Information Security and Network Awareness

Hurricane Labs

Subscribe to Hurricane Labs: eMailAlertsEmail Alerts
Get Hurricane Labs: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn

Top Stories by Hurricane Labs

Review of HTTP 2.0 – The Ever-Changing Web We Live In By: Aaron Croyle You may have heard recently that Facebook will be implementing SPDY. In that light I’d like to give you a basic understanding of the upcoming improvements to HTTP (HyperText Transfer Protocol). As you probably know, this is the protocol that moves most of the HTML documents and images around the web. Here’s a few definitions to get you up to speed: HTTP/2.0 This is the new version of HTTP currently in development by the httpbis working group of the IETF. The last update was HTTP 1.1 as described in RFC 2616 in 1999. TLS Transport Layer Security is an upgrade to SSL v3.0 (Secure Sockets Layer). It operates at the transport layer to encrypt application-specific protocols such as HTTP, FTP, SMTP, etc. TLS NPN Next Protocol Negotiation is an extension to TLS which allows the application layer to neg... (more)

Corporate Forensics: Security, Not Law Enforcement

Corporate Forensics: Security, Not Law Enforcement By: Tom Kopchak The term forensics stirs up vivid images: Crime scenes littered with obvious and equally less obvious evidence. Investigators toiling to bring a heartless criminal to justice. Video game consoles covertly storing secret files. A perfectly detailed account of the exact causes and motives of a crime. Police chases. Gunfire. All neatly solved in a half hour or less. Unfortunately, the popular view of forensics is often in stark contrast with reality. The computer forensics field requires significant quantities of ted... (more)

Open Source Firewalls - Untangle and pfSense comparison

So this week I had the opportunity of setting up a little lab to test both of these firewalls. Before this week I had no idea these firewalls even existed, and the only open source routing/firewall software I even knew of at the time was Vyatta; which is really only for routing purposes. Starting off, you really need to pay attention to the system requirements, especially Untangles. I attempted to install both of these using Ubuntu with VirtualBox and was in for a nasty surprise. Originally skimming the requirements brought me to this issue, to where I used an old Dell Dimension ... (more)

Nothing New Under the Sun

I recently wrote a couple of to-be-published articles basically laying out all the reasons why we as security professionals should not be running away from so-called "new" technology. Essentially I am asking that we take the time to really understand what's so new about this stuff. SmartPhones, the "cloud", etc these are all repackaged versions of old technology. We're terrified of them because we think we don't understand them. The sad part is, we don't. We seem to be under the impression that all new technology is bad and inherently insecure, it isn't. It's not any more insecu... (more)

Snowpocalypse 2010: Report From ShmooCon 2010

Here I am at ShmooCon 2010 right in the middle of what people here in Washington DC are calling Snowpocalypse 2010. The Metro, busses, and taxis are all closed down and essentially the city has shut down. Being from Cleveland I find it a little laughable but it’s still a pretty bad storm. Well that hasn’t stopped ShmooCon from going strong. This being my first hacker con it took me a little while to get acclimated to what kind of talks would be interesting and relevant to me as a network/firewall security guy. The first talk I found interesting was about an OWASP project called O... (more)