Information Security and Network Awareness

Hurricane Labs

Subscribe to Hurricane Labs: eMailAlertsEmail Alerts
Get Hurricane Labs: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Top Stories by Hurricane Labs

Yesterday we started getting floods of malware alerts for machines on many different networks that we manage going out to a site that was identified a while ago for MS08-067 type activity. So we did our due diligence and notified our clients that we were seeing this traffic attempting to leave their network. As of now the alerts are still coming in. If you've watched the news at all over the past couple of days you've heard about the events in Austin, TX involving a plane being intentionally flown into an IRS building there. Thankfully only the pilot was killed and our thoughts go out to everyone who has been a part of that terrible situation. So what do these two things have to do with each other? Well upon further inspection of the alerts we were seeing I noticed that it was all http traffic to one particular IP address and if it was indeed real malware calling home... (more)

Nothing New Under the Sun

I recently wrote a couple of to-be-published articles basically laying out all the reasons why we as security professionals should not be running away from so-called "new" technology. Essentially I am asking that we take the time to really understand what's so new about this stuff. SmartPhones, the "cloud", etc these are all repackaged versions of old technology. We're terrified of them because we think we don't understand them. The sad part is, we don't. We seem to be under the impression that all new technology is bad and inherently insecure, it isn't. It's not any more insecu... (more)

Beacon Podcast Episode 024

Hurricane Labs Beacon Podcast Episode Number: .024 – Instagram Instant Billionaire Edition Hosts: Bill Mathews (@billford), Matt Yonchak (@mattyonchak), Patrick Sayler (@psayler), Ian Gillespie 20 Questions for an Intrusion Analyst - All security professionals should answer them - “Describe your analytics biases” Military finds IT security certification difficulties - Certifications do not necessarily mean skill - “A giant circle of ineptitude” Code Not Physical Property - Some sort of loop hole? - Upcoming blog post on this Foxconn - Walkthrough of factory - Consumer disconnect between... (more)

Malware, Malware Everywhere

By Steve McMaster - I want to preface this by saying that I’m an Android fan boy. I’ve owned a device running each and every version of Android at some point, from the G1 with Android 1.0 (did it have a codename?) through my Galaxy Nexus with Ice Cream Sandwich, and Jelly Bean coming soon. I have also never owned an iPhone. Just wanted to get that out there, in the interest of full disclosure. That said, I’m really growing tired of reading articles about “Malware discovered in Google Play”, “First Malware ever in the App Store”, “Malware went undiscovered for weeks in Google Pla... (more)

Review of HTTP 2.0 – The Ever-Changing Web We Live In

Review of HTTP 2.0 – The Ever-Changing Web We Live In By: Aaron Croyle You may have heard recently that Facebook will be implementing SPDY. In that light I’d like to give you a basic understanding of the upcoming improvements to HTTP (HyperText Transfer Protocol). As you probably know, this is the protocol that moves most of the HTML documents and images around the web. Here’s a few definitions to get you up to speed: HTTP/2.0 This is the new version of HTTP currently in development by the httpbis working group of the IETF. The last update was HTTP 1.1 as described in RFC 2616 i... (more)