18 Jan 2013

Sneakernets Never Say Die: Power Plants Infected with USB Malware

A few days ago the State Department made public in a report that multiple power plants in the United States were affected by USB based malware during the beginning of October 2012. One of the plants reported a virus infection in a turbine control system. The system was infected when

20 Dec 2012

Penetration Testing with Smartphones Part 2: Session Hi-Jacking & ARP Spoofing

In the first part of this series “Penetration Testing with Smartphones Part 1” we covered several network and vulnerability scanning applications that can be run from a smartphone. In this section we will be covering some additional tools for Wi-Fi sniffing, session hi-jacking and ARP spoofing. Disclaimer:This article is for

30 Nov 2012

Penetration Testing with Smartphones Part 1

When most people think of penetration testing, they think of a simulated external attack where the tester tries to break into a network remotely. Companies focus most of the security spending and policies on keeping hackers out remotely, from firewalls and other security hardening appliances, software and tools. However, given the proliferation

23 Nov 2012

South Carolina Department of Revenue Data Breach: What Went Wrong?

“Where do we go from here? We now have to go into cyber plan mode. This is a new era in time where you can’t work with 1970s equipment, you can’t go with compliance standards of the federal government, because both are outdated.” – Nikki Haley,  Governor of South Carolina

10 Oct 2012

The Coming Storm: Forensics in the Cloud

Cloud computing has increased productivity and decreased IT costs. However, there is a black lining to this particular cloud, as the benefits come at the price of giving up control, visibility and tracking data provenance. Computer forensics traditionally relies on having physical access to systems, providing examiners with the ability