search
top

NCIX Data Breach

NCIX Data Breach

One of the biggest news items around recently has been the NCIX Breach. I was notified of it through a colleague prior to the media finding out about it through the following blog –> (https://www.privacyfly.com/articles/ncix_breach/). The blog details events that took place where a person uncovered hard drives left by the now bankrupt NCIX computer retailer. The warehouse housing these drives, and left over computers that belonged to NCIX were being sold off by the warehouse landlord. The information based off privacyfly’s blog seems to point towards the landlord illegally selling the data on the drives to recuperate lost rent. The big question here is how NCIX, or the team taking care of their assets after bankruptcy could allow this information to be sold. And, this also goes to show how NCIX has very weak security procedues in place to safeguard their most vital data (customer and employee data). Read The Full Post

Bypassing Windows Logon Passwords

Bypassing Windows Logon Passwords

Introduction

So I had a friend who had an old laptop sitting around collecting dust at home. He knew I was into computers and asked me if I wanted it. And you know a techie…. when someone throws out free hardware you just can’t complain or say no!!

However, he realized he did not remember his password, and wanted to see what files still were on the machine before he let me have it. He was sure he backed all files up awhile back when he got his new laptop. But, he wanted to be sure, and knowing I am a Security Analyst wondered if I could help him out. So, I went ahead and was able to obtain his password so he could login to delete or save any data he still wanted.

After I completed the task to recover the password, I decided it would make a great blog article to write about.

So here it is…… (more…)

Vulnerable JavaScript Illegally Mining User Machines

Vulnerable JavaScript Illegally Mining User Machines

So a few days ago, I was browsing Cnet.com to view some on-line tools. I noticed an odd alert triggered by my Anti-Virus scanner. My scanner detected it as HKTL_COINMINE with my URL Filtering option enabled on my scanner. I decided to investigate it further to see what this was all about. What I slowly started to uncover was that something was using my machine to mine. This at first didn’t make sense, as no new applications or files were downloaded.

Then, I noticed an increase in CPU, and I have a normal baseline where my CPU levels normally reside at for the most part. After looking into some network connections I realized there was a connection made out to a server in Ukraine. And, that isn’t typical behavior of my network to be connecting to a machine in Ukraine. The realization after some further investigation that it was the CNET JavaScript file that had been compromised externally on another server . And, this led me to my next blog post!

How Do They Exploit JavaScript?

(more…)

Network Security for IP Camera’s

Network Security for IP Camera’s & Video Surveillance Systems

These days many devices have some form of interaction with our networking devices and the internet itself! What people forget is much like our desktops, laptops and mobile devices. All of these other types of devices need to be secured. The average person is going to assume no security is needed and that the product itself is already fairly secure by default. In my personally opinion, I’d say the default security settings are usually not sufficient enough to keep the device and your network safe.

I’ve created a guide below of procedures that can be followed to enhance the security measures for your IP Camera’s and systems.

IP Camera Hardening Guide

I’ve created a hardening guide below that will look at a few key components that administrators will want to make use of in their network.

  • Passwords
  • LDAP/AD Authentication
  • VLAN’s
  • 802.1X Authentication
  • Disabling Network Ports
  • Disabling Unused Services
  • MAC Address Filtering
  • Physical Access Control

(more…)

Public Wi-Fi Security

Public Wi-Fi Security

Today in our current world we have access to free public wifi practically around ever corner street. Most cafes and restaurants offer free public WiFi to just about anyone. What people fail to realize is that technology is no different in the public compared to people being in public.

Let’s create a real life use case. You could be taking a nice stroll down at your local park. When someone comes by and starts taking photo’s of you and others at the park. They know have “access” to an image of you without your knowledge. But, (more…)

top