04 Jan 2013

The Infosec Dunning–Kruger Effect: Confidence vs. Overconfidence

A key message at Tripwire moving into the next year is around true confidence. Confidence in IT security posture and information security’s position in the business. While reading Price Waterhouse Cooper’s “The Global State of Information Security®  Survey 2013” I was surprised to see that based on self assessments security

20 Dec 2012

Penetration Testing with Smartphones Part 2: Session Hi-Jacking & ARP Spoofing

In the first part of this series “Penetration Testing with Smartphones Part 1” we covered several network and vulnerability scanning applications that can be run from a smartphone. In this section we will be covering some additional tools for Wi-Fi sniffing, session hi-jacking and ARP spoofing. Disclaimer:This article is for

13 Dec 2012

Low Cost Open Source Wireless Hacking – HackRF Jawbreaker

I sat down with Jared Boone a local Portland hardware hacker to discuss HackRF, an open source project he has been working on with Michael Ossmann funded by DARPA. The combination of open source hardware and software will provide security researchers with a low cost tool to intercept and reverse

07 Dec 2012

The Misinformation Age & Social Media Engineering

“Falsehood flies, and the truth comes limping after it.” Jonathan Swift, The Examiner No. XIV Social media has made the sharing of information easier. The abundance and speed of information distribution is increasing, but not necessarily the accuracy or quality. Due to the amount of information coming at us on

30 Nov 2012

Penetration Testing with Smartphones Part 1

When most people think of penetration testing, they think of a simulated external attack where the tester tries to break into a network remotely. Companies focus most of the security spending and policies on keeping hackers out remotely, from firewalls and other security hardening appliances, software and tools. However, given the proliferation