Information Security and Network Awareness

Hurricane Labs

Subscribe to Hurricane Labs: eMailAlertsEmail Alerts
Get Hurricane Labs: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn

Top Stories by Hurricane Labs

Folks who know me know one thing about me for certain, I am a conflicted individual. On the one hand I detest encryption as a security mechanism and on the other I LOVE encryption as a privacy mechanism. In the same day, nay, sometimes in the same hour I can argue for and against SSL and sometimes to the same person! I guess it helps to be able to have conflicting opinions on things but it gets confusing so I thought I'd do a quick post on why SSL is both good and bad. Away we go: Cons: SSL should never be used a security mechanism on its own, unfortunately the traditional uses often do but it is simply not designed for that. When you read on a website "our site is 100% secure because we use industry grade encryption" then know you are reading a falsehood. This is something that has spread throughout the web like a cold spreads through a preschool. It is simply untr... (more)

Ten Things I’ve Learned About Cloud Security

By Bill Mathews This is not a Top 10 list – it is a list of 10 things I’ve learned along the way. Top 10 lists imply some sort of universal knowledge of the “top” things possible in a given field. Top 10 attractive women, top 10 guitar players, top 10 whatever, they all have one thing in common: They are all ten things the author thinks are the best. I don’t really like to think I know everything so this list is in no particular order. This particular list is on cloud security and, well, it is a big topic that interests me greatly and there is no way I can cover it all in a blog... (more)

Nothing New Under the Sun

I recently wrote a couple of to-be-published articles basically laying out all the reasons why we as security professionals should not be running away from so-called "new" technology. Essentially I am asking that we take the time to really understand what's so new about this stuff. SmartPhones, the "cloud", etc these are all repackaged versions of old technology. We're terrified of them because we think we don't understand them. The sad part is, we don't. We seem to be under the impression that all new technology is bad and inherently insecure, it isn't. It's not any more insecu... (more)

ATMs - Delicious Distributors of Benjamins or The Devil?

We have a saying where I'm from "once you have physical access to a machine, game is over." Well ATMs are thought to be special because they are super secure and physical access is kind of a requirement for them. You would think their manufacturers, providers, customers, someone would demand better security from these literal money machines. Do they? You decide. Here are a couple pictures that might help you make up your mind: The first one is courtesy of Rick Deacon (@rickdeaconx on twitter): I don't know about you but that looks like a Windows blue screen of death. Now I'm not go... (more)

IPS Updates, Splunk, Check Point and You

IPS Updates, Splunk, Check Point and You How I Learned to Stop Hating the Term “Zero-Day” but Not Really By: Bill Mathews Zero Day attacks – you know, the ones that almost EVERY signature in your IPS claim to protect you against? Yep those guys, nasty little things. Basically, if IPS vendors are to be believed, those are the things that don’t have a patch yet and have active exploits against them. You update your IPS signatures and BOOM protection from zero day! The problem we always run into, and this is with almost every IPS vendor so I’m not just picking on Check Point here, is... (more)