control systems & penetration testing for a comprehensive and predictive approach to Information Security Ethical Hacking, Cyber Forensic, Website Security, VAPT, Mobile Security. safeguarding critical data a... Keywords: penetration test, penetration testing, penetration testing product, ethical hacking insecure.in internet security and ethical hacking Keywords: internet security, ethical hacking, information security, network security pentestit.com Your source for all things Information Security! Keywords: hacking, cracking, pentest, computer security hacktabs.com HackTabs is a Technology Blog. We write about Technology,How To Guides,Social Media,Ethical Hacking,Microsoft Windows,SEO,Blogging,Mobiles and Gadgets...

MORRIS.WORM: Earth's First Computer Worm

The Disrupt Podcast

Play Episode Listen Later Dec 15, 2021 12:37

1988, the first self-replicating computer worm disrupts Earth's internet. Sponsored by https://www.disrupt.plus

earth computers first computer morris worm

Clifford Stoll and the Cuckoo's Egg

The History of Computing

Play Episode Listen Later Dec 3, 2021 11:38

A honeypot is basically a computer made to look like a sweet, yummy bit of morsel that a hacker might find yummy mcyummersons. This is the story of one of the earliest on the Internet. Clifford Stoll has been a lot of things. He was a teacher and a ham operator and appears on shows. And an engineer at a radio station. And he was an astronomer. But he's probably best known for being an accidental systems administrator at Lawrence Berkeley National Laboratory who setup a honeypot in 1986 and used that to catch a KGB hacker. It sounds like it could be a movie. And it was - on public television. Called “The KGB, the Computer, and Me.” And a book. Clifford Stoll was an astronomer who stayed on as a systems administrator when a grant he was working on as an astronomer ran out. Many in IT came to the industry accidentally. Especially in the 80s and 90s. Now accountants are meticulous. The monthly accounting report at the lab had never had any discrepancies. So when the lab had a 75 cent accounting error, his manager Dave Cleveland had Stoll go digging into the system to figure out what happened. And yet what he found was far more than the missing 75 cents. This was an error of time sharing systems. And the lab leased out compute time at $300 per hour. Everyone who had accessed the system had an account number to bill time to. Well, everyone except a user named hunter. They disabled the user and then got an email that one of their computers tried to break into a computer elsewhere. This is just a couple years after the movie War Games had been released. So of course this was something fun to dig your teeth into. Stoll combed through the logs and found the account that attempted to break into the computers in Maryland was a local professor named Joe Sventek, now at the University of Oregon. One who it was doubtful made the attempt because he was out town at the time. So Stoll set his computer to beep when someone logged in so he could set a trap for the person using the professors account. Every time someone connected a teletype session, or tty, Stoll checked the machine. Until Sventek connected and with that, he went to see the networking team who confirmed the connection wasn't a local terminal but had come in through one of the 50 modems through a dial-up session. There wasn't much in the form of caller ID. So Stoll had to connect a printer to each of the modems - that gave him the ability to print every command the user ran. A system had been compromised and this user was able to sudo, or elevate their privileges. UNIX System V had been released 3 years earlier and suddenly labs around the world were all running similar operating systems on their mainframes. Someone with a working knowledge of Unix internals could figure out how to do all kinds of things. Like add a program to routine housecleaning items that elevated their privileges. They could also get into the passwd file that at the time housed all the passwords and delete those that were encrypted, thus granting access without a password. And they even went so far as to come up with dictionary brute force attacks similar to a modern rainbow table to figure out passwords so they wouldn't get locked out when the user whose password was deleted called in to reset it again. Being root allowed someone to delete the shell history and given that all the labs and universities were charging time, remove any record they'd been there from the call accounting systems. So Stoll wired a pager into the system so he could run up to the lab any time the hacker connected. Turns out the hacker was using the network to move laterally into other systems, including going from what was ARPANET at the time to military systems on Milnet. The hacker used default credentials for systems and leave accounts behind so he could get back in later. Jaeger means hunter in German and those were both accounts used. So maybe they were looking for a German. Tymenet and Pacbell got involved and once they got a warrant they were able to get the phone number of the person connecting to the system. Only problem is the warrant was just for California. Stoll scanned the packet delays and determined the hacker was coming in from overseas. The hacker had come in through Mitre Corporation. After Mitre disabled the connection the hacker slipped up and came in through International Telephone and Telegraph. Now they knew he was not in the US. In fact, he was in West Germany. At the time, Germany was still divided by the Berlin Wall and was a pretty mature spot for espionage. They confirmed the accounts were indicating they were dealing with a German. Once they had the call traced to Germany they needed to keep the hacker online for an hour to trace the actual phone number because the facilities there still used mechanical switching mechanisms to connect calls. So that's where the honeypot comes into play. Stoll's girlfriend came up with the idea to make up a bunch of fake government data and host it on the system. Boom. It worked, the hacker stayed on for over an hour and they traced the number. Along the way, this hippy-esque Cliff Stoll had worked with “the Man.” Looking through the logs, the hacker was accessing information about missile systems, military secrets, members of the CIA. There was so much on these systems. So Stoll called some of the people at the CIA. The FBI and NSA were also involved and before long, German authorities arrested the hacker. Markus Hess, whose handle was Urmel, was a German hacker who we now think broke into over 400 military computers in the 80s. It wasn't just one person though. Dirk-Otto Brezinski, or DOB, Hans Hübner, or Pengo, and Karl Koch, or Pengo were also involved. And not only had they stolen secrets, but they'd sold them to The KGB using Peter Carl as a handler. Back in 1985, Koch was part of a small group of hackers who founded the Computer-Stammtisch in Hanover. That later became the Hanover chapter of the Chaos Computer Club. Hübner and Koch confessed, which gave them espionage amnesty - important in a place with so much of that going around in the 70s and 80s. He would be found burned by gasoline to death and while it was reported a suicide, that has very much been disputed - especially given that it happened shortly before the trials. DOB and Urmel received a couple years of probation for their part in the espionage, likely less of a sentence given that the investigations took time and the Berlin Wall came down the year they were sentenced. Hübner's story and interrogation is covered in a book called Cyberpunk - which tells the same story from the side of the hackers. This includes passing into East Germany with magnetic tapes, working with handlers, sex, drugs, and hacker-esque rock and roll. I think I initially read the books a decade apart but would strongly recommend reading Part II of it either immediately before or after The Cukoo's Egg. It's interesting how a bunch of kids just having fun can become something far more. Similar stories were happening all over the world - another book called The Hacker Crackdown tells of many, many of these stories. Real cyberpunk stories told by one of the great cyberpunk authors. And it continues through to the modern era, except with much larger stakes than ever. Gorbachev may have worked to dismantle some of the more dangerous aspects of these security apparatuses, but Putin has certainly worked hard to build them up. Russian-sponsored and other state-sponsored rings of hackers continue to probe the Internet, delving into every little possible hole they can find. China hacks Google in 2009, Iran hits casinos, the US hits Iranian systems to disable centrifuges, and the list goes on. You see, these kids were stealing secrets - but after the Morris Worm brought the Internet to its knees in 1988, we started to realize how powerful the networks were becoming. But it all started with 75 cents. Because when it comes to security, there's no amount or event too small to look into.

university california google china internet man real germany russian german oregon fbi maryland iran boom vladimir putin computers id cia rock and roll hackers cyberpunk similar iranians koch nsa egg clifford war games telegraph kgb berlin wall cuckoo mikhail gorbachev hanover jaeger east germany west germany unix stoll dob arpanet chaos computer club lawrence berkeley national laboratory mitre corporation hans h lulzsec pengo urmel morris worm karl koch cliff stoll dave cleveland

Episode 34 - The Morris Worm, F12 Responsible Disclosure, and Tar

Real CyberSecurity

Play Episode Listen Later Nov 10, 2021 45:56

This episode we roast the continuing awfulness of companies and politicians who accuse vulnerability researchers of hacking, Bill gives a history lesson on tarry substances used on crypto boards, and how the Morris Worm changed history.

responsible disclosure morris worm

1988

Time Capsule

Play Episode Listen Later Mar 25, 2021 20:40

The Morris Worm, Polio, shoes without socks, Jessica Rabbit, Faith, and the 1988 Olympics.See omnystudio.com/listener for privacy information.

olympic games polio time capsules jessica rabbit morris worm

2nd November 1988: Release of the Morris Worm signalled the first major internet security attack

HistoryPod

Play Episode Listen Later Nov 2, 2020

By the time the attack was brought under control over the next few days, between 2,000 and 6,000 major systems had been ...

attack internet security morris worm

A New Direction for Hackers plus more on this Tech Talk with Craig Peterson Podcast

Play Episode Listen Later Oct 2, 2020 8:49

Welcome! Craig discusses problems that businesses can face when using VPNs and why you should be looking to a Zero-trust network if you are running a business today. For more tech tips, news, and updates, visit - CraigPeterson.com --- Traders set to don virtual reality headsets in their home offices What's on Your Enterprise Network? You Might Be Surprised Malware Attacks Declined But Became More Evasive in Q2 One of this year’s most severe Windows bugs is now under active exploit The VPN is dying, long live zero trust Shopify's Employee Data Theft Underscores Risk of Rogue Insiders Microsoft boots apps out of Azure used by China-sponsored hackers WannaCry Has IoT in Its Crosshairs Love in the time of Zoom: Why we’re in the midst of a dating revolution --- Automated Machine-Generated Transcript: Craig Peterson: [00:00:00] What is going on with malware? There've been some major changes just over the last few months. That's what we're going to talk about right now. What do you need to watch out for? What should you be doing in your business as well as your home? Hey, you're listening to Craig Peterson. We know that they're here. I have been a lot of attacks over the years. That's what we're trying to stop. Isn't it with our businesses, with our home users? That's why we buy antivirus software or why we have a firewall at the edge. Maybe we even upgraded your firewall. You got rid of that piece of junk that was provided by your internet service providers. Most of them are frankly, pieces of junk, maybe you're lucky and have a great internet service provider that is giving you really what you need. I have yet, by the way, to see any of those internet service providers out there, that are really giving you what you need. So there is a lot to consider here when we're talking about preventing and preventing malware. What we have found is that malware attacks declined this year in the second quarter, but here's what's happening. Right? They are getting through more. Historically, we had things that have hit us that have been various types of malware. I remember when I first got nailed back in 91. I had a Unix server that I was running, as you probably know, I've been using Unix since the early eighties, 81, 82. I was using Unix, and I had my own Unix machines because I was helping to develop the protocols that later on became the internet about a decade or more later. The Unix world was on rather an open world. Was everybody on the internet was pretty friendly. Most people were involved in research, either government research or businesses doing research online, a lot of smart people and we actually had some fun back in the days', puns, and everything. We weren't that worried about security, unlike today, where security really is a top of mind thing for so many people. We weren't worried about who's going to do this to me or that to me. I had a Unix server that I was using, actually at a few of them that I was using for my business. Now, one of those servers was running emails, a program called Sendmail. That's still around today. It was the email package that was ruling the internet back at the time. I got nailed with something called a worm. It was the Morris Worm. In fact, it got onto my computer through no act of my own. I didn't click on anything. It got onto my computer because it came through the internet. That was back in the days when we really didn't have much in the line of firewalls so it just talked to my mail server. One of these days we'll have to tell some stories about how we really trusted everybody back then. You could query to see if an email address was good. You could get onto the machine and say, Hey guy, I noticed that you had this problem so I went in and fixed it for you, and here's what I did. Much, much different world back then. But that's how malware used to spread. It was something, it was just kind of automated. It went out and they just checked everybody's machine to checked firewalls, to see what they were to see if they were open. We've been doing that for a very long time, haven't, we? We have been nailed with it. That's what the viruses were and are still. Where it gets onto your computer. Maybe you installed some software that you shouldn't have, and that software now takes over part of your computer. It affects other files. It might be something that's part of a Word macro or an Excel macro. And it now spreads through your sharing of that file and other people opening it. Worms are like what I got nailed with, just start crawling around through the internet. So they run some software on your machine and that looks for other machines and today things have changed again. They are changing pretty frequently out there. What we have seen so far here in 2020 is a decrease in malware detections. Now, just because there's been a decrease in malware detections, I don't want you to think that the threat has diminished because it hasn't. But the signature-based antivirus system is real problems. Now, what's a signature-based antivirus system. That's any antivirus software, like your McAfee's like your Norton's, the Symantec stuff, any antivirus software, that is working like your body's immune system. What happens with your body's immune system? You get a virus and you're your body says, okay, what's going on here? It starts to multiply. Eventually, the body figures it out. It develops antibodies for it. So the next time it sees that particular virus, you're likely to be pretty much immune from it. Your body's going to say, Whoa, that's a virus and it goes in and kills it pretty darn quickly. That's the whole idea behind trying to stop the WuHan virus that is spreading out there. How do we stop it while we stop it, by just developing antibodies? Right? That's herd immunity. We could also develop antibodies by an antivirus shot that is designed to stop that virus from spreading and prevents you from coming down with COVID-19 symptoms. In the computer world, it's much the same as most of the software signature-based antivirus software is exactly the same as the way your body's immune system has been working. In many, many ways. Here's what happens. Someone gets infected with a virus and they reported to Symantec or Norton, or maybe the software reported itself. Usually, it's a third party that reports that and they look at it and they say, okay, so what does this virus look like? There is in this program the developers' names embedded or the name of the hacker group is embedded in it. So we are going to now say any piece of software that it has this hacker group's name in it, we're going to ban. Right? It recognizes it. So when the file comes onto your computer your computer looks at it. It looks at the signatures. These are called signatures. To say, okay, how does it match? Or it doesn't match at all and it might be through a string that's somewhere embedded in there. So it might be through a name. It might be through a number of other things. That's signature-based. The malware, that was not detectable by signature-based antivirus systems jumped 12%. In the second quarter of 2020. That is amazing. Amazing, absolutely amazing. Seven in 10 attacks that organizations encountered in the second quarter this year. In fact, involved malware designed to circumvent anti-virus signatures. Most cyber-attacks last year and this is probably going to be true in 2020 as well as we get into the fourth quarter. But most cyberattacks in 2019 came about without malware. That means that there were hackers behind this. We're going to talk about that. What's going on some of the data also from CrowdStrike and what they have found CrowdStrike is an anti-malware anti-hacker company. They've got a lot of great people working for them as well. What they have found. It's like the bad old days of hacking and they're back on us right now. So make sure you stick around. Cause we're going to get into that when we get back. And of course, we got a whole lot more, including a major windows bug that's now under exploit and how does this all fit together? You are listening to Craig Peterson. --- More stories and tech updates at: www.craigpeterson.com Don't miss an episode from Craig. Subscribe and give us a rating: www.craigpeterson.com/itunes Follow me on Twitter for the latest in tech at: www.twitter.com/craigpeterson For questions, call or text: 855-385-5553

Cybercrime History: Curious Captains are Calling, Pt 3

Cybercrimeology

Play Episode Listen Later Sep 15, 2020 34:38

More about Our Guesthttps://researchers.anu.edu.au/researchers/grabosky-pnPersons of Note:Abbie Hoffmanhttps://www.smithsonianmag.com/history/how-new-york-stock-exchange-gave-abbie-hoffman-his-start-guerrilla-theater-180964612/JoyBubbles, Josef Carl Engressia Jr.https://en.wikipedia.org/wiki/JoybubblesCaptain Crunch(VIDEO) 2015: "History of Hacking" by John "Captain Crunch" Draperhttps://www.youtube.com/watch?v=DK-352AWaKkYan Laura (22 Oct 2019) An Early Hacker Used a Cereal Box Whistle to Take Over Phone Lineshttps://www.popularmechanics.com/technology/a20762221/an-early-hacker-used-a-cereal-box-whistle-to-take-over-phone-lines/CSO, (20 Nov, 2017) Captain Crunch aka John Draper banned from DefCon for sexual misconducthttps://www.csoonline.com/article/3237591/captain-crunch-aka-john-draper-banned-from-defcon-for-sexual-misconduct.htmlCaptain ZapDelio, Michelle (Feb 6, 2001) The Greatest Hacks of All Timehttps://www.wired.com/2001/02/the-greatest-hacks-of-all-time/CaptainZaphttps://hackstory.net/Captain_ZapSteve Jobs and Steve WozniakLapsley, Phil (Feb 20, 2013) The Definitive Story of Steve Wozniak, Steve Jobs, and Phone Phreaking(VIDEO) 1984: "Wozniak Meets Steve Jobs: Blue Box Free Phone Calls Worldwide" by Steve Wozniakhttps://www.youtube.com/watch?v=oeVOpDUWwpU ReadingDonn B Parker Crime by Computer (1976)August Bequai Computer Crime (1978)Steve Levy Hackers: Heroes of the computer revolution (1984)Gordon Meyer & Jim Thomas COMPUTER UNDERGROUND DIGEST (1990-2000)http://www.computer-underground-digest.org/Clough and Mungo Approaching Zero 1992C. Stoll Cuckoo’s Egg (1989) OtherA few things that you missed:You could read this paper from 1977, in which August Bequai attempts to define and illustrate the then 100 million dollar problem of computer crime :https://heinonline.org/HOL/P?h=hein.journals/polqua6&i=22The Equity Funding Scam.https://en.wikipedia.org/wiki/Equity_FundingBarbash, Fred(Nov 16, 1982) High Court to Review SEC Action on Whistleblower,https://www.washingtonpost.com/archive/politics/1982/11/16/high-court-to-review-sec-action-on-whistleblower/5d132a9e-f411-4138-acff-19d464c99189/Initial findings of the SEC on The Equity Funding Corporationhttps://www.sec.gov/litigation/aljdec/1978/id19780901djm.pdf MIT still has a Model railway clubhttp://tmrc.mit.edu/Rod Stewart (https://en.wikipedia.org/wiki/Rod_Stewart) is a railway enthusiast. I once worked with a guy who had a beer with Rod Stewart and insisted he was a good bloke.https://www.bbc.com/news/entertainment-arts-50403561Information wants to be freehttps://en.wikipedia.org/wiki/Information_wants_to_be_freeWhat is a punch card?https://www.computerhope.com/jargon/p/punccard.htmDARPA, the group behind the internet infrastructure, still existshttps://www.darpa.mil/

Penetration Testing: The Humanity Behind the Hacking | SecurityMetrics Podcast 10

SecurityMetrics Podcast

Play Episode Listen Later Jul 7, 2020 36:24

Paul Poh (CISSP, CISM, CRISC, CIPP/US) has had an interest in cybersecurity since before the internet as we know it existed. From his first exposure to the “Morris Worm” in the early ‘90s as a software engineer at Tufts University, to his current role as Partner at Radical Security, Paul’s mixture of curiosity and wisdom have helped him maintain the perspective needed to be a successful penetration tester. He shares his insights with our Host Jen Stone (Principal Security Analyst, CISSP, CISA, QSA) on why it’s the small things that can take down an organization’s security. “Your Software Development, Engineering, and DevOps can all be great. But a malicious actor can still break a password, attack your source code, and insert a backdoor that would then be pushed into production. You can do a great job protecting production, but if a hacker can find something small, they will.”Listen in to learnCase studies that compare typical security measures to actual threats and vulnerabilitiesPenetration testing requirements, preparation, tips, timing, timeline, and best practices Tips for choosing a penetration testing firm and the surprising qualities that make for a good penetration testerPaul Poh on LinkedIn2020 SecurityMetrics PCI Guide

tips partner humanity engineering hacking devops tufts university cisa cissp cism penetration testing crisc qsa morris worm

Stuxnet, Edward Snowden, Monarchy, Internet Bulk Collection Cloud Y2K Q

Play Episode Listen Later Jun 20, 2020 41:51

On. This episode : Stuxnet, Edward Snowden, Monarchy, Internet + Bulk Collection Can you name a famous computer virus ? Conficker. , aliases, including Downup, Downadup, and Kido is a worm . ... ILOVEYOU. ... Morris Worm. ... Mydoom. ... Stuxnet. ... CryptoLocker. ... Sasser & Netsky. ... Anna Kournikova

internet cloud collection edward snowden i love you monarchy bulk stuxnet kido anna kournikova cryptolocker conficker morris worm

Read/Write/Execute : Snowden, Wikileaks, Data Dumping 2004

Brakeing Down Security Podcast

Play Episode Listen Later Jun 6, 2020 18:24

Man looks into Read/Write/Execute : Snowden, Wikileaks, Data Dumping and COVID-19....... . Leave a voicemail at 313-MAN-0231 Zone-H - Unrestricted Information - A global view to the world with a stress on the ITsec Keywords: zone-h, hands on hacking, ethical hacking, hacker course hackerbox.org Hackers Home Page for FREE Geeky Image Submission and Tools Conficker. First discovered in 2008, Conficker, which had many aliases, including Downup, Downadup, and Kido is a worm that targets Windows operating systems. ... ILOVEYOU. ... Morris Worm. ... Mydoom. ... Stuxnet. ... CryptoLocker. ... Sasser & Netsky. ... Anna Kournikova Keywords: hack, hacker, hackers, hackerbox ethicalhacker.net The Ethical Hacker Network - Free Online Magazine for the Security Professional Nokia, Fujitsu, Motorola and Sun Microsystems Keywords: ethicalhackernet, hacking, hack, hacker resource for Kaspersky Lab experts' technical research, analysis, and thoughts. Online headquarters of Kaspersky Lab security experts. zone-h.com Zone-H - Unrestricted Information - A global view to the world with a stress on the ITsec Keywords: zone-h, hands on hacking, ethical hacking, hacker course coresecurity.com Enabling enterprises with access control systems & penetration testing for a comprehensive and predictive approach to Information Security Ethical Hacking, Cyber Forensic, Website Security, VAPT, Mobile Security. safeguarding critical data a... Keywords: penetration test, penetration testing, penetration testing product, ethical hacking insecure.in internet security and ethical hacking Keywords: internet security, ethical hacking, information security, network security pentestit.com Your source for all things Information Security! Keywords: hacking, cracking, pentest, computer security hacktabs.com HackTabs is a Technology Blog. We write about Technology,How To Guides,Social Media,Ethical Hacking,Microsoft Windows,SEO,Blogging,Mobiles and Gadgets... Keywords: how to guides, computer security, blogging, seo homeforgeeks.com one stop blog for all your technology needs related to Mobiles,Android,Wordpress,make money online,Ethical hacking. Keywords: android, symbian, hacking, ethical hacking plynt.com Plynt application penetration tests and security certification program assures that your application is safe against known common attacks. With experi... Keywords: penetration, testing, application, security

2020-017-Cameron Smith, business decisions, and how it affects Security

Play Episode Listen Later May 5, 2020 68:05

Cameron Smith @Secnomancer Layer8conference is virtual (https://layer8conference.com/layer-8-is-online-this-year/) https://csrc.nist.gov/publications/detail/sp/800-171/rev-1/final CMMC:https://info.summit7systems.com/blog/cmmc https://www.comptia.org/certifications/project - Project+ Cameron’s Smith = www.twitter.com/secnomancer Cybersmith.com - Up by 14 April Ask@thecybersmith.com Cameron@thecybersmith.com https://en.wikipedia.org/wiki/Christopher_Voss https://www.amazon.com/Never-Split-Difference-Negotiating-Depended/dp/0062407805 https://www.masterclass.com/classes/chris-voss-teaches-the-art-of-negotiation https://www.masterclass.com/ https://www.autopsy.com/support/training/covid-19-free-autopsy-training/ https://www.youtube.com/playlist?list=PLg_QXA4bGHpvsW-qeoi3_yhiZg8zBzNwQ “There is nothing noble in being superior to your fellow man; true nobility is being superior to your former self.”― Ernest Hemingway https://www.goodreads.com/quotes/76281-there-is-nothing-noble-in-being-superior-to-your-fellow Original B-Sides Talk Blurb SITREP: A Consultant's Perspective from the Trenches of InfoSec In this session you will hear war stories and lessons learned consulting for hundreds of clients across dozens of verticals at every level, from bootstrapped startups with garage beginnings to Fortune 50 companies and everything in between. We will cover life on the front lines in InfoSec, ranging from individual contributions and staying relevant in a rapidly evolving field all the way to how bad most orgs are at InfoSec and what we can do as practitioners to help make them better. Speaking Goal After my presentation is over, I want my audience to... Feel better about where they are as an infosec practitioner Understand that most of Cybersecurity is largely NOT about the latest hack or technique Failing is OK as long as you learn from it ...so that ... When they go back to their office / SOC / client engagements on Monday they focus on the things that matter to their organizations Hopefully feel a little bit less that the work they are doing is boring, exhausting, unappreciated, or hopeless Intro Security is a really crazy industry Like the wild west out here Constant threats Complacent or ignorant clients/dependents Resource and budget constraints Security is really complex There are SO. MANY. MOVING. PIECES. There is a never ending stream of new information to learn and new threats to face Security always involves at LEAST 4 parts The practitioner - Hopefully you have backup! What you're protecting - Employer, Client, System, Application, Data, SOMETHING, etc What you're protecting it from - External TAs, Internal TAs, Incompetence, Apathy, Plain Ol' Vanilla Constraints, etc What you have to protect it with - Budgets, Time, Personnel, Training, Relationships, etc Cybersecurity/Information Security is simultaneously an old and new/emergent discipline Cyber History Old Nevil Maskelyne / Guglielmo Marconi wireless telegraphy attack and Morse code insults - 1903 Phreaking in the 1960s ARPANET Creeper - 1971 Morris Worm - 1988 New Gartner Coined term SOAR in 2017 Yeah... It's barely 3 years old. Now you can literally find job openings with SOAR Engineering titles DevSecOps - Amazon presentation in 2015? Not even in grade school yet. Average enterprise is running 75 security tools in their environment (Cybersecurity almanac 2019) Most cybersecurity professionals over 30 do not have degrees in cybersecurity Many don't even have Computer Science or IT related degrees This is it's own problem Training cyber pros, Chris Sanders, cognitive crisis, etc. BDS ep 2019-021 and 2019-022 Emergent disciplines are challenging by default You chose to play the game on hard mode for your first play through Security really isn't as complicated as most people think Occult Phenomenon Things we don't understand we imagine to be far more complex Things we anticipate we imagine to be far worse than they are Grass isn't greener Most security departments aren't doing better than you are Maturity models aren't magic Establish Credibility I have been in A LOT of client environments in the last 12 years Last time I checked, I have more than 350 discrete client engagements under my belt I have worked with hundreds of internal, external, and hybrid IT and Security solutions I've met the same tired and beleaguered IT/Security personnel over and over again SSDD, very little actually changes from place to place In that time, I've learned quite a bit about what makes security work I've learned even more about what NOT to do I want to share some of that with you today so you can see how organizations of all shapes and sizes can fail Very Large Company Examples Big Four Bank Example Situation Four Local Branches in Midwest Physical Security Assessment How got onto site as cash machine servicer was incredibly easy Problem Absolute trust of vendors/vendor compromise How do we as security practitioners fix it? Good internal relationships with functional area leaders Work closely with functional areas to left and to the right Who? Operations? HR? Purchasing? Every functional area and specifically the leadership Improved communications and availability 8 and Up 'Gotta git gud' at the soft stuff Top 50 Chain Restaurant Example Situation Doing Chip Reader refreshes across all ~600 locations for PCI Compliance during 2017 window Problem Poor project management on behalf of security team led to project failure A security problem became an IT problem Contractor to subcontractor to subcontractor added time and complexity How do we as security practitioners fix it? Security managers needs to be aware of how their projects impact others Managing up Security needs to be interdisciplinary Government Examples Police Department Example Situation City Administrator got Spear Phished Problem Spear phishing Poor logging How do we as security practitioners fix it? Look for the most basic problems and try to fix them Find or create solutions that provide basic capabilities Cannot prevent the lowest hanging fruit directly, so impact what you can change What you can actually do about phishing Getting people to do something that you want them to do Defense SubContractor Example Situation Working with MSP on security issues “Do we have a SIEM” email? Problem Company executives have never done due diligence Assumed that MSP had it under control MSP just did what they normally do and within letter of their contract How do we as security practitioners fix it? Security needs to be proactive Small Company Examples Light Manufacturer Example Situation Server not working, Ransomware Attackers pivoted through third party accountant access Problem Single Point of Failure (SPOF) Vendor Compromise How do we as security practitioners solve it? IT problems become security problems on long enough timeline Need to provide actual solutions to business problems Security CANNOT be decoupled from business needs Telecommunications Provider Situation Employee reports CEO was hacked Problem Employee panicked, emailed everyone Escalated way beyond what was necessary How do we as security practitioners solve it? Employee education - Boring answer What's actually under our control here? Clear processes for security incidents Clear communications channels for employees with IT and security groups Knowledge management Local NGO Example Situation Meeting with Executive Director regarding server failure Problem Mentions that she was sent security guidelines from global parent org Got so overwhelmed reading it she just closed it and kept working on something else How do we as security practitioners solve it? We have to make this information digestible and accessible We do NOT need to make already dense subject matter even more inaccessible When cannot mandate compliance, how do you achieve compliance More flies with honey than vinegar Build relationships - Layer 8 strikes again Check out our Store on Teepub! https://brakesec.com/store Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email bds.podcast@gmail.com #Brakesec Store!:https://www.teepublic.com/user/bdspodcast #Spotify: https://brakesec.com/spotifyBDS #Pandora: https://pandora.app.link/p9AvwdTpT3 #RSS: https://brakesec.com/BrakesecRSS #Youtube Channel: http://www.youtube.com/c/BDSPodcast #iTunes Store Link: https://brakesec.com/BDSiTunes #Google Play Store: https://brakesec.com/BDS-GooglePlay Our main site: https://brakesec.com/bdswebsite #iHeartRadio App: https://brakesec.com/iHeartBrakesec #SoundCloud: https://brakesec.com/SoundcloudBrakesec Comments, Questions, Feedback: bds.podcast@gmail.com Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon https://brakesec.com/BDSPatreon #Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir #Player.FM : https://brakesec.com/BDS-PlayerFM #Stitcher Network: https://brakesec.com/BrakeSecStitcher #TuneIn Radio App: https://brakesec.com/TuneInBrakesec

Vault: Epic Shelter China Dell .... Edward Snowden Tokyo (P2)

Brakeing Down Security Podcast

Play Episode Listen Later May 3, 2020 31:30

In this episode the analysis of Snowden's new book. 1.1 Air-Gapped Network. 1.2 Antivirus. 1.3 Best Practices. 1.4 Black Hat. 1.5 Blacklist. 1.6 Botnet. 1.7 Casus Belli. 1.8 Civilian Participation. Igloo Security, ESTSecurity, SOPHOS, SK Infosec, Check Point, and Trend Micro have selected 7 cyber security keywords for the year 2020. △AI △Ransomware △Supply Chain Attacks △Cloud △IoT △Malicious Emails △Dark Web ASIA PACIFIC SECURITY, CYBER RESILIENCE, DATA BREACH, EDITOR'S DESK, EDUCATION, EVENTS, IT SOLUTIONS, MOVERS & SHAKERS, RISK MANAGEMENT, SECURITY PRODUCTS, TECHTIME, VULNERABILITIES I'm trying to have my coffee and unwittingly having to troubleshoot Windows XP + 7 issues . Leave a voicemail at 313-MAN-0231 Zone-H - Unrestricted Information - A global view to the world with a stress on the ITsec Keywords: zone-h, hands on hacking, ethical hacking, hacker course hackerbox.org Hackers Home Page for FREE Geeky Image Submission and Tools Conficker. First discovered in 2008, Conficker, which had many aliases, including Downup, Downadup, and Kido is a worm that targets Windows operating systems. ... ILOVEYOU. ... Morris Worm. ... Mydoom. ... Stuxnet. ... CryptoLocker. ... Sasser & Netsky. ... Anna Kournikova Keywords: hack, hacker, hackers, hackerbox ethicalhacker.net The Ethical Hacker Network - Free Online Magazine for the Security Professional Nokia, Fujitsu, Motorola and Sun Microsystems Keywords: ethicalhackernet, hacking, hack, hacker resource for Kaspersky Lab experts' technical research, analysis, and thoughts. Online headquarters of Kaspersky Lab security experts. zone-h.com Zone-H - Unrestricted Information - A global view to the world with a stress on the ITsec Keywords: zone-h, hands on hacking, ethical hacking, hacker course coresecurity.com Enabling enterprises with access control systems & penetration testing for a comprehensive and predictive approach to Information Security Ethical Hacking, Cyber Forensic, Website Security, VAPT, Mobile Security. safeguarding critical data a... Keywords: penetration test, penetration testing, penetration testing product, ethical hacking insecure.in internet security and ethical hacking Keywords: internet security, ethical hacking, information security, network security pentestit.com Your source for all things Information Security! Keywords: hacking, cracking, pentest, computer security hacktabs.com HackTabs is a Technology Blog. We write about Technology,How To Guides,Social Media,Ethical Hacking,Microsoft Windows,SEO,Blogging,Mobiles and Gadgets... Keywords: how to guides, computer security, blogging, seo homeforgeeks.com one stop blog for all your technology needs related to Mobiles,Android,Wordpress,make money online,Ethical hacking. Keywords: android, symbian, hacking, ethical hacking plynt.com Plynt application penetration tests and security certification program assures that your application is safe against known common attacks. With experi... Keywords: penetration, testing, application, security

2020-016-Cameron Smith, Business decisions and their (in)secure outcomes - Part 1

Play Episode Listen Later Apr 29, 2020 49:20

Cameron Smith @Secnomancer Layer8conference is virtual (https://layer8conference.com/layer-8-is-online-this-year/) https://csrc.nist.gov/publications/detail/sp/800-171/rev-1/final CMMC:https://info.summit7systems.com/blog/cmmc https://www.comptia.org/certifications/project - Project+ Cameron’s Smith = www.twitter.com/secnomancer Cybersmith.com - Up by 14 April Ask@thecybersmith.com Cameron@thecybersmith.com https://en.wikipedia.org/wiki/Christopher_Voss https://www.amazon.com/Never-Split-Difference-Negotiating-Depended/dp/0062407805 https://www.masterclass.com/classes/chris-voss-teaches-the-art-of-negotiation https://www.masterclass.com/ https://www.autopsy.com/support/training/covid-19-free-autopsy-training/ https://www.youtube.com/playlist?list=PLg_QXA4bGHpvsW-qeoi3_yhiZg8zBzNwQ “There is nothing noble in being superior to your fellow man; true nobility is being superior to your former self.”― Ernest Hemingway https://www.goodreads.com/quotes/76281-there-is-nothing-noble-in-being-superior-to-your-fellow Original B-Sides Talk Blurb SITREP: A Consultant's Perspective from the Trenches of InfoSec In this session you will hear war stories and lessons learned consulting for hundreds of clients across dozens of verticals at every level, from bootstrapped startups with garage beginnings to Fortune 50 companies and everything in between. We will cover life on the front lines in InfoSec, ranging from individual contributions and staying relevant in a rapidly evolving field all the way to how bad most orgs are at InfoSec and what we can do as practitioners to help make them better. Speaking Goal After my presentation is over, I want my audience to... Feel better about where they are as an infosec practitioner Understand that most of Cybersecurity is largely NOT about the latest hack or technique Failing is OK as long as you learn from it ...so that ... When they go back to their office / SOC / client engagements on Monday they focus on the things that matter to their organizations Hopefully feel a little bit less that the work they are doing is boring, exhausting, unappreciated, or hopeless Intro Security is a really crazy industry Like the wild west out here Constant threats Complacent or ignorant clients/dependents Resource and budget constraints Security is really complex There are SO. MANY. MOVING. PIECES. There is a never ending stream of new information to learn and new threats to face Security always involves at LEAST 4 parts The practitioner - Hopefully you have backup! What you're protecting - Employer, Client, System, Application, Data, SOMETHING, etc What you're protecting it from - External TAs, Internal TAs, Incompetence, Apathy, Plain Ol' Vanilla Constraints, etc What you have to protect it with - Budgets, Time, Personnel, Training, Relationships, etc Cybersecurity/Information Security is simultaneously an old and new/emergent discipline Cyber History Old Nevil Maskelyne / Guglielmo Marconi wireless telegraphy attack and Morse code insults - 1903 Phreaking in the 1960s ARPANET Creeper - 1971 Morris Worm - 1988 New Gartner Coined term SOAR in 2017 Yeah... It's barely 3 years old. Now you can literally find job openings with SOAR Engineering titles DevSecOps - Amazon presentation in 2015? Not even in grade school yet. Average enterprise is running 75 security tools in their environment (Cybersecurity almanac 2019) Most cybersecurity professionals over 30 do not have degrees in cybersecurity Many don't even have Computer Science or IT related degrees This is it's own problem Training cyber pros, Chris Sanders, cognitive crisis, etc. BDS ep 2019-021 and 2019-022 Emergent disciplines are challenging by default You chose to play the game on hard mode for your first play through Security really isn't as complicated as most people think Occult Phenomenon Things we don't understand we imagine to be far more complex Things we anticipate we imagine to be far worse than they are Grass isn't greener Most security departments aren't doing better than you are Maturity models aren't magic Establish Credibility I have been in A LOT of client environments in the last 12 years Last time I checked, I have more than 350 discrete client engagements under my belt I have worked with hundreds of internal, external, and hybrid IT and Security solutions I've met the same tired and beleaguered IT/Security personnel over and over again SSDD, very little actually changes from place to place In that time, I've learned quite a bit about what makes security work I've learned even more about what NOT to do I want to share some of that with you today so you can see how organizations of all shapes and sizes can fail Very Large Company Examples Big Four Bank Example Situation Four Local Branches in Midwest Physical Security Assessment How got onto site as cash machine servicer was incredibly easy Problem Absolute trust of vendors/vendor compromise How do we as security practitioners fix it? Good internal relationships with functional area leaders Work closely with functional areas to left and to the right Who? Operations? HR? Purchasing? Every functional area and specifically the leadership Improved communications and availability 8 and Up 'Gotta git gud' at the soft stuff Top 50 Chain Restaurant Example Situation Doing Chip Reader refreshes across all ~600 locations for PCI Compliance during 2017 window Problem Poor project management on behalf of security team led to project failure A security problem became an IT problem Contractor to subcontractor to subcontractor added time and complexity How do we as security practitioners fix it? Security managers needs to be aware of how their projects impact others Managing up Security needs to be interdisciplinary Government Examples Police Department Example Situation City Administrator got Spear Phished Problem Spear phishing Poor logging How do we as security practitioners fix it? Look for the most basic problems and try to fix them Find or create solutions that provide basic capabilities Cannot prevent the lowest hanging fruit directly, so impact what you can change What you can actually do about phishing Getting people to do something that you want them to do Defense SubContractor Example Situation Working with MSP on security issues “Do we have a SIEM” email? Problem Company executives have never done due diligence Assumed that MSP had it under control MSP just did what they normally do and within letter of their contract How do we as security practitioners fix it? Security needs to be proactive Small Company Examples Light Manufacturer Example Situation Server not working, Ransomware Attackers pivoted through third party accountant access Problem Single Point of Failure (SPOF) Vendor Compromise How do we as security practitioners solve it? IT problems become security problems on long enough timeline Need to provide actual solutions to business problems Security CANNOT be decoupled from business needs Telecommunications Provider Situation Employee reports CEO was hacked Problem Employee panicked, emailed everyone Escalated way beyond what was necessary How do we as security practitioners solve it? Employee education - Boring answer What's actually under our control here? Clear processes for security incidents Clear communications channels for employees with IT and security groups Knowledge management Local NGO Example Situation Meeting with Executive Director regarding server failure Problem Mentions that she was sent security guidelines from global parent org Got so overwhelmed reading it she just closed it and kept working on something else How do we as security practitioners solve it? We have to make this information digestible and accessible We do NOT need to make already dense subject matter even more inaccessible When cannot mandate compliance, how do you achieve compliance More flies with honey than vinegar Build relationships - Layer 8 strikes again Check out our Store on Teepub! https://brakesec.com/store Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email bds.podcast@gmail.com #Brakesec Store!:https://www.teepublic.com/user/bdspodcast #Spotify: https://brakesec.com/spotifyBDS #Pandora: https://pandora.app.link/p9AvwdTpT3 #RSS: https://brakesec.com/BrakesecRSS #Youtube Channel: http://www.youtube.com/c/BDSPodcast #iTunes Store Link: https://brakesec.com/BDSiTunes #Google Play Store: https://brakesec.com/BDS-GooglePlay Our main site: https://brakesec.com/bdswebsite #iHeartRadio App: https://brakesec.com/iHeartBrakesec #SoundCloud: https://brakesec.com/SoundcloudBrakesec Comments, Questions, Feedback: bds.podcast@gmail.com Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon https://brakesec.com/BDSPatreon #Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir #Player.FM : https://brakesec.com/BDS-PlayerFM #Stitcher Network: https://brakesec.com/BrakeSecStitcher #TuneIn Radio App: https://brakesec.com/TuneInBrakesec

Windows XP + 7 + 10 cybersecurity, troubleshooting, SP1, end of life cycle

Play Episode Listen Later Apr 19, 2020 32:33

I'm trying to have my coffee and unwittingly having to troubleshoot Windows XP + 7 issues . Leave a voicemail at 313-MAN-0231 Zone-H - Unrestricted Information - A global view to the world with a stress on the ITsec Keywords: zone-h, hands on hacking, ethical hacking, hacker course hackerbox.org Hackers Home Page for FREE Geeky Image Submission and Tools Conficker. First discovered in 2008, Conficker, which had many aliases, including Downup, Downadup, and Kido is a worm that targets Windows operating systems. ... ILOVEYOU. ... Morris Worm. ... Mydoom. ... Stuxnet. ... CryptoLocker. ... Sasser & Netsky. ... Anna Kournikova Keywords: hack, hacker, hackers, hackerbox ethicalhacker.net The Ethical Hacker Network - Free Online Magazine for the Security Professional Nokia, Fujitsu, Motorola and Sun Microsystems Keywords: ethicalhackernet, hacking, hack, hacker resource for Kaspersky Lab experts' technical research, analysis, and thoughts. Online headquarters of Kaspersky Lab security experts. zone-h.com Zone-H - Unrestricted Information - A global view to the world with a stress on the ITsec Keywords: zone-h, hands on hacking, ethical hacking, hacker course coresecurity.com Enabling enterprises with access control systems & penetration testing for a comprehensive and predictive approach to Information Security Ethical Hacking, Cyber Forensic, Website Security, VAPT, Mobile Security. safeguarding critical data a... Keywords: penetration test, penetration testing, penetration testing product, ethical hacking insecure.in internet security and ethical hacking Keywords: internet security, ethical hacking, information security, network security pentestit.com Your source for all things Information Security! Keywords: hacking, cracking, pentest, computer security hacktabs.com HackTabs is a Technology Blog. We write about Technology,How To Guides,Social Media,Ethical Hacking,Microsoft Windows,SEO,Blogging,Mobiles and Gadgets... Keywords: how to guides, computer security, blogging, seo homeforgeeks.com one stop blog for all your technology needs related to Mobiles,Android,Wordpress,make money online,Ethical hacking. Keywords: android, symbian, hacking, ethical hacking plynt.com Plynt application penetration tests and security certification program assures that your application is safe against known common attacks. With experi... Keywords: penetration, testing, application, security

COVID-19, A.I., Supercomputers, Snowden, 313-MAN-0231

Play Episode Listen Later Apr 9, 2020 49:12

Latest news in Computational Medicine to treat COVID-19, mapping the virus to its core, scams asking people to download a pkg to use computers processing power to help scientists cure COVID-19: I'm trying to have my coffee and unwittingly having to troubleshoot Windows XP + 7 issues . Leave a voicemail at 313-MAN-0231 Zone-H - Unrestricted Information - A global view to the world with a stress on the ITsec Keywords: zone-h, hands on hacking, ethical hacking, hacker course hackerbox.org Hackers Home Page for FREE Geeky Image Submission and Tools Conficker. First discovered in 2008, Conficker, which had many aliases, including Downup, Downadup, and Kido is a worm that targets Windows operating systems. ... ILOVEYOU. ... Morris Worm. ... Mydoom. ... Stuxnet. ... CryptoLocker. ... Sasser & Netsky. ... Anna Kournikova Keywords: hack, hacker, hackers, hackerbox ethicalhacker.net The Ethical Hacker Network - Free Online Magazine for the Security Professional Nokia, Fujitsu, Motorola and Sun Microsystems Keywords: ethicalhackernet, hacking, hack, hacker resource for Kaspersky Lab experts' technical research, analysis, and thoughts. Online headquarters of Kaspersky Lab security experts. zone-h.com Zone-H - Unrestricted Information - A global view to the world with a stress on the ITsec Keywords: zone-h, hands on hacking, ethical hacking, hacker course coresecurity.com Enabling enterprises with access control systems & penetration testing for a comprehensive and predictive approach to Information Security Ethical Hacking, Cyber Forensic, Website Security, VAPT, Mobile Security. safeguarding critical data a... Keywords: penetration test, penetration testing, penetration testing product, ethical hacking insecure.in internet security and ethical hacking Keywords: internet security, ethical hacking, information security, network security pentestit.com Your source for all things Information Security! Keywords: hacking, cracking, pentest, computer security hacktabs.com HackTabs is a Technology Blog. We write about Technology,How To Guides,Social Media,Ethical Hacking,Microsoft Windows,SEO,Blogging,Mobiles and Gadgets... Keywords: how to guides, computer security, blogging, seo homeforgeeks.com one stop blog for all your technology needs related to Mobiles,Android,Wordpress,make money online,Ethical hacking. Keywords: android, symbian, hacking, ethical hacking plynt.com Plynt application penetration tests and security certification program assures that your application is safe against known common attacks. With experi... Keywords: penetration, testing, application, security

Vault 7: Snowden, 1983-1992 and The Invisible Wall

Synthetic Snake Oil: Online Security Tips

Play Episode Listen Later Apr 3, 2020 70:09

17 million results examined : 1983-1992 : The Invisible Wall and Vault 7, Espionage, fake news, Man in search of the truth over Chinese Espionage: Virus, Bio Warfare, Masks watch out for these Coronavirus websites and scams, China spreading rumors about COVID-19, hackers, Taiwan, US, Chinese working 24/7 to spread disinformation, State Department employees test positive for Coronavirus, ebola, Netflix to slow down streaming to stop the internet from breaking, leave a voicemail at 313-MAN-0231........ 寻找有关中国间谍活动的真相的人：病毒，生物战，口罩和路边COVID-19 @ Best Buy，当心这些冠状病毒网站和骗局，中国散布有关COVID-19，黑客，台湾，美国，中国和中国的谣言俄罗斯巨魔全天候（24/7）传播虚假信息，国务院员工对冠状病毒，埃博拉病毒和Netflix呈阳性反应，以减慢流传输速度以阻止互联网中断，并在313-MAN-0231留下语音邮件I'm trying to have my coffee and unwittingly having to troubleshoot Windows XP + 7 issues . Leave a voicemail at 313-MAN-0231 Zone-H - Unrestricted Information - A global view to the world with a stress on the ITsec Keywords: zone-h, hands on hacking, ethical hacking, hacker course hackerbox.org Hackers Home Page for FREE Geeky Image Submission and Tools Conficker. First discovered in 2008, Conficker, which had many aliases, including Downup, Downadup, and Kido is a worm that targets Windows operating systems. ... ILOVEYOU. ... Morris Worm. ... Mydoom. ... Stuxnet. ... CryptoLocker. ... Sasser & Netsky. ... Anna Kournikova Keywords: hack, hacker, hackers, hackerbox ethicalhacker.net The Ethical Hacker Network - Free Online Magazine for the Security Professional Nokia, Fujitsu, Motorola and Sun Microsystems Keywords: ethicalhackernet, hacking, hack, hacker resource for Kaspersky Lab experts' technical research, analysis, and thoughts. Online headquarters of Kaspersky Lab security experts. zone-h.com Zone-H - Unrestricted Information - A global view to the world with a stress on the ITsec Keywords: zone-h, hands on hacking, ethical hacking, hacker course coresecurity.com Enabling enterprises with access control systems & penetration testing for a comprehensive and predictive approach to Information Security Ethical Hacking, Cyber Forensic, Website Security, VAPT, Mobile Security. safeguarding critical data a... Keywords: penetration test, penetration testing, penetration testing product, ethical hacking insecure.in internet security and ethical hacking Keywords: internet security, ethical hacking, information security, network security pentestit.com Your source for all things Information Security! Keywords: hacking, cracking, pentest, computer security hacktabs.com HackTabs is a Technology Blog. We write about Technology,How To Guides,Social Media,Ethical Hacking,Microsoft Windows,SEO,Blogging,Mobiles and Gadgets... Keywords: how to guides, computer security, blogging, seo homeforgeeks.com one stop blog for all your technology needs related to Mobiles,Android,Wordpress,make money online,Ethical hacking. Keywords: android, symbian, hacking, ethical hacking plynt.com Plynt application penetration tests and security certification program assures that your application is safe against known common attacks. With experi... Keywords: penetration, testing, application, security

DP46 Brief History of Malware

Play Episode Listen Later Dec 11, 2019 3:00

Over the past several episodes I’ve talked a little about computer viruses. From The Morris Worm to the ILOVEYOU virus. But there is another term to describe these types of viruses: Malware. It’s become so common that maybe some of you thought computer virus and malware were perhaps two separate things. After all, we hardly ever hear the term computer virus being used. It’s mainly malware. But anyway malware has evolved extensively over the years and I think it’s important to show the highlights and growth of malware over the past few decades. After all, if we are to better protect ourselves, understanding the development before getting into specifics will help us moving forward. Malware all started in the 1980s and 1990s. The biggest splash in this area was The Morris Worm. It was the first form of malware to spread across the internet. There were some other ones that are worth bringing up too. There was Brain, Jerusalem, Michelangelo, CIH and the Melissa virus. I’ll talk about those in detail another time. Getting into the 2000s, we saw an upgrade of malware. They were rapidly growing, effectively doubling every year. The most notable malware was internet and email worms. You had ILOVEYOU but there were others. Examples are Anna Kournikova, Sircam, CodeRed worm, and Nimda. This was also around the time where phishing and other credit card scams emerged. Since 2010 and over this past decade, malware is still prominent but it’s more so used to leverage compromised systems. Outside of the numerous breaches over the past decade you also had some other notable events. These pushed businesses to have stronger security measures. Some malware that you can look up and I will explore later are the Stuxnet worm, ZeroAccess, a Trojan horse. Not until 2013 we started to see ransomware. This was malware that locked files on a user’s computer and users had to pay a ransom to get access to that information again. One notable one was CryptoLocker, another Trojan horse. You also had Gameover ZeuS which used keystroke logging to steal login details. Some other notable ones was 2017’s ransomwares WannaCry and Petya. Lastly there is Thanatos, the ransomware that’s been released and allow hackers to accept Bitcoin payments. As you can see from the overall history, malware has evolved and has impacted the world on larger scales. Of course there are all kinds of ways we can better protect ourselves. But I find the first step to better protect ourselves is to know exactly what we are up against.

brain jerusalem bitcoin brief history i love you michelangelo trojan malware code red wannacry stuxnet thanatos petya cih anna kournikova cryptolocker morris worm

DP15 First Computer Fraud Conviction: Morris Worm

Synthetic Snake Oil: Online Security Tips

Play Episode Listen Later Oct 8, 2019 2:47

The Internet began hitting it’s stride in 1983 when ARPANET (Advanced Research Projects Agency Network) adopted TCP/IP (Transmission Control Protocol and Internet Protocol) into it’s systems. At the time they called it the “network of networks” which evolved into the modern internet. But only five years later from that creation, something else was being made that sparked a chain reaction that is still relevant to this day: computer worms. In 1988, Robert Morris created a worm and released it to computer systems within MIT on November 2. The worm originally wasn’t designed to cause any damage, but rather to highlight security flaws. The worm was meant to suggest that Morris studied at MIT and also exposed some system vulnerabilities like weak passwords. Not only that, but it was intended to enter a computer once and to stay away if a computer told the worm there was already a worm in it. Unfortunately, a mistake in the programming was that Morris gave the worm a 1 in 7 odds of multiplying itself and infecting a computer regardless of the system’s response. What should have been an easily solvable program became a threat to multiple systems. As a result, the worm infected 6,000 computers to the point that the computers couldn’t function. This was a result of the worm multiplying so much in a system it slowed down the infected computer. According to the Government Accountability Office, the damages were estimated to be between $100,000 and $10 million. Despite the good intentions at first, Morris’s name has been placed on this virus which we know as the Morris worm. He was also the first person convicted under the US Computer Fraud and Abuse Act. But what’s even worse is that the Morris worm provided the framework for every other worm virus that is created today. Despite the intent for the virus to be helpful in the beginning, hackers still use this technique in various and nefarious methods. Worms have become more sophisticated with one famous example being Stuxnet. It’s a worm that evolved into a cyber weapon that we are still dealing with today. Lesser known worms have similar characters to the Morris worm: multiplying and filling up file space. Some even delete files which is a sign that your computer may be infected. It goes to show that despite people’s good intentions, it’s important for people to exercise caution. While not all of us are developing computer programs, one professional mentioned that Morris should’ve tried it on a simulator first.

internet mit morris conviction worms robert morris stuxnet government accountability office computer fraud abuse act internet protocol first computer morris worm

Episode 5 - December 1990

Oh I Say!

Play Episode Listen Later Jul 12, 2019 45:11

In this Christmas episode Steve and Mark talk to actor, producer and writer Jonny Owen about his memories of season 1990/91, which includes - amongst other things - the glory days of Merthyr Tydfil, music and the terraces, fan culture, the Morris Worm, and the Strangeways riots.

christmas strangeways merthyr tydfil jonny owen morris worm

November 3, 2018 Tech Talk Radio Show

Play Episode Listen Later Nov 3, 2018 58:49

Digitizing VHS tapes, POP vs IMAP email protocols, TV standards (HD, UHD, 4K, 8K), FakeSpot.com (finding fake reviews), Profiles in IT (Marian Croak, VoIP pioneer), Morris Worm turns 30 (Internet was changed forever), real-life Mario dies (actually Nintendo landlord), next generation smart glasses (Focals has remote control and holographic lens), Daylight saving time revealed, radio controlled clocks (atomic clocks), Apple demands that Bloomberg retract Chinese chip story, and botnets vie to control Andoid cryptomining (Fbot vs Trinity). This show originally aired on Saturday, November 3, 2018, at 9:00 AM EST on WFED (1500 AM).

tv apple science internet technology space chinese pop software nintendo bloomberg radio show 4k information technology talk radio daylight profiles 8k voip network security uhd talk+radio+show imap focals fakespot andoid morris worm stratford university tech talk radio wfed

November 3, 2018 Tech Talk Radio Show

Play Episode Listen Later Nov 3, 2018 58:49

Digitizing VHS tapes, POP vs IMAP email protocols, TV standards (HD, UHD, 4K, 8K), FakeSpot.com (finding fake reviews), Profiles in IT (Marian Croak, VoIP pioneer), Morris Worm turns 30 (Internet was changed forever), real-life Mario dies (actually Nintendo landlord), next generation smart glasses (Focals has remote control and holographic lens), Daylight saving time revealed, radio controlled clocks (atomic clocks), Apple demands that Bloomberg retract Chinese chip story, and botnets vie to control Andoid cryptomining (Fbot vs Trinity). This show originally aired on Saturday, November 3, 2018, at 9:00 AM EST on WFED (1500 AM).

tv apple science internet technology space chinese pop software nintendo bloomberg radio show 4k information technology talk radio daylight profiles 8k voip network security uhd talk+radio+show imap focals fakespot andoid morris worm stratford university tech talk radio wfed

#01 02.11.1988: Erster Computerwurm ins Internet gesetzt, "Morris-Worm"

Das Kalenderblatt

Play Episode Listen Later Nov 1, 2018 3:43

Einen Versuch ist es wert, dachte sich Student Robert T. Morris und ließ einen Wurm aufs Internet los, der sich schneller und hartnäckiger verbreitete als gedacht... Einzige Lösung: Das Internet abschalten.

internet morris erster das internet wurm gesetzt einen versuch morris worm

Gene Spafford on the Morris Worm & Cyber-security in the 1980's

Play Episode Listen Later Oct 31, 2018 55:42

Eugene Spafford (aka Spaf), a professor of computer science at Purdue University, was the first researcher to publish a detailed analysis of the infamous Morris Worm. Gene talks to Ran about this incident, as well as how was security different in the 1980's. The post Gene Spafford on the Morris Worm & Cyber-security in the 1980's appeared first on Malicious Life.Advertising Inquiries: https://redcircle.com/brands

cybersecurity cyber purdue university ran spafford spaf morris worm malicious life

Gene Spafford on the Morris Worm & Cyber-security in the 1980’s

Play Episode Listen Later Oct 31, 2018 55:42

Eugene Spafford (aka Spaf), a professor of computer science at Purdue University, was the first researcher to publish a detailed analysis of the infamous Morris Worm. Gene talks to Ran about this incident, as well as how was security different in the 1980’s. The post Gene Spafford on the Morris Worm & Cyber-security in the 1980’s appeared first on Malicious Life.

cybersecurity cyber purdue university ran spafford spaf morris worm malicious life

Episode 3 – The Morris Worm’s Odyssey

Retrospecticus

Play Episode Listen Later May 26, 2018 46:51

Things take a fairly dark turn this episode as we discuss Homer’s Odyssey, which begins with Homer Simpson tying a boulder around his waist and going to a river to commit suicide. Garreth tells us about the legend of John Henry, the steel-driving man. Tom lightens the mood with the story of Robert Tappan Morris,… Read More »

odyssey homer john henry homer simpson garreth morris worm robert tappan morris

The Morris Worm Pt. 2

Play Episode Listen Later May 16, 2018 22:23

In an attempt to halt the Morris worm’s path of destruction, a systems administrator at Harvard shut down the university router through which Andy Sudduth’s message would be sent to the internet. The post didn’t go through until after it was too late. In a tragic movie-twist, the fix that everybody needed was heard by […] The post The Morris Worm Pt. 2 appeared first on Malicious Life.

harvard morris morris worm malicious life

The Morris Worm Pt. 2

Play Episode Listen Later May 16, 2018 22:23

In an attempt to halt the Morris worm's path of destruction, a systems administrator at Harvard shut down the university router through which Andy Sudduth's message would be sent to the internet. The post didn't go through until after it was too late. In a tragic movie-twist, the fix that everybody needed was heard by […] The post The Morris Worm Pt. 2 appeared first on Malicious Life.Advertising Inquiries: https://redcircle.com/brands

harvard morris morris worm malicious life

The Morris Worm Pt. 1

Play Episode Listen Later May 2, 2018 26:49

We've introduced you to some of the seminal malware attacks that have shaped cybersecurity history. Perhaps no other incident in history, though, has had the effect on how we think about computer security today as the Morris worm. The post The Morris Worm Pt. 1 appeared first on Malicious Life.Advertising Inquiries: https://redcircle.com/brands

morris morris worm malicious life

The Morris Worm Pt. 1

Data Security and Privacy with the Privacy Professor

Play Episode Listen Later May 2, 2018 26:49

We’ve introduced you to some of the seminal malware attacks that have shaped cybersecurity history. Perhaps no other incident in history, though, has had the effect on how we think about computer security today as the Morris worm. The post The Morris Worm Pt. 1 appeared first on Malicious Life.

morris morris worm malicious life

Computer Hacking Crimes and Prosecutions

Play Episode Listen Later Feb 2, 2018 55:32

In recent months self-proclaimed “cybersecurity experts” have posted cybercrime history timelines in online outlets but left out some of the most significant cases that impacted all subsequent cybercrime cases & laws; the Morris Worm & the German hackers caught by Clifford Stoll. In this episode you will hear from the trailblazer in the computer crime prosecution space, Mark Rasch, & learn what he has seen over the years with regard to computer crime, hacking, what has changed, & the things that have remained the same. Mark created the Computer Crime Unit at the US Department of Justice, where he led efforts aimed at investigating and prosecuting cyber, high-tech, and white-collar crime. Mark helped the FBI and Treasury Department develop their original procedures on handling electronic evidence to use for computer crime prosecutions & has taught digital crime and evidence classes at the FBI Academy and the Federal Law Enforcement Training Center. Tune in for a fascinating discussion!

AS HEARD ON: WTAG - My First Malware – The Morris Worm

Craig Peterson's Tech Talk

Play Episode Listen Later Oct 3, 2017 9:45

Joined Jim today for another tech talk, and shared a quick story on security. Back in 1991, learned it the hard way when I got a wake-up call that the internet wasn't as friendly as it was when it started. A worm attacked my system. And, although it wasn't something that will take down the business, I knew I had to do something about it. Home users and small businesses are being attacked every day. If they are not well equipped or have no one to turn to, their systems become compromised. Find out more on how to stay secured only on CraigPeterson.com --- Related articles: Equifax manages 1,200 times more data than the Library of Congress This new app can protect you from credit card skimmers Hackers have already extracted passwords from macOS High Sierra --- More stories and tech updates at: www.craigpeterson.com Don't miss an episode from Craig. Subscribe and give us a rating: www.craigpeterson.com/itunes Follow me on Twitter for the latest in tech at: www.twitter.com/craigpeterson For questions, call or text: 855-385-5553

home security heard library hack hackers worm library of congress malware equifax morris worm

July 14, 2007 Tech Talk Radio Show

Play Episode Listen Later Jul 14, 2007 59:42

PDAs and long-term memory, Broadband Reports, Gibson's Shields Up, Internet Storm Center, web radio royalties, profiles in IT (Robert T. Morris, creator of Morris Worm), history of Internet worms, and Microsoft's immigration law dodge in Vancouver. This show originally aired on Saturday, July 14, 2007, at 9:00 AM EST on Washington Post Radio (WTWP) Radio.

science internet technology space microsoft software vancouver morris radio show information technology talk radio network security talk+radio+show pdas morris worm internet storm center stratford university tech talk radio

July 14, 2007 Tech Talk Radio Show