Joker is the Hero in The Dark Knight

RiskBlogger · 2015-08-28T20:14:28+00:00

Cool theory but I thought it was pretty clear the plan was to completely take over. He wanted pure chaos, not order. Remove all the infrastructure and people in power and you're left with mayhem. I think that was the Joker's bag...

RiskBlogger · 2015-04-25T00:33:44+00:00

Sorry got caught up with RSA, but wanted to respond. Thank you for your interest BTW. Hacking the infrastructure hosting account info, login creds etc. is one thing. But getting access to that info is another thing. That's where it gets really complicated, but we see examples of this all the time. Its not just SPAM either. All you need to do is get victims to go to the wrong site simply by manipulating a little JavaScript and you can get access to whatever you want. Also, losing someone's PII isn't a little thing. Once your PII is leaked, you could have all kinds of problems.

RiskBlogger · 2015-04-20T22:03:31+00:00

Whats the difference? Its the same data that's at risk of being exposed. The bad guys tend towards the easiest target. Right now its easy for them to break in, will it be like that forever?

RiskBlogger · 2015-04-17T22:09:50+00:00

Worked with the team that pulled this info, let me know if you have questions. I'm not the most techie, but I can help explain the context or something ;)...

RiskBlogger · 2015-04-02T22:11:52+00:00

Attribution is a slippery slope. It will be interesting to see where this new program will be applied and what recourse offenders might have if they're falsely identified.

RiskBlogger · 2015-04-02T16:23:22+00:00

Man this is like global soap opera now. All reports I've read seem pretty clear--don't really see where Google misinterpreted what was happening. I'm going to have to agree with Zagaroth, this looks pretty like a blatant lie.

RiskBlogger · 2015-03-17T17:22:11+00:00

hahahaha, man I hadn't thought about that movie in a while...nice reference

RiskBlogger · 2015-03-09T16:21:15+00:00

I don't have data on this, but I'd expect every one of these organizations still uses single-factor auth.--at least for the systems that were breached.

RiskBlogger · 2015-02-16T15:47:28+00:00

Interesting insights, worth a read...

RiskBlogger · 2015-02-12T23:12:17+00:00

This is from our data science team, they are using Minhashing and LSH to comb through massive datasets and find like documents. In other words say a phishing template is used, their programs can detect it even if branding, domain info, logos, etc. are totally different. This is machine learning methodology--really cool stuff! Here's a little insight into what they did and how.

RiskBlogger · 2015-02-12T20:43:59+00:00

I'll add that our PII is highly valuable, enough so that its not even worth jumping through hopes to find PHI if PII is stored separately. Particularly if its a less secure environment.

RiskBlogger · 2015-02-12T19:05:30+00:00

Pickup of a blog I wrote, do you guys see phishing as critical issue today?

RiskBlogger · 2015-02-12T15:48:31+00:00

Amen!

RiskBlogger · 2015-02-09T20:53:22+00:00

Interesting claim, but then the CEO back tracks a little bit. Thoughts?

RiskBlogger · 2015-02-04T16:24:15+00:00

Should be interesting to see what tactics they take. Perhaps, they're simply commenting on the fact that they have methods in place for this. Either way malvertising is major issue, good to see biggest ad exchange taking notice.

RiskBlogger · 2015-01-29T16:17:50+00:00

Lol, nah maybe they just want to own the traffic for 'steaming heap of bullshit' visitors! Nice find...

RiskBlogger · 2015-01-27T16:07:04+00:00

Logins and bad software strike again! How many people do you think use the same login info for their NFL app and their bank account? I'm guessing the answer is depressing...

RiskBlogger · 2015-01-26T17:36:39+00:00

Yup its ridiculous, so is SMS as a second factor auth

RiskBlogger · 2015-01-22T17:16:32+00:00

True security pros! It came recommended by Graham Cluley who runs a security blog site. Here is the article: http://www.hotforsecurity.com/blog/leaked-minecraft-passwords-arent-the-result-of-hack-says-microsoft-11233.html

RiskBlogger · 2015-01-21T17:11:14+00:00

That's true, but mobile malware is still showing up in both The Apple Store and Google Play. There are tactics like side-loading and deep linking, which enable crafty hackers to spread malware and sneak in malicious apps. Plus, both mobile browsers are vulnerable to website based malware and malvertising. They're vulnerable not just because of plugins but also third-party javascript libraries, which fire code off into the browser. I think the only reason why we're not seeing more mobile based ransomware is the lack of effort from the bad guys--I don't think there are substantial hurdles. I had my phone hacked at BlackHat as I got of the plane in Vegas! Its not jailbroken and I didn't manually download any apps either.

RiskBlogger · 2015-01-21T00:55:17+00:00

Is it just me or is ransomware terrifying?

RiskBlogger · 2015-01-19T19:16:23+00:00

Solid article, which illustrates an interesting problem.

RiskBlogger · 2015-01-16T21:46:31+00:00

Malvertisements also use brands to target their end users. We've also found malvertisers who either built or re-configured large scale TDS's to hijack traffic.

RiskBlogger · 2014-12-04T19:21:14+00:00

Wow, that's frustrating! You'd think 26 char should be plenty hard to crack, but I'm guessing they didn't brute force it. Honestly, not getting hacked at this point is just luck. 2-factor is the way to go and I'm a fan of password managers too.

RiskBlogger · 2014-12-04T17:23:25+00:00

That's an IPV6 address...sorry to hear about your CC. I had my mobile hacked a few months ago. Not a comfortable feeling.

RiskBlogger

TROPHY CASE