How ARP works, and how ARP cache poisoning works

One subject beginning networking students invariably struggle with is how Layer 2 maps to Layer 3 (see http://en.wikipedia.org/wiki/Osi_model if you’re not familiar with the OSI model) using the Address Resolution Protocol, ARP. MAC lives at Layer 2, the Data Link layer, while IP addressing happens one layer up, at Layer 3. Dry facts: every network …

“You Could Be at Risk of State Sponsored Attacks” – Google

Department of Saw This Coming: TidyRead.com reports: In June, many Google users were surprised to see an unusual greeting at the top of their Gmail inbox, Google home page or Chrome browser. “Warning: We believe state-sponsored attackers may be attempting to compromise your account or computer.”http://www.tidyread.com/td/index.php?r=site/read&xml=eNo9issKwjAURP9F0E2w1saqrYiooLhxU0FcXEnS3D4w5obkqvTvjYLCMMM5jM-TmOe9hsjmoxG1qnMgVFTi_Q_XZxLZxq4eTi8_vz5f95NdiEUbnP-cA9UYynTU3uGndDzNqjKDMZ9NpFJzqVLJ01SWXFyJjMtYDaglDcs9Yq2BHfHFzsIZzy74YIfqO2sHbAOtqdlJuBoIFNt0rCBBMCwsGo8uqG1cJ8EJXCJx873FG7P6SE8~&id=1765204 Ohkaaaaay. Just to be clear, we are all participants …

Maybe this is why my friend calls them “spy chips”

So, you have a smart phone? It does GSM or CDMA or LTE “cellular” wireless, but it probably does 802.11 wi-fi too, right? You would not believe how eager your device is to spill its guts to anyone. As always, don’t take it from me. Here’s the NakedSecurity article: http://nakedsecurity.sophos.com/2012/10/02/what-is-your-phone-saying-behind-your-back/    

Install or Update Software With Ease

Imagine you have a new workstation and you need to install Firefox, Skype, iTunes, VLC, Flash, Java, Picasa, Reader, Dropbox, WinRAR, PuTTY, Malwarebytes, FileZilla, ImgBurn, KeePass and Microsoft Security Essentials. If you’re an Information Technology Professional with exposure to patch management or system configuration, imagining this won’t be the problem; the problem is the amount …

Where to Find Things Out: People

A Diverse Miscellany of Resources on People in Albuquerque and Beyond Obviously you should start with the search engines: Google, Yahoo, Bing at the very least. Continue with the social networks: LinkedIn, Facebook, MySpace, Twitter at the very least, plus Xing.com, Ecademy.com and Ryze.com. The Albuquerque Journal’s Online Archives: Stories, email and pictures since 1995. …

Hack A Battery

Check out this small article on how the firmware in Apple’s laptop batteries is (in)secured with default passwords: http://blogs.forbes.com/andygreenberg/2011/07/22/apple-laptops-vulnerable-to-hack-that-kills-or-corrupts-batteries/ –subnetD

Resources: Security Standards

Which security standards apply to you? Research this carefully. Here are some of the critical ones: FIPS 140 http://en.wikipedia.org/wiki/FIPS_140-2 This standard comes from the US Government and governs how sensitive (federal) information must be encrypted. Administrations like the VA and the SSA are most concerned with this. HIPAA http://en.wikipedia.org/wiki/HIPAA The Health Insurance Portability and Accountability …

Automated Wi-Fi Scanning with Wi-fEye

Wi-fEye Purpose: Wi-fEye provides a nice terminal interface for automating a variety of wireless network scans. Discussion: I ran into this article on Teckkranti.com about Wi-fEye: http://www.techkranti.com/2010/11/wi-feye-automated-network-penetration.html and had to try the tool, and I must say I’m impressed. When you open it you’re presented with a series of “Choose One: ” menus, which mask …

(In)Secure Knowledge

(In)Secure Knowledge What you don’t know will hurt you. What you know will hurt you too. Tell us all about it here.